🎉 Ecommaps 2.0 is coming soon. Read more →
Getting Started
Auth & Access

Auth & Access

This page explains how merchants and developers access Ecommaps control surfaces before API integration.

Merchant Access

  • Login: https://app.ecommaps.com/{locale}/login
  • Signup: https://app.ecommaps.com/{locale}/signup
  • Main dashboard: https://app.ecommaps.com/{locale}/dashboard

Use your active locale in the URL (ar, en, or your tenant-supported locale).

Access Layers

  1. Dashboard Session (Merchant UI)
    • Used for store creation, product management, and API key generation.
    • Managed by Ecommaps web authentication.
  2. Storefront API Key
    • Used by storefront apps and server integrations.
    • Sent as x-api-key in Storefront API requests.
  3. Customer JWT
    • Used only for customer account actions in storefront flows.
    • Sent as Authorization: Bearer <token>.

Security Baseline

  • Never expose Storefront API keys in public client bundles.
  • Store secrets in environment variables and deployment secrets managers.
  • Rotate leaked or unused keys immediately from store settings.
  • Use one key per integration target (for example: starter template, AI runtime, automation service).

Recommended Sequence

  1. Merchant creates or opens a store from the dashboard.
  2. Merchant generates a dedicated API key in store settings.
  3. Developer configures app runtime with API URL + key.
  4. Developer validates connectivity with a simple Storefront endpoint call.
OverviewCreate Store (Onboarding)