As a partner, you have been issued a partner key which gives you full control over every aspect of your account.
When you use the partner embed API you exchange this partner key along with the company auth key and company ID for a company auth token. This auth token allows you to provide read/write operations just for this company.
Read / Write operations
the read-write operations are set by Shporocket when you partner account is created. That way you can have a number of partner keys with different access writes adding another level of security.
The reason we allow you to exchange tokens in this manner is unlike the direct API calls which we require you to authenticate every time. When you use the embed API we assume you are going to present this data to your customers on your dashboard which means you should never use your partner key.
When you have your customer logged in you should call our API with your partner key, authkey and company id and we return you the authtoken.
Authotken good to know
When we issue you an authotken it auto-expires after 24 hours.
You can revoke it whenver you want I.E when you user clicks log out on your dashboard.