API
The OpenTiendas API is a RESTful web service that allows you to programmatically manage your store data—including products, orders, customers, and inventory. It is designed for flexibility, security, and scalability, enabling seamless integrations with external systems such as ERPs, CRMs, custom applications, and mobile apps.
API access is only available to users with the Store Manager role or higher, and exclusively on plans eShop and eBusiness.
New endpoints and capabilities are added over time as the platform evolves. Check the blog and release notes regularly to stay informed about new features and improvements.
Setting Up the API
Get started by creating and managing your API keys in the OpenTiendas Admin Panel. Learn how to obtain your credentials and make your first API call in the Getting Started section.
How the API works
The API uses standard HTTP methods and JSON for communication over HTTPS, ensuring data integrity and security. Authentication is handled using a public API key provided in the Authorization header. Each request must be sent to a store-specific endpoint in the following format:
https://{SHOP_ID}.opentiendas.app/api/v1/...
Unlike webhook notifications, API requests are not signed. Instead, the API relies on HTTPS encryption and API keys to ensure that only authorized requests can access or modify store data.
Important information
Backup your data before destructive operations
Some actions performed through the API—such as deleting resources—are irreversible.
For example, once a product, review, or brand is deleted, it cannot be recovered.
We strongly recommend backing up any important data before performing destructive operations.
Imported data responsibility
OpenTiendas allows merchants to import data—such as reviews or other resources—via various API endpoints.
It is the merchant’s responsibility to ensure the accuracy, legality, and origin of any imported content.
Data presence and nullability rules
The OpenTiendas API follows consistent conventions for how fields appear in responses.
In general, the meaning depends on whether a field is present, empty, or set to null.
| Case | Meaning |
|---|---|
| Field is missing | The field does not apply to this resource or is not returned in this context |
Field is present with an empty value ("", [], {}) | The field applies, but currently has no data |
Field is present with null | The field exists but its value is unknown or not set |
Clients should avoid assuming default values for fields that are not present.
When a field is missing, it usually means that the concept is not relevant for that resource or response.
When working with optional features (for example localization, pricing, or variants), it is recommended to check whether a field exists before using its value.
Date formats and timestamps
All date and time fields in the OpenTiendas API follow the ISO 8601 standard format:
YYYY-MM-DDTHH:mm:ssZ
Timestamps are returned in UTC unless otherwise specified.
Use timezone-aware libraries and parsers when handling date values across timezones and platforms.
Security and Authentication
- All API requests must include a valid API key in the
Authorizationheader. - Secure access is enforced through HTTPS and role-based permissions.
- Store API keys securely and rotate them periodically.
- Never expose keys in client-side code or version control.
- Scopes and granular permissions are not yet available but will be added in future updates.
Rate limits and Error handling
- The system enforces rate limits to ensure stability and fairness.
- Comprehensive error handling makes it easy to debug and retry failed requests.
- Learn more in the Error Handling and Rate Limits section.
Available resources
The API gives you access to a variety of resources including:
| Resource | Description |
|---|---|
| Reviews | Access and manager reviews |
| Products* | Manage products, variants, and prices |
| Orders* | Create, update, and track orders |
| Customers* | Access and manage customer data |
| Inventory* | Sync inventory levels and availability |
Refer to the API Reference for complete details and request examples.
* New endpoints coming soon.
Sample code
Explore ready-to-use examples in different languages. Check out the Sample Code section for detailed examples in Python, Node.js, PHP, and more.