Skip to main content
The Quickbutik API uses Basic Authentication with API keys to authenticate requests. All API calls must be made over HTTPS, and requests made over HTTP will be rejected.

Quick Start

curl https://api.quickbutik.com/v1/orders \
  -u your_api_key:your_api_key

How it works

Basic Authentication requires you to include an Authorization header with every request. The header value consists of the word “Basic” followed by a space and a base64-encoded string of your credentials.

Format

Authorization: Basic BASE64_ENCODED_CREDENTIALS

Credential encoding

Your credentials should be formatted as api_key:api_key and then base64-encoded.
1

Format your credentials

Take your API key and format it as: your_api_key:your_api_key
2

Encode with base64

Encode the formatted string using base64 encoding
3

Add to Authorization header

Include the encoded string in your request headers as: Authorization: Basic ENCODED_STRING

Example

Let’s say your API key is sk_live_abc123. Here’s how you’d construct the Authorization header: 
sk_live_abc123:sk_live_abc123

Getting your API key

Quickbutik Control Panel

API keys can be generated and managed in the Quickbutik Control Panel by the store owner.Navigate to Settings → API to create and manage your API keys.

Security best practices

Keep your API keys secure
  • Never expose API keys in client-side code
  • Use environment variables to store API keys
  • Rotate API keys regularly
  • Only grant necessary permissions
HTTPS RequiredAll API requests must be made over HTTPS. Requests made over plain HTTP will be automatically rejected for security reasons.

Migration from legacy authentication

Deprecation NoticeIf you’re currently using the legacy apiKey query parameter for authentication, please migrate to Basic Authentication as described above. The legacy method will be discontinued soon.

Before (Legacy - Deprecated)

curl "https://api.quickbutik.com/v1/orders?apiKey=your_api_key"

After (Current)

curl https://api.quickbutik.com/v1/orders \
  -u your_api_key:your_api_key

Error responses

When authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "code": 401,
  "error": "Unauthorized - Invalid or missing authentication"
}
Common authentication errors:
  • Missing Authorization header
  • Invalid API key
  • Malformed base64 encoding
  • Using HTTP instead of HTTPS

Testing your authentication

You can quickly test your authentication setup with a simple API call: 
curl https://api.quickbutik.com/v1/products/count \
  -u your_api_key:your_api_key
A successful response will return your product count, confirming your authentication is working correctly.