1. Sandbox
App registrieren und Testzugangsdaten einmalig erhalten.
SmartDepot Developers
Baue sichere Warenkorb-, Bestell- und Versandintegrationen. Starte sofort in der isolierten Sandbox und beantrage den Produktionszugang, sobald alles bereit ist.
curl https://sandbox-api.smartdepot.org/api/v1/orders \
-H "Authorization: Bearer $TOKEN" \
-H "Idempotency-Key: order-4711" \
-H "Content-Type: application/json" \
--data @order.json
App registrieren und Testzugangsdaten einmalig erhalten.
Kunden wählen Workspace und ausdrückliche Schreibrechte.
Domains und Anwendungsfall zur Prüfung einreichen.
/oauth/authorize with requested scopes./oauth/token.Idempotency-Key is mandatory on write endpoints.// JavaScript (server-side)
await fetch(`${api}/api/v1/orders`, {
method: "POST",
headers: {
Authorization: `Bearer ${token}`,
"Idempotency-Key": order.id,
"Content-Type": "application/json"
},
body: JSON.stringify(order)
});
<?php
$client = new GuzzleHttp\Client();
$client->post($api . '/api/v1/shipments', [
'headers' => [
'Authorization' => 'Bearer ' . $token,
'Idempotency-Key' => $shipment['external_shipment_id']
],
'json' => $shipment
]);
| Method | Path | Authentication |
|---|---|---|
| POST | /api/v1/cart-handoffs | HMAC |
| POST | /api/v1/orders | orders:write |
| POST | /api/v1/shipments |
shipments:write
|
Errors use stable codes including invalid_token, insufficient_scope, invalid_payload,
order_not_found
and idempotency_conflict. Rate-limited requests return HTTP 429.
v1.0.0 — Cart handoff, OAuth/PKCE, Orders and Shipments API.
PHP and JavaScript clients use the same standard HTTP and OAuth flows shown in the OpenAPI description. Secrets must remain server-side and can be rotated from the console.
We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect