Skip to main content
The Smile API uses HTTP Bearer Authentication (also known as token authentication) to authenticate requests. API requests are always made on behalf of a specific store/merchant/account, however the bearer value you supply depends on the entity that is making the API request:
  • Merchants - Use an API key.
  • Apps - Use the OAuth Access Token you received after the merchant completed OAuth.
Once you’ve located your token value, supply it within an Authorization header of the request. These secret keys and tokens carry many privileges, so be sure to keep them a safe. Do not use or include them in publicly accessible areas such as mobile application binaries, client-side code, or in GitHub repositories. Only make API calls that include these secrets from secured backend code. All API requests must be made over HTTPS. 
curl --location 'https://api.smile.io/v1/' \
  --header 'Authorization: Bearer api_cnzGMghxTmPzK1sp' \