The Cann Company logo

Authentication

The CannMenus API uses API tokens for authentication. Include your token in every request to access the API.

Getting Your API Token

  1. Log in to your CannMenus Pro account
  2. Navigate to the API section in your dashboard
  3. Click Generate Token to create a new token

You can have up to two active tokens at any time. This allows for seamless token rotation without downtime.

Using Your Token

Include your API token in the X-Token header of every request:

curl "https://api.cannmenus.com/v1/products?states=California&page=1" \
  -H "X-Token: YOUR_API_TOKEN"

Python

import requests

headers = {"X-Token": "YOUR_API_TOKEN"}

response = requests.get(
    "https://api.cannmenus.com/v1/products",
    headers=headers,
    params={"states": "California", "page": 1}
)

JavaScript

const response = await fetch(
  "https://api.cannmenus.com/v1/products?states=California&page=1",
  {
    headers: { "X-Token": "YOUR_API_TOKEN" }
  }
);

Token Management Best Practices

Use Separate Tokens for Each Environment

Keep development and production tokens separate. If a development token is compromised, your production integration remains secure.

EnvironmentTokenUsage
Developmentdev_...Local testing, CI/CD
Productionprod_...Live application

Rotate Tokens Regularly

  1. Generate a new token in the dashboard
  2. Update your application to use the new token
  3. Verify the new token works
  4. Delete the old token

With two active tokens, you can rotate without any downtime.

Keep Tokens Secure

  • Never commit tokens to version control — Use environment variables
  • Never expose tokens in client-side code — Make API calls from your backend
  • Never share tokens — Each integration should use its own token
# Store in environment variable
export CANNMENUS_API_TOKEN="your_token_here"

import os
token = os.environ.get("CANNMENUS_API_TOKEN")

Authentication Errors

Status CodeError TypeDescription
401authentication_errorMissing or invalid token
403authorization_errorToken doesn't have access to requested resource

Example Error Response

{
  "type": "authentication_error",
  "message": "Invalid API token provided",
  "documentation_url": "https://cannmenus.com/docs/errors/authentication_error"
}

Troubleshooting

  1. Check the header name — Use X-Token, not Authorization or Bearer
  2. Verify the token value — Copy directly from the dashboard, no extra spaces
  3. Confirm the token is active — Check the dashboard to ensure it wasn't deleted
  4. Check your plan — Some endpoints may require specific subscription tiers

Need Help?

If you're having authentication issues, contact support with:

  • The error message you're receiving
  • The endpoint you're trying to access
  • When the issue started (especially if it was working before)