Create an API key
Every headless request authenticates with a key created in Settings → Headless. Keys are scoped to your shop and carry a name, optional allowed origins, and a rate limit.
Create a key
Section titled “Create a key”-
In the Kitenzo admin, open Settings → Headless.
-
Click Create API key.
-
Fill in the fields:
- Key name (required) — a descriptive label, e.g.
Production storefront. - Allowed origins (optional) — a comma-separated list of origins allowed to call the API from the browser, e.g.
https://mystore.com, https://staging.mystore.com. Leave empty to allow all origins.
- Key name (required) — a descriptive label, e.g.
-
Click Create API key. The full key is shown once in a banner — copy it immediately. Only a hash is stored, so it can’t be recovered later.
Key format
Section titled “Key format”kit_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ← live keykit_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ← test keyKeys are a prefix (kit_live_ / kit_test_) plus a 43-character random token. The admin shows only the first 12 characters (key_prefix) after creation.
Manage keys
Section titled “Manage keys”The keys table shows, per key: name, key prefix, allowed origins (or “All origins”), status (Active / Inactive, plus a Test badge), created date and last used date.
- Revoke a key — click Delete. This deactivates it (
is_active = false); any integration using it stops working immediately. There’s no undo — create a new key if needed. - Editing — allowed origins can’t be edited after creation. To change them, delete the key and create a new one.
Use the key
Section titled “Use the key”Send it as a Bearer token on every request:
curl https://live.bb.eight-cdn.com/api/headless/v1/bundles \ -H "Authorization: Bearer kit_live_…"Or pass it to the SDK:
import { KitenzoClient } from '@kitenzo/core';const client = new KitenzoClient({ apiKey: 'kit_live_…' });