Authentication
Every request to the Yeti ECOM API needs an API key. You send it as a Bearer token in the Authorization header, and we'll take care of the rest.
How to authenticate
Pop your API key into the Authorization header like this:
curl -X GET https://api.yeti.host/v1/ecom/config \
-H "Authorization: Bearer YOUR_API_KEY"
const response = await fetch('https://api.yeti.host/v1/ecom/config', {
headers: {
Authorization: 'Bearer YOUR_API_KEY',
},
});
That's it. Every request works the same way.
Getting an API key
You create and manage API keys through Basecamp. Each key is linked to a merchant account and controls access to your ecommerce functionality. You must be an account owner to access this section, if you don't see it reach
Keeping things safe
A few things worth keeping in mind:
- Your API key is a secret. It belongs on your server, not in any client-side code. The only thing safe to use in the browser is the
clientTokenyou get back fromGET /config. - Rotate your keys regularly. Create a new one, update your integration, then turn off the old one.
- Only ask for what you need. Avoid giving your integration access to functionality it doesn't use.
- Don't commit keys to source control. Use environment variables or a secrets manager instead.
Auth-related errors
If something goes wrong with authentication, here's what you might see:
| Status | Error Code | What it means |
|---|---|---|
| 401 | yp_1001 | The API key is missing, invalid, or expired |
| 401 | yp_9003 | Authentication failed at the gateway |
| 403 | yp_1002 | The key is valid, but isn't allowed to access this endpoint |
| 403 | yp_9004 | Access denied at the gateway |
For the full list, see Error Handling.