Authentication - OrderMonk

API Keys

OrderMonk uses API keys for authentication. Every request must include a valid API key in the Authorization header.

Go to API Settings

Navigate to Settings → API in your OrderMonk dashboard.

Create a new key

Click Generate New Key and configure:

Key name — A descriptive label (e.g., “Production”, “Staging”, “Webhook Server”)
Permissions — Choose the scopes this key can access
Expiration — Optional expiration date

Copy your key

Your API key will be displayed once. Copy it and store it securely.

API keys are shown only at creation time. If you lose your key, you’ll need to generate a new one.

Include the API key in the Authorization header of every request:

curl -X GET https://api.ordermonk.com/v1/products \
  -H "Authorization: Bearer om_live_abc123def456..."

Prefix	Environment
`om_live_`	Production
`om_test_`	Sandbox/Testing

Use test keys during development. Test keys access sandbox data and don’t affect your live inventory or orders.

When creating an API key, you can restrict its access:

Scope	Access
`products:read`	View products and catalog data
`products:write`	Create, update, delete products
`inventory:read`	View inventory levels
`inventory:write`	Update inventory levels
`orders:read`	View orders
`keywords:read`	View keyword data and suggestions
`keywords:write`	Act on keyword suggestions
`analytics:read`	View reports and analytics

Follow the principle of least privilege — only grant the scopes your integration actually needs.

To revoke an API key:

Revoked keys are immediately invalidated. Any requests using a revoked key will receive a 401 Unauthorized response.

Never commit API keys to version control
Use environment variables to store keys in your applications
Rotate keys periodically — generate new keys and revoke old ones
Use separate keys for production and development
Monitor usage — check API key activity in Settings → API → Usage