Access to all API endpoints can be accomplished with either an access key and secret access key or a JSON Web Token (JWT). The API is only available for HTTPS connections.

Access keys

You can generate access keys on your account page. Go to Account > API access and create a new API key pair.

  • Select the role you want to assign.
  • Enter an optional description.
  • If your account belongs to multiple customers, you can additionally select the customer.

Store the ${ACCESS_KEY} and ${SECRET_ACCESS_KEY} in your password manager.

Basic authentication

Basic authentication can be used for build services like Jenkins or GitHub.


Signed header

Signed headers should be used if you want to develop your own ninkik client. Use the HTTP header X-Authorization-Access and X-Authorization-Secret to pass the previously generated key pair.

curl -H "X-Authorization-Access: x3xWJg2UzwjRXJsczPFY" -H "X-Authorization-Secret: 2SwR1lW1vdYbn83Vpxu6"

At the moment there is no signing enabled.

License key

A common request is to check for newer versions of a software. In case of Gumroad you are not able to implement such feature in an easy way. Your application can use ninkik's API to retrieve the latest versions of a product by authenticating with the license key and license owner's email address.

curl -H "X-License-Owner:" -H "X-License-Key: 1234-5678-90AB-CDEF"

In your app, you can let the user enter his email address and license key and check for updates.