To interact with the Sulu API, you need to authenticate your requests. Sulu uses API Keys to grant access to the API.

API Keys

Sulu API Keys are secret tokens used to authenticate requests. They function as Bearer tokens.

  • Association: Each API Key is associated with a specific User within your Organization.
  • Permissions: The permissions granted by an API Key are inherited from the User it belongs to.
  • Format: Keys follow the format sk_live_... (currently, only live mode keys are supported).

Finding Your API Key

After signing up and logging into the Sulu Merchant Dashboard:

  1. Navigate to the Settings section in the left-hand sidebar.
  2. Under the API Keys tab, you can view existing keys.
  3. Copy the generated key. Store it securely, for example, in a secrets manager or environment variable.

Making Authenticated Requests

To authenticate an API request, include your API Key in the Authorization header using the Bearer scheme.

curl https://api.sulu.sh/v0/products \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY"

Replace sk_live_YOUR_API_KEY with your actual secret key.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

For more details on managing Users and their permissions, see the Organizations and Users concept page. For API Key specific endpoints, see the Users API Reference.