Base URL
Origin or Referer header of your request. Your custom storefront domain must be configured in the store’s dashboard for requests to be accepted.
Authentication Model
The Storefront API uses two authentication mechanisms:1. Customer Authentication (Bearer Token)
Customers authenticate via an OTP (one-time password) flow. After verifying their phone number or email, they receive a Bearer token used for authenticated endpoints (orders, profile, wishlist, courses, checkout).2. Guest Cart Token
Unauthenticated visitors can still browse products and manage a cart using theX-Cart-Token header. A cart token is issued when items are first added to the cart and is also returned upon customer authentication.
3. Management Secret Key
The Management API endpoints use a secret key for server-to-server authentication. This key is configured in the store dashboard.4. Custom Storefront Token
Store owners can generate custom API tokens for external developers building storefronts. Tokens are scoped by domain, environment, and permissions.Product Types
RMZ stores can sell five types of products:Response Format
All responses follow a consistent JSON structure.Success Response
Paginated Response
Error Response
Rate Limits
When a rate limit is exceeded, you receive a
429 Too Many Requests response.
Error Codes
Supported Country Codes
Caching
Responses include cache headers to help optimize your storefront:X-Cache-Status:HITorMISSindicating whether the response was served from cacheCache-Control:public, max-age=Nwith appropriate TTL per resource type
CORS
The API supports cross-origin requests. Your storefront domain must be registered in the store’s settings for CORS to allow the request. TheOrigin header is used to identify the store.
