Authentication

All requests to the Pixee PIM API must be authenticated. The API supports two authentication methods: API keys (recommended for integrations) and JWT Bearer tokens (for user sessions).

API keys

API keys are long-lived credentials prefixed with pm_live_ (production) or pm_test_ (test). You can create and manage them in your account settings.

Never share your API key or commit it to source control. Keys are hashed at rest — the raw value is only shown once at creation. If a key is compromised, rotate it immediately.

Using an API key

Pass the key as a Bearer token in the Authorization header on every request:

Authenticated request

curl https://api.pixeepim.com/api/v1/products \
  -H "Authorization: Bearer pm_live_abc123..."

API key scopes

Each key is restricted to a set of scopes:

Scope	Access
`products:read`	Read products and catalog data
`products:write`	Create and update products
`imports:read`	View import jobs and logs
`imports:write`	Start and manage imports
`exports:read`	View export jobs
`exports:write`	Create and download exports
`windev:read` / `windev:write` / `windev:sync`	WinDev integration access

Creating an API key

Log in at pixeepim.com.
Navigate to Settings → API Keys.
Click Create API Key, enter a descriptive name and select the required scopes.
Copy the key immediately — it won't be shown again.

Rotating a key

Rotate an API key

curl -X POST https://api.pixeepim.com/api/v1/keys/{key_id}/rotate \
  -H "Authorization: Bearer pm_live_abc123..."

The old key is invalidated immediately and a new one is returned.

JWT Bearer tokens

User sessions use short-lived JWT tokens (valid for 120 minutes by default). Obtain a token via the login endpoint:

Login

curl -X POST https://api.pixeepim.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "••••••••"}'

Response

{
  "access_token": "eyJhbGc...",
  "token_type": "bearer"
}

Use the token in the Authorization header just like an API key:

curl https://api.pixeepim.com/api/v1/products \
  -H "Authorization: Bearer eyJhbGc..."

To refresh an expiring token:

Refresh token

curl -X POST https://api.pixeepim.com/api/v1/auth/refresh \
  -H "Authorization: Bearer eyJhbGc..."

Multi-tenant context

If your account manages multiple tenants, scope a request to a specific tenant with the X-Tenant-ID header:

Request with tenant context

curl https://api.pixeepim.com/api/v1/products \
  -H "Authorization: Bearer {api_key}" \
  -H "X-Tenant-ID: {tenant_id}"

Without this header, the request operates on your default account context.

Error responses

Status	Meaning
`401 Unauthorized`	Missing, invalid, or expired credential
`403 Forbidden`	Valid credential but insufficient scope or permissions
`423 Locked`	Account locked after too many failed login attempts

See the Errors guide for the full error format.