Authenticating to the API
Every API endpoint requires at least 3 custom HTTP-headers:
||The shop ID of your shop (displayed in the
||Your API key.|
||The signature generated on your side using an API secret. The signature is used to validate your request.|
Every time you request an API endpoint, you need to send along a signature using the
X-Colorlab-Api-Signature header. This signature guarantees that the request is valid and not accessible by other parties.
The signature is calculated on a per-endpoint basis. Every calculation involves your API secret.
Important: never send your API secret to the endpoint, only use it to generate the signature. This makes sure requests can only originate from the source which knows the API secret.