Authentication

Overview

The Merchant API uses Basic Authentication.

Each request must include an Authorization header that contains a Base64-encoded string in the format:

username:password

Authentication works the same way across Merchant API v1 and v2.

Use with v1 Use with v2

Authorization Format

The header must be sent as:

Authorization: Basic <base64(username:password)>

Example input

info@shopflix.gr:p@55w0rd

Example Base64 output

aW5mb0BzaG9wZmxpeC5ncjpwQDU1dzByZA==

Example Header

To authorize with the credentials info@shopflix.gr / p@55w0rd, the client would send:

Authorization: Basic aW5mb0BzaG9wZmxpeC5ncjpwQDU1dzByZA==

cURL Example

curl -u "info@shopflix.gr:p@55w0rd" \
  -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" \
  -H "Content-Type: application/json" \
  --request GET \
  --url "https://merchant.api.shopflix.gr/api/orders" \
  --fail --show-error --silent

Common Notes

The Authorization header must be sent on every request.
Do not send the raw username:password string directly. It must be Base64-encoded.
If your client already supports Basic Authentication, prefer that built-in option instead of manually building the header.
If authentication fails, verify the username, password, and that the request is targeting the correct Merchant API environment.

Release notes Reference values