Authentication
curl -H "Authorization: Bearer ${SAFER_API_KEY}" \
https://api.saferinventory.com/v1/productsGenerate API keys at /app/settings/api-keys. Scope per token.
API reference
REST API, all of it.
Everything our dashboard does is on the API. OAuth + scoped tokens, idempotent writes, sliding-window rate limits, structured errors.
Rate limits
600/minsustained per org · burst 30/sec20exports per 5 min per user120/minper IP edge shield (any path)
Headers: X-RateLimit-Remaining, Retry-After on 429.
Endpoints
- GET
/v1/productsList products with cursor pagination - POST
/v1/productsCreate a product (idempotent via Idempotency-Key) - GET
/v1/products/:idRead one product with variants + levels - POST
/v1/inventory/adjustApply a stock movement; returns new on_hand - POST
/v1/inventory/transferMove stock between locations - GET
/v1/ordersList sales orders, filter by status + channel - POST
/v1/devicesRegister an Expo push token (mobile)
Webhooks
Public webhook subscriptions are on the roadmap (see /roadmap). Events will be HMAC-SHA256 signed using your secret + raw body, exactly like Shopify.
Full OpenAPI spec at /api/openapi.json (coming with v1 GA)