Authentication

All API requests are authenticated via an API key in the HTTP header.

HTTP Header

Send your API key in the X-Api-Key header with every request.

http

GET /api/vendor/orders HTTP/1.1
Host: brutlers.com
X-Api-Key: brut_your_api_key_here

API Key Format

API keys always start with the prefix brut_ followed by a random string.

brut_a1b2c3d4e5f6g7h8i9j0...

Create an API Key

You can create and manage API keys in your Vendor Dashboard.

Go to Vendor Dashboard

Error Responses

401Missing or invalid API key

json

{ "error": "Unauthorized" }

403API key belongs to a deactivated account

json

{ "error": "Forbidden" }

OAuth 2.0

For software integrations (BridalLive, JTL, Shopify etc.), we offer OAuth 2.0. The vendor authorizes access once — then your software syncs automatically.

View OAuth 2.0 Documentation