Shoporama as a headless backend
Headless commerce separates frontend from backend. Instead of using Shoporama's built-in themes, you build your own frontend - a React app, a Next.js site, a mobile app, or something else entirely - and let Shoporama handle all the heavy lifting: product management, order management, inventory management, payments and customer database.
This gives you total design freedom without sacrificing a proven e-commerce engine with all the features you need.
OAuth login
Shoporama acts as an OAuth server, which means that third-party applications can request access to an online store via a secure login flow:
- Your application sends the user to Shoporama's OAuth login page with a client_id and a redirect_uri
- The user logs in with their Shoporama credentials
- The user chooses which online store to access and what level of access (read, write, or full access)
- Shoporama redirects back to your app with an API token and metadata about the online store
Upon redirect, your app receives:
- API token for REST API calls
- Shop URL and shop name
- API endpoint
- Currency and VAT information
- Whether prices are incl. or excl. VAT
- Shop ID and access level
REST API with 25+ endpoints
Shoporama's REST API provides full access to all key parts of the online store:
- Products - Create, update, delete and retrieve products with all fields
- Categories - Manage the category hierarchy
- Orders - Retrieve orders, update status, manage the order queue
- Customers - Create and update customer data
- Inventory - Adjust inventory levels
- Batches - Manage batch/lot numbers
- Suppliers, brands and manufacturers - Master data for products
- Product profiles and attributes - Manage variants and sizing systems
- Gift cards - Create and manage gift cards
- Returns - Manage order returns
- Shipping - Get shipping options
- Payment gateways - Get configured gateways
- Pages and blog posts - Manage content
- Redirects - Manage URL redirects
- Menus - Manage webshop menus
- Landing pages - Create and update landing pages
- Webhooks - Manage webhooks programmatically
- Newsletters - Manage newsletter lists, subscribers and campaigns
- Labels - Manage product labels
- Customer fields - Manage additional customer fields
Access levels
Tokens can be created with three access levels:
- read - Read-only access (GET requests)
- write - Read and write access (GET, PUT, POST, DELETE)
- all - Full access including theme files and advanced features
Token security
Shoporama takes token security seriously:
- Rate limiting - Automatically limit the number of requests to protect against abuse
- Usage statistics - Detailed log of all API calls per token with method, endpoint, IP address and user agent
- Automatic cleanup - OAuth tokens not used for 90 days are automatically revoked
- Revocation - Tokens can be revoked manually at any time
- Last-used tracking - See when each token was last used
Typical usage scenarios
- Custom frontend: Build a React/Next.js frontend that pulls product data from Shoporama
- Mobile app: Build a native iOS/Android app with Shoporama as the backend
- ERP integration: Synchronize products and orders with your ERP system
- POS system: Connect your physical store system with your online shop
- Marketplace integration: Push products to Amazon, eBay or other marketplaces
- Custom apps: Build apps that extend Shoporama's functionality