logo
Sign InSign Up

Authentication & API Keys

Getting StartedUpdated 2026-06-20

Every authenticated MultiCartAPI endpoint accepts two interchangeable credentials. Use whichever fits your context — they grant identical access.

SchemeHeaderUse case
API Keyx-api-key: YOUR_KEYProgrammatic / server-to-server integrations
Session TokenAuthorization: Token YOUR_TOKENDashboard-issued session calls

Where to find your API key

Your key lives on the Profile page of the dashboard, under About you. Reveal it with the eye icon, copy it, or rotate it with Regenerate.

Profile page showing the masked API key with reveal, copy and regenerate controls
Profile → About you — your API key with reveal, copy and regenerate controls.

Authenticating a request

Send your key in the x-api-key header on any request to the base URL https://multicartapi.com/api/v1.

curl https://multicartapi.com/api/v1/settings/domains/ \
  -X POST \
  -H "x-api-key: YOUR_API_KEY"

Rotating invalidates the old key immediately

When you regenerate your key, the previous one stops working right away. Update any live integrations before rotating. See Get or Regenerate Your API Key.

Endpoints that need no auth

A few read-only endpoints are public and require no credentials:

  • POST /settings/domains/ — list available marketplaces
  • POST /settings/officeworks/stores/ — list Officeworks stores
  • GET /plans/public/ — the public plan catalogue

Next steps

Quick Start Make your first end-to-end request.The Response Envelope How to read every response.