API reference

Olanzo public HTTP APIs in one place—same contracts you use from code, shown as OpenAPI 3. Pick Environment, Authorize, then open an operation or use Try it out. Focused workspace opens one product per tab if you prefer less on screen.

How to use this documentation (all skill levels)

You do not need to know how our services are built behind the scenes. What matters is: which URL to call, what to send (headers and JSON), and what you get back (status codes and JSON). This page lists exactly that for each operation.

New to APIs? Start with Authenticate to obtain a token. For CRM, Email, SMS, and analytics, click Authorize, paste Bearer <your token>, and approve. Terminal and POS SoundBox use an API key in X-Api-Key (not Bearer)—use Authorize with the QR key type where the tool offers it. E-commerce checkout uses Authorize with Bearer <your merchant secret key> (sk_test_… / sk_live_…) only on Create checkout session — never expose that key in a browser app. In the all-in-one view, choose Production or Sandbox once; each call uses the right product base URL. In the focused workspace, set Servers on each tab.

Experienced integrators: import the openapi/*.yaml files into your own tooling, or use the filter box here to jump to a path. Expand any operation for parameters, request bodies, and documented responses. Only one operation is expanded by default; click rows to open more.

Environments: use the Servers (or Environment bar) so the host matches the credentials and tenant you were given. Sandbox is for testing; production is for live data. Use the same base URL in your app (no stray trailing slash).

Checklist for a working integration

  • Request format: send JSON with Content-Type: application/json unless an operation says otherwise. Required fields, UUIDs, dates, and allowed values are listed on each operation—follow them to avoid 400 errors.
  • Auth: after Authenticate, pass Authorization: Bearer <token> for APIs that use JWT. If you get 401, get a new token. Never commit tokens or private keys to source control; use environment variables or your platform’s secret store.
  • Errors: read the HTTP status and body. Client mistakes are usually 4xx; server-side problems 5xx. Each operation documents common outcomes so you can map them in your code.
  • Where calls run: your backend or mobile app should call the API over HTTPS directly. Try it out in the browser only works if the API allows this documentation site in CORS; for browser-based apps, your own origin must be allowed.
  • Getting unstuck: confirm base URL, auth type (Bearer vs API key), and required fields. If something is account-specific, contact your Olanzo integration contact.
Focused workspace

This page must be served over HTTP

From the docs-public-apis folder run npm start (or npx --yes serve --listen 8080 .) then open http://127.0.0.1:8080/.

Try it out runs requests from your browser to the server you pick under Servers. That server must allow this documentation site’s origin (CORS) or the browser will block the response.