Template Docs Commerce APIs Webhooks Tools
Get Started
Template Docs Commerce APIs Webhooks Tools
Get Started
Getting started
Overview Authentication and permissions Making requests Retrieve basic site information
Using Commerce APIs
Idempotency-Key header Rate limits Responses & error handling Upgrade Changelog Glossary FAQ
Inventory API
Overview GET: Retrieve all inventory GET: Retrieve specific inventory POST: Adjust stock quantities
Orders API
Overview POST: Create an order POST: Fulfill an order GET: Retrieve all orders GET: Retrieve a specific order
Products API
Overview About product attributes Managing attributes POST: Create a product POST: Create a product variant POST: Upload a product image GET: Retrieve all Store Pages GET: Retrieve all products GET: Retrieve specific products GET: Product image upload status POST: Assign a product image to variant POST: Reorder a product image POST: Update a product POST: Update a product variant POST: Update a product image DEL: Delete a product DEL: Delete a product variant DEL: Delete a product image
Profiles API
Overview GET: Retrieve all profiles GET: Retrieve specific profiles
Transactions API
Overview GET: Retrieve all transactions GET: Retrieve specific transactions
Webhook Subscriptions API
Overview POST: Create a webhook subscription POST: Update a webhook subscription GET: Retrieve all webhook subscriptions GET: Retrieve a specific webhook subscription DEL: Delete a webhook subscription POST: Send test notification POST: Rotate a subscription secret

Frequently asked questions

A collection of common questions and answers as you develop with Commerce APIs.

General

Can I promote my application?

Companies who have built applications, extensions, integrations, or other products or services to our APIs (each a "Developer Product") cannot release external press releases about their Developer Product without Squarespace's explicit permission or suggest or imply partnership, sponsorship, or endorsement by Squarespace. Any marketing is limited to conveying information related to your Developer Product's functionality, and must clearly convey that the Developer Product and/or any tools built using Squarespace APIs are not endorsed by Squarespace. Squarespace may terminate or suspend the Developer Tools or the Developer Agreement, or disable access to the Developer Tools or your Developer Account, at any time at our sole discretion, for any reason, with or without notice, without any liability to you. See more in our brand guidelines and our developer terms.

What's a dynamic cursor?

A dynamic cursor points to a specific location in a collection of data, but is not backed by a snapshot of that data. Thus, if the collection changes (e.g. a product is added or deleted) the response may change, too.

Do Commerce APIs support the cross-origin resource sharing standard (CORS)?

CORS is only useful if you're using a browser to access Commerce APIs, which is not recommended. A browser would require knowledge of the authorization header bearer token and users would have direct access to that token in the browser, which presents a severe security risk.

Instead, if your application has an HTML frontend, call a server that's responsible for retrieving the bearer token from a secure location and makes all requests to Commerce APIs. This ensures users of your client-side application will not able to access your API credentials through the browser and make potentially unwanted API calls.

How can the Commerce APIs I'm using change as I'm developing my custom app or Extension?

New fields are added to Commerce API responses occasionally to expose new data. Develop your application such that new fields shouldn't cause a disruption, for example, when de-serializing a response body.

Furthermore, changes to existing fields are introduced in new API versions. Consult the Upgrade guide for more information regarding these breaking changes.

Authentication

Can I change the API access permissions for my API key or OAuth token?

To keep data for a Squarespace merchant site private and secure, permissions for an API key or OAuth token cannot be modified.

If an app uses API keys and needs a different set of permissions, follow the procedures in the Authentication and Permissions guide for a new API key.

Squarespace Extensions, which use Oauth, will need to their users to re-initiate their OAuth connection by following the established initiate link for that application. If the user grants access to the application, the new OAuth credentials should replace any existing credentials as they will possess the permissions you requested.