What is an API key? #
An API key is a security measure that is used to authenticate and authorise access to an application programming interface (API).
It consists of a unique alphanumeric string that is often provided by the target application’s API so that it can identify who or what, whether a project or another application, is trying to access its data and then deliver the correct information relative to the authorisation level.
The API key basically acts like an ID card and helps the API track what data is trying to be accessed, what it is being used for, so that it can then determine access permissions.
API keys are generally generated by the application or web service when a user account has been created. It then assigns a unique alphanumeric string to that account, which the project or application will use to call the target API.
When a request is subsequently received by the API it simply scans its database for the API key and authorises access to its data or services that are associated with that key.
What is an API key used for? #
API keys are commonly used in web-based applications, mobile apps and other software systems that rely on APIs to access third-party services or data.
Organisations can often use the API key to monitor activity, including tracking what data is being accessed, the volume of requests and the frequency to monitor and control API usage for billing or security purposes.
For example, if you want to use the Google Maps API to display maps on your website or app, you will need to obtain an API key from Google and include it in your API requests. The API key allows Google to track your usage of their API and to control access to their maps data based on your API usage limits.
Obviously if the API is being abused in anyway, whether fraudulent, malicious or excessive, the organisation can then restrict the amount of calls, block the certain request or completely revoke the API key.
Essentially, an API key is like a password that enables access to certain API endpoints or features. It is typically provided by the API provider to developers or users who want to use the API, and it is often required to be included in API requests to authenticate and authorise the user or application making the request.
API key example #
This video explains the BigCommerce demo store signup process and demonstrates how to create an API key for it. It shows what the Store Hash is and its context within the API, along with the ClientID, Client Secret and Access Token.
BigCommerce Demo Store Configuration: #
Welcome to the BPA Platform Training – BigCommerce Demo Store Configuration video.
If you wish to learn more about BigCommerce or set up a demonstration store to learn more about BPA Platform integration a free, time limited BigCommerce trial is available.
This video will take you through the signup process and how to obtain your API credentials.
Slide Title: Signing up for a BigCommerce Account
In your browser, let’s begin by Going to this URL https://www.bigcommerce.com/essentials/free-trial/.
You will then receive an email containing your store login details. Please note that the trial period lasts for 15 days.
OK, click Tour the control panel from the email and if prompted, enter the username and password that you created earlier.
Slide Title: Get your Store Hash from BigCommerce
The BigCommerce Store Hash is a unique identifier for your store comprised of a short sequence of lower-case letters and number. It can be found in the URLs assigned to your store by BigCommerce.
It is Important to note that you will not be able to access these details again, and should you lose these token values then you will need to recreate the API account.
OK, if you are not already logged in, log into your BigCommerce Store Control Panel.
And then go to Advanced Settings > API Accounts.
Click the Create API Account button.
And select Create V2/V3 API Token.
Give the API account a friendly name and take note of the API path.
The API Path will be displayed in this format:
https://api.bigcommerce.com/ stores/abcde12345/v3/
abcde12345 is the store hash.
Under OAuth Scopes, set all options to give full permission for our demo environment.
Scroll to the bottom of the page and then click Save.
If you are using Chrome, Firefox or Edge, a text file containing the API token and client ID should have downloaded automatically to your computer. You will need these tokens later on.
The token credentials will also be shown in the browser as a secondary measure.
Now click ‘done’.
Slide Title: Viewing your BigCommerce Demo Store
Once the initial setup is complete, you can view your demo store that is pre-populated with products to test.
And that’s it for this video, we have looked at setting up your BigCommerce Demo Store, Obtained the Store Hash and required API information and viewed the Demonstration Store.
Thanks for watching