Skip to main content
Version: v2

Storefront Documentation

Welcome to the Storefront API. This is the customer-facing surface of the platform: it powers your web storefront and your mobile apps with everything needed to browse the catalog, manage carts, place orders and access account features.

Authentication

The Storefront API uses JWT bearer tokens issued by the platform's login flow. Send the token on every authenticated request:

Authorization: Bearer <your_jwt_token>

A handful of bootstrap endpoints (catalog browsing, content, configuration) are anonymous and can be called without a token, which makes them suitable for client-side initialization on first load.

Tip: Treat the JWT as a credential. Store it in a secure storage container on mobile (Keychain / Keystore) and never embed it in source code.

What you can build

The endpoints in this section cover the full customer journey:

  • Catalog — list categories, search products, fetch product detail, comments and similars.
  • Content — banners, sliders, showroom blocks, layouts, news, search preview and runtime configuration.
  • Customer — registration, login, profile, addresses, favorites, notifications, discount codes and store tickets.
  • Basket & Order — create and manage shopping baskets, place orders (member or guest), follow order history.
  • Payment — list payment methods, register cards, validate OTP, request and cancel payments.
  • Purchase — create customer-store purchases for digital catalogs.

Conventions

  • All endpoints accept and return JSON (Content-Type: application/json).
  • Timestamps are UTC, ISO-8601 (yyyy-MM-ddTHH:mm:ssZ).
  • Monetary amounts are decimal numbers in the order's currency.
  • Errors follow the platform's standard error envelope — branch on errorCode, never on the human-readable message.

Best practices

  • Refresh tokens proactively before they expire to avoid interrupting the customer experience.
  • Cache anonymous content (categories, configs, sliders) on the client; they change infrequently.
  • Idempotency — when retrying order or payment requests, reuse the same client-generated reference so the server can de-duplicate.
  • Localization — respect the customer's region and language headers; the API surfaces region-aware pricing and content where applicable.

If you have questions about onboarding, JWT issuance or production credentials, please reach out to the platform owner.

Authentication

Token only! Please use without Bearer tag/prefix.

Security Scheme Type:

http

HTTP Authorization Scheme:

bearer

Bearer format:

JWT