Skip to main content
Version: 1.0.0

Corp-Ops Programmatic v1 Admin API

The v1 admin API is the stable programmatic surface for non-browser callers. Versioned, deprecation-windowed, and explicitly RBAC-scoped.

Auth model:

  • RBAC API tokens (copt_...) only. No Shopify session tokens.
  • Each token has explicit scopes; endpoints declare required scopes per operation.
  • Tokens issued / revoked via Internal RBAC.

Stability guarantees:

  • Removing an endpoint or field is a breaking change → new path (/api/v2/...).
  • Adding a field or endpoint is non-breaking.
  • Old paths supported for 6 months after a new version cut.

Rate limits:

  • Per-shop, per-token: 600 req/min default; tightened on heavy endpoints (data export, bulk operations).
  • 429 with Retry-After header on breach.

Idempotency:

  • Mutations support an optional Idempotency-Key header (planned — see Phase 2.2 in API reference).

Authentication

RBAC API token issued via the merchant admin app. Format: Authorization: Bearer copt_<32 hex bytes>

Security Scheme Type:

http

HTTP Authorization Scheme:

bearer

Bearer format:

copt_xxx

Contact

Corp-Ops Platform: support@corp-ops.io

URL: https://docs.corp-ops.io

License

Last updated on by chandela