Skip to main content
The Management API provides server-to-server access to store data for integrations and automation. All endpoints require authentication via a secret key.
These endpoints are intended for backend-to-backend communication only. Never expose your secret key in client-side code.

Authentication

All Management API endpoints require the store’s secret key, passed via the SecretKeyAuthMiddleware. Include the key in the X-Secret-Key header:
Management endpoints are subject to a separate, lower rate limit (throttle:management).

GET /management/analytics

Get store analytics and insights for a given time period.

Headers

Query Parameters

Example Request

Response

Success (200)


POST /management/inventory/update

Bulk update product inventory.

Headers

Body Parameters

Example Request

Response

Success (200)

Error Responses

Inventory updates run within a database transaction. If any single update fails, all changes are rolled back. Product caches are automatically invalidated after updates.

GET /management/orders

Get store orders with filtering and sorting.

Headers

Query Parameters

Example Request

Response

Success (200)

Paginated list of orders with customer and item details.

GET /management/export/customers

Export customer data in JSON or CSV format.

Headers

Query Parameters

Example Request

Response

JSON Format (200)

CSV Format (200)

Returns a downloadable CSV file with Content-Type: text/csv.

GET /management/webhooks/data

Get recent data for webhook-style integrations, filtered by event type.

Headers

Query Parameters

Example Request

Response

Success (200)

The response shape depends on the event type. For order.created / order.updated:
For product.updated:
For customer.created:

Error Responses

Supported Event Types