Managing API Keys
Create, manage, and revoke API keys from the Simple Product Feeds dashboard.
API keys are managed from the Developer tab in your Simple Product Feeds settings within Shopify Admin.
Creating a key
- Open your Shopify Admin and navigate to Apps > Simple Product Feeds
- Go to Settings > Developer
- Click Create API key
- Enter a descriptive name (e.g., “Production Integration”, “Staging”)
- Select the permissions your integration needs
- Click Create
Your full API key is displayed only once after creation. Copy it immediately and store it securely — you won’t be able to see it again.
Key visibility
After creation, only the key prefix (e.g., spf_live_sk_a1b2...) is visible in the dashboard. This helps you identify which key is which without exposing the full secret.
Choosing scopes
Follow the principle of least privilege — give each key only the scopes it needs:
| Use case | Recommended scope |
|---|---|
| Monitoring (read shop status, feeds) | read |
| Read shop settings only | read_settings |
| Full integration | full_access |
See Authentication for the full scopes reference and hierarchy.
Revoking a key
To revoke a key, click Revoke next to it in the Developer tab. Revocation is immediate — any application using that key will receive 401 Unauthorized responses right away.
Revoked keys remain visible in the dashboard (marked as “Revoked”) for audit purposes but cannot be reactivated.
Security best practices
- Never commit keys to source control. Use environment variables or a secrets manager.
- Rotate keys periodically. Create a new key, update your integration, then revoke the old one.
- Use separate keys per environment. Create distinct keys for production, staging, and development.
- Monitor usage. The Developer tab shows request counts and last-used dates for each key.
- Revoke unused keys. If a key hasn’t been used in a while, revoke it.