Environments and Access
How to get access to Propeller's APIs and what environments are available. By the end of this page you will know which credentials you need and how authentication works for both APIs.
API endpoints
| API | Endpoint |
|---|---|
| GraphQL v2 | https://api.helice.cloud/v2/graphql |
| REST v2 | https://api.helice.cloud/v2/{resource} |
Authentication
Both APIs require authentication, but they use different mechanisms.
GraphQL API
GraphQL requests are authenticated using an API key sent as a header:
apiKey: YOUR_API_KEY
For frontend applications that need user-specific data (pricing, order history, account features), you also need a user session token obtained through the login mutation.
REST API
The REST API uses OAuth 2.0 client credentials. You authenticate by sending your Client ID and Client Secret to the token endpoint, which returns a time-limited access token:
curl -X POST https://api.helice.cloud/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"
The returned access_token is valid for 30 minutes and must be included as a Bearer token in subsequent requests.
Creating your API keys
You create API keys yourself in the Backoffice under Admin > API Key Management. Viewing the page requires the API Key role and creating or deleting keys requires Owner access on that role. For the step-by-step guide see API Keys in the business documentation.
- GraphQL keys have a name, an optional channel association and one or more roles. Each role combines a role definition (for example Product Data, Order Data or Pricing) with an access level (Viewer, Editor or Owner). The generated API key is shown after saving, and the name, roles and channel can be changed later.
- REST keys have a name and an active toggle. Saving the key generates the Client ID and Client Secret used in the OAuth flow.
New keys are inactive by default. Set a key to active before using it.
You can also manage keys programmatically with the GraphQL mutations gqlApiKeyCreate and restApiKeyCreate, with matching update and delete mutations for both key types.
The WordPress plugin requires two separate GraphQL API keys: one for general storefront operations and one for order processing. See General settings for details.
If you do not have Backoffice access yet, contact your Propeller account manager.
What access a key needs
Each query and mutation states the roles that satisfy it in the GraphQL reference. Its page shows a line such as AUTH: Role=[pricing.OWNER,pricing.EDITOR], which means the operation is allowed for a key that holds the Pricing role at Editor or Owner level. If a call returns a FORBIDDEN "Insufficient permissions" response, the key is missing the role that line names, so add it and set the key active.
The token before the dot is the role definition and the part after it is the access level:
| Access level | Grants |
|---|---|
| Viewer | Read |
| Editor | Read and edit existing data |
| Owner | Full access, including create and delete |
The exact split between edit, create and delete varies per operation, so the AUTH line on the operation is authoritative. The tokens map to the role definitions you pick when creating a key: product is Product Data, order is Order Data, pricing is Pricing, configuration is Configuration, user is User, logistics is Logistics, shop is Shop & channel, role is Role & permission and apikey is API Key.
A key with no roles behaves as a basic frontend key. It runs the operations that need no role, such as creating carts, registering and signing in customers and reading the storefront catalog, which is everything a storefront needs for anonymous and logged-in shoppers. Add roles only for the privileged reads and writes an integration performs, following the AUTH line on each operation.
You are ready to start building
You now have the platform mental model, understand which API to use for what and know how authentication works. Choose your next step:
- WordPress Plugin: see Propeller in action with a pre-built B2B portal (fastest way to explore the platform)
- Build a Frontend: build a custom frontend using the Storefront SDK or your own framework
- Build an Integration: connect business systems using the REST API