Catalog endpoints
Read store, product, variant, collection, and search data for any published Aly storefront.
Public reads — store metadata, products, variants, collections, global search. No auth required.
Catalog endpoints read published storefront data: store metadata, products, variants, media, collections, global search. All public, no auth required.
Store metadata
bash
curl https://aly.store/api/storefront/v1/stores/acmeProducts
Paginated list
bash
curl "https://aly.store/api/storefront/v1/stores/acme/products?limit=20&cursor="Single product
bash
curl https://aly.store/api/storefront/v1/stores/acme/products/prod_abcBatch lookup
Up to 50 ids per call.
bash
curl "https://aly.store/api/storefront/v1/stores/acme/products/batch?ids=prod_abc,prod_def,prod_ghi"Product shape
json
{ "id": "prod_abc", "site_slug": "acme", "name": "Linen Tote", "slug": "linen-tote", "description": "...", "price": { "amount": 4200, "currency": "USD" }, "media": [ { "type": "image", "url": "https://cdn.aly.store/...", "alt": "Front" } ], "variants": [ { "id": "var_1", "options": { "color": "natural" }, "price": { "amount": 4200, "currency": "USD" }, "stock": 25, "in_stock": true, "sku": "LT-NAT" } ], "tags": ["bags", "linen"], "is_digital": false, "url": "https://acme.aly.store/p/linen-tote", "published_at": "..."}Collections
bash
# List collectionscurl https://aly.store/api/storefront/v1/stores/acme/collections # Products in a collection (slug or id)curl https://aly.store/api/storefront/v1/stores/acme/collections/spring-2026/productsGlobal search
Cross-store catalog search.
bash
curl "https://aly.store/api/storefront/v1/search?q=linen+tote&limit=20"Filters
| Param | Type | Notes |
|---|---|---|
tag | string (repeatable) | Match products tagged with any of the values. |
in_stock | bool | Restrict to variants with stock. |
price_min | integer minor units | — |
price_max | integer minor units | — |
limit | integer 1–100 | Default 20. |
cursor | opaque | From a prior next_cursor. |
CORS + caching
Catalog reads return Cache-Control: public, max-age=60 and are CORS-open. They're safe to call from the browser; the same payload backs the storefront UI itself via ISR.
Was this page helpful?