API Keys
Authentication credentials for the Cimplify API. Create keys at app.cimplify.io/settings/developer.
Key format
curl
# {type}_{environment}_{random}
pk_live_abc123... # Public key, production
pk_test_xyz789... # Public key, sandbox
sk_live_def456... # Secret key, production
sk_test_ghi012... # Secret key, sandboxPublic vs Secret keys
| Type | Prefix | Where | Access |
|---|---|---|---|
| Public | pk_ | Browser / SDK | Read catalogue, manage cart, customer auth |
| Secret | sk_ | Server only | Full API access based on scopes |
Secret keys must never appear in client-side code, git repos, or browser bundles.
Usage
Browser (public key)
import { createCimplifyClient } from "@cimplify/sdk";
const client = createCimplifyClient({
publicKey: "pk_live_abc123",
});Server (secret key)
curl https://api.cimplify.io/v1/businesses/{id}/orders \
-H "X-API-Key: sk_live_your_secret_key"Scopes
Assign granular permissions when creating secret keys.
| Scope | Permissions |
|---|---|
catalogue.view | Read products, categories, variants, add-ons |
catalogue.manage | Create, update, delete catalogue items |
orders.view | Read orders and order history |
orders.manage | Create, update, cancel orders |
customers.view | Read customer profiles |
customers.manage | Create, update, delete customers |
inventory.view | Read stock levels and batches |
inventory.manage | Update stock, transfers, counts |
payments.view | Read payment records |
payments.manage | Process payments, refunds |
* | All permissions (full access) |
Rate limits
| Key Type | Limit |
|---|---|
| Secret (live) | 1,000 req/min |
| Secret (test) | 100 req/min |
| Public | 60 req/min |
Rate limit headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640000000