Skip to main content
POST
Move wishlist item to cart

Authorizations

Authorization
string
header
required

API Key Authentication

Use your API key in the Authorization header:

Key Types:

Secret Keys (Server-Side Only):

  • Format: tybrite_sk_live_* (production) or tybrite_sk_test_* (sandbox)
  • Full read/write access to all endpoints
  • ⚠️ NEVER expose in client-side code or public repositories
  • Required for: write operations, authentication, payment verification, AI recommendations

Publishable Keys (Client-Safe):

  • Format: tybrite_pk_live_* (production) or tybrite_pk_test_* (sandbox)
  • Read-only access (GET requests only, plus POST semantic search)
  • ✅ Safe for client-side JavaScript, mobile apps, and public code
  • Allowed for: browsing products, search, CMS content, pricing queries

Endpoint-Specific Requirements:

  • Authentication endpoints (/v1/auth/*): Secret key required
  • Payment verification (POST /v1/payments/verify): Secret key required
  • AI Recommendations (POST /v1/recommendations): Secret key required
  • Semantic Search (POST /v1/search): Both key types allowed (read-only operation)
  • All write operations: Secret key required
  • All read operations: Both key types allowed

Using a publishable key for restricted operations returns 403 Forbidden.

Headers

x-auth-token
string

Customer session access_token from /v1/auth/login or /v1/auth/verify-otp. The resolved customer must match the customer_id in the request.

x-external-auth
string

Bring-your-own-auth assertion for stores that manage authentication in an external identity provider (Auth0, Clerk, Cognito, Firebase, NextAuth, SSO). Provide this OR x-auth-token, not both.

Format: <base64url(JSON)>.<base64url(HMAC-SHA256(JSON))> where the JSON is { "external_id": "...", "iat": <unix>, "exp": <unix> } and the HMAC is keyed on the store's signing secret. Claim lifetime capped at 300 seconds.

X-Session-Id
string

Optional session ID used to associate the resulting cart row when the customer does not already have one.

Body

application/json
wishlist_item_id
string<uuid>
required

Wishlist item UUID to move

Example:

"880e8400-e29b-41d4-a716-446655440001"

customer_id
string<uuid>
required

Customer UUID that owns the wishlist item and target cart

Example:

"650e8400-e29b-41d4-a716-446655440000"

quantity
integer
default:1

Quantity to add to the cart (defaults to 1)

Required range: x >= 1
Example:

1

Response

Item moved to cart (returns refreshed cart with metadata)

success
boolean
Example:

true

message
string
Example:

"Item moved from wishlist to cart"

removed_wishlist_item_id
string<uuid>
items
object[]
total_items
integer
subtotal
number
session_id
string | null
customer_id
string | null