API Keys
Generate and manage API token/key pairs for authenticating with the PrintNow Enterprise API.
The API Keys page lets you generate and manage authentication credentials for the PrintNow Enterprise API. Each credential consists of a Token and a Key pair that external applications use to authenticate API requests via HTTP Basic Authentication. API keys are scoped to your license and grant access to all storefronts under that license.
You can generate up to 5 active API key pairs per license. This limit ensures credential management stays controlled. Use separate key pairs for different integrations (e.g., one for your ERP system, another for a third-party order sync) so you can revoke access to a single integration without disrupting others.
View API Keys
- From your Unified Admin, go to Settings > Api Keys.
- The API keys list displays all active (non-deleted) token/key pairs for your license in a paginated AG Grid table.
- To generate a new token, click the Generate token button. The new token and key appear immediately in the grid.
- To copy a token or key, click the copy button next to the value in the Token or Key column. Use these values when configuring API integrations.
- To deactivate a key without deleting it, click the Action menu and select Toggle Active. The Active checkbox updates immediately. Deactivated keys reject API requests until reactivated.
- To delete a key, click the Action menu and select Delete. A confirmation dialog appears. Deleted keys cannot be recovered.
API Keys List Columns
| Column | Description |
|---|---|
| Id | Unique numeric identifier for the token record. |
| Token | The API token (hex string). Used as the username in HTTP Basic Authentication. Includes a copy button for easy clipboard access. |
| Key | The API key (hex string derived from the token via SHA-256). Used as the password in HTTP Basic Authentication. Includes a copy button for easy clipboard access. |
| Active | Whether the token is currently accepting API requests. Inactive tokens are rejected at authentication. |
| Action | Toggle Active (enable/disable without deleting) or Delete (permanently remove the token). |
How API Authentication Works
The PrintNow Enterprise API uses HTTP Basic Authentication with the token/key pair:
- Combine the Token (username) and Key (password) separated by a colon:
token:key - Base64-encode the combined string.
- Send it in the
Authorizationheader:Authorization: Basic <base64-encoded-credentials>
When the API receives a request, it:
- Decodes the credentials and validates the key is correctly derived from the token.
- Looks up the token in the database and confirms it is active and not deleted.
- Validates that your license tier meets the minimum required for the endpoint (most endpoints require an Enterprise license).
- Enforces HTTPS for all API requests.
After authentication, the API uses your license to determine the tenant context, so API calls can access data across all storefronts under your license.
Associations
Enterprise API
| Area | Effect |
|---|---|
| API Authentication | Token/key pairs generated here are the sole authentication method for the Enterprise API. All API endpoints require a valid, active token. |
| Webhooks | Webhook subscriptions (API Hooks) are linked to specific API tokens. Deleting a token also disables any webhooks associated with it. |
| License Scope | Tokens are scoped to your license, not individual storefronts. A single token grants API access to all storefronts under the license. |
| Token Limit | Each license allows a maximum of 5 active API tokens. Attempting to generate beyond this limit returns an error. |
| Activity Log | Token generation and deletion actions are recorded in the Activity Log for audit purposes. |
Related Pages
- Enterprise API — documentation for the API these keys authenticate against
- Activity Log — token generation and deletion are recorded for auditing