coreSTORE API key setup
Get PO'd talks to coreSTORE on your behalf using a standard coreSTORE API key. The key is encrypted at rest on our backend with XChaCha20-Poly1305 and is only ever used to (a) pre-create missing inventory items and (b) create the draft receiving for each captured order.
Generating a key
- Sign in to your coreSTORE admin panel.
- Navigate to Settings → API Keys (or Integrations → API, depending on your plan).
- Click Generate new key, name it "Get PO'd", and copy the plaintext immediately — coreSTORE will not show it again.
Required permissions
Grant the key the following scopes. Missing any of the write scopes will cause the first capture to fail with a clear error on your dashboard.
| Resource | Read | Write |
|---|---|---|
| Items / Inventory | Yes | Yes |
| Receivings | Yes | Yes |
| Suppliers | Yes | — |
| Locations | Yes | — |
| Employees | Yes | — |
| Registers | Yes | — |
| Categories | Yes | — |
What failure looks like
If the key you entered is wrong (or missing scopes), Connect coreSTORE in
the onboarding wizard returns corestore_unauthorized. You'll see a
red banner: "coreSTORE rejected that API key." Re-generate the key with the full
permission set above and re-enter it — the existing rejected key is not reused.
Rotating the key later
Dashboard → Store summary → the red banner (if we've detected a bad
key) or the Re-enter API key link takes you back through Step 1 of the wizard.
Every re-entry re-validates against coreSTORE's /locations endpoint
before we persist it.