Shopify Setup Guide
Step-by-step instructions for connecting Shopify stores and validating data flows.
Documentation
API Overview
Understand authentication, rate limits, and core resources in the LollipopWMS API.
Authentication
The LollipopWMS API uses Bearer token authentication. Generate an API key from Settings > Integrations > API Keys in your dashboard. Include the token in the Authorization header: `Authorization: Bearer YOUR_API_KEY`. API keys inherit the permissions of the user who created them. Create separate keys for each integration and rotate them quarterly. Revoke compromised keys immediately from the dashboard.
Rate limits
Standard accounts: 60 requests per minute, 10,000 requests per day. Enterprise accounts: 300 requests per minute, 100,000 requests per day. Rate limit headers are included in every response: `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset`. When rate limited, you'll receive HTTP 429 with a Retry-After header. Implement exponential backoff for automated integrations. Contact support if you need higher limits for legitimate use cases.
Error handling
The API returns standard HTTP status codes: 200 (success), 201 (created), 400 (bad request), 401 (unauthorized), 403 (forbidden), 404 (not found), 422 (validation error), 429 (rate limited), 500 (server error). Error responses include a JSON body with `error` (code), `message` (human-readable), and `details` (field-level errors for validation). Log error responses for debugging. Retry 5xx errors with backoff; don't retry 4xx errors without fixing the request.
Core endpoints
**Orders**: `GET /api/v1/orders` (list), `GET /api/v1/orders/{id}` (detail), `POST /api/v1/orders` (create), `PUT /api/v1/orders/{id}` (update). **Inventory**: `GET /api/v1/inventory` (list), `POST /api/v1/inventory/adjust` (adjustments), `GET /api/v1/inventory/levels` (quantity by location). **Products**: `GET /api/v1/products`, `POST /api/v1/products`, `PUT /api/v1/products/{id}`. **Shipments**: `POST /api/v1/shipments` (create with label), `GET /api/v1/shipments/{id}/tracking`. All endpoints support pagination via `page` and `per_page` query parameters (max 100 per page).
Webhooks
Configure webhooks from Settings > Integrations > Webhooks. Available events: `order.created`, `order.shipped`, `order.cancelled`, `inventory.adjusted`, `shipment.created`, `shipment.delivered`. Webhook payloads include event type, timestamp, and full resource data. We retry failed webhooks 3 times with exponential backoff. Respond with HTTP 200 within 30 seconds to acknowledge receipt. Verify webhook signatures using the `X-Lollipop-Signature` header and your webhook secret.
Frequently asked questions
Where do I find API documentation?
Full API reference with request/response examples is available at docs.lollipopwms.com/api. OpenAPI/Swagger spec available for download.
Can I test the API in sandbox mode?
Yes. Create a sandbox tenant from your dashboard. Sandbox uses separate API keys and doesn't affect production data.
How do I report API issues?
Email api-support@lollipopwms.com with your request ID (from response headers), timestamp, and full request/response. Include API key only if explicitly requested.