Environments and Access

How to get access to Propeller's APIs and what environments are available. By the end of this page you will know which credentials you need and how authentication works for both APIs.

API endpoints

API	Endpoint
GraphQL v2	`https://api.helice.cloud/v2/graphql`
REST v2	`https://api.helice.cloud/v2/{resource}`

Authentication

Both APIs require authentication, but they use different mechanisms.

GraphQL API

GraphQL requests are authenticated using an API key sent as a header:

apiKey: YOUR_API_KEY

For frontend applications that need user-specific data (pricing, order history, account features), you also need a user session token obtained through the login mutation.

REST API

The REST API uses OAuth 2.0 client credentials. You authenticate by sending your Client ID and Client Secret to the token endpoint, which returns a time-limited access token:

curl -X POST https://api.helice.cloud/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

The returned access_token is valid for 30 minutes and must be included as a Bearer token in subsequent requests.

Creating your API keys

You create API keys yourself in the Backoffice under Admin > API Key Management. Viewing the page requires the API Key role and creating or deleting keys requires Owner access on that role. For the step-by-step guide see API Keys in the business documentation.

GraphQL keys have a name, an optional channel association and one or more roles. Each role combines a role definition (for example Product Data, Order Data or Pricing) with an access level (Viewer, Editor or Owner). The generated API key is shown after saving, and the name, roles and channel can be changed later.
REST keys have a name and an active toggle. Saving the key generates the Client ID and Client Secret used in the OAuth flow.

New keys are inactive by default. Set a key to active before using it.

You can also manage keys programmatically with the GraphQL mutations gqlApiKeyCreate and restApiKeyCreate, with matching update and delete mutations for both key types.

The WordPress plugin requires two separate GraphQL API keys: one for general storefront operations and one for order processing. See General settings for details.

If you do not have Backoffice access yet, contact your Propeller account manager.

You are ready to start building

You now have the platform mental model, understand which API to use for what and know how authentication works. Choose your next step:

WordPress Plugin: see Propeller in action with a pre-built B2B portal (fastest way to explore the platform)
Build a Frontend: build a custom frontend using the Storefront SDK or your own framework
Build an Integration: connect business systems using the REST API

API endpoints​

Authentication​

GraphQL API​

REST API​

Creating your API keys​

You are ready to start building​