The Pack API uses API keys to authenticate your requests. There are two types of API keys: publishable and secret.
Publishable API keys provide unauthenticated access to your storefront to fetch public resources such as products, groups, and bundles, they aren’t secret. They can safely be published in your front-end code.
Secret API keys should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Backpack without restriction.
You can view your API keys by:
Going to your Pack Admin.
In the left sidebar click on Settings > Developer.
Your keys will be in the API Keys table.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
Authentication to the API is performed via bearer auth. Provide your API key as an Authorization header:
-X POST \
-H "Content-Type: application/json"\
-H "Authorization: Bearer <Replace this with your API Key>"\