---
title: "Fourthwall API Surfaces: Which API Does My Key Authenticate With?"
shortDescription: Match each Fourthwall developer credential to the API surface it authenticates against so your requests stop returning 401.
articleType: Reference
primaryTopic: fourthwall-api-surfaces
categories:
  - Developer Tools
  - Integrations
tags:
  - developer
  - api
  - authentication
  - api-key
  - storefront-token
  - open-api
  - storefront-api
  - settings-for-developers
tasks:
  - Identify which Fourthwall API your credential authenticates against
  - Generate an OpenAPI credential from Settings > For Developers
  - Generate a Storefront API token from Settings > For Developers
  - Choose the right API surface for your integration
  - Troubleshoot 401 errors caused by using the wrong credential
terms:
  - fourthwall api key
  - which api fourthwall
  - openapi vs storefront api
  - storefront_token fourthwall
  - api.fourthwall.com
  - storefront.fourthwall.com
  - storefront-api.fourthwall.com
  - 401 unauthorized fourthwall api
  - platform open api
  - product offer open api
  - storefront api token
  - bearer token fourthwall
  - for developers settings
  - headless tab credential
  - openapi tab credential
labels:
  - developer-tools
  - api-authentication
  - open-api
  - storefront-api
contextString: Available to all Fourthwall creators building developer integrations. Requires credentials generated from Dashboard > Settings > For Developers. Useful when picking the right API or debugging authentication errors.
breadcrumbPath: "Manage my shop > Apps, features, and integrations > Fourthwall API Surfaces"
relatedModules:
  - name: settings-for-developers
    route: /admin/dashboard/settings/for-developers
last_updated: '2026-05-13'
path: manage-my-shop/apps-features-and-integrations/fourthwall-api-surfaces-which-api-does-my-key-authenticate-with
---

# Fourthwall API Surfaces: Which API Does My Key Authenticate With?

Fourthwall exposes three separate API surfaces, each accepting a different credential. There are two credentials and three APIs. The credential you generate is tied to the tab you generated it from in **Settings > For Developers**. Both credentials are sent as a `Bearer` token in the `Authorization` header and are not interchangeable.

- **OpenAPI credential** (from the **OpenAPI** tab). Authenticates against the Platform Open API and the Product Offer Open API.
- **Storefront API token** (from the **Storefront API** tab, formerly labeled **Headless**). Authenticates against the Storefront API only.

## Where to generate each credential

Both credentials are generated from the same dashboard area but on different tabs. Go to [**Settings > For Developers**](https://my-shop.fourthwall.com/admin/dashboard/settings/for-developers/?redirect) in your Fourthwall dashboard, then pick the tab that matches the API you want to call:

- **OpenAPI** tab for the Platform Open API and the Product Offer Open API.
- **Storefront API** tab for the Storefront API.

Generate or copy your credential and treat it like a password.

[Image: Open API settings, showing username and password fields with a copy button. Also lists webhooks and storefront API settings.]

## OpenAPI credential (OpenAPI tab)

The credential generated from the **OpenAPI** tab authenticates against two APIs that share the same key.

**Platform Open API**

- Host: `api.fourthwall.com`
- Exposes OAuth-scoped endpoints for shop data.
- Common endpoints: `/me` (authenticated account), `/products` (full product catalog), `/orders` (order records).
- Use this API for read or write access to platform-level data such as orders, products, and account info.

**Product Offer Open API**

- Host: `storefront.fourthwall.com/api/product-offers`
- Read-only. Returns published product offers including images, variants, and prices.
- For details on the request and response shape, see [Product Offer Open API](/manage-my-shop/apps-features-and-integrations/product-offer-open-api).

**Sending the credential**

Include the credential in the `Authorization` header on every request to either API:

```
Authorization: Bearer YOUR_OPENAPI_CREDENTIAL
```

## Storefront API token (Storefront API tab)

The token generated from the **Storefront API** tab is a separate credential. In code and starter templates it is often referred to as `storefront_token`.

- Host: `storefront-api.fourthwall.com`
- Powers custom headless storefronts: serves product data and cart actions, and redirects supporters to the Fourthwall-hosted checkout.
- For the full feature set, see [Storefront API](/manage-my-shop/apps-features-and-integrations/storefront-api-for-custom-storefronts).

Send the token as a `Bearer` value:

```
Authorization: Bearer YOUR_STOREFRONT_TOKEN
```

The dashboard tab is currently labeled **Storefront API**. Older documentation and links may still call this the **Headless** tab. They refer to the same place.

## Credential-to-API mapping

Each credential maps to specific API hosts:

- **OpenAPI tab** credential authenticates against the Platform Open API at `api.fourthwall.com` using `Authorization: Bearer ...`
- **OpenAPI tab** credential also authenticates against the Product Offer Open API at `storefront.fourthwall.com/api/product-offers` using `Authorization: Bearer ...`
- **Storefront API tab** credential authenticates against the Storefront API at `storefront-api.fourthwall.com` using `Authorization: Bearer ...`

The two hosts `storefront.fourthwall.com` and `storefront-api.fourthwall.com` look similar but belong to different APIs and accept different credentials.

## Picking the right credential for your project

Match your use case to the correct credential:

- **Custom headless storefront** with product browsing, cart, and checkout redirect: generate a **Storefront API token** from the **Storefront API** tab.
- **Published product data** pulled into a dashboard, app, or external site without cart actions: generate an **OpenAPI credential** and call the Product Offer Open API at `storefront.fourthwall.com/api/product-offers`.
- **Platform data** (orders, account info, full product records): generate an **OpenAPI credential** and call the Platform Open API at `api.fourthwall.com`.
- **Installable third-party app** that other creators authorize through OAuth: register an app on the Developer Platform instead of using a long-lived credential. See [Developer Platform: Building Apps and Webhooks](/manage-my-shop/apps-features-and-integrations/developer-platform-building-apps-and-webhooks).

## Troubleshooting 401 responses

A 401 from any of the three APIs almost always means the wrong credential was used, not the wrong host. Check these in order:

1. **Confirm the tab.** Did the credential come from the **OpenAPI** tab or the **Storefront API** tab? A Storefront API token will not authenticate against `api.fourthwall.com` or `storefront.fourthwall.com/api/product-offers`. An OpenAPI credential will not authenticate against `storefront-api.fourthwall.com`.
2. **Confirm the header format.** Both credentials use `Authorization: Bearer YOUR_TOKEN`. A missing `Bearer ` prefix or an extra space causes a 401.
3. **Confirm the host.** `storefront.fourthwall.com` and `storefront-api.fourthwall.com` are different services. The hyphen matters.
4. **Confirm the credential is current.** If you regenerated or rotated the credential, older clients still using the old value will return 401.

If all four check out and you still get a 401, contact [support@fourthwall.com](mailto:support@fourthwall.com) with the host you are calling and the tab you generated the credential from.

## Frequently asked questions

### Can I use one credential for all three APIs?

No. The OpenAPI credential covers the Platform Open API and the Product Offer Open API. The Storefront API token covers only the Storefront API. You need both if your integration calls all three.

### Why does the Storefront API tab sometimes appear as "Headless"?

The tab was previously labeled **Headless**. The current dashboard label is **Storefront API**. The credential and the host are unchanged.

### Are the OpenAPI credential and Storefront API token rate-limited?

Rate limit details are returned in response headers. If you make many requests in a short period, add request throttling and watch for `Retry-After` hints.

### Where do I find the full reference for each API?

The full OpenAPI reference is linked from the **OpenAPI** tab in **Settings > For Developers**. The full Storefront API reference is linked from the **Storefront API** tab in the same area.
