Skip to content
Last updated Give Feedback

API Overview

API Overview

Section titled “API Overview”

The ecommus REST API is served by Fastify 5 on port 4000. It provides two namespaces:

  • /api/admin/* — Protected by JWT auth + tenant isolation. Used by the admin panel.
  • /api/storefront/* — Public-facing. Serves storefront data (products, cart, checkout).

Swagger UI

Section titled “Swagger UI”

When running locally, the full interactive API docs are available at:

http://localhost:4000/docs

The Swagger UI is powered by @fastify/swagger-ui and auto-generated from Zod schemas on all routes.

Authentication

Section titled “Authentication”

All /api/admin/* routes require a valid JWT in the Authorization header:

Authorization: Bearer <access-token>

Plus a tenant identifier (one of):

  • X-Tenant-Id: <tenantId> header
  • Subdomain: mystore.ecommus.app

See Authentication for the full auth flow.

Admin Routes

Section titled “Admin Routes”

Authentication

Section titled “Authentication”
MethodPathDescription
POST/api/admin/auth/loginLogin with email + password
POST/api/admin/auth/refreshRefresh access token
POST/api/admin/auth/logoutInvalidate refresh token

Products

Section titled “Products”
MethodPathDescription
GET/api/admin/productsList products (paginated, filterable)
POST/api/admin/productsCreate product
GET/api/admin/products/:idGet product by ID
PUT/api/admin/products/:idUpdate product
DELETE/api/admin/products/:idSoft-delete product

Orders

Section titled “Orders”
MethodPathDescription
GET/api/admin/ordersList orders
GET/api/admin/orders/:idGet order with items
PUT/api/admin/orders/:id/statusUpdate order status
POST/api/admin/orders/:id/refundInitiate refund

Customers

Section titled “Customers”
MethodPathDescription
GET/api/admin/customersList customers
GET/api/admin/customers/:idGet customer profile
PUT/api/admin/customers/:idUpdate customer

Categories

Section titled “Categories”
MethodPathDescription
GET/api/admin/categoriesList categories (tree)
POST/api/admin/categoriesCreate category
PUT/api/admin/categories/:idUpdate category
DELETE/api/admin/categories/:idDelete category

Plugins

Section titled “Plugins”
MethodPathDescription
GET/api/admin/pluginsList loaded plugins with schemas
GET/api/admin/plugins/:name/settingsGet plugin settings (tenant-scoped)
PUT/api/admin/plugins/:name/settingsSave plugin settings

Storefront Routes

Section titled “Storefront Routes”

Products

Section titled “Products”
MethodPathDescription
GET/api/storefront/productsList published products
GET/api/storefront/products/:slugGet product by slug
GET/api/storefront/searchFull-text + semantic product search

Cart

Section titled “Cart”
MethodPathDescription
GET/api/storefront/cartGet current cart
POST/api/storefront/cart/itemsAdd item to cart
PUT/api/storefront/cart/items/:idUpdate cart item qty
DELETE/api/storefront/cart/items/:idRemove item from cart

Checkout

Section titled “Checkout”
MethodPathDescription
POST/api/storefront/checkoutCreate order from cart
GET/api/storefront/checkout/shipping-methodsAvailable shipping methods
GET/api/storefront/checkout/payment-methodsAvailable payment methods

Account

Section titled “Account”
MethodPathDescription
POST/api/storefront/auth/registerRegister customer
POST/api/storefront/auth/loginLogin customer
GET/api/storefront/account/ordersCustomer order history

Response Format

Section titled “Response Format”

All endpoints return JSON. Errors follow the format:

{
  "statusCode": 404,
  "error": "Not Found",
  "message": "product_not_found"
}

Success responses return the resource directly (no wrapper):

{
  "id": "cm_abc123",
  "name": "Blue T-Shirt",
  "price": 9900,
  "currency": "RON"
}