Skip to main content
Page type: Reference. Use this page with Unified API Reference.
The CreatorCommerce Unified API supports multiple authentication methods depending on the caller and trust boundary.

Choose the Right Authentication Mode

MethodHeaderBest for
Bearer token (JWT)Authorization: Bearer <token>Authenticated user requests and CC-managed sessions
Channel API keyx-channel-access-token: <token>Server-to-server brand or merchant workflows
Partner API keyx-partner-access-token: <token>Server-to-server partner-facing or integration workflows

Authentication Methods

Bearer Token (JWT)

Use Bearer authentication for authenticated user requests. Include the JWT token in the Authorization header: 
Authorization: Bearer <your-jwt-token>
Use this for:
  • Authenticated user requests
  • Requests from the CreatorCommerce dashboard
  • User-initiated API calls

API Key Authentication

Use API keys for server-to-server communication via the custom headers below: 
x-channel-access-token: <your-channel-token>
or 
x-partner-access-token: <your-partner-token>
Use this for:
  • Server-to-server integrations
  • Backend automation
  • Channel-specific operations

Getting Your Credentials

JWT Tokens

JWT tokens are obtained through the CreatorCommerce authentication flow. These tokens are typically short-lived and should be refreshed as needed.

API Keys

API keys are provided when you:
  • Set up a channel integration
  • Register as a partner
Contact CreatorCommerce Support to obtain API keys for your use case.

Security Rules

  • Never commit credentials to version control.
  • Keep API keys server-side only.
  • Use HTTPS for all requests.
  • Rotate keys on a regular schedule.
  • Request the minimum access needed for the workflow.
  • Monitor JWT expiration and implement refresh behavior where required.

Example Requests

Using Bearer Token

curl -X GET \
  'https://unified-api.creatorcommerce.shop/creators/collabs?myshopify_domain=example.myshopify.com' \
  -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIs...'

Using API Key

curl -X GET \
  'https://unified-api.creatorcommerce.shop/creators/collabs?myshopify_domain=example.myshopify.com' \
  -H 'x-channel-access-token: your-channel-token-here'

Error Responses

If authentication fails, you’ll receive a 401 Unauthorized or 403 Forbidden response: 
{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid or expired token"
}

Token Expiration

JWT tokens have expiration times. Monitor the token expiration and implement refresh logic. API keys typically don’t expire but can be revoked by administrators.