Scoped API tokens for Bol
ShieldAPI gives every tool its own scoped token with per-endpoint permissions. You decide what it can read, write, and delete. Every API call is logged.
| Endpoint | Read | Write | Delete |
|---|---|---|---|
| Retailer API | |||
| Orders | |||
| Offers | |||
| Inventory | |||
| and 9 more endpoints... | |||
| Advertiser API | |||
| Campaigns | |||
| Keywords | |||
| and 5 more endpoints... | |||
Three steps. No code.
Connect your Bol credentials
Provide your client ID and secret once. They're encrypted and never shared with any tool.
Set permissions per token
Choose which endpoints each token can access and whether it can read, write, or delete. Start from a preset or configure individually.
Give the token to your tool
Paste the scoped token into Claude, ChatGPT, or any integration. The tool only sees the endpoints you allowed.
Who is doing what?
Bol doesn't tell you which tool made an API call. When you share credentials with three tools and your pricing changes overnight, you're guessing.
- Full audit log per token
- Filter by tool, endpoint, date, or status
- See request and response details per call
- Blocked calls are logged with the reason
Prompt your Bol store safely
The ShieldAPI MCP server connects Claude (or any MCP-compatible AI) to your Bol account. Ask questions in plain language. The AI calls only the endpoints your token allows.
No API knowledge needed. No code. The AI can't access anything you haven't explicitly permitted, and every call shows up in your audit log.
Works with Claude Desktop, Claude Code, ChatGPT, and any tool that supports the Model Context Protocol.
What were my top 5 selling products last week?
Based on your orders from the last 7 days, your top 5 products by units sold:
- Wireless Earbuds Pro: 47 units
- Phone Case Slim Fit: 38 units
- USB-C Cable 2m: 31 units
- Screen Protector HD: 28 units
- Laptop Stand Aluminum: 22 units
Lower the price on the Laptop Stand by 10%
I can't update pricing. Your ShieldAPI token only has read access. You can change this in your ShieldAPI dashboard.
Set rate limits per token
Control how often each tool can call your API. Set hourly or daily limits per token to prevent runaway automations, unexpected costs, or a tool flooding your account with requests.
When a token hits its limit, ShieldAPI blocks further calls until the window resets. The tool gets a clear error, and the event shows up in your audit log.
Requests per hour
Across all endpoints
Requests per day
Across all endpoints
Write operations per hour
PUT, POST, DELETE only
Restrict tokens to specific IPs
Lock each token to a list of allowed IP addresses. If a request comes from an unknown IP, ShieldAPI blocks it, even if the token and permissions are valid.
If a third-party tool gets compromised, your token is useless outside your allowed IPs.
Pricing
- 1 API connection
- 2 tokens
- 500 API calls / month
- 24-hour audit log
- 3 API connections
- 5 tokens
- 5,000 API calls / month
- 7-day audit log
- 10 API connections
- 25 tokens
- 50,000 API calls / month
- 30-day audit log
- Rate limits & IP whitelist
- Unlimited connections
- Unlimited tokens
- Unlimited API calls
- Full audit log history
- Rate limits & IP whitelist
- Dedicated support