Skip to main content

API Base URL

https://api.tribemade.in
All API requests should be made to this base URL. Append the endpoint path to make requests.

How Authentication Works

TribeMade API uses API key authentication via the X-API-Key header. All API requests must include your API key to authenticate.
API keys are store-specific. Each store has its own unique API key, and the key only works for that store’s data.

Getting Your API Key

1

Log in to your dashboard

Visit TribeMade Dashboard and select your store.
2

Navigate to Developer section

Click on Developer in the sidebar (below Settings).
3

Generate API key

Click “Generate API Key” to create your key. It will be displayed immediately.
4

Store securely

Copy your API key and store it securely. You’ll need it for all API requests.

API Key Format

Your API key follows this pattern: 
tb-xxxx-xxx-xxxx
Example: tb-a1b2-c3d-e4f5
  • Length: 16 characters
  • Prefix: Always starts with tb-
  • Scope: Store-specific

Using Your API Key

Include your API key in the X-API-Key header for every API request. 
curl https://api.tribemade.in/api/orders/770e8400-e29b-41d4-a716-446655440789 \
  -H "X-API-Key: tb-a1b2-c3d-e4f5"

Authentication Errors

401 Unauthorized - Missing API Key

{
  "error": "Missing API key"
}
Cause: You forgot to include the X-API-Key header in your request. Fix: Add the header with your API key: 
-H "X-API-Key: tb-a1b2-c3d-e4f5"

401 Unauthorized - Invalid API Key

{
  "error": "Invalid API key"
}
Causes:
  • The API key is incorrect or has been regenerated
  • The API key belongs to a different store
  • The API key format is invalid
Fix: Generate a new API key from your dashboard and update your code.

Security Best Practices

Don’t:
  • Commit API keys to Git/GitHub
  • Include API keys in client-side JavaScript
  • Share API keys in public forums or chat
  • Hardcode API keys in your source code
Do:
  • Store API keys in environment variables
  • Use server-side code only
  • Keep API keys in secure vaults (AWS Secrets Manager, etc.)
If your API key is exposed or compromised:
  1. Go to Developer section in your dashboard
  2. Generate a new API key immediately
  3. Update your application with the new key
  4. The old key will stop working instantly
Store your API key in environment variables:
.env
TRIBEMADE_API_KEY=tb-a1b2-c3d-e4f5
Then access it in your code:
Python
import os
api_key = os.environ.get('TRIBEMADE_API_KEY')
Node.js
const apiKey = process.env.TRIBEMADE_API_KEY;
Avoid logging API keys in:
  • Application logs
  • Error messages
  • Debug output
  • Monitoring dashboards
Mask or redact API keys in logs:
API Key: tb-****-***-****
Always use HTTPS when making API requests. Never use HTTP - it transmits your API key in plain text.Correct: https://api.tribemade.in
Wrong: http://api.tribemade.in

Scope and Permissions

Your API key has full access to:
  • ✅ Create, edit, and delete products
  • ✅ View order details
  • ✅ Update order statuses
  • ✅ All data for your specific store
Your API key cannot:
  • ❌ Access other stores’ data
  • ❌ Modify store settings
  • ❌ Create or delete store
  • ❌ Manage team members
Anyone with your API key can manage your products and orders. Treat it like a password and keep it secure!

Example: Secure Implementation

Here’s an example of a secure API key implementation: 
import os
import requests
from flask import Flask, jsonify

app = Flask(__name__)

# Load API key from environment variable
API_KEY = os.environ.get('TRIBEMADE_API_KEY')
BASE_URL = 'https://api.tribemade.in'

def get_order(order_id):
    headers = {'X-API-Key': API_KEY}
    response = requests.get(
        f'{BASE_URL}/api/orders/{order_id}',
        headers=headers
    )
    return response.json()

@app.route('/orders/<order_id>')
def fetch_order(order_id):
    try:
        order = get_order(order_id)
        return jsonify(order)
    except Exception as e:
        # Don't expose API key in errors
        return jsonify({'error': 'Failed to fetch order'}), 500

Next Steps

Product APIs

Start managing products programmatically

Order APIs

Fetch and update order information

Webhooks

Receive real-time order notifications

Rate Limits

Understand API rate limits