API specification
Basic info about the Provisioning API available operations, endpoints, headers, rate limits, and error handling
Last updated
Basic info about the Provisioning API available operations, endpoints, headers, rate limits, and error handling
Last updated
Commerce Layer Provisioning API is a fast API 100% compliant with the specification (v1.0). It supports compound documents, sparse fieldsets, resource linking, filtering, sorting, pagination, and more. To learn more about how to leverage those features, the basic CRUD actions syntax and payloads you can refer to the :
All the strings passed to the API must be UTF-8 encoded.
All API requests must be made over to the following base endpoint:
Include the following HTTP request headers when making calls to the Provisioning API endpoints:
Accept
Must be application/vnd.api+json.
Accept-Version
Content-Type
Must be application/vnd.api+json (required only for POST, PUT, and PATCH requests).
Authorization
Must be Bearer {{your_access_token}}.
The Accept-Version header is optional and will be used to manage future versioning. When different versions of the Provisioning API are available you'll be able to request a specific one just by changing it as follows:
Where {{version}} is the unique progressive number that identifies the version you want to use.
GET requestsAverage
1000 (to all endpoints)
1 min
Burst
250 (per endpoint)
10 secs
POST requestsAverage
200 (to all endpoints)
1 min
Burst
50 (per endpoint)
10 secs
IP addresses that exceed the rates above will be blocked until the frequency of the specific call drops below the allowed limit.
Codes in the 2xx range indicate success.
Codes in the 4xx range indicate an error that failed given the information provided (e.g. bad request, failed validation, or authentication issues).
Codes in the 5xx range indicate an unhandled error (these are rare and should never happen).
Correct error handling is important. We recommend writing code that gracefully handles all possible API exceptions.
Must be v1 (learn more about ).
Where {{your_access_token}} is the access token you get by to the Provisioning API.
The requests you perform to the Provisioning API are currently subject to the as the uncacheable requests to the Core API in live mode and differentiated by .
The Core API /oauth/token endpoint you need to use for is subject to (max 30 reqs / 1 min).
Commerce Layer Provisioning API uses to show the success or failure of an API request.
For a complete list of all the possible error codes, messages, and descriptions please refer to the of the Core API documentation.