Introduction
Base URL
https://core.expozy.com/api
The Expozy API is organized around REST principles. It uses predictable resource-oriented URLs, standard HTTP verbs and response codes, and accepts and returns JSON-encoded request and response bodies.
Explore Expozy's API reference and templating documentation. You have access to everything from the Frontend API and Backend API.
Backend API
At the core of Expozy is the Backend API, available through REST. It provides data on products, customers, orders, inventory, fulfillment, and more.
Expozy offers a suite of APIs which allow developers to extend the platform's built-in features. These APIs allow partners to read and write merchant data, interoperate with other systems and platforms, and add new functionality to Expozy.
This documentation refers to Expozy's Frontend and Backend API.
Frontend API
Build the frontend of your website with Expozy's Frontend API and REST. It gives you the power and tools to bring your data to the live public.
Getting started
Example request headers
$ curl https://core.expozy.com/api/admin/ or https://core.expozy.com/api/
-H "Authorization: Bearer BOHe5RUvSuN416YYaY"
-H "Authentication: Basic AAABBBBCCCCC"
In order to use Expozy's APIs, you must include the authorization and authentication headers within your request.
Authentication is required for all POST
, PUT
, DELETE
, and some GET
requests. Authorization is necessary if you are trying to access endpoints
reserved for Admins. See below how to obtain them.
Authorization
To receive a token, you must log in with a username and a password. In this example, we will use the email [email protected]
and the password gR&YUd5&14OK
After successful login, the API will return a token that can be used to access restricted endpoints. The validity of the key is 30 days, after which you must generate a new one.
POST /login
$ curl https://core.expozy.com/api/login
-d [email protected]
-d password=gR&YUd5&14OK
Authentication
Before using the API, you need to create an Expozy account. On creation, you will automatically be assigned one within your Admin Panel. If you wish to integrate it with third-party plugins, you have to request it directly from the administrators.
Example response
{
"user": {
"data": {
"id": "3883",
"attributes": {
"email": "[email protected]",
"name": "Demo",
"roleNames": "administrator"
}
}
},
"token": "3uYxE6kURJbra3Jf98"
}
Data filtering
$ curl -X GET https://core.expozy.com/api/admin/users/:id
You can use parameters for filtering on some of the methods provided by the API. For example, if you want to receive data for a specific user, simply add their ID to the path.
Throughout the documentation, keep in mind that :id must be replaced with the actual ID of the object.
$ curl -X GET https://core.expozy.com/api/categories?droplist=true
Other filters need to be specified via query parameters and their values are usually boolean, i.e., they only need to be true.
API Rate Limit
The rate limit is 5 calls per second per API user. An 'HTTP/ 429 Too Many Requests' error will be returned, when this limit is exceeded*.
*If the limit is exceeded, it is advisable to retry the requests which resulted in 'HTTP/ 429 Too Many Requests' with exponential backoff and max number of retries as the example bellow:
delay = retry counter * 500 milliseconds
1-st response 'HTTP/ 429 Too Many Requests'
set retry counter = 1
delay = 500 milliseconds
2-nd response 'HTTP/ 429 Too Many Requests'
set retry counter = 2
delay = 1000 milliseconds
...
N-th response 'HTTP/ 429 Too Many Requests'
set retry counter = N
delay = N*500 milliseconds
Web Application Firewall
The WAF analyses each request to Expozy's core in order to identify threats and every suspicious behavior is considered as such!
WAF bans every suspicious caller (IP) for 2 hours. If you are banned, please check your server logs for 403 HTTP errors. To avoid future bans you should carefully analyse your workflows and service behavior leading to error 403 and fix them accordingly.
Data Formats
Type | Allowed Values |
---|---|
Integer | Integer number from -9223372036854775808 to +9223372036854775807 |
String | Dependent on the data table's limit. Check specifications for more detail. |
Boolean | True or False |
Float | Floating point numbers (e.g. 1.23). Precision depends on table column. Used normally for prices. |
Errors
Expozy uses standard HTTP status codes to indicate the success or failure of an API request. A code in the range of 2xx
indicates success, a code in the range of 4xx
indicates there was a problem with the arguments provided (e.g., authentication or a required field was missing), and a code in the range of 5xx
indicates an error occurred with Expozy's servers.
Authorization errors
(Status codes 401 and 403)
401 Unauthorized and 403 Forbidden
{
"errors": [
"Login first!"
]
}
An authorization error occurs whenever the headers contain wrong, outdated, or missing information.
Common causes
-
Expired API key
Your API key might have expired, and you may need to request a new one.
-
Wrong tokens
You may have mistyped your tokens. Please confirm whether the authorization and authentication headers are correct.
-
Restricted access
You may be trying to access a restricted endpoint without the proper authorization headers in the request.
Not Found Errors
(Status code 404)
404 Not Found
{
"errors": [
"Not found!"
]
}
Not Found errors occur whenever you are trying to access information that does not exist.
Common causes
-
Wrong ID parameter
The ID path parameter may be typed wrong.
-
Deleted data
You may be trying to access data that has been deleted or archived.
-
Unauthorized access
You may be trying to access data reserved for admins.
Internal Server Errors
(Status code 500)
500 Internal Server Error
{
"errors": [
"Something happened!"
]
}
Internal server errors may occur whenever the server is experiencing a heavy load, but could also have other causes related to the communication between client and server.
Common causes
-
Server Maintenance
Server may be down for maintenance. Please check again later.
-
Server under load
You may have sent multiple requests in quick succession, or the server itself may be experiencing heavy load.
-
Network Failure
The network may be experiencing a heavy load or something may be obstructing communication with the server.
Validation errors
A validation error is returned when a request could not be fulfilled due to one or more invalid input values.
Example validation error
{
"errors": [
"[name='title']": "Product title is not set!",
...
]
}
Error fields
-
errors
An array containing a list of errors with the validation.
-
key
A key corresponding to the field where the error occurred.
-
value
A human-readable description of the error. In this case it is "Product title is not set!"
Handling errors
Expozy's API will return an error object in case of an invalid PUT
, POST
or DELETE
or GET
request, and throw in any other error case.