How to Generate VTEX API Keys: Complete Guide

Are you looking to connect your VTEX store to external systems or start a data migration? In that case, you’ll need to generate VTEX API keys to authorize access to your data.

And if you’re not familiar with VTEX’s setup, don’t worry! In this guide, we’ll walk you through how to create and retrieve your VTEX API keys in four simple steps:

• Step 1. Go to API key settings
• Step 2. Create a new API key
• Step 3. Set key name & permissions
• Step 4. Generate key & secure the access link
• Step 5. Access and save the API token

Let’s get started!

What to Prepare Before Generating VTEX API Keys

Before you can generate VTEX API keys, you need to have an active VTEX account.

However, unlike many other platforms, VTEX does not allow users to simply sign up and start using the system right away. Instead, setting up a store requires going through an official onboarding process.

• You’ll need to contact the VTEX sales team to initiate a contract.
• Once your agreement is reviewed and approved, VTEX will create a dedicated environment for your store.
• After everything is set up, you’ll receive access to your admin panel, which typically follows this format: {{AccountName}}.vtexcommercestable.com.br/admin

From there, you can log in and proceed with generating your API keys.

How to Generate VTEX API Keys in 5 Steps

To generate VTEX API credentials, you’ll need to create a new API key in your admin, assign the appropriate roles, and retrieve the token through a secure access link:

Step 1. Go to API key settings

First, log in to your VTEX Admin. From the top navigation bar, click your profile avatar (the icon with the first letter of your email), then head to Account Settings → API Keys to access the key management area.

Step 2. Create a new API key

Once you’re in the API Keys section, switch to the Generated tab (if it’s not already selected). From there, click + Generate Key to begin creating a new key.

Step 3. Set key name & permissions

Next, provide a name in the Key identification field so you can easily recognize the key later; this step is mandatory.

After that, assign the appropriate roles. Since no roles are pre-selected, you’ll need to choose them manually. Be mindful to grant only the permissions required for your integration, as overly broad access can increase security risks.

Step 4. Generate key & secure the access link

Once everything is set, click Generate. VTEX will then provide a single-use access link to retrieve the token. This link is valid for up to 24 hours if not accessed and will only be displayed once.

Make sure to click Copy and store the link securely. At this stage, the API key is already active.

Step 5. Access and save the API token

Finally, open the copied link (or share it with the relevant person) to view the API token. You’ll then be able to copy it to your clipboard. Since this token is only shown once, be sure to save it in a secure location for future use.

Why You Need to Generate VTEX API Keys

Generating VTEX API keys is essential if you want to:

• Connect with external systems: API keys allow your VTEX store to communicate with third-party services such as ERPs, CRMs, and payment gateways. For instance, payment integrations like Worldline rely on these credentials to process transactions, including captures, refunds, and cancellations, directly through your store.
• Control access with specific permissions: VTEX lets you assign License Manager roles to each API key, so you can control exactly what an integration is allowed to do. By limiting access to only the necessary resources, you can follow the principle of least privilege and keep your store more secure.
• Perform data migration: API keys are also required when migrating data to or from VTEX. They enable migration tools to securely extract and transfer important information such as products, customers, and orders, ensuring a smooth and accurate migration process.

Best Practices When Generating VTEX API Keys

When working with VTEX API keys, you should follow proper security practices to protect your own store and ensure your integrations remain stable over time:

Avoid exposing keys on the frontend

VTEX API keys should never be embedded in client-side code such as JavaScript running in the browser. Anything exposed on the frontend can be easily inspected and extracted by users or malicious actors, which puts your store at serious risk.

Instead, all API interactions should be handled on the server side, where credentials can be securely stored and managed. This strategy ensures that sensitive information remains protected while still allowing your integrations to function properly.

Rotate API tokens regularly

Keeping the same API token indefinitely increases the potential impact if it is ever compromised.

For this reason, it’s a good practice to rotate your tokens periodically. VTEX itself recommends renewing them roughly every three months to maintain a strong security posture.

Handle tokens via single-access links

As mentioned earlier, VTEX provides API tokens through a single-access link, meaning the token is only revealed once when the link is opened. This design helps minimize accidental exposure, especially when credentials need to be shared with developers or third-party services.

Because of this, it’s important to store the token securely immediately after accessing the link. If the token is lost or not saved properly, you’ll need to generate a new one, as it cannot be retrieved later.

VTEX API – FAQs

Final Words

Once your VTEX API keys are created and stored securely, you’ll have everything needed to move forward with integrations, automation, or data migration. The key is to ensure the roles are properly assigned, and the credentials are handled carefully from the start.

For more expert help when it comes to VTEX migration, feel free to contact LitExtension here.