API authentication on store level is done via a dual API key system. Each account has a unique public key and private key.
The public key is used for identification of the store and can be shared publicly with anyone.
The private key is used for authentication of the store along side the public key. The private key is used when accessing sensitive information such as adding / removing products and loading the store's sales-statistics.
Protect your private key
Anyone holding your private key can access all of the store's sensitive information, including access to edit/delete anything in the store. Make sure to always keep the key safe and use SSL when calling the API with a private key!
Updated about a year ago