You are browsing documentation for version 5.1 of OroCommerce, supported until March 2026. Read the documentation for version 6.0 (the latest LTS version) to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.


All API access is over HTTP or HTTPS (depending on a server configuration) and is accessed from the http(s)://<hostname_of_your_oro_application>/api/<resource_name> All data is sent and received as JSON.

A typical request can be performed via curl or JSON sandbox.

Curl Example

GET /api/users/1 HTTP/1.1

curl -X "GET" -H "Accept: application/vnd.api+json"
     -H "Authorization: Bearer ..."

Please note that to simplify the representation of request examples in the document, a short format will be used, e.g.:

GET /api/users/1 HTTP/1.1
Accept: application/vnd.api+json

Typical response header

HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
Date: Mon, 19 Sep 2016 17:52:34 GMT
Connection: keep-alive
Status: 200 OK
Content-Length: 5279
Cache-Control: max-age=0, no-store

Typical response body

{ "data": {
    "type": "users",
    "id": "1",
    "attributes": {
        "title": null,
        "email": "",
        "firstName": "John",
        "enabled": true,
        "lastLogin": "2016-09-19T11:01:31Z",
    "relationships": {
        "owner": { "data": { "type": "businessunits", "id": "1"} },
        "businessUnits": { "data": [ { "type": "businessunits", "id": "1" } ] },

Blank fields are included as null instead of being omitted.

Attributes or sub resources that are restricted are included as null as well.

All timestamps are returned in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ.