Skip to main content

Documentation Index

Fetch the complete documentation index at: https://appstleinc-aeca3e0a.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Every Admin API request must include an API key. You generate keys in your Appstle dashboard — they are never transmitted over the wire in full after creation, so store them securely as soon as you create them.
API keys are server-side only. Never include them in client-side JavaScript, mobile app source code, public repositories, or any environment where end users could inspect them.

Creating an API key

1

Open API Key Management

Log in to your Appstle admin panel and navigate to Settings → API Key Management.
2

Create a new key

Click Create New Key and give it a descriptive name that identifies the integration it belongs to — for example, Zapier Integration or Mobile App.
3

Copy the key immediately

The full key value is shown only once. Copy it now and store it in a secure location such as a secrets manager or environment variable store. You cannot retrieve it again after closing this dialog.
4

Add the key to your integration

Set the key as an environment variable in your server environment and read it at runtime. Never hard-code it in source files.
Create one key per integration rather than sharing a single key across systems. This lets you revoke access for one integration without disrupting the others.

Sending the API key

Include the key in the X-API-Key request header on every Admin API call: 
curl -H "X-API-Key: apst_your-api-key-here" \
  "https://subscription-admin.appstle.com/api/external/v2/subscription-customers/valid/12345"
API keys use the apst_ prefix. Existing legacy keys (created before the prefix was introduced) continue to work without any migration.

Query parameter alternative

You can also pass the key as a query parameter, though header-based authentication is recommended: 
https://subscription-admin.appstle.com/api/external/v2/...?api_key=apst_your-api-key-here

Managing keys

From Settings → API Key Management you can:
ActionHow
CreateClick “Create New Key”. Up to 10 active keys per store.
TrackEach key shows a last-used timestamp so you can identify stale keys.
RevokeClick the revoke button on any key to instantly disable it. Other keys are unaffected.
RotateCreate a new key first, update your integration to use it, then revoke the old key. This avoids downtime.
Each store can have up to 10 active API keys. If you need to create an 11th key, revoke an unused existing key first.

Partner integration keys

If you are building a product that connects to Appstle on behalf of multiple merchants — for example a helpdesk, CRM, automation platform, or AI agent — you can apply for a Partner Key. Partner integrations use two headers:
HeaderValuePurpose
X-API-KeyMerchant’s API keyIdentifies which store to act on
X-App-KeyYour partner keyIdentifies your application
curl -H "X-API-Key: apst_merchant-api-key" \
     -H "X-App-Key: your-partner-key" \
     "https://subscription-admin.appstle.com/api/external/v2/subscription-customers/valid/12345"
How the partner key flow works:
1

Apply for a partner key

Email support@appstle.com with your company name, product description, and expected API call volume per merchant. Partner keys are typically provisioned within 1–2 business days.
2

Receive your X-App-Key

Appstle provisions a dedicated X-App-Key for your application. This key is the same across every merchant that uses your integration — keep it secret.
3

Merchants connect to your integration

When a merchant wants to use your product, they create a dedicated API key in their Appstle dashboard (named after your integration) and paste it into your integration settings.
4

Send both headers on every request

Your application sends X-API-Key (the merchant’s key) and X-App-Key (your partner key) together with every request.
Partner integrations bypass the paid API plan requirement — merchants using your integration do not need their own Appstle API subscription to access your product’s features.

Storefront API authentication

The Storefront API does not use API keys. Instead, it relies on a customer’s active Shopify session (the customer must be logged in to the storefront). Requests are routed through Shopify’s App Proxy, which handles authentication automatically. See the Storefront API reference for details.