This only applies to you if you use Printful’s API custom-made solutions for developers.
1. Why is Printful sunsetting legacy API keys?
Sunsetting the API keys is a necessary step in the Printful API development. With the change from API keys to Private Tokens and Public Apps, we are making our API:
- Secure—By using OAuth 2.0 instead of HTTP Basic authentication method, we can provide our customers with security dependability of close to 100%. If any of the tokens are compromised, they can be deleted immediately, and API credentials will be safeguarded.
- Versatile—Giving our customers more options for permission and access customization over generated tokens.
- Future-proof—We’re ready to grow with new features for API customers.
2. To whom does this change apply?
All current API customers will need to switch to new API tokens to continue using Printful API.
3. When will the changes take effect?
- On September 30, 2022, the creation of legacy API keys will be disabled in the Printful Dashboard.
- On March 30, 2023, the Printful API will no longer be accessible using legacy API keys. To avoid losing access to the Printful API, customers will be required to migrate to the new API tokens. The new tokens are more secure and offer greater customization.
4. How can I migrate to the new API tokens?
1. Generate a new API token.
New API tokens can be created in the Printful Developers portal using:
- A Private Token (for features developed for a specific store)
- A Public App (for developing an application that can be used by other Printful customers)
2. Change the request authentication method.
The new API tokens require OAuth 2.0 authentication.
All requests will require a change in the authentication method from:
HTTP basic authentication with an Authorization header with a Base64 encoded API key
To:
OAuth 2.0 authentication with access_token and token_type included in the Authorization header
Read more about the authentication method in the API Documentation.
5. What are the benefits of migration?
The new API token is much safer as it uses OAuth 2.0. It also allows more control over:
- Identification—custom name and contact email for each token
- Expiration date
- Scopes that are available for a specific token
6. What should I do if I don’t have development resources?
There are other options for performing the migration if you don’t have development resources. For example, you can hire freelance developers on Fiverr.