Skip to main content
POST
/
v2
/
authenticate
Authenticate
curl --request POST \
  --url https://api.puppetvendors.com/v2/authenticate \
  --header 'Content-Type: application/json' \
  --header 'x-access-token: <api-key>' \
  --data '
{
  "apiKey": "<string>",
  "shopDomain": "<string>"
}
'
V2 Alpha — This endpoint is part of the V2 API preview. Breaking changes may occur.

Overview

Authenticate using your vendor API key to obtain a JWT token scoped to your vendor account.

Vendor API Key

Key TypePrefixScopeAccess
Vendor keyvk_vendorLimited to your own data only
Your vendor API key is assigned by your merchant. It always starts with the vk_ prefix.

Use Cases

  • Vendor portal apps — Secure, isolated access to your vendor data
  • Custom integrations — Sync your orders, products, and payouts with external systems
  • Token rotation — Re-authenticate when tokens expire (24h)

Request Body

apiKey
string
required
Your vendor API key (starts with vk_). Provided by your merchant.
shopDomain
string
Your Shopify store domain (e.g. my-store.myshopify.com). Optional — the shop is resolved from the API key.

Response

200
{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 86400,
    "scope": "vendor",
    "permissions": [],
    "shopDomain": "my-store.myshopify.com"
  }
}

Error Responses

401
{
  "success": false,
  "error": {
    "message": "Invalid API key",
    "code": "UNAUTHORIZED"
  }
}

Example

curl -X POST https://api.puppetvendors.com/v2/authenticate \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "vk_x9y8z7w6v5u4..."
  }'