Chec currently utilizes key authentication for Commerce.js and provides you with both a secret key and a public key. You can manage your API keys from your dashboard.

All API requests using live API keys must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests.

All API requests using sandbox API keys can be made over HTTP or HTTPS.

API keys are sent using the X-Authorization header.

Public & Secret Keys

Public API keys are to be used to Commerce.js's Javascript SDK & any client-side code. Public api's are limited by scope for this reason.

Secret API keys are to be used with server side code. These api keys have the power to access sensitive date such as receipts and order data.

Scope

Public Keys

Write

  • Carts
  • Checkout
  • Checkout Helpers

Read

  • Products
  • Carts
  • Checkout
  • Checkout Helpers
  • Spaces
  • Settings
  • Categories
  • Fulfillment

Secret Keys

Read/Write

  • Products
  • Carts
  • Checkout
  • Checkout Helpers
  • Spaces
  • Settings
  • Categories
  • Fulfillment

Changes

We may switch to OAuth authentication in the future, depending on the feedback we receive from developers & designers.