API Keys and Webhooks

Use the storq.io API to integrate with external systems. API keys authenticate your requests, and webhooks push real-time events to your application.

Creating an API Key

1. Go to Settings and click API Keys. Only admins and owners can manage API keys.
2. Click New API Key.
3. Enter a Name to identify the key (e.g. "ERP Integration").
4. Click Create.

The full key is shown only once. Copy it and store it securely. After you close the dialog, the key is displayed in a masked format and cannot be retrieved again.

Revoking an API Key

Click Revoke next to an API key to disable it. Revoked keys can no longer authenticate API requests. This action cannot be undone.

Webhooks

Webhooks send HTTP POST requests to your endpoint when events occur in storq.io. Available events:

• order.created - a new order is created
• order.shipped - an order is marked as shipped
• stock.low - a product's stock falls below its reorder point

Webhook Payload

Each webhook request includes a JSON body with the event type, timestamp, and the full resource data. Requests are signed with an HMAC-SHA256 signature in the X-Webhook-Signature header so you can verify authenticity.

Delivery and Retries

Webhooks expect a 2xx response within 5 seconds. Failed deliveries are retried up to 5 times with increasing delays between attempts.