API request processing can be resource intensive therefore please make sure that your server plan can support the increased load. Flooding your server with non-optimized request can have a negative impact on the shop's uptime. It is recommended to consider sending heavy requests outside the normal hours of highest customer traffic to the store.
Try to limit the amount of requests only to the absolute necessary ones, as not to generate unintentional load on the server. Some API endpoints allow for bulk record updates - perfect for lowering the number of connections. Also, try not to authenticate each and every request and keep connections open which can greatly improve performance.
The administration panel API, as the name suggests, allows you to perform everything you can normally do manually in the administration panel. It also comes with the same rules, so for example, in order to set inventory levels for products located in warehouses other than M0, you need to first make sure that the right stock management option flag is set.
When creating your application, ensure you enable appropriate logging of both API requests and our server responses (HTTP logs can greatly help us in analyzing any potential issues). Different API endpoints communicate different error messages and codes, which should also be handled appropriately.
Our API is versioned, so you can rest assured your integration will not break due to some new functionality. We do however ask that you familiarize yourself with newer API versions prior to reporting any issues as it is possible a fix had already been implemented.
We constantly develop our platform and add new functionality to the API. If you feel that you cannot implement a specific integration due to a lack of certain functionality in the API, please let us know.
Since the publication of the new version of the API, we guarantee that as much as possible we will maintain 24 months of unchanged operation. This means that by using the latest version of our API, from the moment it is published, you are guaranteed that we will not disable its functioning for 24 months. This in turn means that once created, the program / service based on the API will have to be serviced by you at least once every 2 years. So you have a lot of time to adapt your application to newer versions of the API, but do not assume that the API will never change. Schedule an API update once every 2 years, during which you should also review the changes in the operation of the entire system.
Before submitting something, make sure you are using the latest version of the API. In the new version, what you want to report may have been corrected or added.
Creating individual integrations operating on the basis of our open integration standards and our API gateways use a ready-made dedicated tool that will allow you to collect logs at a specified time in the form of XML files containing summary information about the speed and time of execution as well as the content of requests made in a given gate and the answers received for them from that gate.
The data collected during the listening will be saved and made available for your view in the form of a report and for download in the form of a collective ZIP archive.
Take care who you work with and whom you give access to the API. Using the methods available in our API, it is possible, for example, to post a payment even though the money has not arrived. It is worth being aware of the threats that follow (e.g. theft). Whether a given panel user has access to the API and which modules you can set on the user card in the module ADMINISTRATION / panel users management, just like you do for access from the level of the administration panel. Follow the principle of giving minimal access, gradually increasing it, instead of giving all permissions at once.
Our API has been secured against brute-force attacks - if you enter the wrong password several times during login, first the IP address from which the series of attempts of incorrect login took place, and then the user account to which you incorrectly tried to login, will be blocked for a specified period of time.
Attempts to incorrect login are counted only if you log in with different passwords, so if you enter the wrong password into your application, which you connect to IdoSell (or change it in the application and forget it in the administration panel) - our mechanism will catch this scenario and will not block your IP or user account.
You can learn more about locks and how to remove them from IdoSell security FAQ
AP API is not the only API we offer. Often, new developers try to do everything wrong with it, while we've created a number of different ways to exchange information, dedicated to specific applications and the level of permissions.