If you are planning to hire a developer to create a custom script, desktop application or web application integration for your Vend store they will need to gain access to your store's data via the Vend API. You can provide them with this access by creating a Personal Token. This is a unique code that grants the developer access to the data they need and allows you to manage these integrations on an individual basis.
Note: Tokens should not be used as a primary authentication mechanism for web based applications. Those applications should be using OAuth 2.0 authorisation as described in our developer documentation.
What is a Personal Token?
The Personal Token is the equivalent to a password and gives someone access to your vend account via the Vend API. While this doesn’t grant access to the sell screen it will provide the same level of access to the data as an admin user.
Important: By providing a developer with this token they will have full access to the data in your store. Make sure you send this privately and don’t publicly share the information anywhere.
How do I access it?
To create a token navigate to Setup -> Personal Tokens
Select 'Generate Personal Token'
And fill out the details below:
Token name: for this field put in a name for your reference. It is also important to make this unique to avoid any confusion if you have multiple tokens active.
Expiry date: This will be disabled by default however, if you only want the custom integration or script to be able to access your data for a limited time, you can specify a token expiry date.
Once this is done click 'Save' and copy the token to send it through to your developer(s).
If you are building multiple apps for your store it is recommended you create a token for each app.
Important: If the token you have provided a developer expires, the integration they have built will no longer work. You can extend or remove the expiry date by editing the current token or creating a new one.
How to user Personal Tokens to access the API?
Every request to sent to the Vend API needs to be authorised. The best way to do it is by adding the Authorization header, just like it's done for OAuth tokens:
Authorization: Bearer _here_goes_your_token_
In case of any questions regarding Personal Tokens or the API in general, please get in touch with our Developer Relations Team at firstname.lastname@example.org