Authentication

Authentication

The Pillexa API uses API key-based authentication to secure access to our pharmacy e-commerce platform endpoints.

How Authentication Works

All API requests must include your API key in the Authorization header:

curl -H "Authorization: Bearer YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     https://api.pillexa.com/endpoint

Authentication Levels

Admin Access

For administrative operations and system management:

curl -H "Authorization: Bearer ADMIN_API_KEY" \
     -H "Content-Type: application/json" \
     https://api.pillexa.com/admin/endpoint

Use Cases:

  • System configuration
  • User management
  • Analytics and reporting
  • Platform administration

Store Access

For brand-specific operations and customer management:

curl -H "Authorization: Bearer STORE_API_KEY" \
     -H "Content-Type: application/json" \
     https://api.pillexa.com/store/endpoint

Use Cases:

  • E-commerce storefront operations
  • Cart and product management
  • Health questionnaire handling
  • ID Verification
  • Customer-facing features
  • Order processing and checkout

Getting Your API Keys

Step 1: Contact Our Team

Reach out to our developer support team (dev@pillexa.com) to request API access:

  • Email: dev@pillexa.com
  • Documentation: Include your use case and expected API usage

Step 2: Choose Your Access Level

We offer different access levels based on your needs:

  • Sandbox: For development and testing
  • Production: For live applications
  • Enterprise: For high-volume integrations

Step 3: Receive Your Credentials

Once approved, you'll receive:

  • API Key: Your unique authentication token
  • Base URL: https://api.pillexa.com
  • Documentation: Access to our comprehensive API docs
  • Support: Direct access to our developer support team

Error Responses

Authentication Errors

When authentication fails, you'll receive a 401 Unauthorized response:

{
  "error": "Unauthorized",
  "message": "Invalid or missing authentication token",
  "code": "AUTH_INVALID_TOKEN",
  "timestamp": "2024-01-01T00:00:00.000Z"
}

Common Error Codes

  • AUTH_INVALID_TOKEN - API key is invalid or expired
  • AUTH_MISSING_TOKEN - No API key provided
  • AUTH_INSUFFICIENT_PERMISSIONS - API key lacks required permissions
  • AUTH_RATE_LIMIT_EXCEEDED - Too many requests with this API key

Security Best Practices

Keep Your API Keys Secure

  1. Never commit API keys to version control
  2. Use environment variables to store keys
  3. Rotate keys regularly for enhanced security
  4. Use different keys for development and production

Use HTTPS Always

All API requests must use HTTPS in production:

# Correct - HTTPS
curl https://api.pillexa.com/endpoint
 
# Incorrect - HTTP (development only)
curl http://api.pillexa.com/endpoint

Monitor Your Usage

  • Track API calls to stay within rate limits
  • Monitor for unusual activity in your API usage
  • Set up alerts for authentication failures

Rate Limiting

API requests are rate-limited to ensure fair usage:

  • Standard Plan: 1,000 requests per hour
  • Professional Plan: 10,000 requests per hour
  • Enterprise Plan: Custom limits based on agreement

Rate limit headers are included in all responses:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

Need Help?

  • Documentation: Browse our API reference
  • Authentication Issues: Contact our support team
  • Developer Support: dev@pillexa.com
Getting StartedAdd To Cart