Skip to content
Vender.cloud logo Vender.cloud
Start Trial

API Authentication

The Vender.cloud API uses Bearer token authentication. Every request must include an Authorization header with a valid token.

Quick Start

Generate an API key from Admin → Developer Settings → API Keys, then send it as a Bearer token in every request.

Step 1: Generate an API Key

  1. Log in to your Vender.cloud admin panel.
  2. Navigate to Developer Settings in the sidebar.
  3. Click "Create API Key".
  4. Enter a label (e.g., "Integration — ERP sync") and select the permissions this key needs.
  5. Optionally set an expiration date.
  6. Copy the generated token immediately — it is shown only once.

Step 2: Use the Token

Include the token in the Authorization header of every API request: 

curl -H "Authorization: Bearer vndr_abc123_YourSecretTokenHere" \
  https://api.vender.cloud/api/products

Token Format

API keys use the prefix vndr_ followed by a lookup ID and a secret, separated by underscores.

Step 3: Permission Scoping

Each API key has a scoped set of permissions. Only grant the minimum permissions required for the integration. Available permission groups include:

Permission Group Scope
products.*View, create, update, delete products
orders.*View, create, update, delete sales orders
customers.*View and manage customer accounts
inventory.*View and update stock levels
reports.*View reports and analytics
settings.*View and update company settings

Token Lifecycle

Rotation

Rotate a token when you suspect it has been compromised or as a routine security practice. Rotation generates a new secret while keeping the same key record. The old token is immediately invalidated.

Revocation

Revoke a token to disable it without deleting the record. Revoked tokens cannot be reactivated.

Expiration

Tokens can optionally be set to expire at a specific date and time. Expired tokens are automatically rejected. Set an expiration during creation or rotation.

Error Responses

StatusCodeMeaning
401UNAUTHORIZEDMissing or invalid token
403FORBIDDENToken lacks the required permission
401TOKEN_EXPIREDToken has passed its expiration date
401TOKEN_REVOKEDToken has been revoked

Code Examples

JavaScript / TypeScript

// Using the auto-generated @vender/api SDK
import { listProducts } from '@vender/api';

const { data, error } = await listProducts({
  headers: {
    Authorization: `Bearer ${API_KEY}`,
  },
});

Python

import requests

API_KEY = "vndr_abc123_YourSecretTokenHere"
BASE_URL = "https://api.vender.cloud/api"

response = requests.get(
    f"{BASE_URL}/products",
    headers={"Authorization": f"Bearer {API_KEY}"}
)
print(response.json())

PHP

$apiKey = "vndr_abc123_YourSecretTokenHere";
$ch = curl_init("https://api.vender.cloud/api/products");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Authorization: Bearer " . $apiKey
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
← API Reference