API authentication
OAuth 2.0 client credentials flow. API keys, scopes, rate limits, key rotation.
Overview
OAuth 2.0 client credentials flow. API keys, scopes, rate limits, key rotation. The API is REST + JSON with JWT-authenticated bearer tokens, IPv4/v6 dual-stack, TLS 1.3, and SLA 99.9% monthly availability. Base URL: https://api.merch.am/v1/
Authentication example
curl -X POST https://api.merch.am/v1/oauth/token \
-H "Content-Type: application/json" \
-d '{"grant_type":"client_credentials","client_id":"YOUR_ID","client_secret":"YOUR_SECRET","scope":"quote.read quote.write order.read order.write"}'Quote request example
POST /v1/quote
Authorization: Bearer YOUR_TOKEN
Content-Type: application/json
{
"items": [
{
"sku": "TS-180-COTTON",
"quantity": 500,
"decoration": "silkscreen-4color",
"size_distribution": {"S":50,"M":150,"L":200,"XL":80,"XXL":20}
}
],
"destination": {"country":"AE","city":"Dubai","incoterm":"DDP"},
"deadline": "2026-06-15"
}Response example
{
"quote_id": "Q-2026-04123",
"valid_until": "2026-05-20T23:59:59Z",
"items": [
{
"sku": "TS-180-COTTON",
"quantity": 500,
"unit_cost_usd": 9.85,
"subtotal_usd": 4925.00
}
],
"freight_usd": 380.00,
"customs_duty_usd": 0.00,
"vat_usd": 265.25,
"total_landed_usd": 5570.25,
"lead_time_days": 18,
"compliance_docs": ["EUR.1","OEKO-TEX","REACH-SVHC"]
}Rate limits
- 100 requests / minute on /quote
- 30 requests / minute on /order
- 10 requests / minute on /webhooks/subscribe
- Bursts allowed up to 2x for 30 seconds
SDKs and code samples
Official SDKs: Python, Node.js, PHP, Ruby, Go. OpenAPI 3.1 spec available at /v1/openapi.json. Postman collection on request.
Get API access
Email api@merch.am with your use case (estimated monthly volume, integration target, technical contact). Sandbox access typically granted within 1 business day; production credentials within 5 business days after sandbox testing.