Template Docs Commerce APIs Tools
Get Started
Get Started

Making Requests

The essentials of making successful requests to Squarespace Commerce APIs boils down to three elements:

  1. Use of HTTPS, as all unsecured requests will be rejected
  2. Providing all expected HTTP headers
  3. Abiding by our API rate limit

Descriptions of these headers and of our API rate limit are provided below.

HTTP Headers

Identification via the Authorization Header

You can authenticate by including a generated API key in your request headers as a bearer token. For example:

curl "https://api.squarespace.com/1.0/commerce/orders" \
  -H "Authorization: Bearer YOUR_SECRET_API_KEY"

Creating an API Key

You can create a new key using these steps, after logging into your Squarespace site:

  1. In the Home Menu, click Settings, and then click Advanced.
  2. Click Squarespace API Keys.
  3. Click Create Key.
  4. Provide a descriptive Key Name, and select one or more API Key Scope options applicable to the APIs you would like your application to access.
  5. Click Next to generate the key. Record the generated key in a safe and secure place. For security reasons, this is the only time the key will be visible.

Identifying Ownership of an API Key

Websites on Squarespace can have many API keys, though an API key can only belong to a single website. An authorization profile endpoint is available to help identify an API key's website. The endpoint provides basic website information that can aid in developing apps using Squarespace Commerce APIs.

curl "https://api.squarespace.com/1.0/authorization/website" \
  -H "Authorization: Bearer YOUR_SECRET_API_KEY"
  "id" : "5863f6faf7e0abc3cf95ce3a",
  "siteId" : "developers",
  "title" : "Squarespace Developers",
  "url" : "https://developers.squarespace.com",
  "currency" : "USD",
  "language" : "en-US"

User-Agent Header

All requests must include the User-Agent HTTP header. Requests without one will be rejected. Requests specifying a default value, often injected by popular client apps when not provided by the user (e.g. User-Agent: curl/7.54.0), may be subject to stricter rate limiting.

For the sake of brevity, the examples provided in these docs do not include the User-Agent header.

Content-Type Header

Requests requiring a message body must include the Content-Type HTTP header, specifying a value of application/json.

Rate Limiting

Squarespace Commerce APIs employ a rate limit of 120 messages per minute, an equivalent bandwidth of about 2 requests per second. Requests over the rate limit will receive a 429 Too Many Requests response for a cooldown period of 1 minute, which applies per API key.

Contact Customer Care if you believe your API usage requires additional bandwidth.