Skip to main content

🔑 Managing and Using API Keys

To use the Randmar API, your application must authenticate by providing a secure API key. This key proves your identity and authorizes your system to access your data. This guide will walk you through generating, using, and managing your API keys.

Step 1: Generate a New API Key ✨

You must first create a key, which consists of a Key Name and a Key Secret.

The assistant is a fast and easy way to create a key.

Example Prompt:

"Create a new API key named 'My-ERP-Integration'"

The assistant will generate the key and provide you with the Key Secret.

Important

The Key Secret is shown only once upon creation. You must copy and store it in a secure password manager or system vault immediately. If you lose the secret, you will need to delete the key and create a new one.

Using the Partner Dashboard

  1. Navigate to the "API & Integrations" section in your Partner Dashboard.
  2. Click "Generate New Key".
  3. Provide a descriptive name for your key (e.g., "Shopify Connector," "Internal Reporting Tool").
  4. Click "Generate." The portal will display your Key Name and Key Secret.

Step 2: Authenticate and Get a Bearer Token 🎟️

The Randmar API uses the standard OAuth 2.0 Client Credentials flow. This means you exchange your long-term API Key for a short-term Bearer Token.

Your Key Name is your client_id and your Key Secret is your client_secret.

To get a token, make an HTTP POST request to our token endpoint:

Token URL: https://auth.randmar.io/connect/token

Example Request using cURL:

curl -X POST https://auth.randmar.io/connect/token \
  -d client_id="YOUR_KEY_NAME" \
  -d client_secret="YOUR_KEY_SECRET" \
  -d grant_type="client_credentials"

You will receive a JSON response containing your temporary access token:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsI...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Step 3: Make API Requests ➡️

Include the access_token you received in the Authorization header of every API request you make, prefixed with "Bearer ".

Example Request using cURL:

curl -X GET "https://api.randmar.io/V4/Partner/{yourApplicationId}/Products" \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsI..."

These tokens are temporary. When a token expires, simply repeat Step 2 to request a new one.

Performance & Compression 💨

To ensure fast response times for large data sets, some API endpoints (like those that return product catalogs) send back compressed data. Our API uses Gzip compression.

Most modern HTTP clients and libraries will handle this automatically. If you're using a tool like cURL, it will decompress the response for you. Just be aware that if you're using a more basic tool, you might need to handle the Gzip decompression yourself!

Managing Your Existing Keys 🗂️

Over time, you may need to manage your keys.

Using the Randmar Assistant

  • To see your keys: "List all my API keys"
  • To delete a key: "Delete the API key named 'Old-System-Key'"

Using the Partner Dashboard

The "API & Integrations" section of the dashboard lists all of your existing keys. From this screen, you can Delete keys that are no longer in use.

What's Next?

Now that you know how to authenticate with the API, you may want to learn how to monitor its health and status.