Menu

API Key Concepts

In this document, you’ll learn about the different types of API keys, their expiration and verification.

API Key Types#

There are two types of API keys:

  • publishable: A public key used in client applications, such as a storefront.
  • secret: A secret key used for authentication and verification purposes, such as an admin user’s authentication token or a password reset token.

The API key’s type is stored in the type property of the ApiKey data model.

API Key Expiration#

An API key expires when it’s revoked using the revoke method of the module’s main service.

The associated token is no longer usable or verifiable.

Token Verification#

To verify a token received as an input or in a request, use the authenticate method of the module’s main service which validates the token against all non-expired tokens.

Was this page helpful?
Edited Oct 7·Edit this page
Ask Anything
FAQ
What is Medusa?
How can I create a module?
How can I create a data model?
How do I create a workflow?
How can I extend a data model in the Product Module?
Recipes
How do I build a marketplace with Medusa?
How do I build digital products with Medusa?
How do I build subscription-based purchases with Medusa?
What other recipes are available in the Medusa documentation?
Chat is cleared on refresh
Line break