API Authentication - Sticker Partner Integration

Overview

Sticker uses simple API key authentication for secure partner integration.

API Key Authentication

Include your Partner API Key in the Authorization header of every request:

Authorization: Bearer sk_test_your_api_key_here

Example Request

curl -X POST https://api.staging.usesticker.com/v1/partner/organization-setup \
  -H "Authorization: Bearer sk_test_abc123def456..." \
  -H "Content-Type: application/json" \
  -d '{"organization": {...}}'

API Key Types

Live Keys

Format: sk_live_...Use in production for real orders

Test Keys

Format: sk_test_...Use in sandbox for testing

Making API Requests

All API requests simply require your API key in the Authorization header:

const response = await fetch('https://api.staging.usesticker.com/v1/partner/handshake', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.STICKER_SANDBOX_API_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify(requestData)
});

Authentication Errors

{
  "error": "Invalid API key",
  "code": "INVALID_API_KEY"
}

Security Best Practices

Secure Key Storage

Store API keys in environment variables
Use secrets management systems
Never commit keys to version control
Rotate keys regularly
Never expose keys in client-side code

Transport Security

Always use HTTPS
Validate SSL certificates
Use TLS 1.2 or higher
Implement certificate pinning for mobile apps

Request Validation

Validate all input data before sending
Implement rate limiting to prevent abuse
Log all API requests for audit trails
Monitor for suspicious activity

Testing Authentication

Test with a simple request:

curl https://api.staging.usesticker.com/v1/health \
  -H "Authorization: Bearer sk_test_your_sandbox_key"

Expected response:

{
  "status": "healthy",
  "version": "1.0.0",
  "authenticated": true
}

API Reference

​Overview

​API Key Authentication

​Example Request

​API Key Types