Shoptet API (1.0.0)

Created in cooperation with the Ministry of Industry and Trade of the Czech Republic within the "The Country for the Future" programme.

This documentation provides information about the interface for developers who would like to gain access to Shoptet

e-shops. For more information about Shoptet, see https://www.shoptet.cz/.

The API is available in two access modes:

  • for "Shoptet partner” developers who create the interconnection with the services and extend the Shoptet system's functions for public usage. For more information about API and conditions, under which it can be used, see https://developers.shoptet.com/addons/.

  • direct private access to eshop data for eshop owner - available only for Premium Members. See https://developers.shoptet.com/premium for more information about API access.

Basic principles

How to call API

API supports communication in JSON format. The URL for calling API requests is https://api.myshoptet.com. The API calls

(endpoints and message formats) are common for private as well as addons access, it however uses different authentication

and authorization principles.

For Addons

API is made to create the supplements for the Shoptet system and uses OAuth2 authorization principles.

To access the API it is necessary to implement a web service at your side, which will communicate with our OAuth server.

In your e-shop administration, which you are using to work with our API, you must search in the API Partner section for the Access to API tab.

Here, you will find your clientID and addresses, from where you can call our OAuth server.

The work with API begins with e-shop addon installation. (The installation process can be tested in the addon detail in the Users section, where you can cause the installation for your e-shop.)

In your addon detail, in the Settings section, enter URL to gain a OAuth code. The URL must be linked to your server, where the script is prepared, which is able to gain an OAuth access token.

At this address, you will receive the HTTP request with a GET parameter code, when installing the addon, with unique value (a 255 character long string).

The code provided only has short-term validity and can be used only once. With this code, request our OAuth server to provide an OAuth access token.

Such a request shall follow within the same script that received the code.

Do not put off gaining the OAuth access token for a later time, and do not reply to our request with a 200 OK status, until you gain the OAuth access token.

The address for you to call, and an example of implementation, can be found in e-shop administration in the Access to API section.

As a response you will obtain a JSON with your OAuth access token. Save this token securely. Never send this token to the client computer, and use it only

for communication between the servers and for gaining the temporary token for access to API.

If you have successfully received an OAuth access token, your script must end with the HTTP status code “200”.

Now you have your OAuth access token, which links your addon with a specific e-shop, perhaps you would like to communicate with the e-shop via API.

From your server, call https://<eshop-address.tld>/action/ApiOAuthServer/getAccessToken address with HTTP header Authorization: Bearer <OAuth access token>.

As the reply, you will receive a JSON containing an API access token value and the token expiration time value. An example of calling can be found in e-shop administration in the Access to API section.

It is possible to request a maximum of 5 valid tokens.

The API access token will enable you to call an individual URL of our API, for example https://api.myshoptet.com/api/eshop. Send the API access token in each request in the HTTP headerShoptet-Access-Token.

You can have several valid API access tokens available at any one time. Should the validity of the API access token expire, you will receive a HTTP status code 401 and message about token expiration.


{
    "data": 'null',
    "errors": [
        {
            "errorCode": "expired-token",
            "message": "Token is expired. Please ask for new one.",
            "instance": "unknown"
        }
    ]
}

If your token does not have the access right for a specific endpoint, you will obtain a reply with HTTP status code 403 Forbidden.


{
    "data": 'null',
    "errors": [
        {
            "errorCode": "invalid-token-no-rights",
            "message": "Your access token \"afd..123\" has no defined rights for this resource.",
            "instance": "access-token"
        }
    ]
}

For private API access (Premium)

You can create API access tokens simply in the eshop administration. Send them in the request header Shoptet-Private-API-Token.

You can automatically access all API endpoints.

Rate limiting

Rate limiting is at the level of server overload protection (DDoS), whereas the quantity of queries or total volume of data are unlimited.

These are therefore the limits of the maximum number of coincident active connections. A maximum of 50 from a single IP address, and a maximum of 3 connections for a single token. If the limit is exceeded, the HTTP code 429 is returned. See also Nginx configuration:

limit_conn per_ip 50;
limit_conn per_token 3;
limit_conn_status 429;

Some URLs, for example for bulk operations, can have their own specific limits, which are mentioned in this documentation.