Authentication

All merchant API endpoints are authenticated using an API key.

API Key

Your API key is provided when your merchant account is created. Include it in every request using the X-Api-Key header:

bash

curl -X POST https://api.skinslink.com/api/v1/merchant/inventory \
  -H "X-Api-Key: your-api-key" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Important

Do not use the Authorization: Bearer scheme — use X-Api-Key directly.
Never expose your API key in client-side code. All API calls should be made from your backend server.

Regenerating Your Key

If your API key is compromised, contact your account manager or use the merchant dashboard to regenerate it. The old key will be immediately invalidated.

Rate Limits

Currently there are no strict rate limits, but we recommend:

Inventory requests: Max 1 request per user per 5 seconds (inventory fetching is resource-intensive)
Status polling: Max 1 request per second per deposit

Excessive usage may result in temporary throttling.

Response Format

All API responses follow a consistent envelope:

json

{
  "success": true,
  "message": "Description of what happened",
  "data": { ... }
}

Error responses:

json

{
  "success": false,
  "message": "Error description"
}

Authentication ​

API Key ​

Regenerating Your Key ​

Rate Limits ​

Response Format ​

Authentication

API Key

Regenerating Your Key

Rate Limits

Response Format