API and integrations
Generating your API key
API keys are created in account settings, shown once, and stored server-side as hashes.
Quick answer
API keys are created in account settings, shown once, and stored server-side as hashes.
What this means
Use this when you are one of the operators and developers automating Storeshift workflows. The goal is simple: understand what Storeshift changes, what Shopify will import, and what you should review before a real catalog update.
Plain-English rule: do the smallest safe action first, inspect the result, then scale up. That means preview before full run, sample import before full import, and review before publishing.
Before you change a live Shopify catalog, check product titles, body copy, image order, variant options, prices, handles, SKUs, SEO fields, and any warnings shown on the run page.
Simple checklist
- 01Create an API key for one integration, store it securely, and rotate it when needed.
- 02Use webhook signatures before trusting run-ready or run-failed events.
- 03Test automation in sandbox or preview flows before connecting it to real catalog imports.
Common mistakes to avoid
- Putting raw API keys in client-side code or shared spreadsheets.
- Trusting webhook payloads without checking the HMAC signature.
- Automating full catalog changes before the preview and review steps are proven.