Skip to main content

Documentation Index

Fetch the complete documentation index at: https://appstleinc-aeca3e0a.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Every Admin API request must include a valid API key in the request header. Keys are created and managed directly in your Appstle dashboard, scoped to a single Shopify store, and can be revoked individually without affecting your other integrations.

Creating an API key

1

Open API Key Management

Log in to your Appstle admin panel and navigate to Settings → API Key Management.
2

Create a new key

Click Create New Key and give it a descriptive name that identifies the integration — for example, Klaviyo Integration, Mobile App, or Zapier Workflow.
3

Copy the key immediately

Your new key is displayed only once. Copy it now and store it in a secure location such as an environment variable or a secrets manager. You cannot retrieve the full key value again after leaving this screen.
4

Use the key in your requests

Pass the key in the X-API-Key header of every Admin API request.
Never expose your API key in client-side JavaScript, browser applications, or public source code repositories. API keys must only be used in server-side code.

Sending the API key

Include your key in the X-API-Key request header: 
curl -X GET \
  "https://membership-admin.appstle.com/api/external/v2/membership-contracts?shop=your-store.myshopify.com&customerId=12345" \
  -H "X-API-Key: apst_your-api-key-here"
You can also pass the key as a query parameter using ?api_key=apst_your-api-key-here, but the header approach is recommended for security.

Key format

All API keys use the apst_ prefix. Existing legacy keys created before this prefix was introduced continue to work without any migration required. 
apst_AbCdEfGhIjKlMnOpQrStUvWxYz123456789012

Key management

You can create up to 10 active API keys per store. Managing keys from the dashboard gives you fine-grained control over which integrations can access your membership data.
ActionHow
CreateSettings → API Key Management → Create New Key
TrackEach key displays its last-used timestamp so you can identify stale keys
RevokeClick Revoke on any individual key — other keys are not affected
RotateCreate a new key, update your integration, then revoke the old key
Create a separate API key for each integration. This way you can revoke access for a single integration without disrupting others — for example, if a third-party tool is compromised or decommissioned.

Storing keys securely

Store your API key as an environment variable and read it at runtime. Never hardcode it in your source files. 
# .env — never commit this file
APPSTLE_API_KEY=apst_your-api-key-here

// Read from environment at runtime
const apiKey = process.env.APPSTLE_API_KEY;

Authentication errors

If your request is rejected due to authentication, you will receive a 401 Unauthorized response: 
{
  "error": "Unauthorized",
  "message": "Invalid API key provided",
  "status": 401
}
Common causes:
  • The key was revoked from the dashboard
  • The key was copied with extra whitespace
  • The X-API-Key header is missing from the request
  • You are using a key that belongs to a different store

Partner integrations

If you are building a product that integrates with Appstle Memberships (a CRM, helpdesk, email platform, or automation tool), you can apply for a Partner Key. Partner integrations bypass the paid API plan requirement, making it free for merchants to use your integration. Partner authentication uses two headers: 
X-API-Key: <merchant-api-key>
X-App-Key: <your-partner-key>
The merchant provides their API key through your integration settings, and Appstle provisions your partner key once during onboarding — it is the same key for all merchants using your integration. To apply, contact support@appstle.com.
Direct API access (without a partner key) requires an active API plan. Contact support@appstle.com for pricing details.