The essentials of making successful requests to Squarespace Commerce APIs boils down to three elements:
- Use of HTTPS, as all unsecured requests will be rejected
- Providing all expected HTTP headers
- Abiding by our API rate limit
Descriptions of these headers and of our API rate limit are provided below.
You can authenticate by including a generated API key in your request headers as a bearer token. For example:
curl "https://api.squarespace.com/1.0/commerce/orders" \ -H "Authorization: Bearer YOUR_SECRET_API_KEY"
You can create a new key using these steps, after logging into your Squarespace site:
- In the Home Menu, click Settings, and then click Advanced.
- Click Squarespace API Keys.
- Click Create Key.
- Provide a descriptive Key Name, and select one or more API Key Scope options applicable to the APIs you would like your application to access.
- Click Next to generate the key. Record the generated key in a safe and secure place. For security reasons, this is the only time the key will be visible.
All requests must include the
User-Agent HTTP header. Requests without one will be rejected. Requests specifying a default value, often injected by popular client apps when not provided by the user (e.g.
User-Agent: curl/7.54.0), may be subject to stricter rate limiting.
Note that, for the sake of brevity, the examples provided in these docs do not include the
Requests requiring a message body must include the
Content-Type HTTP header, specifying a value of
Squarespace Commerce APIs employ a rate limit of 120 messages per minute, an equivalent bandwidth of about 2 requests per second. Requests over the rate limit will receive a 429 Too Many Requests response for a cooldown period of 1 minute, which applies per API key.
Contact Customer Care if you believe your API usage requires additional bandwidth.