- Get Started
- Product
- Resources
- Tools & SDKs
- Framework
- Reference
Menu
- Get Started
- Product
- Resources
- Tools & SDKs
- Framework
- Reference
API Key Concepts
In this document, you’ll learn about the different types of API keys, their expiration and verification.
API Key Types#
There are two types of API keys:
publishable: A public key used in client applications, such as a storefront.secret: A secret key used for authentication and verification purposes, such as an admin user’s authentication token or a password reset token.
The API key’s type is stored in the type property of the ApiKey data model.
API Key Expiration#
An API key expires when it’s revoked using the revoke method of the module’s main service.
The associated token is no longer usable or verifiable.
Token Verification#
To verify a token received as an input or in a request, use the authenticate method of the module’s main service which validates the token against all non-expired tokens.
Was this page helpful?