Yotpo uses tokens to authenticate and authorize an account. Tokens are generated by an API call that uses the store ID and client secret.

  • In non-public API calls, a token is required to ensure private account data is accessible only to authorized users.
  • Requests should authenticate with Yotpo by including the request header X-Yotpo-Token: {token}, where {token} is replaced by the generated token.
  • The token is generated using an API call. See the Generate a utoken endpoint.
  • If a request fails to authenticate, a HTTP 401 response code will be returned.