Getting started
API's main entry point:

https://shop.url/webapi/rest/<resource>
Authentication
In order to execute remote operations, you should include generated access token to each request.

Requests limit
API is being limited by "leaky bucket" algorithm. Each application could execute a limited amount of operations. This limit is specified in X-SHOP-API-LIMIT header, included in response of each request. Every one second, the counter of currently executed operations is decreased by constant amount. This value is specified in X-SHOP-API-BANDWIDTH header. Current counter values is always specified in X-SHOP-API-CALLS header.

If application tries to exceed limit, there's raised a "Too many requests" error. Additionally, the API includes Retry-After headers with time (in seconds) specified, how long application should wait for next API call.

Limit variable	Default value
X-SHOP-API-LIMIT	10
X-SHOP-API-BANDWIDTH	2
Error messages
Incorrect request specific message is returned to the error field. There are a few resources within this API returning context-specific messages. Common errors (that may occur nevertheless the context) are:

Message	Description
invalid_request	request body is invalid, the most frequent reason - invalid form data supplied
access_denied	client has no access to the API
unsupported_response_type	response format is not supported
unsupported_grant_type	error within permissions scope
invalid_scope	specified invalid scope
invalid_grant	permissions error
insufficient_scope	an application has an insufficient permissions, eg. no permission for particular resource
redirect_uri_mismatch	redirect URI is not registered
server_error	internal server error
temporarily_unavailable	service has been temporarily disabled, eg. it's overloaded at the moment
HTTP responses codes

HTTP code	OAUTH2 code	Description
200	-	OK
400	invalid_request	Invalid request
400	invalid_scope	Invalid request - insufficient permissions
400	invalid_grant	Invalid request - invalid authentication method
401	unauthorized_client	Authentication error
402	access_denied	Payment required
403	insufficient_scope	Access denied
404	server_error	An object doesn't exist
405	invalid_request	Invalid request method
409	server_error	Conflict - another administrator has locked an access to the object
429	temporarily_unavailable	Calls limit exceeded
500	server_error	Application error
501	server_error	Method not implemented
503	temporarily_unavailable	System is temporarily unavailable (application has been completely locked by administrator)
