/api/v1 and use the publishable key (or the store domain).
1. Catalog & search
2. Cart
The cart works for guests (with a session id/token) and for logged-in customers.Cross-origin / headless cart. The guest cart is keyed by a session token, returned in the
response’s
session_token field. If your storefront runs on a different origin than the API
(e.g. xxxx.com → api.vellaro.io), the cx_cart cookie (SameSite=Lax) is not sent
cross-site: store session_token client-side (e.g. localStorage) and send it back on
every cart call and at checkout as the X-Cart-Token header. The cart then persists
anywhere and is restored on the shopper’s return (7-day TTL). Same-origin? The cookie is
enough and the header is optional.3. Checkout & payment
client_secret/redirect to complete
client-side, others confirm immediately. See the API Reference for the
exact schema of POST /checkout.
4. Orders & tracking
Quick tip: the full list of parameters, request bodies, and responses is in the
API Reference, generated from the live OpenAPI schema — so it’s always
aligned with production.
Appearance & configuration
GET /settings/store-info— name, contacts, social, appearance (logo, colors) to brand your frontend like the store.GET /banners,GET /information/<slug>— CMS content and hero.GET /languages,GET /currencies— for language/currency selectors.