Basic information about API
The API is implemented as REST; requests and responses are sent in JSON format. The API is only an interface for reading and updating data. The URL calls, known as endpoints, used for both reading and writing data, can be found in the documentation.
In addition to these endpoints, a notification service (webhooks) is available. After registering a webhook,a specified URL is called, for example when a new order is created.
The API is not publicly accessible; it is currently available only to developers of so-called addons that are published on the https://doplnky.shoptet.cz/, where any e-shop (except for trial versions) can install them.
At present, not every e-shop operator or partner (developing for a single shop) can use the API.
By installing an addon, a unique API key is generated, identifying the e-shop and the addon. This key is used to obtain short-term API access tokens, which must be included as authentication in the HTTP header of every API call.
Addons (API-based software) must run and store their data on the developer's own infrastructure. Shoptet does not provide hosting or data storage for addons. Developers can freely choose their technology stack.
API calls made by an addon can access all e-shop data, including orders, prices, and customer information. Therefore, each addon must declare what data it uses, and only the corresponding API calls will be permitted for that API key.
The list of requested data is reviewed and approved by Shoptet before the addon is published on the https://doplnky.shoptet.cz. Before installation, this list is also visible to every user (e-shop operator).
If a new version of the addon requires additional data, the scope of access must be extended. This extension must be approved by Shoptet and then confirmed by the user. The user is notified in the administration interface and prompted to approve the new permissions.
Addon developmentβ
To develop a new addon, the partner has a test e-shop available, which can serve for development and testing.
Once approved, a partner has access to the "API Partner" section, where they can define the required endpoints and obtain a temporary test API access token for integration with the test e-shop.
It is also necessary to create an installation routine that will be triggered when someone orders the addon. To develop this installation routine, you can simulate the addon installation.
When the addon is installed in the partner's e-shop, they receive a permanently valid API key (OAuth access token), which is used to request short-term API tokens and to access the API (providing data from their test e-shop).
After completing development and receiving approval from Shoptet, the addon is made available to all e-shops via the Addons Marketplace.
Working with an addon involves two main steps:
- Installation
- Normal operation
Installationβ
During the installation, the partner's installation URL is called to obtain the API key (OAuth access token) and to determine the identity of the e-shop installing the addon. Both pieces of information must be securely stored.
This step also provides information about a new client. You might want to send a welcome email, create a profile, download initial data, or access various settings.
Normal operation of the addonβ
The short-term API access token is used to make individual API calls. This token is obtained from the OAuth server using the original OAuth token received during installation.
The token is valid for 30 minutes, after which a new one must be requested. The token is valid for one addon and one e-shop. Itβs a good idea to store it temporarily, although its short lifespan makes it less critical than the original token.
If a call returns a 401 Unauthorized error, the addon must request a new token and repeat the API call.