Yotpo uses tokens to authenticate and authorize an account. Tokens are generated by an API call that uses the store ID and client secret.
- In non-public API calls, a token is required to ensure private account data is accessible only to authorized users.
- Requests should authenticate with Yotpo by including the request header X-Yotpo-Token: {token}, where {token} is replaced by the generated token.
- The token is generated using an API call. See the [Generate a utoken] (ref:yotpo-authentication) endpoint.
- If a request fails to authenticate, a HTTP 401 response code will be returned.