Authentication

The Admin API uses Oauth 2 Bearer Access Tokens to manage access to your store's resources. Oauth Apps (and associated access tokens) can be tailored with object-level permission to ensure that each integrated service only has access to necessary objects.

Before using the Admin API, you'll need to create a store and create an OAuth App necessary for API access.

To create an OAuth App, navigate to Settings > API Access and create a new Oauth App with applicable permission scopes to retrieve your Access Token.

It's recommended to create unique Oauth Apps per external system so that you can revoke as needed.

Versioning

API versioning allows 29 Next to continuously evolve the platform while maintaining predictable behavior for existing APIs with a path for upgrades and deprecations.

To specify a version, pass the X-29Next-Api-Version header with your desired API version.

Rate Limiting

Admin APIs are rate-limited to maintain the stability and equity of our platform for all users. We employ a number of methods to enforce rate limits including API Access Token and IP Address.

Identifier	Rate Limit Method	Limit
Access Token	Request-based	4 requests/second

Sample

The following sample shows the API response for the status code 429.

HTTP/1.1 429 Too Many Requests
Retry-After: 1

Why Rate Limits?

Rate limiting is required to prevent the network and application services from becoming overloaded.

Setting a rate limit helps to prevent API abuse and provide overall fairness of use across the platform.