PrintNowPrintNowDocs

Authentication

HTTP Basic Authentication with token/key pairs for the PrintNow Enterprise API.

The Enterprise API uses HTTP Basic Authentication. Every request must include an Authorization header with a Base64-encoded token/key pair. Tokens and keys are generated in the Unified Admin under Settings > API Keys.

How It Works

  1. In the Unified Admin, go to Settings > API Keys and click Generate token. This creates a Token (hex string) and a Key (derived from the token via multiple rounds of SHA-256).
  2. Combine the token and key with a colon separator: token:key
  3. Base64-encode the combined string.
  4. Include it in the Authorization header of every API request.
curl -X GET https://api.printnow.com/api/v2/ping \
  -H "Authorization: Basic $(echo -n 'YOUR_TOKEN:YOUR_KEY' | base64)"

Most HTTP clients and libraries handle Basic Auth natively. For example, with cURL you can use the -u shorthand:

curl -X GET https://api.printnow.com/api/v2/ping \
  -u "YOUR_TOKEN:YOUR_KEY"

Validation Steps

When the API receives a request, it performs these checks in order:

  1. Credentials present -- The Authorization header must contain a valid Basic Auth parameter. Missing or malformed credentials return 401 Unauthorized.
  2. Key derivation -- The key must be the correct SHA-256 derivation of the token. Invalid pairs return 401 Unauthorized.
  3. Token lookup -- The token must exist in the database, be marked as active, and not be deleted. Invalid tokens return 401 Unauthorized.
  4. HTTPS enforced -- Requests must use HTTPS. Plain HTTP requests from non-local origins return 401 Unauthorized.
  5. License tier -- The license associated with the token must meet the minimum tier for the endpoint (Enterprise for most endpoints, BusinessPlus for Ping and PIPO). Insufficient licenses return 401 Unauthorized.

Scope

API tokens are scoped to your license, not to individual storefronts. A single token/key pair grants access to all storefronts under that license. Use the Storefronts endpoints to discover available storefronts and filter data by storefront ID.

You can generate up to 5 active API key pairs per license. Use separate pairs for different integrations so you can revoke one without affecting others.

Zapier Bypass

Requests with a Zapier User-Agent string bypass the license tier check. This allows Zapier integrations to function on licenses below the Enterprise tier. All other validation steps still apply.

Error Responses

All authentication failures return 401 Unauthorized with a descriptive message:

MessageCause
Authorization credentials missing.No Authorization header or empty parameter.
Invalid key or token.Malformed credentials, incorrect key derivation, or token not found in database.
Invalid scheme, please use https.Request sent over HTTP instead of HTTPS.
License doesn't allow this api call.License tier is below the endpoint's minimum requirement.
  • API Keys — generate and manage token/key pairs in the admin UI
  • Enterprise API Overview — getting started guide and list of all available endpoints
  • Zapier — uses these same API credentials and bypasses license tier checks

Ping

Health-check endpoint to verify API credentials are working correctly.

Customers

Create, retrieve, update, delete, and transfer customer accounts via the Enterprise API.

On this page

How It WorksValidation StepsScopeZapier BypassError ResponsesRelated Pages