Operations related to inventory transfer orders
Merchant API v2 (2.0.0)
The Merchant API v2 provides programmatic access to merchant data across all their sales channels.
This version shifts from sales channel-scoped access to merchant-scoped access, allowing access to data across all sales channels owned by a single merchant.
The access tokens remain the same as in v1, but now they provide access to all sales channels.
All endpoints are rate limited to 100 requests per minute per merchant. The following headers are included in every response:
X-Rate-Limit-Used: The number of requests used in the current minute.X-Rate-Limit-Max: The maximum number of requests allowed per minute (100). If the limit is exceeded, a 429 Too Many Requests response is returned.
v1 of the Merchant API will remain available as long as clients use it, but new features and improvements will only be added to v2. We recommend all new integrations use v2.
All list endpoints use cursor-based pagination. The pagination.next_page_url field in the response indicates the next page. If null, there are no more results. Use the limit query parameter to control page size. See each endpoint's response schema for details.
Hive sends webhook notifications to inform you about important events in your merchant account. Configure webhook endpoints in your merchant dashboard. See the webhooks section below for available webhook events and their payloads.
Hive signs all webhook requests with an x-hive-signature header to prevent malicious actors from sending invalid requests. This header contains a hex-encoded HMAC-SHA256 digest of the request body, using your API token as the key. Requests without this header or with invalid signatures should be ignored.
Ruby signature validation example:
def request_valid?(req)
return false if !req.post?
request_sig = req.get_header("x-hive-signature")
expected_sig = OpenSSL::HMAC.hexdigest("sha256", ENV["API_TOKEN"], req.body)
Rack::Utils.secure_compare(request_sig, expected_sig)
endWebhook URLs should be idempotent as Hive cannot guarantee the order of calls or retry attempts for the same event. What this means in practice, is that you should check the timestamp of the object in the payload. Ignore payloads with a timestamp older than the last update you saved. Only process the webhook if the updated timestamp is newer than the one you have on file.
Download OpenAPI description
Overview
URL
Hive Support
Languages
Servers
Mock server
https://hive-merchant-api.redocly.app/_mock/merchant-api-v2/mapi_v2_oas31/
Production API
https://app.hive.app/merchant_api/v2/
Staging API
https://staging.app.hive.app/merchant_api/v2/
- Mock server
https://hive-merchant-api.redocly.app/_mock/merchant-api-v2/mapi_v2_oas31/warehouses
- Production API
https://app.hive.app/merchant_api/v2/warehouses
- Staging API
https://staging.app.hive.app/merchant_api/v2/warehouses
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://hive-merchant-api.redocly.app/_mock/merchant-api-v2/mapi_v2_oas31/warehouses?limit=20' \
-H 'Authorization: Bearer <YOUR_token_HERE>'Response
application/json
{ "data": [ { … } ], "pagination": { "first_page_url": "https://app.hive.app/merchant_api/v2/collection_of_items?limit=20", "limit": 20, "next_page_url": "https://app.hive.app/merchant_api/v2/collection_of_items?limit=20&page=eyJpZCI6MTIzNDU2fQ" } }