Authentication

The headless API uses API key + secret authentication to issue short-lived JWT tokens.

Creating an API key

1. Open the SimplerSuite Wishlist dashboard in your Shopify admin
2. Go to Settings → API Keys
3. Click Create API Key
4. Copy the Key ID and Secret — the secret is only shown once

Getting a token

Exchange your API key for a JWT token:

curl -X POST https://api.simplersuite.co/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "key_abc123",
    "api_secret": "sk_your_secret_here"
  }'

Response:

{
  "ok": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "expiresIn": 3600
  }
}

The token is valid for 1 hour.

Using the token

Pass the token in the Authorization header on all API requests:

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  https://api.simplersuite.co/v1/wishlists/12345

Caution

Never expose your API secret in client-side code. Use it in server-side data loaders (Hydrogen loader, Next.js getServerSideProps, Remix loader) or serverless functions.

Base URL

All API endpoints are relative to:

https://api.simplersuite.co/v1

Rate limits

Endpoint type	Limit
Storefront (App Proxy)	60 requests/minute per IP
Admin API	120 requests/minute per API key

When rate limited, the API returns 429 Too Many Requests with a Retry-After header.