Version 3.2

Since version 2.0.5, S-Cart officially supports the API function, allowing sending data from S-cart to 3rd party applications and services. Currently S-cart provides connectivity for Product data and orders.


1. Type

API has 3 types

+  Private: Connect separately on the website. No external applications are used. You can also change the API type from "secret" and "public" to "private" just like turning off the API.

+  Secret: The connection request must have a secret key sent via the header with the key "Apisecret"

+  Public: Type of public connection. The 3rd party application only needs to send the api name with the header without secrect key.

2. API name:

+ An identifier for each API. The API name value must be passed through the header with the key "Apiname".

+ You can change the identifier, but it must be unique to distinguish APIs.

3. Fields hidden default:

+ The fields will be hidden (columns in the database) in the results that the third party received from the API. By default, no fields are hidden.

+ This function is only applied when API Type is public. If the API is "secret", hidden fields will be used separately during each independent secret key.

4. Secret key

+ is the secret key for each API, only used when the API type is "secret". So if the API is "public", the API user will not need to care about the secret key. Each API can have multiple "secrect keys" defined separately for each application..

+ Fields hidden: Hidden fields apply to each secret key. By default, no fields are hidden.

+ IP allow: The list of IPs of the 3rd application is allowed to connect to the API via the corresponding secret key. And only these IPs can be connected. The priority of the allow list is the highest.

For example:

IP allow:,
IP deny:,

IPs, always be connected to the API via its corresponding secret key without regard to the settings of the IP deny list.

+ IP deny: List of blocked IPs. If the "IP allow" list is empty, all IPs in "IP deny" will be blocked from connecting to the API via the corresponding secret key. Conversely, if IP allow is valid, the settings of IP denny will be ignored.

+ Expire: The validity period of the secret key. Null values are without limits.

+ Status: The status of the secret key is turned on / off


Components used in API:

- Header:

Apisecret: secret key value. Required if API is secret

+ Apiname: API name. Always required

  • api_order_list: Order list
  • api_order_detail: Order detail
  • api_product_list: Product list
  • api_product_detail: Product detail

- Body:

Parameters can be used together:

  • limit: Limit return results. Default 10. Use in api_order_list and api_product_list.
  • start: The position begins to get results. Default 0. Use in api_order_list and api_product_list.
  • orderBy: Sort results returned. Use in api_order_list and api_product_list.
  • sort: ASC or DESC. ASC default. Use in api_order_list and api_product_list.
  • model: Model of the product. Required for api_product_detail API
  • order_id: Order number. Required for api_order_detail API.


Example of an API connection requires details of the product with "LFF" model in PHP as follows:

$headers     = array(
    'Content-Type: application/json',
    'Apisecret: your-secret-key', // Required if it is API secret
    'Apiname: api_product_detail', // Required 
$url = 'https://your-domain.com/api/product?model=LFF';
$ch  = curl_init($url);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);