API Documentation

With nearly 1,000 endpoints, the API covers searching for, editing, adding, and deleting any record under most of the entities in the system, just as you can with the administrator console. You can use it to create entirely new UI applications, synchronize with your existing systems, or customize the functions of SCP.

Public API Endpoints

Some API endpoints are open to the public without the need for authentication. These endpoints correspond to the public interface of your site. They include all the basic ecommerce functions such as searching for and viewing products, adding to the cart, and going through checkout.

API Authentication

The bulk of the API consists of a full set of endpoints that let you manage and manipulate your site on the SCP platform. CRUD (create, update and delete) functions are included for most of the entities in the system, in addition to a number of other useful endpoints. To access these adminstrative endpoints you must set up an API User and authenticate with it.

Create And Manage API Users

To create an API User, log into the administrator with a user that has superuser privileges, and visit the Api Users link under Operations in the side menu. Click the plus icon to create an Api User.

You can provide the user name for the API user but the password is automatically generated for you. The password is shown on-screen immediately after you create the API user. Please note, for security purposes, the password is never shown again, so make a note of it as soon as you create the user.

In addition to creating the Api user, you must assign roles to it or it will not have permission to do anything. As a best practice for security, we suggest limiting the roles to only the functions that the user absolutely needs.

You can change the user name and the assigned roles for each Api User at any time. However, you can't change or retrieve the password for it. If you misplace the password, you'll need to create a new Api User and assign it the same roles.

Basic Authentication

Each request to one of the administrative API endpoints must use Basic Authentication. Using an Api User's username and password, create a "bearer" token using Base 64 encoding, and create a request header with the name "Authorization" to pass the token to the endpoint as part of the request.

Swagger Interface and Basic Authentication

You can enter the username and password for an API user into the Swagger interface, to make API calls from there. Click the "Authorize" button at the top of the screen to enter the username and password before your first request. Note, the username and password are not stored in the browser session when you use Swagger, so you will see a prompt to enter them again if you make more than one request. The browser will pop open a dialogue window asking for the login details again. When you enter them again, you can instruct the browser to remember the credentials for subsequent requests.