Authenticating to the API

HTTP headers

Every API endpoint requires at least 3 custom HTTP-headers:

Header Description
X-Colorlab-Shop The shop ID of your shop (displayed in the Settings page of the Colorlab Console).
X-Colorlab-Api-Key Your API key.
X-Colorlab-Api-Signature The signature generated on your side using an API secret. The signature is used to validate your request.


Every time you request an API endpoint, you need to send along a signature using the X-Colorlab-Api-Signature header. This signature guarantees that the request is valid and not accessible by other parties.

The signature is calculated on a per-endpoint basis. Every calculation involves your API secret.

Important: never send your API secret to the endpoint, only use it to generate the signature. This makes sure requests can only originate from the source which knows the API secret.