Skip to main content
The RMZ Storefront API lets you build fully custom storefronts that connect to any RMZ store. It provides endpoints for browsing products, managing carts, processing checkouts, handling customer authentication, and more.

Base URL

The store is identified automatically by the Origin or Referer header of your request. Your custom storefront domain must be configured in the store’s dashboard for requests to be accepted.

Authentication Model

The Storefront API uses two authentication mechanisms:

1. Customer Authentication (Bearer Token)

Customers authenticate via an OTP (one-time password) flow. After verifying their phone number or email, they receive a Bearer token used for authenticated endpoints (orders, profile, wishlist, courses, checkout).

2. Guest Cart Token

Unauthenticated visitors can still browse products and manage a cart using the X-Cart-Token header. A cart token is issued when items are first added to the cart and is also returned upon customer authentication.

3. Management Secret Key

The Management API endpoints use a secret key for server-to-server authentication. This key is configured in the store dashboard.

4. Custom Storefront Token

Store owners can generate custom API tokens for external developers building storefronts. Tokens are scoped by domain, environment, and permissions.

Product Types

RMZ stores can sell five types of products:

Response Format

All responses follow a consistent JSON structure.

Success Response

Paginated Response

Error Response

Rate Limits

When a rate limit is exceeded, you receive a 429 Too Many Requests response.

Error Codes

Supported Country Codes

Caching

Responses include cache headers to help optimize your storefront:
  • X-Cache-Status: HIT or MISS indicating whether the response was served from cache
  • Cache-Control: public, max-age=N with appropriate TTL per resource type

CORS

The API supports cross-origin requests. Your storefront domain must be registered in the store’s settings for CORS to allow the request. The Origin header is used to identify the store.