Authentication

Every request to the ShopiMind API must be authenticated with an API key, passed in the spm-api-key header of each request.

Get your API key

1. Sign in to your ShopiMind dashboard at my.new.shopimind.com.
2. Open Shop settings → API access.
3. Generate a new key, then copy it immediately — it won't be shown in full again afterwards.

A key is scoped to a single shop. If you manage multiple shops on ShopiMind, each one has its own keys and permissions.

Confidentiality

An API key grants access to your ShopiMind shop data. Never expose it publicly (Git repositories, front-end code, screenshots, external sharing). If the key leaks — or you simply suspect it has — revoke it from Shop settings → API access and generate a new one.

Use the key

Pass the key in the spm-api-key header of every request.

curl -X GET 'https://core.shopimind.com/v1/contacts' \
  -H 'spm-api-key: YOUR_API_KEY' \
  -H 'Accept: application/json'

Recommended security practices

• Never store the key in source code or in a versioned repository. Use an environment variable, a .env file (gitignored) locally, and a secret manager in production (Vault, AWS Secrets Manager, GitHub Actions secrets, or equivalents).
• Limit the key's scope (coming soon). When possible, restrict its usage to your servers' IP addresses from the dashboard.
• Rotate the key regularly. Periodic rotation shrinks the exposure window in case of an undetected leak.
• Monitor activity (coming soon). Review usage logs from the ShopiMind dashboard; revoke without delay any compromised or unused key.