LogisBaseLogisBase

API Settings

Your Storefront key authenticates public requests from your customer-facing app — pass it as a bearer token on every API call.

API Settings

Every store and network in Storefront has a unique public key that authenticates requests from your customer-facing app (mobile or web). The key is passed as a bearer token in the standard HTTP Authorization header.

Navigate to Storefront → Settings → API to view your store's key.

Your Store Key

The store key is auto-generated when the store is created. It follows the format store_<hash> (e.g., store_a1b2c3d4e5f6...).

This key is public — it is safe to include in your mobile app or web frontend. It identifies which store the request is for; it does not grant admin access.

GET /storefront/v1/products
Authorization: Bearer store_a1b2c3d4e5f6

Network Key

If you operate a network, the network key follows the same pattern: network_<hash>. Use the network key to fetch stores, categories, and other network-level resources.

GET /storefront/v1/stores
Authorization: Bearer network_a1b2c3d4e5f6

Authenticated Customer Requests

For requests that require an authenticated customer (cart, checkout, profile, addresses, orders), include the customer's session token in the Customer-Token header in addition to the storefront bearer token:

const response = await fetch(
  'https://your-logisbase-instance.com/storefront/v1/checkouts/before',
  {
    method: 'POST',
    headers: {
      Authorization: 'Bearer store_a1b2c3d4e5f6',
      'Customer-Token': '1|VlKK7lZ...',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      /* ... */
    }),
  },
);

The Customer-Token is the Sanctum personal access token returned by the customer login endpoints — see Customer Authentication.

Key Rotation

The API settings page displays the key as read-only — there is no in-console regenerate button. If a key is compromised:

  1. Open the database (or use the LogisBase admin console) to update the key column on the affected Store or Network record
  2. Redeploy your customer-facing app with the new key

For self-hosted instances, plan for this at deploy time — clients with a stale key will fail authentication immediately after rotation.

On this page

API Settings
Your Store Key
Network Key
Authenticated Customer Requests
Key Rotation
API Settings | LogisBase