API Keys

API keys let external code call your store's data and trigger actions on your behalf. Generate keys from the dashboard; treat them like passwords — anyone with a key can act as you.

Generate a key

1. Toggle Developer mode on in your dashboard sidebar (Apps → Storra Developer → enable). API Keys + Webhooks pages appear.
2. Go to API Keys and click New key.
3. Pick a label (e.g. "External storefront — production") and the scopes (read-only vs. read+write).
4. Save. The key is displayed once — copy it now, you won't see it again.

Two key types

• Public token — for browser-side code. Bearer-token auth. Read-only by default; specific write actions (create basket, apply coupon) are explicitly allowed via this token.
• Secret key — for server-side code only. HTTP Basic Auth with projectId:sk_secretKey. Full read + write across the public Storra APIs.

Rotate keys

If a key leaks, click Revoke on the row. The key stops working immediately. Generate a new one and update your code.

What keys can call

• Headless API — read products / categories / store info, manage baskets
• Checkout API — initiate payments, capture orders
• Webhooks — your endpoints receive events from Storra (push, not pull)