To authenticate to the API platform you must require an API Key from your handler on Supplier website that will be used instead of your username for all api calls. The password is the same of your Supplier website account. Password of your ecommerce account and password used with the API are keep in sync so when you change Supplier account password you will also have to change the password you are using to implement API in your integration. The API platform uses the Basic HTTP authentication RFC 2617 (, so you must add the Authorization header field in every http API call. The Authorization field is constructed as follows:


If Aladdin is the api key and OpenSesame is the password, then the field's value is the base64-encoding of Aladdin:OpenSesame,that is: QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:

Authorization : Basic QWxhZGRpbjpPcGVuU2VzYW1l

Adding the header field depends on the language you use for implementation. This is an exemple in PHP:

$header = "Authorization: Basic " . base64_encode($username . ':' . $password);

Http Headers

API request and response use, in most cases, the XML format. So the followed header must be set in the Http Request:

Header Value Note
Content-Type application/xml In every POST request
Accept application/xml In GET/POST request receiving XML response body
Authorization "Basic base64 user:password" In every request

Http Return Status Codes

API services always returns an http status code to be tested by the caller. The most common status codes are:

Code Meaning Action
200 OK You may extract data in the response body, if expected it
401 Unauthorized You missed the Authorization header or your credentials are invalid
404 Not found An item you pass in the request data does not exist in the database (i.e. the order_id, stock_id, etc…)
406 Not acceptable You specified an invalid Accept http header, since its value does not match with the response body format (i.e. you specified “application/xml” while response return a plain/text format)
500 Internal server error An internal error arose. Contact you support center