ibakepro

Authentication

You'll need to authenticate your requests to access any of the endpoints in the ibakepro API. In this guide, we'll explain how authentication works using API keys.

API Key Authentication

The ibakepro API uses API keys for authentication. Each API key is scoped to specific permissions and tied to a single tenant (bakery business).

Obtaining an API key

  1. Log in to your ibakepro dashboard
  2. Navigate to Business > Developers > API Keys
  3. Click Generate New Key
  4. Give your key a descriptive name (e.g., "POS Integration", "Website Orders")
  5. Select the required scopes for your integration
  6. Click Create and copy your API key

Your API key will only be displayed once. Store it securely - if you lose it, you'll need to generate a new key.

Regional API Endpoints

ibakepro uses regional API endpoints to ensure your data stays in the correct region. Use the endpoint that matches your account's region:

  • Name
    api.ibakepro.com
    Type
    North America
    Description

    USA and Canada region endpoint.

  • Name
    au.api.ibakepro.com
    Type
    Australia
    Description

    Australia region endpoint.

  • Name
    eu.api.ibakepro.com
    Type
    Europe
    Description

    Europe region endpoint.

You must use the endpoint that matches your account's region. Requests to the wrong region will return an error.

Using your API key

Include your API key in the Authorization header as a Bearer token:

Example request with API key

curl https://api.ibakepro.com/api/v1/orders \
  -H "Authorization: Bearer ibp_live_us_abc123..."

API Key Scopes

API keys can be created with specific scopes to limit access. Available scopes:

  • Name
    orders:read
    Description

    Read access to orders

  • Name
    orders:write
    Description

    Create and update orders

  • Name
    customers:read
    Description

    Read access to customers

  • Name
    customers:write
    Description

    Create and update customers

  • Name
    expenses:read
    Description

    Read access to expenses

  • Name
    expenses:write
    Description

    Create and update expenses

  • Name
    pantry:read
    Description

    Read access to pantry items

  • Name
    pantry:write
    Description

    Create and update pantry items

Security best practices

Never expose your API keys in client-side code, public repositories, or logs. Always use environment variables to store keys securely.

  • Rotate keys regularly - Generate new keys periodically and revoke old ones
  • Use minimal scopes - Only request the scopes your integration needs
  • Revoke compromised keys - If a key is exposed, revoke it immediately

Rate limiting

API requests are rate limited to protect the service. Current limits:

  • 100 requests per minute per API key
  • 1000 requests per hour per API key

If you exceed these limits, you'll receive a 429 Too Many Requests response.

Continue to the Quickstart guide

Was this page helpful?