Authentication
All Partner API requests require two credentials: a Partner Key and a Developer Key, both sent as HTTP headers.
Credentials
| Credential | Description | Header |
|---|---|---|
| Partner Key | Identifies the partner integration | x-api-key |
| Developer Key | Authenticates the developer/application | Authorization |
Partner Key
The Partner Key is sent via the x-api-key HTTP header:
x-api-key: YOUR_PARTNER_KEY
Both x-api-key and X-API-Key are accepted.
Developer Key
The Developer Key is sent via the Authorization HTTP header:
Authorization: YOUR_DEVELOPER_KEY
Consumer User Context (Optional)
Some endpoints support or require a Consumer UID (cuid) to operate in the context of a specific consumer user. This is sent as a header or query parameter:
cuid: CONSUMER_USER_ID
Endpoints that require cuid are marked in their documentation.
Example Request
curl -X GET \
"https://api.partners.blaze.me/api/v1/partner/store" \
-H "x-api-key: YOUR_PARTNER_KEY" \
-H "Authorization: YOUR_DEVELOPER_KEY" \
-H "Content-Type: application/json"
Permissions
Partner Keys can have different permission levels that control what actions are allowed:
| Permission | Description |
|---|---|
NORMAL | Standard access to read and write operations |
ACCEPT_MEMBER | Ability to accept/approve consumer user accounts |
PERFORM_RECONCILIATION | Ability to create and manage reconciliation requests |
AUTO_APPLY | Automatic promotion application |
RETRIEVE_PROMOTION_PRODUCTS | Access to promotion product listings |
READ_SMART_COLLECTIONS | Access to smart collection data |
UNASSIGNED_ADD_MEMBER_TO_QUEUE | Ability to add members to queue without employee assignment |
If a request requires a permission that your Partner Key does not have, you will receive a 403 Forbidden response.
Store Context
Most endpoints operate within the context of a specific store, which is determined by the Developer Key. The Developer Key is associated with a specific Company and Shop. Ensure your keys are configured for the correct store before making requests.