← Back to docs
Public API
Access the power of instxnt.xyz programmatically. Automated store generation, product management, and order tracking via our secure REST API.
# instxnt Public API Documentation
## Overview
instxnt provides a REST API for managing stores, products, and analytics. All requests require authentication via session cookies (OAuth-based).
## Base URL
```
https://api.instxnt.xyz
```
## Authentication
Authentication is handled via secure httpOnly cookies set during the OAuth login process:
- **Google OAuth** (`/api/auth/google`): User account creation and authentication
- **Stripe Connect** (`/api/auth/stripe`): Payment processor onboarding
All authenticated endpoints require the session cookie to be sent with requests.
## Endpoints
### Stores
#### Get All Stores
```
GET /api/stores
```
Returns all stores belonging to the authenticated user.
#### Get Store Details
```
GET /api/stores/:id
```
Fetch details for a specific store.
#### Create Store
```
POST /api/stores
```
Create a new storefront. Request body:
```json
{
"subdomain": "my-store",
"template": "modern"
}
```
#### Update Store
```
PUT /api/stores/:id
```
Update store settings, custom domain, or payment configuration.
### Products
#### Get Products
```
GET /api/stores/:storeId/products
```
List all products in a store.
#### Create Product
```
POST /api/stores/:storeId/products
```
Add a new product. Request body:
```json
{
"name": "Product Name",
"price": 29.99,
"currency": "USD"
}
```
#### Update Product
```
PUT /api/stores/:storeId/products/:productId
```
Update product details.
### Analytics
#### Get Analytics
```
GET /api/stores/:storeId/analytics
```
Retrieve store analytics including views, sales, and revenue.
## Rate Limiting
API requests are rate-limited to prevent abuse:
- **Auth endpoints**: 10 requests per 60 seconds (per IP)
- **General endpoints**: 100 requests per minute (per user)
## Error Responses
All errors return JSON with an `error` field and HTTP status code:
```json
{
"error": "invalid_request",
"message": "Request validation failed"
}
```
Common status codes:
- `400`: Bad Request
- `401`: Unauthorized
- `403`: Forbidden
- `404`: Not Found
- `429`: Too Many Requests
- `500`: Server Error
## SDKs
Client libraries are coming soon for JavaScript/TypeScript, Python, and other languages.
## Support
For API support, contact support@instxnt.xyz or visit our documentation at https://instxnt.xyz/docs