The Adobe Commerce (Magento) REST API provides a comprehensive set of endpoints for interacting with all major aspects of an e-commerce store, including catalog management, orders, customers, inventory, shipping, and payments. It supports three authentication mechanisms: OAuth 1.0a for third-party integrations, token-based authentication for mobile apps and administrators, and guest access for select public endpoints.
openapi: 3.1.0
info:
title: Magento REST API
description: >-
The Adobe Commerce (Magento) REST API provides a comprehensive set of
endpoints for interacting with all major aspects of an e-commerce store,
including catalog management, orders, customers, inventory, shipping, and
payments. It supports three authentication mechanisms: OAuth 1.0a for
third-party integrations, token-based authentication for mobile apps and
administrators, and guest access for select public endpoints. The API
follows REST conventions and returns JSON responses, enabling developers
to build integrations, automate store operations, and power headless
commerce storefronts. All endpoints are versioned under the /V1 prefix
and support searchCriteria query parameters for filtering, sorting, and
paginating collection responses.
version: '2.4'
contact:
name: Adobe Commerce Developer Support
url: https://developer.adobe.com/commerce/webapi/rest/
termsOfService: https://www.adobe.com/legal/terms.html
externalDocs:
description: Adobe Commerce REST API Documentation
url: https://developer.adobe.com/commerce/webapi/rest/
servers:
- url: https://{store_domain}/rest/{store_code}
description: Production Server
variables:
store_domain:
default: your-store.example.com
description: The hostname of your Adobe Commerce store
store_code:
default: V1
description: >-
Store code followed by API version. Use "all" as store code for
admin-scope operations, or the specific store view code for
store-scoped operations. The V1 version path segment follows.
tags:
- name: Authentication
description: >-
Endpoints for obtaining integration tokens for admin and customer users.
Token-based authentication issues a Bearer token that must be included
in the Authorization header of subsequent requests.
- name: Carts
description: >-
Shopping cart and quote management for admin, customer, and guest users,
including item management, coupon codes, shipping estimation, and
payment information collection.
- name: Categories
description: >-
Category tree management including creation, retrieval, update, and
deletion of catalog categories and their product assignments.
- name: Customers
description: >-
Customer account management including registration, profile updates,
address management, authentication, and customer group assignment.
- name: Inventory
description: >-
Multi-source inventory management including sources, stocks, stock-source
links, and source item quantity management.
- name: Invoices
description: >-
Invoice management for orders including invoice creation, retrieval,
and payment capture operations.
- name: Orders
description: >-
Sales order management including order retrieval, status updates,
comment posting, cancellation, and order item management.
- name: Products
description: >-
Catalog product management including creation, retrieval, update, and
deletion of simple, configurable, virtual, bundled, and grouped products.
Supports product attributes, media, pricing rules, and cross-sell links.
- name: Shipments
description: >-
Shipment management for orders including shipment creation, retrieval,
tracking number management, and shipment comments.
- name: Stores
description: >-
Store configuration retrieval including store groups, store views,
websites, and configuration settings.
- name: Tax
description: >-
Tax configuration management including tax rates, tax rules, and
tax classes used for order tax calculation.
security:
- bearerAuth: []
paths:
/V1/integration/admin/token:
post:
operationId: createAdminToken
summary: Get admin authentication token
description: >-
Issues a Bearer token for an admin user based on username and password
credentials. The returned token must be included as a Bearer token in
the Authorization header of all subsequent admin-scoped API requests.
Tokens expire after the configured lifetime (default 4 hours).
tags:
- Authentication
security: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AdminTokenRequest'
responses:
'200':
description: Authentication token issued successfully
content:
application/json:
schema:
type: string
description: Bearer token string for use in Authorization header
example: "abc123def456ghi789"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/integration/customer/token:
post:
operationId: createCustomerToken
summary: Get customer authentication token
description: >-
Issues a Bearer token for a customer user based on email address and
password credentials. The returned token must be included as a Bearer
token in the Authorization header of subsequent customer-scoped API
requests. Tokens expire after the configured lifetime.
tags:
- Authentication
security: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CustomerTokenRequest'
responses:
'200':
description: Authentication token issued successfully
content:
application/json:
schema:
type: string
description: Bearer token string for use in Authorization header
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/products:
get:
operationId: listProducts
summary: List products
description: >-
Returns a paginated list of products matching the provided search
criteria. Supports filtering by any product attribute, sorting by
multiple fields, and pagination using currentPage and pageSize
parameters within the searchCriteria object. Returns both product
data and total count for pagination.
tags:
- Products
parameters:
- $ref: '#/components/parameters/searchCriteriaFilterGroups'
- $ref: '#/components/parameters/searchCriteriaSortOrders'
- $ref: '#/components/parameters/searchCriteriaPageSize'
- $ref: '#/components/parameters/searchCriteriaCurrentPage'
responses:
'200':
description: Paginated list of products
content:
application/json:
schema:
$ref: '#/components/schemas/ProductSearchResults'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createProduct
summary: Create a product
description: >-
Creates a new catalog product. The product type is determined by the
type_id field in the request body. Supported types include simple,
configurable, virtual, downloadable, bundle, and grouped. Custom
attributes can be included in the custom_attributes array using
attribute codes defined in the catalog.
tags:
- Products
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ProductRequest'
responses:
'200':
description: Product created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/Product'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/products/{sku}:
get:
operationId: getProduct
summary: Get product by SKU
description: >-
Retrieves a single product by its SKU identifier. Returns the full
product object including all attributes, media gallery entries, tier
prices, and extension attributes. SKUs containing forward slashes or
other special characters must be URL-encoded.
tags:
- Products
parameters:
- $ref: '#/components/parameters/sku'
responses:
'200':
description: Product object
content:
application/json:
schema:
$ref: '#/components/schemas/Product'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateProduct
summary: Update a product
description: >-
Updates an existing product identified by its SKU. Only the fields
included in the request body are updated; omitted fields retain their
existing values. Custom attributes included in the custom_attributes
array will overwrite existing attribute values.
tags:
- Products
parameters:
- $ref: '#/components/parameters/sku'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ProductRequest'
responses:
'200':
description: Updated product object
content:
application/json:
schema:
$ref: '#/components/schemas/Product'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deleteProduct
summary: Delete a product
description: >-
Permanently deletes a product from the catalog by its SKU. This
operation cannot be undone. Associated product attributes, media,
and tier prices are also removed. Products assigned to categories
will be unassigned prior to deletion.
tags:
- Products
parameters:
- $ref: '#/components/parameters/sku'
responses:
'200':
description: Product deleted successfully
content:
application/json:
schema:
type: boolean
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/categories:
get:
operationId: listCategories
summary: List categories
description: >-
Returns the full category tree starting from the specified root category.
The response is a nested tree structure with each category containing
its children. Use the rootCategoryId parameter to start from a specific
category node, and the depth parameter to limit tree traversal depth.
tags:
- Categories
parameters:
- name: rootCategoryId
in: query
description: Root category ID to start the tree from. Defaults to the default root category.
required: false
schema:
type: integer
- name: depth
in: query
description: Maximum depth of the category tree to return.
required: false
schema:
type: integer
responses:
'200':
description: Category tree
content:
application/json:
schema:
$ref: '#/components/schemas/CategoryTree'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createCategory
summary: Create a category
description: >-
Creates a new product category. The parent_id field determines where
in the category tree the new category is placed. The position field
controls sort order among sibling categories. Custom category attributes
can be set via the custom_attributes array.
tags:
- Categories
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CategoryRequest'
responses:
'200':
description: Category created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/Category'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/categories/{categoryId}:
get:
operationId: getCategory
summary: Get category by ID
description: >-
Retrieves a single category by its numeric identifier. Returns the
category data including its name, path, parent ID, and custom attributes.
Does not include the full subtree; use the list endpoint for tree
traversal.
tags:
- Categories
parameters:
- $ref: '#/components/parameters/categoryId'
responses:
'200':
description: Category object
content:
application/json:
schema:
$ref: '#/components/schemas/Category'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateCategory
summary: Update a category
description: >-
Updates an existing category identified by its numeric ID. Fields
included in the request body overwrite existing values. Custom attributes
in the custom_attributes array replace their corresponding stored values.
tags:
- Categories
parameters:
- $ref: '#/components/parameters/categoryId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CategoryRequest'
responses:
'200':
description: Updated category object
content:
application/json:
schema:
$ref: '#/components/schemas/Category'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deleteCategory
summary: Delete a category
description: >-
Permanently deletes a category by its numeric ID. Products assigned
only to the deleted category will not be deleted but may become
uncategorized. Child categories of the deleted category are also
deleted recursively.
tags:
- Categories
parameters:
- $ref: '#/components/parameters/categoryId'
responses:
'200':
description: Category deleted successfully
content:
application/json:
schema:
type: boolean
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/customers:
post:
operationId: createCustomer
summary: Create a customer
description: >-
Creates a new customer account. The email address must be unique within
the store. A password can be provided directly or auto-generated and
sent to the customer via email. The customer is assigned to a default
customer group unless a group_id is specified in the request.
tags:
- Customers
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CustomerRequest'
responses:
'200':
description: Customer created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/customers/search:
get:
operationId: searchCustomers
summary: Search customers
description: >-
Returns a paginated list of customers matching the provided search
criteria. Supports filtering by any customer attribute including email,
firstname, lastname, group_id, and created_at. Results can be sorted
and paginated using searchCriteria parameters.
tags:
- Customers
parameters:
- $ref: '#/components/parameters/searchCriteriaFilterGroups'
- $ref: '#/components/parameters/searchCriteriaSortOrders'
- $ref: '#/components/parameters/searchCriteriaPageSize'
- $ref: '#/components/parameters/searchCriteriaCurrentPage'
responses:
'200':
description: Paginated list of customers
content:
application/json:
schema:
$ref: '#/components/schemas/CustomerSearchResults'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/customers/{customerId}:
get:
operationId: getCustomer
summary: Get customer by ID
description: >-
Retrieves a single customer account by its numeric ID. Returns the full
customer object including contact details, addresses, and group assignment.
Admin authentication is required to retrieve any customer account;
customer tokens only allow retrieval of the authenticated customer's
own account via the /V1/customers/me endpoint.
tags:
- Customers
parameters:
- $ref: '#/components/parameters/customerId'
responses:
'200':
description: Customer object
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateCustomer
summary: Update a customer
description: >-
Updates an existing customer account by its numeric ID. Fields
included in the request body overwrite existing values. Partial
updates are supported; omitted optional fields retain their current
values. Admin authentication is required.
tags:
- Customers
parameters:
- $ref: '#/components/parameters/customerId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CustomerRequest'
responses:
'200':
description: Updated customer object
content:
application/json:
schema:
$ref: '#/components/schemas/Customer'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deleteCustomer
summary: Delete a customer
description: >-
Permanently deletes a customer account by its numeric ID. All associated
data including addresses, order history references, and wishlist items
are also removed. This operation cannot be undone. Admin authentication
is required.
tags:
- Customers
parameters:
- $ref: '#/components/parameters/customerId'
responses:
'200':
description: Customer deleted successfully
content:
application/json:
schema:
type: boolean
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/orders:
get:
operationId: listOrders
summary: List orders
description: >-
Returns a paginated list of sales orders matching the provided search
criteria. Supports filtering by status, customer_email, created_at,
increment_id, and any other order attribute. Results are sortable and
paginated. Admin authentication is required.
tags:
- Orders
parameters:
- $ref: '#/components/parameters/searchCriteriaFilterGroups'
- $ref: '#/components/parameters/searchCriteriaSortOrders'
- $ref: '#/components/parameters/searchCriteriaPageSize'
- $ref: '#/components/parameters/searchCriteriaCurrentPage'
responses:
'200':
description: Paginated list of orders
content:
application/json:
schema:
$ref: '#/components/schemas/OrderSearchResults'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createOrder
summary: Create an order
description: >-
Creates a new sales order. The order must include at minimum the
billing and shipping address, order items with SKU and quantity,
and payment method details. Orders created via the API bypass the
standard checkout flow and quote conversion process.
tags:
- Orders
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/OrderRequest'
responses:
'200':
description: Order ID of the created order
content:
application/json:
schema:
type: integer
description: Numeric order entity ID
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/orders/{orderId}:
get:
operationId: getOrder
summary: Get order by ID
description: >-
Retrieves a single sales order by its numeric entity ID. Returns the
full order object including line items, billing and shipping addresses,
payment details, status history, and totals breakdown. Admin
authentication is required.
tags:
- Orders
parameters:
- $ref: '#/components/parameters/orderId'
responses:
'200':
description: Order object
content:
application/json:
schema:
$ref: '#/components/schemas/Order'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/orders/{orderId}/cancel:
post:
operationId: cancelOrder
summary: Cancel an order
description: >-
Cancels an existing order identified by its numeric entity ID. Only
orders in cancellable states (such as pending or processing) can be
cancelled. Orders that have already been invoiced or shipped cannot
be fully cancelled. Admin authentication is required.
tags:
- Orders
parameters:
- $ref: '#/components/parameters/orderId'
responses:
'200':
description: Order cancelled successfully
content:
application/json:
schema:
type: boolean
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/orders/{orderId}/comments:
post:
operationId: addOrderComment
summary: Add a comment to an order
description: >-
Adds a status history comment to an order. Comments can be visible
to customers or kept internal for admin use only. An optional email
notification can be sent to the customer when the comment is added.
The order status can optionally be updated along with the comment.
tags:
- Orders
parameters:
- $ref: '#/components/parameters/orderId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/OrderCommentRequest'
responses:
'200':
description: Comment added successfully
content:
application/json:
schema:
type: boolean
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/invoices:
get:
operationId: listInvoices
summary: List invoices
description: >-
Returns a paginated list of order invoices matching the provided search
criteria. Supports filtering by order_id, state, and other invoice
attributes. Admin authentication is required.
tags:
- Invoices
parameters:
- $ref: '#/components/parameters/searchCriteriaFilterGroups'
- $ref: '#/components/parameters/searchCriteriaSortOrders'
- $ref: '#/components/parameters/searchCriteriaPageSize'
- $ref: '#/components/parameters/searchCriteriaCurrentPage'
responses:
'200':
description: Paginated list of invoices
content:
application/json:
schema:
$ref: '#/components/schemas/InvoiceSearchResults'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/invoices/{invoiceId}:
get:
operationId: getInvoice
summary: Get invoice by ID
description: >-
Retrieves a single invoice by its numeric entity ID. Returns the full
invoice object including line items, totals, and associated order
reference. Admin authentication is required.
tags:
- Invoices
parameters:
- $ref: '#/components/parameters/invoiceId'
responses:
'200':
description: Invoice object
content:
application/json:
schema:
$ref: '#/components/schemas/Invoice'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/order/{orderId}/invoice:
post:
operationId: createInvoice
summary: Create an invoice for an order
description: >-
Creates a new invoice for an existing order. The invoice can cover
all or a subset of the order items by specifying item quantities in
the request body. Setting capture to true will immediately attempt
payment capture via the order's payment method if supported.
tags:
- Invoices
parameters:
- $ref: '#/components/parameters/orderId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/InvoiceRequest'
responses:
'200':
description: Invoice entity ID of the created invoice
content:
application/json:
schema:
type: integer
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/shipment:
post:
operationId: createShipment
summary: Create a shipment
description: >-
Creates a new shipment record for an order. The request must include
the order_id and the items being shipped with their quantities. Tracking
information such as carrier code, title, and tracking number can be
included at creation time. An optional shipment comment can also be
provided.
tags:
- Shipments
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ShipmentRequest'
responses:
'200':
description: Shipment entity ID
content:
application/json:
schema:
type: integer
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/shipment/{shipmentId}:
get:
operationId: getShipment
summary: Get shipment by ID
description: >-
Retrieves a single shipment by its numeric entity ID. Returns the full
shipment object including shipment items, tracking information, comments,
and the associated order reference. Admin authentication is required.
tags:
- Shipments
parameters:
- $ref: '#/components/parameters/shipmentId'
responses:
'200':
description: Shipment object
content:
application/json:
schema:
$ref: '#/components/schemas/Shipment'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/V1/carts/mine:
post:
operationId: createCustomerCart
summary: Create a cart for the authenticated customer
description: >-
Creates a new empty shopping cart (quote) for the currently authenticated
customer. Returns the cart ID (quote ID) that is used in subsequent
cart operations. A customer can only have one active cart at a time;
if an active cart already exists, its ID is returned.
tags:
- Carts
responses:
'200':
description: Cart ID (quote ID) for the customer cart
content:
application/json:
schema:
type: integer
'401':
$ref: '#/components/responses/Unauthorized'
/V1/carts/mine/items:
post:
operationId: addItemToCart
summary: Add item to customer cart
description: >-
Adds a product to the authenticated customer's active cart. The request
must include the quote_id, SKU, and quantity. For configurable products,
product_option must be included with the selected option values. Returns
the updated cart item object.
tags:
- Carts
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CartItemRequest'
responses:
'200':
description: Cart item added successfully
content:
application/json:
schema:
$ref: '#/components/schemas/CartItem'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/V1/guest-carts:
post:
operationId: createGuestCart
summary: Create a guest cart
description: >-
Creates a new empty shopping cart for a guest (unauthenticated) shopper.
Returns a masked cart ID string that is used in subsequent guest cart
operations. No authentication is required for this endpoint. The masked
ID is a UUID-like string that does not expose internal database IDs.
tags:
- Carts
security: []
responses:
'200':
description: Masked cart ID for guest cart operations
content:
application/json:
schema:
type: string
description: Masked cart ID (UUID format)
/V1/inventory/sources:
get:
operationId: listInventorySources
summary: List inventory sources
description: >-
Returns a paginated list of inventory sources configured in the
multi-source inventory system. Sources represent physical or logical
locations from which inventory is fulfilled. Supports filtering,
sorting, and pagination via searchCriteria parameters.
tags:
- Inventory
parameters:
- $ref: '#/components/parameters/searchCriteriaFilterGroups'
- $ref: '#/components/parameters/searchCriteriaSortOrders'
- $ref: '#/components/parameters/searchCrite
# --- truncated at 32 KB (67 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/magento/refs/heads/main/openapi/magento-rest-api-openapi.yml