KanalKanal API
Getting started

Authentication

How to create an API key and authenticate your requests.

Every request is authenticated with a Bearer API key sent in the Authorization header:

Authorization: Bearer 8fK2pX9mWq4Ld7Vb3Nc6Ts1Z

The key is a 24-character token. There is no prefix — send it exactly as shown in the app.

Creating an API key

API keys are managed from the Kanal app:

  1. Go to Settings → API Keys.
  2. Click Add API key, give it a name (e.g. production-shop), and Create.
  3. The key is shown once in the "Store your new API key" dialog. Copy it immediately into a password manager or your secrets store — you won't be able to view it again.

You can create several keys, see them in the My API keys table, and delete any key at any time (deletion is immediate and irreversible).

Keep keys server-side. Never ship them in a browser, mobile app, or any client the customer controls. If a key leaks, delete it in Settings → API Keys and create a new one.

Your store_id

Every endpoint path contains a numeric {store_id}. It identifies which store the data belongs to. Ask your Kanal contact for the store_id matching your shop if you don't have it.

Store authorization

A request is authorized when the key's team owns the store in the URL (keys created from Settings → API Keys are team-wide). Keys can also be restricted to a single store by Kanal — in that case they only work for that one store_id.

Any other combination returns 403, so a key can never write data to a store outside its team.

Auth failure modes

SituationStatusBody
No Authorization header401{ "error": "API key is missing" }
Unknown / deleted key401{ "error": "Invalid API key" }
Valid key, not authorized for this store403{ "error": "API key does not authorize this store" }
store_id unknown or store paused404{ "error": "Store not found or paused" }

See Errors for the full reference.

Verifying your setup

The cheapest authorized call is a customer upsert. A 2xx confirms the key, the store, and the authorization are all correct:

curl -X POST https://api.getkanal.com/api/v1/stores/123/customers \
  -H "Authorization: Bearer 8fK2pX9mWq4Ld7Vb3Nc6Ts1Z" \
  -H "Content-Type: application/json" \
  -d '{ "phone": "+33612345678", "first_name": "Test" }'

On this page