Can't find what you're looking for? Try our AI Chat Bot in the bottom right corner!

Articles in this section

API Token Guide

Updated

Miva Merchant Guide: Setting Up and Managing Secure API Tokens

API Tokens provide secure, authenticated access to Miva’s JSON API, command-line tools (such as MMT), and third-party integrations. Each token can be configured with IP restrictions, signature validation, and granular permissions, allowing administrators to control exactly how and where the API can be used. API access can also be managed at the store level through a global setting that enables or disables API services entirely.

On This Page

Creating an API Token

Path: Settings > User Management > API Tokens

  1. Click + Add API Token.

  2. Enter a descriptive Name for the token.

  3. Specify the Allowed IP Address(es) permitted to use the token.

  4. Click Continue. 

After clicking Continue, select one or more Role-Based Groups for the token.

Token Settings Overview

Each API token includes the following configuration options:

  • Access Token – The credential used to authenticate API requests.

  • Signature – A signing key used to validate the authenticity of requests.

  • Endpoint URL – The base URL where API requests are sent.

  • Allowed IP Addresses – A list of IP addresses authorized to use the token.

  • Timestamp – Enables timestamp validation to help prevent replay attacks.

Security Tip: In production environments, enable both Signature and Timestamp validation to strengthen request security.

Screenshot 2025-09-11 at 1.18.31 PM.png

Assign Role-Based Groups

After clicking Continue on the Create API Token screen, select one or more Role-Based Groups for the token.

Role-Based Groups determine which areas of the store the API token can access. Select the appropriate groups based on the level of access required, then click Save to complete the setup.

Screenshot 2025-09-11 at 9.36.51 AM.png

Editing an API Token

Path: Settings > User Management > API Tokens

Click an existing API Token name to open its configuration page.

From here, you can:

  • Update API settings (name, allowed IPs, signature, timestamp validation)

  • Reassign Role-Based Groups

  • Add or manage assigned API functions

Screenshot 2025-09-12 at 2.39.21 PM.png

Add Functions to an API Token

Path: Settings > User Management > API Tokens

API functions are assigned from the token’s Edit page.

  1. Open the desired API Token.

  2. Click the Functions tab.
  3. Select the appropriate Store Domain from the Store dropdown.
  4. In the Function field, enter the name of the API function you want to allow (for example, OrderList_Load_Query or Product_Insert).

Tip: Refer to the Function Reference for a complete list of available API functions.

Screenshot 2025-09-12 at 2.36.32 PM.png

Global API Online / Offline Setting

Path: Settings > User Management > API Tokens

The Global API setting allows administrators to enable or disable all API services at the store level.

When set to Offline, all API access is suspended, including:

  • JSON API requests

  • CLI tools (such as MMT)

  • 3rd-party integrations using API tokens

This setting is useful during:

  • System maintenance

  • Database updates

  • Troubleshooting unexpected API traffic

  • Mitigating excessive API load

When API services are disabled globally, individual API tokens remain configured but cannot be used until API services are re-enabled.

Was this article helpful?
0 out of 0 found this helpful