API Authentication Overview

Martijn Douma · Co-founder bluebarry

Last updated: May 15, 2026

bluebarry supports API authentication for approved integrations through API keys, OAuth, and tenant-aware requests. Use the method that matches your integration type.

Choose an Authentication Method

Developer area showing API key and webhook status cards.

Authentication Methods

Method	Use it for
API keys	Private server-to-server integrations owned by your organization.
OAuth	Apps or AI/MCP clients that need delegated authorization.
Tenant-aware requests	Integrations that need to scope calls to the correct bluebarry tenant.

Security Rules

Store secrets only on servers or secure secret managers.
Do not paste API keys into storefront JavaScript.
Rotate credentials when someone leaves the project.
Delete credentials you no longer use.

Manage API Keys

Create API keys for approved external tools, server-side automations, and integration workflows that need to read bluebarry data.

Use OAuth with BlueBarry

Use OAuth when an app or AI client needs delegated bluebarry authorization instead of a private API key.

Webhook Payload Reference

Use this payload reference to understand the event data bluebarry sends to webhook endpoints.

Join the bluebarry community on Discord

Ask questions, share wins, and get support from the team and other e-com brands building with bluebarry.

Join Discord (free forever)

Need help?

If you can't figure it out, we probably can. Just give us a heads up in Discord or email ([email protected]).

API Authentication Overview

Choose an Authentication Method

Authentication Methods

Security Rules

Related articles

Join the bluebarry community on Discord

Need help?

API Authentication Overview

Choose an Authentication Method

Authentication Methods

Security Rules

Related articles

Join the bluebarry community on Discord

Need help?