Authentication
Learn how to authenticate with the SellGate API using API keys
Authentication
The SellGate API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard Settings.
Getting Your API Key
Navigate to Dashboard
Go to your Dashboard at dashboard.sellgate.cc
Open API Settings
Navigate to Settings → API
Generate Your Key
Click Generate API Key and copy your new key immediately
Store Securely
Save your API key in a secure location - you won't be able to see it again!
Your API key grants full access to your store data. Keep it secure and never expose it in client-side code or public repositories.
Using Your API Key
Include your API key in the Authorization header of every request:
curl -X GET "https://api.sellgate.cc/v1/products" \
-H "Authorization: Bearer sg_live_your_api_key_here" \
-H "Content-Type: application/json"const response = await fetch('https://api.sellgate.cc/v1/products', {
method: 'GET',
headers: {
'Authorization': 'Bearer sg_live_your_api_key_here',
'Content-Type': 'application/json'
}
});
const data = await response.json();
console.log(data);import requests
headers = {
'Authorization': 'Bearer sg_live_your_api_key_here',
'Content-Type': 'application/json'
}
response = requests.get('https://api.sellgate.cc/v1/products', headers=headers)
data = response.json()
print(data)API Key Format
SellGate API keys follow this format:
sg_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxsg_- SellGate prefixlive_- Production environment indicatorxxx...- 32-character random string
Supported Authorization Formats
Both formats are accepted:
# With Bearer prefix (recommended)
Authorization: Bearer sg_live_your_api_key
# Direct key
Authorization: sg_live_your_api_keySecurity Best Practices
Environment Variables
Store API keys in environment variables, never hardcode them
Server-Side Only
Only use API keys in server-side code, never in browsers
Rotate Regularly
Regenerate your API key periodically for enhanced security
Monitor Usage
Keep an eye on your API usage for suspicious activity
Error Responses
If authentication fails, you'll receive a 401 Unauthorized response:
{
"error": "Invalid or missing API key"
}Prop
Type
Rate Limiting
The API is rate limited to 100 requests per minute per API key. Rate limit information is included in response headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per window (100) |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Seconds until the rate limit resets |
If you exceed the rate limit, you'll receive a 429 Too Many Requests response:
{
"error": "Rate limit exceeded. Maximum 100 requests per minute."
}If you need higher rate limits for your integration, please contact our support team.
Pagination
All list endpoints support pagination with these query parameters:
| Parameter | Type | Default | Max | Description |
|---|---|---|---|---|
page | integer | 1 | - | Page number |
limit | integer | 25 | 100 | Items per page |
Response metadata includes:
{
"data": [...],
"meta": {
"total": 150,
"limit": 25,
"offset": 0
}
}