API docs V2
Navbar
API docs V2
Topics
Frontend API
Backend API
Guides

Introduction

Base URL

https://core.expozy.com/api

The Expozy API is organized around REST principles. It uses predictable resource-oriented URLs, standard HTTP verbs and response codes, and accepts and returns JSON-encoded request and response bodies.

Explore Expozy's API reference and templating documentation. You have access to everything from the Frontend API and Backend API.

Backend API

At the core of Expozy is the Backend API, available through REST. It provides data on products, customers, orders, inventory, fulfillment, and more.

Expozy offers a suite of APIs which allow developers to extend the platform's built-in features. These APIs allow partners to read and write merchant data, interoperate with other systems and platforms, and add new functionality to Expozy.

This documentation refers to Expozy's Frontend and Backend API.

Frontend API

Build the frontend of your website with Expozy's Frontend API and REST. It gives you the power and tools to bring your data to the live public.

Getting started

Example request headers

$ curl https://core.expozy.com/api/admin/ or https://core.expozy.com/api/
 -H "Authorization: Bearer BOHe5RUvSuN416YYaY"
    -H "Authentication: Basic AAABBBBCCCCC"

In order to use Expozy's APIs, you must include the authorization and authentication headers within your request. Authentication is required for all POST, PUT, DELETE, and some GET requests. Authorization is necessary if you are trying to access endpoints reserved for Admins. See below how to obtain them.

Authorization

To receive a token, you must log in with a username and a password. In this example, we will use the email [email protected] and the password gR&YUd5&14OK After successful login, the API will return a token that can be used to access restricted endpoints. The validity of the key is 30 days, after which you must generate a new one.

POST /login

$ curl https://core.expozy.com/api/login
  -d [email protected]
  -d password=gR&YUd5&14OK

Authentication

Before using the API, you need to create an Expozy account. On creation, you will automatically be assigned one within your Admin Panel. If you wish to integrate it with third-party plugins, you have to request it directly from the administrators.

Example response



{
    "user": {
        "data": {
            "id": "3883",
            "attributes": {
                "email": "[email protected]",
                "name": "Demo",
                "roleNames": "administrator"
            }
        }
    },
    "token": "3uYxE6kURJbra3Jf98"
}

Data filtering

$ curl -X GET https://core.expozy.com/api/admin/users/:id

You can use parameters for filtering on some of the methods provided by the API. For example, if you want to receive data for a specific user, simply add their ID to the path.

Throughout the documentation, keep in mind that :id must be replaced with the actual ID of the object.

$ curl -X GET https://core.expozy.com/api/categories?droplist=true

Other filters need to be specified via query parameters and their values are usually boolean, i.e., they only need to be true.

API Rate Limit

The rate limit is 5 calls per second per API user. An 'HTTP/ 429 Too Many Requests' error will be returned, when this limit is exceeded*.

*If the limit is exceeded, it is advisable to retry the requests which resulted in 'HTTP/ 429 Too Many Requests' with exponential backoff and max number of retries as the example bellow:

delay = retry counter * 500 milliseconds
1-st response 'HTTP/ 429 Too Many Requests'
set retry counter = 1
delay = 500 milliseconds

2-nd response 'HTTP/ 429 Too Many Requests'
set retry counter = 2
delay = 1000 milliseconds

...

N-th response 'HTTP/ 429 Too Many Requests'
set retry counter = N
delay = N*500 milliseconds

Web Application Firewall

The WAF analyses each request to Expozy's core in order to identify threats and every suspicious behavior is considered as such!

WAF bans every suspicious caller (IP) for 2 hours. If you are banned, please check your server logs for 403 HTTP errors. To avoid future bans you should carefully analyse your workflows and service behavior leading to error 403 and fix them accordingly.

Data Formats

TypeAllowed Values
IntegerInteger number from -9223372036854775808 to +9223372036854775807
StringDependent on the data table's limit. Check specifications for more detail.
BooleanTrue or False
FloatFloating point numbers (e.g. 1.23). Precision depends on table column. Used normally for prices.

Errors

Expozy uses standard HTTP status codes to indicate the success or failure of an API request. A code in the range of 2xx indicates success, a code in the range of 4xx indicates there was a problem with the arguments provided (e.g., authentication or a required field was missing), and a code in the range of 5xx indicates an error occurred with Expozy's servers.

Authorization errors

(Status codes 401 and 403)

401 Unauthorized and 403 Forbidden

{
    "errors": [
        "Login first!"
    ]
}

An authorization error occurs whenever the headers contain wrong, outdated, or missing information.

Common causes

  • Expired API key

    Your API key might have expired, and you may need to request a new one.

  • Wrong tokens

    You may have mistyped your tokens. Please confirm whether the authorization and authentication headers are correct.

  • Restricted access

    You may be trying to access a restricted endpoint without the proper authorization headers in the request.

Not Found Errors

(Status code 404)

404 Not Found

{
    "errors": [
        "Not found!"
    ]
}

Not Found errors occur whenever you are trying to access information that does not exist.

Common causes

  • Wrong ID parameter

    The ID path parameter may be typed wrong.

  • Deleted data

    You may be trying to access data that has been deleted or archived.

  • Unauthorized access

    You may be trying to access data reserved for admins.

Internal Server Errors

(Status code 500)

500 Internal Server Error

{
    "errors": [
        "Something happened!"
    ]
}

Internal server errors may occur whenever the server is experiencing a heavy load, but could also have other causes related to the communication between client and server.

Common causes

  • Server Maintenance

    Server may be down for maintenance. Please check again later.

  • Server under load

    You may have sent multiple requests in quick succession, or the server itself may be experiencing heavy load.

  • Network Failure

    The network may be experiencing a heavy load or something may be obstructing communication with the server.

Validation errors

A validation error is returned when a request could not be fulfilled due to one or more invalid input values.

Example validation error

{
    "errors": [
        "[name='title']": "Product title is not set!",
        ...
    ]
}

Error fields

  • errors

    An array containing a list of errors with the validation.

  • key

    A key corresponding to the field where the error occurred.

  • value

    A human-readable description of the error. In this case it is "Product title is not set!"

Handling errors

Expozy's API will return an error object in case of an invalid PUT, POST or DELETE or GETrequest, and throw in any other error case.

Expozy Structure

Expozy's admin structure is intended to provide a great starting point for both large and small projects. It's a combination of the API Core, the Admin Panel and your website's frontend.

Core

The Api Core is the place where all the control over the data in both admin panel and the website's frontend comes from, and it's highly opened for modifications.

It has a library of classes that determines the modules and all their methods. It also uses plugins and helpers for additional features.

The API methods that will be used in the Admin Panel and the Frontend are defined in the api folder in the specified subdirectory as a GET, POST, PUT or DELETE request.

Htaccess

.htaccess is a configuration file for use on web servers running the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer.

Config

The configuration file is used to include global constants and initializations. For example, different path constants, localization settings, error logs directory, and so on. The Admin configuration file also gets the data for the current project and its database.

Datatables

DataTables is a plugin for the jQuery Javascript library. It is a highly flexible tool for filling HTML tables with data, and it's used with the Admin API in the admin panel.

Languages

The languages can be seen in the admin panel as a module where you can choose the languages your website is going to use. The modules that contain contents for the frontend (example: products, posts, pages) of the website can be edited in the admin panel while the chosen language is active. That will update the data that will be displayed as a translation for it. There are also language constants defined in json files that can be used.

Uploads

In the Core, you will also find the "uploads" folder which contains all the images uploaded to the server. It contains subfolders named with the projects' ID and a level deeper the images are sorted by modules.