Skip to main content
Every Storefront API request must include an API key in the X-API-Key header. 
curl -H "X-API-Key: sk_live_abc123" \
  -H "Content-Type: application/json" \
  https://api.craveup.com/api/v1/locations/loc_123

Key scope

Crave Storefront API keys are scoped to a single location.
  • Use the API key and locationId from the same location.
  • Mismatched key/location combinations can return authorization errors.
  • Keep separate keys per environment and rotate on a regular schedule.

Where to generate keys

Generate keys in the Crave Dashboard under Settings > API Keys.

Environment variables used in this repo

Most app examples in this repo use: 
NEXT_PUBLIC_CRAVEUP_API_KEY=sk_live_xxx
NEXT_PUBLIC_LOCATION_ID=loc_xxx
NEXT_PUBLIC_LOCATION_SLUG=my-location-slug
For browser apps, only expose keys you intend to use client-side. For higher-security integrations (for example native mobile), proxy requests through your backend.
  • /getting-started/environments-and-base-urls
  • /getting-started/rate-limits-and-retries
  • /guides/error-codes