1. Sandbox
Register an app and receive test credentials once.
SmartDepot Developers
Build secure cart, order and shipment integrations. Start immediately in the isolated sandbox and request production access when ready.
curl https://sandbox-api.smartdepot.org/api/v1/orders \
-H "Authorization: Bearer $TOKEN" \
-H "Idempotency-Key: order-4711" \
-H "Content-Type: application/json" \
--data @order.json
Register an app and receive test credentials once.
Customers select a workspace and explicit write scopes.
Submit domains and use case for review.
/oauth/authorize with requested scopes./oauth/token.Idempotency-Key is mandatory on write endpoints.// JavaScript (server-side)
await fetch(`${api}/api/v1/orders`, {
method: "POST",
headers: {
Authorization: `Bearer ${token}`,
"Idempotency-Key": order.id,
"Content-Type": "application/json"
},
body: JSON.stringify(order)
});
<?php
$client = new GuzzleHttp\Client();
$client->post($api . '/api/v1/shipments', [
'headers' => [
'Authorization' => 'Bearer ' . $token,
'Idempotency-Key' => $shipment['external_shipment_id']
],
'json' => $shipment
]);
| Method | Path | Authentication |
|---|---|---|
| POST | /api/v1/cart-handoffs | HMAC |
| POST | /api/v1/orders | orders:write |
| POST | /api/v1/shipments |
shipments:write
|
Errors use stable codes including invalid_token, insufficient_scope, invalid_payload,
order_not_found
and idempotency_conflict. Rate-limited requests return HTTP 429.
v1.0.0 — Cart handoff, OAuth/PKCE, Orders and Shipments API.
PHP and JavaScript clients use the same standard HTTP and OAuth flows shown in the OpenAPI description. Secrets must remain server-side and can be rotated from the console.
We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect