The SmartPyme External API uses API Key authentication. You include your key as a Bearer token in the Authorization header of every request — there are no session tokens, cookies, or OAuth flows involved. Every request must be authenticated; the API does not expose any public endpoints.
Getting your API Key
Your API Key is generated per company inside the SmartPyme web application. Follow these steps to retrieve it:
- Log in to app.smartpyme.site.
- Click your company name in the top-right corner, then go to Settings (Configuraciones).
- Navigate to My Account → Integrations tab.
- Copy the API Key shown on that page.
Using your API Key
Include your API Key as a Bearer token in the Authorization header of every request. No other headers are required for authentication.
curl -H "Authorization: Bearer YOUR_API_KEY" \
"https://api.smartpyme.site/api/external/v1/sales"
Error responses
If your API Key is invalid, missing, or the associated company is inactive, the API returns HTTP 401 with the following body:
{
"success": false,
"error": "API key inválido o empresa inactiva",
"code": 401
}
Keep your API Key private. It provides access to all of your company’s sales and inventory data. Do not commit it to source code or expose it publicly.
Each API Key is scoped to a single company. If you manage multiple companies, each has its own key.
