Before using the GonnaOrder Admin API for integration, you must authenticate yourself. This is critical as it ensures that only authorized users and systems can access or interact with your online store’s data and services. GonnaOrder offers multiple API authentication methods, and on this section, we highlight the various modes of authentication and how to ensure your API token remains secure.
On This Page
API Authentication Methods
There are two ways in which you can authenticate into GonnaOrder Admin API. Here is how each method works:
Method 1: Authenticate With a Username and Password
This is a case where the developer is the store owner or has the explicit permission of the owner to log in to the selected store with a username and password.
To log in to a store, you must pass a username and password to the login API. These are the same login credentials that you use to log into your GonnaOrder account. The GonnaOrder user account must have full access to the store you would like to access.
POST: https://admin.gonnaorder.com/api/v1/auth/login
Sample Login Request
{
"username":"user",
"password":"xxxxxx"
}
The login API will send a response in which there will be a JWT token and a refresh token that is accessible as tokens.jwt and tokens.refreshToken respectively. You need to pass tokens.jwt in the authorization header of your application.
Note
In this authentication method, the username and password are the ones the store owner uses to log into their GonnaOrder account.
Method 2: Authenticate With a Fixed API Token
The GonnaOrder API token authenticates and authorizes access to the Gonnarder Admin API without requiring user credentials for every request. When you include the API token in your request header (usually as a Bearer token), the server verifies the token to grant access to protected resources or actions of your store.
The API token allows your external application to stay logged into the selected GonnaOrder store the whole time. It is not dependent on sessions but rather on the store. See more on how to generate or obtain this API token.
Here is how the access token is used in the authorization header.
“Authorization”: “Bearer {ACCESS_TOKEN}”
How to Obtain the API Token
GonnaOrder offers access to your store’s API token from the profile section. This streamline the process of integrating your store with external service providers. With this API token, you don’t need to enter your username and password every time you do an integration. Instead, you can use the API token, as it remains constant and independent of any password changes.
If you don’t have an API token, you can generate a new one in just a few minutes. Here are the steps to follow to generate your store’s API token:
- Go to My profile from the profile dropdown menu.
- Find the API Token field and click Generate token.
- Next, click Generate new token on the pop up that appears. Doing so will automatically generate a new API token for your store. You can copy and use this token for integration purposes or even access your store catalog, orders, etc., without having to input your username and password.
API Token Usage and Security
The generated API token is private and grants access to all your store data and allows you to take any action on your GonnaOrder account. Therefore, you should use it with caution and protect it at all cost to prevent unauthorized access to your store.
Here are some security tips to consider when using the API token:
Keep your API token secret: Do no share your API token with anyone or expose it to public repositories, front-end code, or browser storage.
Only use HTTPS: Always use HTTPS to encrypt data in transit and prevent token interception.
Change your API token regularly: Periodically change the API token to reduce the risk if a token is compromised. GonnaOrder offers a simple mechanism where you change the token by generating a new one to overwrite the existing token.
Log and monitor usage: Track your API token usage to detect anomalies or unauthorized access.