API Adapters
Overview
Last updated: May 15, 2026
STOAR's API adapters let you connect existing tools, ERPs, and integrations without writing new client code. This page explains how the adapters work, how to authenticate, and how to manage them from the admin panel.
Overview #
STOAR exposes the same product, order, and customer data through four wire-compatible REST API adapters. Each adapter presents a familiar API shape so your existing client libraries can connect to STOAR as if they were talking to the platform they were built for — no code changes required.
Available Adapters #
| Adapter | Base URL | Compatible with |
|---|---|---|
| Magento | /rest/V1 |
Magento 2 REST clients |
| Shopify | /admin/api/2024-01 |
Shopify Admin API clients |
| WooCommerce | /wp-json/wc/v3 |
WooCommerce REST v3 clients |
| BigCommerce | /api |
BigCommerce v2/v3 clients |
For endpoint references and request/response details, see the individual adapter docs: Magento · Shopify · WooCommerce · BigCommerce.
Authentication #
All four adapters use Sanctum personal access tokens. To authenticate a request, include your token as a Bearer token in the Authorization header:
Authorization: Bearer <your-token>Tokens are created and managed in Admin → REST API → API Tokens. When you create a token you assign it a set of abilities that control exactly which endpoints it can access — for example products:read or orders:write. Tokens can be revoked at any time and optionally given a time-to-live (TTL) so they expire automatically.
Rate Limiting #
Two rate limits apply by default:
- Authenticated requests (token-based): 60 requests per minute
- Public requests (IP-based): 10 requests per minute
Both limits are configurable. You can adjust the per-minute caps or toggle rate limiting on and off entirely in Admin → Settings → API Settings.
When a limit is exceeded the API returns a 429 Too Many Requests response. The Retry-After header indicates how many seconds to wait before retrying.
Shared Data Layer #
All four adapters read from the same underlying product, order, and customer data. Each adapter is responsible only for transforming that data into its native response format — there is no duplication of records and no synchronisation to manage. A product you update in the admin panel is immediately reflected across every adapter.
Managing the API #
Navigate to Admin → REST API to manage your API configuration:
- Adapters — view the registered adapters and their URL prefixes.
- API Tokens — generate new tokens, assign abilities, set a TTL, and revoke tokens that are no longer needed.
- Settings — toggle rate limiting on or off and configure the per-minute request caps for authenticated and public requests.