Authentication

Every request to the Flowkiwi APIs is authenticated with an OAuth 2.0 bearer token, sent as:

Authorization: Bearer <token>

There are two ways to get one.

User token

A user token authenticates you as a partner - the same identity you have when you sign in to the partner app. Use it to explore the API and to follow the guides.

You don’t need to leave the docs to get one: on any endpoint page, the Access token field in the right-hand panel has a Log in with Flowkiwi button. Sign in once and your token is filled in automatically on every endpoint page and substituted into the {token} placeholder of every cURL example. You can also paste a token by hand into that field.

Treat it like a password

A user token grants access to your account. Don’t share it, commit it, or paste it into untrusted tools. It is short-lived and tied to your session.

Ready to try it? Head to the reference:

• Product Management API - products, variants, options, collections and channel-aware pricing.
• Identity API - organizations, instances and members.

Integration token (machine-to-machine)

For production, server-to-server access you’ll use an integration instead of a personal user token: an integration carries its own credentials (a client id and secret) that you exchange for a token, independent of any one partner’s session.

Coming next

Integration credentials and the machine-to-machine token exchange are being documented next. For now, use a user token.