The Admin API (/api/v1/admin/*) exposes complete store management: catalog,
pricing, stock, orders, customers, content, marketing, reports, settings. It’s designed for
backends, integrations (ERP/PIM/billing), and automations — including
AI agents via MCP.
Authentication & permissions
You need a staff token with the appropriate permissions:
Permissions are granular: catalog, sales, customers, content, marketing,
reports, tax, users, system. A token can read/write only in the areas allowed by its
role, and every call is scoped to its own store (the tenant_id claim).
The Admin API is server-side. Never embed a staff token in a public client.
Examples
Best practices
- Idempotency & bulk: for mass updates (prices, stock), process in batches and
handle 409/422 responses per row.
- Audit: every admin mutation is recorded in the store’s audit log.
- Soft-delete: deleting a product/category sets
deleted_at (it doesn’t destroy the
order history); deactivating is a different thing (is_active).
- Versioning: the API lives under
/api/v1 — backward-compatible changes; breaking
changes will go into a new version.
The full reference for the ~200 admin endpoints is in the
API Reference (the admin sections), generated from the live OpenAPI schema.