This FAQ article covers common questions and concerns regarding the API Authentication alert displayed in stores using the API feature. These are intended to help you feel at ease with this change an provide you with next steps. If you need any extra help, please don't hesitate to reach out to our support team!
What are my next steps?
Reach out to whoever manages your store's software integrations or IT and ask them to review how their tools are connecting to your store's APIs.
You can send them this exact message:
Action Required: Security Update to API Authentication for OrderMyGear Company Stores
To align with industry security best practices, OrderMyGear Company Stores are deprecating API key authentication via URL query parameters (e.g. https://subdomain.mybrightsites.com/api/v2.7.0/orders?token=your_api_token).
What's changing: API keys must now be passed exclusively via the custom HTTP header:X-Application-Token: <API_KEY>. Passing keys in the request URL will no longer be supported after September 1st, 2026. Please update your integrations to avoid service disruption.
Don't worry about memorizing those technical terms - your tech team or software provider will know exactly what this means!
Does this update affect me or my stores?
If you are seeing the alert in your portal, it means your store has the API feature enabled, so you will want to double-check your connections.
The easiest way to find out is to show this notice to your tech team or integration providers. They will be able to confirm if their API integration with Company Stores is using the updated authentication method. If it is, no action is required!!
Did any of my stores stop working?
Nothing is broken right now. This is a safety upgrade, not a breakdown. We are simply updating the locks to ensure your store's data stays completely locked down and secure.
Do I have to update my integrations today?
This change doesn't go into effect until September 1st, so you have plenty of time to get this squared away. That said, you can also make this change any time before September 1st - whatever works best for you!
Can OMG tell me who I need to connect with to get this fixed?
Unfortunately, because of how API tokens work, our system can only see there is an API token, not who is using it.
Are my API tokens changing?
Nope! Your current active API tokens will stay the same. We are just making the way they they are used safer.
Do I or my team need to make code adjustments?
Probably not. If you aren't a developer, all you have to do is pass the message along to your integrations team or provider that is integrating with the Company Stores APIs (common examples include warehouses, ERP systems, middleware like Zapier, or internal tooling).
Comments
0 comments
Article is closed for comments.