REST API overview
Use familiar HTTP endpoints to build storefronts, dashboards, automations, and back-office workflows on Aly.
The conventional HTTP surface at /api/storefront/v1/ — public storefront endpoints and scoped merchant endpoints.
The REST API is the conventional HTTP surface — the same operations the dashboard editor uses, exposed under /api/storefront/v1/. It splits into two halves:public storefront endpoints for buyers and merchant endpoints behind scoped bearer auth for operators.
At a glance
| Base path | /api/storefront/v1/ |
| Public auth | None — guest carts and checkout are allowed. |
| Merchant auth | Bearer (aly_* or aly_oauth_*). |
| Format | JSON. Amounts are minor units (cents). |
| OpenAPI | openapi.json (3.1) |
Storefront half
Public endpoints for reading the catalog and running checkout. No bearer required.
- Catalog — stores, products, collections, search.
- Cart + checkout — create cart, manage items, apply coupons, initiate Stripe checkout.
Merchant half
Scoped endpoints for managing products, orders, customers, webhooks, media, analytics.
- Orders + fulfillment — list orders, fulfill, refund, return, exchange.
- Merchant management — products, customers, customer groups, price lists, webhooks, analytics.
Status codes
| Code | When |
|---|---|
| 200 | Success. |
| 201 | Resource created. |
| 204 | Success, no body (delete). |
| 400 | Validation failure. error.details lists fields. |
| 401 | Missing or invalid bearer. |
| 403 | Scope insufficient or workspace mismatch. |
| 404 | Resource not found. |
| 409 | Idempotency conflict or state-machine guard. |
| 422 | Operation refused (e.g. fulfilling a cancelled order). |
| 429 | Rate limited. |
Pagination
List endpoints accept ?limit=&cursor= and return next_cursorwhen more pages are available. Cursors are opaque; don't try to parse them.
curl "https://aly.store/api/storefront/v1/stores/acme/products?limit=20"Errors
{ "error": { "code": "validation_failed", "message": "Body did not pass validation.", "details": [ { "path": "line_items.0.quantity", "code": "too_small", "min": 1 } ] }}Next steps
- Authentication — bearer details for merchant endpoints.
- Catalog endpoints — read products and collections.
- Cart + checkout — buyer-side state.
- Orders + fulfillment — merchant-side state machine.
- Merchant management — everything else.
Was this page helpful?