Skip to main content
The Admin API (/api/v1/admin/*) exposes complete store management: catalog, pricing, stock, orders, customers, content, marketing, reports, settings. It’s designed for backends, integrations (ERP/PIM/billing), and automations — including AI agents via MCP.

Authentication & permissions

You need a staff token with the appropriate permissions:
Permissions are granular: catalog, sales, customers, content, marketing, reports, tax, users, system. A token can read/write only in the areas allowed by its role, and every call is scoped to its own store (the tenant_id claim).
The Admin API is server-side. Never embed a staff token in a public client.

Examples

Best practices

  • Idempotency & bulk: for mass updates (prices, stock), process in batches and handle 409/422 responses per row.
  • Audit: every admin mutation is recorded in the store’s audit log.
  • Soft-delete: deleting a product/category sets deleted_at (it doesn’t destroy the order history); deactivating is a different thing (is_active).
  • Versioning: the API lives under /api/v1 — backward-compatible changes; breaking changes will go into a new version.
The full reference for the ~200 admin endpoints is in the API Reference (the admin sections), generated from the live OpenAPI schema.