Authentication - SureBright Documentation

Overview

The SureBright API uses a private API key for authenticating requests to secure endpoints. This key must be included in the request header using the X-SureBright-Access-Token field. You can view and manage your API key through the SureBright Merchant Portal under Account Settings.

🔒 Important:Your API key grants privileged access—treat it as sensitive information. Never expose your API key in public repositories (e.g., GitHub) or embed it in client-side code.

All API requests must be made over HTTPS. Requests sent over plain HTTP will be rejected. Authentication is required only for secure endpoints, such as those involving order details, claims, and other sensitive merchant or customer data. Public or non-sensitive endpoints may not require authentication.

Type	API key
Header Parameter Name	X-SureBright-Access-Token

Example Request

Sandbox Environment

curl -X POST \
 https://{HOST_NAME}/platform/api/v1/order \\
  -H 'Accept: application/json' \\
  -H 'Content-Type: application/json' \\
  -H 'X-SureBright-Access-Token: {sandbox access token}'

Required Credentials

The following values will be provided as part of the SureBright Integration Kit for both staging and production environments:

storeId
X-SureBright-Access-Token
HOST_NAME

​Overview

​Example Request

​Sandbox Environment

​Required Credentials

Overview

Example Request

Sandbox Environment

Required Credentials