Skip to content
SovEcom
Search
Ctrl
K
Cancel
GitHub
Select theme
Dark
Light
Auto
Getting Started
Installation
First Store
Architecture Overview
Operator Guides
Getting Started
Catalog
Order Management
Customer Management
Discounts
Shipping
Tax & VAT
Payments
Email & Deliverability
RGPD & Data Retention
EU Invoicing & VAT Ops
Backup & Recovery
Upgrades
Developer Guides
Theme Authoring
Theme Contract Reference
Module Authoring
Module Security
Module Publishing
Custom API Endpoints
Webhook Reference
JS Client Library
Database Schema Reference
Migration Guide
Deployment
API Reference
Overview
Admin API
Overview
Auth
AuthController_login
AuthController_verify2fa
AuthController_refresh
AuthController_logout
AuthController_me
AuthController_enroll2fa
AuthController_confirm2fa
AuthController_disable2fa
Password
PasswordController_forgot
PasswordController_resetPassword
Admin / Products
List products (offset pagination, filters, sort)
Create a product (with optional variants)
Get product by ID with variants and images
Hard delete product (CASCADE removes variants/images)
Update product (PATCH semantics)
Attach an uploaded image to a product
Detach an image from a product
Reorder product images
Replace product category set (replace-set semantics)
Replace product tag set (replace-set semantics)
Admin / Variants
Add a variant to a product
Delete a variant
Update a variant (PATCH semantics)
Bulk reorder variants by position
Admin / Categories
List categories (flat, with parentId)
Create a category
Get category by ID
Delete category (blocked if children exist)
Update category (rename, reslug, re-parent, reposition)
Admin / Tags
List tags
Create a tag
Get tag by ID
Delete tag (cascades product_tags)
Update tag
Admin / Pages
List content pages (optional ?locale= & ?status= filters)
Create a content page
Get a content page by ID
Delete a content page
Update a content page
Admin / Taxes
OSS CSV: cross-border B2C sales in [from,to] (eu_vat only)
Get the tenant tax settings (regime, display, OSS posture)
Update the tenant tax settings (EU guardrail enforced)
List tax rates
Create a tax rate (country, optional region, rate, name)
Update a tax rate
Delete a tax rate
Admin / Audit Log
Query the audit log (tenant-scoped, not itself audited)
Export audit log as CSV (owner/admin only; bounded; itself audited)
Images
Upload and process an image (strips EXIF, generates 4 sizes × 3 formats)
Retrieve image metadata by ID
Delete image and all its variants from storage
Admin / Customers
List customers (offset pagination, filters)
Create a customer (VIES check if VAT supplied)
Get a customer by id
RGPD erase a customer (confirmEmail echo; irreversible; audited)
Update a customer (VIES re-check if VAT changes)
List a customer's addresses
Admin / Inventory
List stock reservations for the tenant (debug)
Admin / Discounts
List discounts
Create a discount (code or automatic)
Get a discount by id
Delete a discount (refused if it has redemption history)
Update a discount (PATCH semantics)
Admin / Shipping
List shipping zones
Create a shipping zone (named country group)
Update a shipping zone
Delete a shipping zone (cascades its rates)
List shipping rates
Create a shipping rate in a zone
Update a shipping rate (merged-row validation)
Delete a shipping rate
Admin / Orders
List orders (offset pagination, status / customer facets)
Get an order by id (with items + status history)
Drive one legal status transition (422 on an illegal edge)
Download an order's invoice PDF (404 if none issued)
Re-render + store an invoice PDF whose render previously failed (storage_key null)
Record a manual/offline payment (bank transfer / COD / cash) → paid
Mark an order paid (manual, full amount) — convenience alias
Issue a refund (full / line-item / partial-amount) + a credit note
Admin / Business identity
Get the seller business identity + EU-VAT registration (invoice details)
Update the seller business identity + EU-VAT registration
Admin / Disputes
Dispute queue (filter by status/order, offset pagination)
Clear the fulfillment freeze a dispute placed on its order
Admin / Returns
Return queue (offset pagination, optional status filter)
Approve a return → issue refund + credit note + restock (§2.11)
Reject a return with a reason
Admin / Emails
Email send log (offset pagination; optional status/type/order filters)
Re-render and resend a logged email (writes a fresh log row)
Admin / Webhooks
List subscriptions (no secrets)
Create a subscription (returns the signing secret ONCE)
Delete a subscription (cascades its delivery log)
Delivery log (filter by subscription/status, offset pagination)
Retry a failed/exhausted delivery (re-armed for the worker)
Admin / Themes
Install a theme from a tarball (verify + semver gate; no activate)
List installed themes
Activate a theme (deactivates any previously-active one)
Replace a theme’s settings bag (colors/logo/fonts)
Uninstall a theme (removes the row + the extracted dir)
Admin / Modules
Inspect a module tarball (verify + semver gate; no persist)
Install a module from a tarball with an approved permission grant
List installed modules
Enable a module (start its sandboxed worker)
Disable a module (stop its sandboxed worker; preserves data)
Uninstall a module (removes the row + the fetched dir)
Admin / Slots
List resolved slots + conflicts the admin must resolve
Pick the winning module for a contested slot (admin choice)
Admin / Analytics
Get storefront analytics config (Plausible / GA4 / Meta ids)
Update storefront analytics config (partial; null/empty clears a field)
Store API
Overview
Store / Search
Full-text product search (no auth, rate-limited)
Store / Products
List published products (cursor pagination, no auth)
Get a published product by slug (no auth)
Store / Categories
List categories flat or as tree (?tree=true)
Get category tree (nested)
Get category by slug
Store / Tags
List tags (public, no auth)
Store / Pages
Get a published content page by slug (?locale=fr|en, default en)
Store / Customers
Customer self-signup (VIES check if VAT supplied)
Customer login (enumeration-/timing-safe, rate-limited)
Rotate the customer session (family rotation + reuse-detection)
Log out (revoke the session family; clear cookie)
Begin a password reset (unauth; enumeration-/timing-safe)
Complete a password reset (public; single-use token; logs out all)
Get my profile
Update my profile (VIES re-check if VAT changes)
Change my password (step-up; logs out other sessions)
Request an email change (step-up; verify-before-switch)
Confirm an email change (public; single-use token)
List my addresses
Add an address
Delete one of my addresses
Update one of my addresses
Export my data (RGPD Art. 15/20; step-up password)
Erase my data (RGPD Art. 17; step-up password; irreversible)
Store / Cart
Create an empty guest cart; sets httpOnly cart-token cookie
Get cart (requires cart-token cookie or customer JWT)
Clear / abandon the cart
Add an item to the cart
Remove an item from the cart
Update item quantity
Set shipping address; recomputes totals
Set billing address
List shipping rates available for the cart destination
Set shipping method; recomputes totals
Set guest email on the cart
Apply a discount code; recomputes totals (422 if ineligible)
Remove a discount code; recomputes totals
Associate authenticated customer; triggers guest→customer merge
Store / Checkout
Create an order from the cart (requires cart-token cookie or customer JWT)
Store / Orders
List my orders (newest first; my own only)
Get one of MY orders (404 on any order not mine — no IDOR)
Guest order lookup by order number + X-Order-Token header (404 on any mismatch)
Download MY order invoice PDF (404 on any order not mine — no IDOR)
Store / Payments
Create a Stripe payment intent for the cart (cart-token cookie or customer JWT)
Store / Returns
List MY return requests for this order
Request a return / 14-day withdrawal on MY order (no IDOR)
Store / Themes
Get the active theme (public) — name + version + settings + analytics
Store / Slots
Get the resolved slot → {module, component} map (public, no auth)
Setup & Platform API
Overview
Health
Check API health status
Storage
Serve a publicly-stored asset (local driver only)
Setup
SetupController_status
SetupController_verifyToken
SetupConfig
SetupConfigController_databaseTest
SetupConfigController_databaseConfigure
SetupConfigController_smtpTest
SetupConfigController_smtpConfigure
SetupConfigController_paymentsConfigure
SetupOnboarding
SetupOnboardingController_taxConfigure
SetupOnboardingController_complianceConfigure
SetupOnboardingController_brand
SetupOnboardingController_themes
SetupOnboardingController_activateTheme
SetupOnboardingController_modules
SetupOnboardingController_installModules
SetupAdmin
SetupAdminController_adminStart
SetupAdminController_adminVerify
SetupAdminController_complete
Concepts
Multi-tenancy
Security
GitHub
Select theme
Dark
Light
Auto
Overview
SovEcom Setup & Platform API
1.0.0
Section titled “SovEcom Setup & Platform API 1.0.0”
The SovEcom headless ecommerce API
Information
OpenAPI version:
3.0.0
Operations
Section titled “ Operations ”
GET
/health
GET
/uploads/{path}
GET
/setup/v1/status
POST
/setup/v1/verify-token
POST
/setup/v1/database/test
POST
/setup/v1/database/configure
POST
/setup/v1/smtp/test
POST
/setup/v1/smtp/configure
POST
/setup/v1/payments/configure
POST
/setup/v1/tax/configure
POST
/setup/v1/compliance/configure
POST
/setup/v1/brand
GET
/setup/v1/themes
POST
/setup/v1/themes/activate
GET
/setup/v1/modules
POST
/setup/v1/modules/install
POST
/setup/v1/admin-account/start
POST
/setup/v1/admin-account/verify
POST
/setup/v1/complete
