Authentication

The Storeep API uses Bearer tokens for authentication. Include your access token in the Authorization header of every request.

Creating an Access Token

Open your dashboard
Log in to your Storeep account and navigate to Settings → Access tokens.
Create a new token
Click Create new token, give it a name, select the permissions you need, and optionally set an expiration date.
Copy and store securely
The token is only shown once. Copy it immediately and store it in a secure location.

Important: Treat your access tokens like passwords. Never expose them in client-side code, public repositories, or logs.

Using the Token

Include the token in the Authorization header using the Bearer scheme:

cURL

curl -X GET https://api.storeep.com/v1/products \
  -H "Authorization: Bearer 550e8400-e29b-41d4-a716-446655440000"

JavaScript (fetch)

const response = await fetch("https://api.storeep.com/v1/products", {
    headers: {
        "Authorization": "Bearer YOUR_ACCESS_TOKEN"
    }
});

const data = await response.json();

PHP (cURL)

$ch = curl_init("https://api.storeep.com/v1/products");

curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Authorization: Bearer YOUR_ACCESS_TOKEN"
]);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
$data = json_decode($response, true);

Python (requests)

import requests

response = requests.get(
    "https://api.storeep.com/v1/products",
    headers={"Authorization": "Bearer YOUR_ACCESS_TOKEN"}
)

data = response.json()

Token Format

Access tokens are UUIDs in the format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. The API validates this format, malformed tokens are rejected with a 401 response.

Data Access Control

Each token has a data access setting that restricts how far back the token can read your data. This protects your historical data when sharing tokens with third-party services.

Last 24 hours (default) — the token can only access data created within the last 24 hours. This is a rolling window, the cutoff moves forward in real time.
Set start date — the token can access data created on or after the specified date.
All time — no restriction. The token can access all historical data.

Tip: Use "Last 24 hours" when connecting third-party apps. This way, if a third party is compromised, they can only see the most recent data, not your full history.

Token Expiration

When creating a token, you can choose:

Never expires — the token remains valid until manually deleted.
Custom date — the token stops working after the specified date, returning a 401 error with the message access token has expired.

Error Responses

Status	Error	Cause
`401`	`authorization header is missing`	No `Authorization` header in the request.
`401`	`access token format is invalid`	Token does not match UUID format.
`401`	`access token is invalid`	Token not found in the database.
`401`	`access token has expired`	Token expiration date has passed.
`403`	`insufficient permissions, requires: <permission>`	Token lacks the required permission for the endpoint.