General API FAQ

đźšš Moving to Dev Docs

Technical documentation is now hosted in our Developer Documentation. This article has already migrated; check it out there. The Knowledge Center version will be retired on April 29th, 2024.

This Article Contains The Following Questions:

Q: Does Ordergroove have a fully API-based platform?

All subscription integration touchpoints — with the exception of Product catalog updates, which are uploaded in an offline feed via SFTP — are powered by our API.

The remaining nuance belongs to Subscription Enrollment actions, which are carried out via API calls to the Purchase Post endpoint for customers who choose to host their frontend content, or automatically by the Ordergroove system for customers who tag Ordergroove’s javascript.

Q: Why do some of Ordergroove’s APIs have an authorization header, whereas others have HMAC auth in the URL parameters or the request body?

Ordergroove’s older suite of APIs (those at, as well as some at do not have authorization headers, instead of passing in authentication in the body of the request, or via URL parameters in rare instances. Our newer APIs (those at, and some at have an HMAC auth header.

Q: Should I read the API response status codes exclusively, or rely on the error messages?

We recommend you build your retry logic based solely on the API status codes (400, 401, 403, etc.). The accompanying error messages are human-readable and subject to change and thus not appropriate for use in error handling. These messages can be logged and used for troubleshooting.

Q: What value should I set for API timeout intervals?

The Service Level Agreement for most of our APIs is 1 second, but we recommend a 3-second interval to be safe. Visit the API documentation for more detail about which API responses warrant a retry and which fail permanently.