Miva Merchant

This guide is intended for Miva merchants who are connecting their store to Violet. During this process, you will create a new API Token in your Miva admin panel and then provide the generated credentials to Violet through the Violet Connect onboarding tool. You will retain full control of the created API Token and can revoke it at any time from within your Miva admin panel. Total time for completion is around 5-10 minutes.

Prerequisites

• Your store must be running Miva 9.12.00 or greater (with engine 5.32+).

• You must have administrator access to the Miva admin panel with permission to manage API Tokens under Settings > User Management > API Tokens.

Step 1: Creating an API Token

1. Sign in to your Miva admin panel.

2. Navigate to Settings > User Management > API Tokens.

3. Click the button to add a new API Token. This will open the Edit API Token modal.

4. On the Settings tab:

   • In the Name field, enter a name for the token (e.g. Violet) so it is easy to identify later.

   • In the Allowed IP Address(es) field, enter the following three IP addresses required for production use: 44.235.99.169, 44.236.104.65, 44.236.6.9. For testing and non-production stores, you may enter 0.0.0.0/0 to allow any IP.

   • Under Signature, select Require Signature with Key and click Generate to create a signing key.

5. Switch to the Groups tab and enable the following three Role-Based Groups. These are required for Violet to sync your products, process orders, and manage customers:

   • Customer Service & Sales — Create and modify orders, manage customer accounts

   • Order Processing & Fulfillment — View and modify existing orders

   • Product Management — Manage products and categories

6. Click Save to create the token.

7. Before closing the modal, copy the following three values and keep them available for Step 3 of this guide:

   • Access Token — Your API authentication token.

   • Signing Key — The Base64-encoded key generated in the Signature section, used for HMAC-SHA256 authentication.

   • Endpoint URL — Click Copy next to the Endpoint URL field. This is your Store URL and will be needed in Step 3.

Step 2: Locating Your Store Code

1. In your Miva admin panel, navigate to Settings > Store Settings.

2. Under the Identification section on the Store Details tab, locate the Store Code field. This is the unique identifier for your store within Miva.

Step 3: Provide Credentials to Violet

Once you have your Access Token, Signing Key, Endpoint URL, and Store Code, it is time to return to the Violet Connect onboarding tool and enter the credentials:

1. In Violet Connect, select Miva as your platform.

2. When prompted for your Store URL, enter the Endpoint URL you copied from the API Token modal in Step 1. Click Next.

3. Enter your Store Code from Step 2 in the Store Code field.

4. Enter your Access Token from Step 1 in the API Key field.

5. Enter your Signing Key from Step 1 in the Signing Key field.

6. Click Next. Violet will immediately validate the credentials by calling the Miva Store API. If the credentials are valid, you will be redirected to the next step of onboarding; if they are rejected, you will see an error message and can retry with corrected values.

Once entered, Violet will validate the credentials and complete the connection between your store and Violet. If the credentials are invalid, check for any spaces or other copy/paste errors and try again.

Upon success you will be redirected back to the channel who first sent you to Violet.

Credential Summary

Special Considerations

API Token Permissions

Miva API Tokens have permissions configured via Role-Based Groups in the admin panel. The token you create for Violet must have the Customer Service & Sales, Order Processing & Fulfillment, and Product Management groups enabled. If Violet reports authorization errors after connecting, verify that all three groups are enabled on the token's Groups tab.

Credential Security

Miva API credentials grant access to your store data including products, orders, and customers. Treat them like passwords:

• Never share them outside of the secure Violet onboarding form.

• Do not embed them in client-side code, screenshots, or support tickets.

• If you suspect the credentials have been compromised, revoke them immediately (see below) and generate new ones.

Token Expiration

Miva API Tokens do not expire. There is no need to schedule periodic rotation, but you can rotate credentials at any time by creating a new token in Miva, providing it to Violet, and then deleting the old one.

Revoking Credentials

To revoke your API credentials at any time:

1. Sign in to your Miva admin panel.

2. Navigate to Settings > User Management > API Tokens.

3. Locate the row for your Violet integration token.

4. Delete the token.

Once revoked, all subsequent Violet API calls to your store will fail with an authorization error. Generate and provide new credentials to restore the integration.

Webhook Configuration

Miva does not support automated webhook registration through the API. To receive real-time notifications for product and order changes, you will need to configure notifications manually in your Miva admin panel:

1. Navigate to Utilities > Notifications in your Miva admin panel.

2. Add notification entries pointing to the Violet webhook gateway for the following topics:

   • order.created

   • order.updated

   • product.created

   • product.updated

3. Your channel partner or Violet support can provide the exact webhook URL to use.