Docs
Base URL: https://anyshop.io/api/v1. All requests need an API key from /dashboard/developer. Request and response bodies are snake_case JSON. Money is integer cents in the product's currency. Dates are ISO 8601.
npx @anyshop/cli helpZero-dep CLI mirroring the REST surface. Works with ANYSHOP_API_KEY env. Examples: `anyshop orders list --status paid`, `anyshop products create --title 'Pro' --slug pro --type serial --price-cents 4900 --currency USD`.
npx @anyshop/mcpModel Context Protocol server. Add to Claude Desktop config with the ANYSHOP_API_KEY env to manage your store conversationally — 10 tools across orders, products, customers, webhooks, and audit.
/api/whoamiVerify the API key. Returns shop scoping. Use this to check that an integration is correctly configured before making mutating calls.
Example
curl -H 'Authorization: Bearer as_…' https://anyshop.io/api/whoami
/api/v1/ordersList orders for the authenticated shop. Cursor pagination on createdAt.
Query
Example
curl -H 'Authorization: Bearer as_…' \ 'https://anyshop.io/api/v1/orders?status=paid&limit=20'
/api/v1/orders/:idSingle order with joined line items (product_title, slug, type).
/api/v1/orders/:id/refundRefund an order. Idempotent — refunding an already-refunded order returns 200 with already_refunded:true. For card orders also calls Stripe Refunds API (Connect-aware, reverses platform fee).
Example
curl -X POST -H 'Authorization: Bearer as_…' \ https://anyshop.io/api/v1/orders/abc-123/refund
/api/v1/customersList shop customers. Query: email (case-insensitive exact), limit.
/api/v1/auditAudit events for the shop. Query: action (exact), since + until (ISO 8601), limit. Useful for compliance pulls and security tooling.
/api/v1/productsList products. Same status filter shape as orders.
Query
/api/v1/products/:idSingle product.
/api/v1/products/:idPartial update. Strict body — unknown fields rejected with 422. Allowed: title, description, price_cents, currency, status, delivered_message, stock_total. Audited as product.edited with the changed field list.
/api/v1/products/:idDestroy a product. License keys cascade. Returns 409 in_use on FK conflict (active orders).
/api/v1/productsCreate a product. Defaults: status=draft, stock_total=-1 (unlimited). Returns 201, 409 slug_taken on conflict, 422 with validation details on bad body.
Body
{
"title": "Pro license",
"slug": "pro",
"type": "serial", // serial | file | service | subscription
"price_cents": 4900,
"currency": "USD",
"description": "Optional markdown.",
"stock_total": -1, // -1 = unlimited
"delivered_message": "Optional message shown to buyers",
"status": "draft" // or "active"
}Example
curl -X POST https://anyshop.io/api/v1/products \
-H 'Authorization: Bearer as_…' \
-H 'Content-Type: application/json' \
-d '{"title":"Pro","slug":"pro","type":"serial","price_cents":4900,"currency":"USD"}'/api/v1/webhooksList webhook subscriptions for the shop.
/api/v1/webhooksCreate a webhook subscription. Body: { url, events: [...] }. Response includes signing_secret EXACTLY ONCE — store it; we never return it again.
Body
{
"url": "https://your-service.example.com/anyshop",
"events": ["order.paid", "order.fulfilled", "subscription.renewed"]
}/api/v1/webhooks/:idDestroy a webhook subscription.
your webhook URLWe POST signed events to subscribed URLs. Header X-Anyshop-Signature: t=<unix>,v1=<hex>. The signature is HMAC-SHA256 over the raw request body using the signing_secret shown once when you created the webhook at /dashboard/developer.
Example
// Verify with @anyshop/webhooks
import { verify } from '@anyshop/webhooks';
const body = await req.text();
const sig = req.headers.get('x-anyshop-signature');
if (!verify(body, sig, signingSecret)) {
return new Response('Bad signature', { status: 400 });
}
const event = JSON.parse(body);Discovery doc: GET /api/v1 — machine-readable JSON map. Verify webhook signatures in your browser at /docs/signature-playground.