POST /custom/tokens
Generate a new API token for a custom storefront domain.Authentication
Requires Bearer token (auth:customer_api).
Headers
Body Parameters
Available Permissions
Example Request
Response
Success (200)
Error Responses
Token Expiry
GET /custom/tokens
List all tokens for the authenticated customer’s store.Authentication
Requires Bearer token (auth:customer_api).
Headers
Example Request
Response
Success (200)
The raw token value is never returned in list responses. Only metadata is shown.
DELETE /custom/tokens/
Revoke (deactivate) a token.Authentication
Requires Bearer token (auth:customer_api).
Path Parameters
Example Request
Response
Success (200)
Error Responses
GET /custom/tokens//stats
Get usage statistics for a specific token.Authentication
Requires Bearer token (auth:customer_api).
Path Parameters
Example Request
Response
Success (200)
Error Responses
POST /custom/tokens/validate
Validate a custom storefront token. This is a public endpoint that does not require Bearer authentication.Authentication
None required. The token to validate is passed in the request body.Headers
Body Parameters
Example Request
Response
Valid Token (200)
Error Responses
For production tokens, the
Origin or Referer header of the request must match the domain registered with the token. Development tokens skip this check.GET /custom/tokens/permissions
Get the permissions and metadata for a token identified by theX-Custom-Token header. This is a public endpoint.
Authentication
None required. Pass the token via theX-Custom-Token header.

