Starting February 12, access to our API will require three key elements: a valid API key, a properly set user agent, and secure communication via HTTPS. This change was first announced in December to give developers ample time to make adjustments, and we’re now approaching the enforcement date.
To check whether your current API client setup is compatible, you can test it by including the X-Api-Key-Test header in your requests. This helps ensure a smooth transition before February 12.
-
Without header (insecure):
curl -v 'http://api.spreadshirt.net/api/v1/shops/205909' -
With test header:
curl -H 'X-Api-Key-Test: yes' 'http://api.spreadshirt.net/api/v1/shops/205909'
What You Need to Do:
-
Use HTTPS for all API requests to ensure your data is securely encrypted.
-
Include a user agent header that clearly identifies your domain or application.
-
Attach your API key, preferably via the
Authorizationheader, so it is also sent securely.
Why These Changes Matter
The shift to requiring HTTPS, valid API keys, and user-agent headers isn’t just a technical formality. It’s a crucial step toward enhancing the security and reliability of our platform!
By enforcing encrypted connections through HTTPS, we ensure that data exchanged between your applications and our API remains confidential and protected.
Implementing API keys allows us to authenticate and authorize each request, ensuring that only approved applications can access specific resources. This not only safeguards our system against unauthorized usage but also helps in monitoring and managing API traffic effectively.
If you’re unsure how to implement the required headers or switch to HTTPS, our Help Center has detailed documentation and examples to guide you.
Set up your API implementation and make these needed adjusts as soon as possible for safety purposes.
