Getting Started
Authentication
To interact with the Sulu API, you need to authenticate your requests. Sulu uses API Keys to grant access to the API.
API Keys
Sulu API Keys are secret tokens used to authenticate requests. They function as Bearer tokens.
- Association: Each
API Key
is associated with a specificUser
within yourOrganization
. - Permissions: The permissions granted by an
API Key
are inherited from theUser
it belongs to. - Format: Keys follow the format
sk_live_...
(currently, only live mode keys are supported).
Finding Your API Key
After signing up and logging into the Sulu Merchant Dashboard:
- Navigate to the Settings section in the left-hand sidebar.
- Under the API Keys tab, you can view existing keys.
- Copy the generated key. Store it securely, for example, in a secrets manager or environment variable.
Making Authenticated Requests
To authenticate an API request, include your API Key
in the Authorization
header using the Bearer
scheme.
Replace sk_live_YOUR_API_KEY
with your actual secret key.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
For more details on managing Users and their permissions, see the Organizations and Users concept page. For API Key specific endpoints, see the Users API Reference.