E-Com Plus is a robust and flexible cloud commerce software, totally based on REST APIs, providing a large library of methods and specifications to deploy any digital commerce operation easly

Store API is the hearth of our software, a REST interface to the MongoDB stores database, given full access to all store data, so be creative, but be careful too

With great power comes great responsibility, may the force be with you!


This API tries to be truly RESTful, following Web API Standards, taking as specifications references:


Should be accessed from https://api.e-com.plus/{version}/

Current version: v1


Note that every request must be with https (SSL)

All endpoints will end with .json:



Sandbox environment is available at https://sandbox.e-com.plus/{version}/, must be used for tests only, after homologation you should migrate to production

Current version and formats will always be the same of production environment

All data in the sandbox environment is deleted after 7 days

This documentation uses sandbox by reference on the examples


Both request and response body are formatted as JSON, always an object {}

Object Modeling

Based on JSON Schema Draft-06 specifications

API uses JSON Schema built-in string formats and Regular Expressions (RegEx) to validate string fields on body

For example purposes, you can generate random objects with the schemas using JSON Schema Faker

List Of Documents

At root of a resource or an embedded documents subresource, response body will follow this pattern:

  • Always an object with meta and result properties
  • meta is an object
  • result is an array of objects
  "meta": {
  "result": [
    {}, {}

URL Params

URL parameters (query string) are used only at endpoints that returns lists of documents, setting metadata (meta) for filtering and pagination purposes, accepted params will vary by each endpoint

Common Parameters

  • limit
    • Set the maximum number of documents to return
    • Must be an integer > 0
    • eg.: ?limit=1000
  • offset
    • Specifies the first entry to return
    • An integer >= 0
    • eg.: ?offset=1000, ?offset=0
  • sort
    • Specifies rules to order the resultant objects
    • Default is ascending order, use - for descending
    • eg.: ?sort=-popularity, ?sort=price,-popularity
  • fields
    • Specifies the object properties to return
    • eg.: ?fields=code, ?fields=name,code,date

Other parameters must be valid properties of the objects, will be used to filter results

It's possible to use MongoDB dot notation to filter by embedded arrays and objects


All requests must have the header X-Store-ID with the unique ID (integer) of respective store

Optionally X-Cache-Tag with any value to refuse or update browser cache, Content-Type (application/json, charset=utf-8) and Accept-Encoding


GETReadView object
POSTCreateCreate new object
PATCHUpdate/ModifyUpdate some properties
PUTUpdate/ReplaceOverwrite entire object
DELETEDeleteRemove object
OPTIONS-Return allowed methods


Authentication is not required always, the majority of the resources accept GET requests without authentication, in some cases, authenticated requests return different body, more complete response

OPTIONS requests are always public

POST, PATCH, PUT and DELETE always require authentication

Authentication Headers

You must complete the steps to authenticate, then use the received access_token and my_id on headers X-Access-Token and X-My-ID respectively

Status Codes

Based on HTTP/1.1 Status Code Definitions:

  • 2xx - Successful
  • 4xx - Client error, must check the request
  • 5xx - Server error, report us and try again later

Response HTTP Status Code

200OK, successful GET request
201Created, successful POST request
202Accepted, at root (/) only
204No content, successful PATCH, PUT or DELETE request
400Bad request, problem in request body or URL params
401Unauthorized, need authentication and permission
403Forbidden, plan limits reached or client blocked
404Not found, resource or ID doesn't exists
405Method not allowed, resource doesn't accept used verb
406Not acceptable, problem with resource ID or subresource
412Precondition failed, no store found with provided ID
417Expectation failed, missing some header
500Internal server error, please report and try again later
502Bad gateway, try again later
503Service unavailable, probably blocked by proxy, wait
504Gateway timeout, try again later

Error Handling

App Errors

All 4xx (client error) and 5xx (server error) responses from application will have body following the model below:

  • (object)
    • status(number) - HTTP status code
    • error_code(string, number) - API error code
    • message(string) - Message to developer
    • user_message(object) - Messages to end user
      • en_us(string)
      • pt_br(string)
    • more_info(string, null) - External link


  "status": 406,
  "error_code": 123,
  "message": "Invalid value on resource ID",
  "user_message": {
    "en_us": "The informed ID is invalid",
    "pt_br": "O ID informado é inválido"
  "more_info": null

To know how to treat this errors, see status codes reference

Web Server Errors

In some cases you can receive an error directly from NGINX web server, even in this case the response will be a JSON object, almost in the same model of App Errors, but without properties user_message and more_info, the error_code will be an negative integer

  "status": 404,
  "error_code": -44,
  "message": "Page not found"

Incorrect URL paths, check API Host

  "status": 503,
  "error_code": -53,
  "message": "Service unavailable (DDoS?), wait few seconds"

NGINX is blocking your requests for security reasons, please wait few seconds and try again

Server Limits

Whenever possible, avoid using requests with query string, then you will be able to consume cache and send up to 30 GET requests per second with the same IP, to different endpoints

Not cached responses are limited by default to 6 requests per IP per second, but it can vary (to low) depending of the resource

The same API user (authentication) can make up to 6 authenticated requests per second

In almost all cases you will not receive an error if you go beyond the limits, the response will only be delayed, but even so, we recommend that you create treatments in case you receive a 503 status code

See Also


  • Main: E-Com Plus Main API, with some public data about stores and channels
  • Graphs: Recommendations API using Neo4j to define related products by categories, brands and common orders
  • Search: Powerful text search API using Elasticsearch to find and suggest items (products) and terms

Getting Help

Feel free to get help or suggest alterations on GitHub repo or by e-mail [email protected]