Skip to main content
Every request to the Filemonk API must include your store’s API key in the X-Auth-Token header.

Getting your API key

1

Open Filemonk settings

In your Shopify admin, open the Filemonk app and navigate to Settings.
2

Go to the Other tab

Select the Other tab and scroll to the API section.
3

Copy your key

Click Copy to copy the API key to your clipboard. The key is masked by default — you can copy it without revealing it.

Using the API key

Include the key in the X-Auth-Token header of every request: 
curl -X GET 'https://app.filemonk.com/api/v1/external/orders' \
  -H 'X-Auth-Token: fm_api_key_your_key_here'
X-Auth-Token
string
required
Your store’s API key. Starts with fm_api_key_.

Error responses

If authentication fails, the API returns a 401 Unauthorized response: 
{
  "error": "API key is required"
}
You did not include the X-Auth-Token header.

Resetting your API key

If your API key is compromised, you can reset it from the same Settings > Other > API section:
  1. Click Reset next to the API key field.
  2. Confirm the reset in the modal dialog.
  3. Copy the new key and update all your integrations.
Resetting your API key invalidates the previous key immediately. Any integration using the old key will stop working until updated.

Security best practices

  • Store your API key in environment variables or a secrets manager — never hard-code it.
  • Do not expose the key in client-side code, browser requests, or public repositories.
  • Use HTTPS for all API requests (the API only accepts HTTPS).
  • Reset the key promptly if you suspect it has been exposed.