Skip to main content
POST
/
v2
/
authenticate
Authenticate (Merchant)
curl --request POST \
  --url https://api.puppetvendors.com/v2/authenticate \
  --header 'Content-Type: application/json' \
  --header 'x-access-token: <api-key>' \
  --data '
{
  "apiKey": "<string>",
  "shopDomain": "<string>"
}
'
V2 Alpha — This endpoint is part of the V2 API preview. Breaking changes may occur.

Overview

Authenticate using your merchant API key to obtain a JWT token with full access to all shop data and all vendors.

Merchant API Key

Key TypePrefixScopeAccess
Merchant key(none)merchantFull access to all shop data and all vendors
Your merchant API key is found at Settings > Information in the PuppetVendors dashboard.

Use Cases

  • Backend integrations — Sync orders, products, and vendor data with external systems
  • Admin tools — Build custom dashboards and management interfaces
  • Token rotation — Re-authenticate when tokens expire (24h)

Request Body

apiKey
string
required
Your merchant API key. Found at Settings > Information in the PuppetVendors dashboard.
shopDomain
string
Your Shopify store domain (e.g. my-store.myshopify.com). Optional in V2 — the shop is resolved from the API key.

Response

200
{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 86400,
    "scope": "merchant",
    "permissions": ["admin:users", "admin:vendors"],
    "shopDomain": "my-store.myshopify.com"
  }
}

Error Responses

401
{
  "success": false,
  "error": {
    "message": "Invalid API key",
    "code": "UNAUTHORIZED"
  }
}

Example

curl -X POST https://api.puppetvendors.com/v2/authenticate \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "a1b2c3d4e5f6..."
  }'