System Authentication
The Elim Taobao & 1688 API system supports two main authentication methods to access API resources based on your needs:
- Access Token (JWT): Suitable for applications with a user interface that require periodic login.
- API Key: Suitable for automated system integration (Server-to-Server) without managing login sessions.
1. Authentication via Access Token (JWT)
This method requires you to log in to obtain a short-term Access Token (JWT).
Login to get Token
View API details: Login
Send a POST request to the following endpoint:
POST /v1/auth/login
Content-Type: application/json
Accept: application/json
How to Use Access Token
After a successful login, you will receive an access_token. All subsequent API requests must include this token in the header:
Authorization: Bearer {access_token}
Accept: application/json
Content-Type: application/json
Important Notes:
- Token is valid for 30 days.
- Recommended to store the token in a system cache (Redis/Memcached) for optimal performance.
- Do not share the token with third parties.
2. Authentication via API Key
The API Key is an authentication method that allows you to access the system automatically through applications or source code without managing JWT codes.
What is an API Key?
An API Key is a unique identifier string linked to your account. You attach this key in the x-api-key header of each HTTP request.
[!IMPORTANT] Essential Security: The API Key has access permissions equivalent to your account. Do not share this key on public platforms (GitHub, forums) or with untrusted third parties.
Managing API Keys
- Create New: On the Dashboard, set a mnemonic name (e.g.,
Production Server) and click Generate. The system will display the full Key ONLY once. - Listing: You can view a list of your active Keys, their creation date, and last used time.
- Revoke: If a Key is compromised, perform a Revoke immediately to cancel its access permissions.
How to Use API Key
Add the x-api-key field to the HTTP header of every request sent.
Example with cURL:
curl -X GET "https://openapi.elim.asia/v1/products/search" \
-H "x-api-key: your_api_key_here" \
-H "Content-Type: application/json"
3. Quotas & Limits
All authentication methods follow the resource quotas of the user account:
- Subscription: If the plan (Free, Pro, Enterprise) expires, API requests will be denied.
- Usage Quota: Each successful request will be deducted from the total monthly quota of your plan.
- Credits: If you run out of plan quota, the system will automatically deduct from your Credits balance (if available).
- Rate Limit: API call speed limits are applied to ensure system stability.
4. Common Error Codes
| Error Code | Meaning | Resolution |
|---|---|---|
| 401 Unauthorized | Token or API Key is missing, incorrect, or expired. | Check the Authorization or x-api-key header. |
| 403 Forbidden | Account locked or insufficient permissions. | Check account status on the Dashboard. |
| 429 Too Many Requests | Rate Limit exceeded. | Reduce call frequency or upgrade the plan. |
| 402 Payment Required | Out of quota and no remaining Credits. | Upgrade your plan or purchase more request quotas. |
5. Code Examples (Using API Key)
JavaScript (Axios)
const axios = require('axios');
const client = axios.create({
baseURL: 'https://openapi.elim.asia/v1',
headers: {
'x-api-key': 'YOUR_API_KEY_HERE',
'Content-Type': 'application/json',
},
});
async function searchProduct(keyword) {
try {
const response = await client.get('/products/search', { params: { q: keyword } });
console.log(response.data);
} catch (error) {
console.error('Error:', error.response.status);
}
}
Python (Requests)
import requests
API_URL = "https://openapi.elim.asia/v1/products/search"
HEADERS = {
"x-api-key": "YOUR_API_KEY_HERE",
"Content-Type": "application/json"
}
def search_product(keyword):
response = requests.get(API_URL, headers=HEADERS, params={"q": keyword})
if response.status_code == 200:
return response.json()
return None
This documentation is the property of Elim Taobao & 1688 API System. For any questions, please contact Telegram