Developers

API foundations for apparel wholesale integrations.

Apparel Market now exposes a versioned, key-gated catalog API for verified marketplace discovery. It is intentionally narrow: stable read access first, local webhook scaffolding, then inventory, order, payment, and EDI surfaces as the operating model matures.

API v1

Start with authenticated discovery data that matches the marketplace.

This gives partners and internal operators a documented contract before deeper connector work begins.

Buyer-safe by default

The first endpoint returns the same verified, buyer-visible catalog projection used by marketplace discovery.

Key-gated access

Requests use a bearer token or x-apparel-market-api-key header. Signed-in admins manage issued credentials in operational settings.

Discovery-shaped data

Filters mirror the marketplace taxonomy: category, department, product type, ship-to country, availability, and price tier.

Integration runway

The API starts with read-only catalog discovery and leaves space for webhooks, orders, inventory, and EDI adapters.

Endpoint

GET /api/v1/catalog

Returns verified buyer-visible brands and products with optional discovery filters. Use a credential issued through the signed-in admin operations flow. This endpoint requires the catalog:read scope and does not expose public write operations.

curl "http://localhost:3004/api/v1/catalog?category=Outerwear&shipToCountry=United%20Kingdom" \
  -H "Authorization: Bearer <YOUR_APPAREL_MARKET_API_KEY>"

SDK examples

Catalog reads and webhook verification

These snippets are intentionally small enough for partner SDKs, internal smoke tests, and connector pilots. Catalog examples only request read scope; webhook examples verify the raw signed payload before parsing event JSON.

Full examples live in docs/developer-api-examples.md for agents and partner-facing implementation notes.

curl

Catalog read request

catalog read

Fetch buyer-visible brands and products with marketplace discovery filters.

curl "http://localhost:3004/api/v1/catalog?category=Outerwear&shipToCountry=United%20Kingdom&productLimit=12" \
  -H "Authorization: Bearer <YOUR_APPAREL_MARKET_API_KEY>" \
  -H "Accept: application/json"
Requires catalog:read.Returns the same buyer-visible catalog projection used by marketplace discovery.

typescript

TypeScript catalog client

catalog read

Small fetch client for server jobs, partner tools, or smoke tests.

type CatalogResponse = {
  apiVersion: string;
  data: { brands: Array<{ id: string; name: string }>; products: Array<{ id: string; name: string }> };
};

export async function readCatalog(apiKey: string) {
  const response = await fetch("http://localhost:3004/api/v1/catalog?availabilityType=Ready-to-Ship", {
    headers: {
      Authorization: `Bearer ${apiKey}`,
      Accept: "application/json"
    }
  });

  if (!response.ok) {
    throw new Error(`Catalog API failed: ${response.status}`);
  }

  return (await response.json()) as CatalogResponse;
}
Handles non-2xx API responses explicitly.Does not request or assume write scopes.

typescript

Node webhook verification

webhook verification

Verify Apparel Market webhook signatures before parsing or trusting the event.

import { createHmac, timingSafeEqual } from "node:crypto";

export function verifyApparelMarketWebhook(input: {
  rawBody: string;
  timestamp: string;
  signature: string;
  signingSecret: string;
}) {
  const expectedSignature =
    "v1:" +
    createHmac("sha256", input.signingSecret)
      .update(`${input.timestamp}.${input.rawBody}`)
      .digest("hex");

  const expected = Buffer.from(expectedSignature);
  const received = Buffer.from(input.signature);

  return received.length === expected.length && timingSafeEqual(received, expected);
}
Uses the documented timestamp.payload signature format.Compares signatures with timingSafeEqual.

typescript

Next.js webhook route

webhook verification

Minimal route handler pattern that verifies the raw body before processing the event.

export async function POST(request: Request) {
  const rawBody = await request.text();
  const timestamp = request.headers.get("x-apparel-market-timestamp") ?? "";
  const signature = request.headers.get("x-apparel-market-signature") ?? "";

  const verified = verifyApparelMarketWebhook({
    rawBody,
    timestamp,
    signature,
    signingSecret: process.env.APPAREL_MARKET_WEBHOOK_SECRET ?? ""
  });

  if (!verified) {
    return Response.json({ error: "invalid_signature" }, { status: 401 });
  }

  const event = JSON.parse(rawBody);
  return Response.json({ received: true, eventType: event.type ?? null });
}
Reads the raw body before JSON parsing.Keeps the signing secret in environment configuration.

Supported filters

Query parameters

Use the same vocabulary as buyer discovery so integrations do not need a separate taxonomy translation layer.

qcategorycollectiondepartmentproductTypepriceTierbuyerIntentTagmaterialTagshipToCountryavailabilityTypebrandLimitproductLimit

Access management

Credential operations stay behind sign-in.

Public docs describe the authentication contract without listing issued keys or exposing rotation controls. Signed-in marketplace admins should create, rotate, revoke, and audit developer credentials from the operations settings surface so authorization state and evidence stay together.

signed-in admins

Operations settings

private

Keep raw secrets out of public pages, commits, screenshots, and support threads. Use placeholders in docs and environment-specific credentials in server-side integrations.

catalog:readAuthorization: Bearer <YOUR_APPAREL_MARKET_API_KEY>x-apparel-market-api-key

Webhook scaffolding

Catalog and order event subscriptions

Local subscription records reserve the catalog and order event contract without sending network calls. They preserve target URL, masked signing-secret evidence, subscription status, and pending event coverage for future delivery workers.

local scaffold

Local order ops shadow sink

https://example.test/webhooks/apparel-market/orders
paused
order.request_submittedorder.checkout_readyorder.cancelled
Created
May 29, 2026, 10:45 AM
Secret
whsec_ord_****_seed
Delivery
local_scaffold
Attempts
Not recorded

Order event subscription scaffold is paused until order/integration adapters graduate to live delivery.

local scaffold

Local catalog readiness sink

https://example.test/webhooks/apparel-market/catalog
sandbox
catalog.product_publishedcatalog.product_updatedcatalog.product_archived
Created
May 29, 2026, 10:30 AM
Secret
whsec_cat_****_seed
Delivery
local_scaffold
Attempts
Not recorded

Catalog event subscription scaffold for docs and local QA only; no outbound delivery worker is enabled.

Operator dashboard

Webhook delivery operations

Delivery attempts are projected into an operator dashboard with queued retries, sent/failure totals, dead-letter replay readiness, public-write gate evidence, and response previews that stay redacted. Raw payloads, signing secrets, raw signature values, and request header values are not stored or rendered beyond hash and preview evidence.

dashboard projection

Operations summary

2026-07-03T21:25:39.287Z
public writes blocked
Queued
0
Sent
0
Failed
0
Dead-lettered
0
Replay ready
0
Retry exhausted
0
Previews
0 redacted
Blocked controls
5

Run a dry-run or injected-live webhook worker smoke before partner replay drills.

Keep POST /api/v1/webhooks/subscriptions disabled until public-write adapter controls are satisfied.

Dashboard rows use payloadSha256 instead of raw webhook payload bodies.Signing secrets are never projected; signature evidence is limited to sha256 hash plus a short preview.Request header values are not projected; persisted rows expose sorted header names only.Response bodies are rendered only as redacted, length-limited previews.

retry queue

Next retry buckets

0 queued
Overdue retry
0
Next hour
0
Later retry
0

Overdue retry: No scheduled retry. Escalate overdue queued webhook attempts before new replay work is started.

Next hour: No scheduled retry. Let the retry worker process the next-hour queue and watch for another failure response.

Later retry: No scheduled retry. Keep later retries queued and revisit after nearer retry buckets are clear.

webhooks.subscriptions:write

POST /api/v1/webhooks/subscriptions

gated

webhooks.subscriptions:write remains blocked until tenant-scoped adapter controls are certified, idempotent, audited, and reversible.

Route enabled
No
Tenant safe
No
Controls
Blocked
Blocked
5
tenantScopedidempotentauditedreversiblecertifiedAdapter

No production route is enabled for POST /api/v1/webhooks/subscriptions.

local evidence

No delivery attempts recorded yet

waiting

Signed delivery plans are available. Attempt rows will appear here after the disabled, dry-run, or injected live worker records an execution attempt.

Write readiness

Public write API contract

Public write routes are intentionally gated. The contract below defines the future route, required scope, approved pilot surface, and exact conditions that must be true before a production endpoint can mutate marketplace data.

catalog.products:write

POST /api/v1/catalog/products

gated

Product writes can make buyer-visible merchandising claims, so the public route stays closed until tenant ownership, idempotency, media ingestion, and moderation release controls are live together.

Route enabled
No
Pilot surface
Use the connector catalog import pipeline and release review workflow instead of a public write route.
Brand-tenant ownership check for every product, variant, media asset, and collectionIdempotency key and upstream revision fingerprint per source productCatalog completeness and moderation release review before buyer-visible publishMedia pipeline handoff for image downloads, transforms, storage, and safety checks

No production route is enabled for POST /api/v1/catalog/products.

inventory.availability:write

PATCH /api/v1/inventory/availability

gated

Inventory writes affect ATP, reservation holds, allocation plans, and buyer trust, so unaudited public writes are gated behind the inventory ledger and connector reconciliation rules.

Route enabled
No
Pilot surface
Use signed connector stock-update adapters and inventory movement evidence.
Tenant-scoped SKU and warehouse/location mappingExternal event de-duplication and source timestamp orderingInventory movement ledger entry for every accepted availability changeReservation and ATP protection so connector updates cannot erase active holds

No production route is enabled for PATCH /api/v1/inventory/availability.

orders.routing:write

POST /api/v1/orders/{orderId}/routing

gated

Order writeback can alter fulfillment, payment, and buyer communication state, so the route remains closed until order state gates and external references are provider-certified.

Route enabled
No
Pilot surface
Use operator-reviewed external order routing and writeback execution evidence.
Buyer, brand, and provider tenant match for the routed orderOrder approval, checkout packet, payment, allocation, and fulfillment readiness checksIdempotent external order reference per providerOperator-visible retry, failure, and manual override evidence

No production route is enabled for POST /api/v1/orders/{orderId}/routing.

webhooks.subscriptions:write

POST /api/v1/webhooks/subscriptions

gated

Webhook subscription writes require secret custody, tenant admin review, delivery queueing, and dead-letter operations before partners can mutate endpoints through a public API.

Route enabled
No
Pilot surface
Use the local developer subscriptions and delivery-attempt evidence surfaced on /developers.
Masked signing-secret creation and rotation with no post-creation secret displayTenant admin approval for target URL ownership and event coverageOutbound queue, retry, dead-letter, and replay operationsSigned delivery verification examples and delivery attempt audit evidence

No production route is enabled for POST /api/v1/webhooks/subscriptions.

Next step

Build the next connector against a stable marketplace contract.

The read API is ready for internal tooling and partner pilots; write APIs, live webhooks, and connector credentials should follow the adapter layer.