API

API Overview

The Gamopanda REST API is versioned and served from:

https://api.gamopanda.com/api/v1.0/api/v1.0

All responses wrap data in a consistent envelope:


Code
{
  "data": { ... }
}

Paginated list endpoints include a paging object:


Code
{
  "data": [...],
  "paging": {
    "nextOffset": 20,
    "previousOffset": 0,
    "total": 143
  }
}

Authentication

Gamopanda supports two authentication flows. Each endpoint lists which flows it accepts under its Security section — when multiple flows are listed, any one of them is sufficient.

API key flow (server-to-server)

Use your account API key and secret for backend / server-to-server calls:

Code
x-api-key: <your-api-key>
x-api-secret: <your-api-secret>

Both headers must be sent together.

End-user flow (client-side)

Use an end-user access token together with the account ID for requests made on behalf of a specific end user (e.g. from a frontend widget):

Code
x-enduser-access-token: <end-user-jwt>
x-account-id: <your-account-uuid>

Both headers must be sent together.

Flow	Required headers
API key	`x-api-key` + `x-api-secret`
End-user	`x-enduser-access-token` + `x-account-id`

Common query parameters

Most list endpoints support the following query parameters:

Parameter	Description
`fields`	JSON array of field slugs to return, e.g. `["id","name"]`
`filters`	JSON-encoded `ComplexCondition` filter object
`sortBy`	JSON array of sort params, e.g. `[{"fieldSlug":"createdAt","order":"DESC"}]`
`offset`	Pagination offset (default `0`)
`limit`	Page size — 1–1000 (default `20`)
`fetchTotalCount`	Set to `true` to include total record count in the paging envelope
`languageCode`	BCP-47 locale for localised fields, e.g. `en`, `fr`

Error responses

All error responses follow a uniform shape:


Code
{
  "error": {
    "code": "MACHINE_READABLE_CODE",
    "message": "Human-readable description of the error."
  }
}

Common HTTP status codes returned:

Status	Meaning
`400`	Bad request — invalid input
`401`	Unauthorised — missing or invalid token
`403`	Forbidden — insufficient permissions
`404`	Not found
`409`	Conflict — duplicate record

Next steps

Browse the full API Reference to explore every endpoint, try requests interactively, and view request/response schemas.

Last modified on April 12, 2026

API Keys Shopify Integration

Authentication

Gamopanda supports two authentication flows. Each endpoint lists which flows it accepts under its Security section — when multiple flows are listed, any one of them is sufficient.

API key flow (server-to-server)

Use your account API key and secret for backend / server-to-server calls:

Code

x-api-key: <your-api-key>
x-api-secret: <your-api-secret>

Both headers must be sent together.

End-user flow (client-side)

Use an end-user access token together with the account ID for requests made on behalf of a specific end user (e.g. from a frontend widget):

Code

x-enduser-access-token: <end-user-jwt>
x-account-id: <your-account-uuid>

Both headers must be sent together.

Flow

Required headers

API key

x-api-key + x-api-secret

End-user

x-enduser-access-token + x-account-id

Common query parameters

Most list endpoints support the following query parameters:

Parameter

Description

fields

JSON array of field slugs to return, e.g. ["id","name"]

filters

JSON-encoded ComplexCondition filter object

sortBy

JSON array of sort params, e.g. [{"fieldSlug":"createdAt","order":"DESC"}]

offset

Pagination offset (default 0)

limit

Page size — 1–1000 (default 20)

fetchTotalCount

Set to true to include total record count in the paging envelope

languageCode

BCP-47 locale for localised fields, e.g. en, fr

Error responses

All error responses follow a uniform shape:

Code

{
  "error": {
    "code": "MACHINE_READABLE_CODE",
    "message": "Human-readable description of the error."
  }
}

Common HTTP status codes returned:

Status

Meaning

400

Bad request — invalid input

401

Unauthorised — missing or invalid token

403

Forbidden — insufficient permissions

404

Not found

409

Conflict — duplicate record