Skip to main content
POST
Create order

Authorizations

Authorization
string
header
required

API Key Authentication

Use your API key in the Authorization header:

Key Types:

Secret Keys (Server-Side Only):

  • Format: tybrite_sk_live_* (production) or tybrite_sk_test_* (sandbox)
  • Full read/write access to all endpoints
  • ⚠️ NEVER expose in client-side code or public repositories
  • Required for: write operations, authentication, payment verification, AI recommendations

Publishable Keys (Client-Safe):

  • Format: tybrite_pk_live_* (production) or tybrite_pk_test_* (sandbox)
  • Read-only access (GET requests only, plus POST semantic search)
  • βœ… Safe for client-side JavaScript, mobile apps, and public code
  • Allowed for: browsing products, search, CMS content, pricing queries

Endpoint-Specific Requirements:

  • Authentication endpoints (/v1/auth/*): Secret key required
  • Payment verification (POST /v1/payments/verify): Secret key required
  • AI Recommendations (POST /v1/recommendations): Secret key required
  • Semantic Search (POST /v1/search): Both key types allowed (read-only operation)
  • All write operations: Secret key required
  • All read operations: Both key types allowed

Using a publishable key for restricted operations returns 403 Forbidden.

Headers

Idempotency-Key
string
required

Unique key to prevent duplicate orders (e.g., order-{timestamp}-{random})

X-Timestamp
integer
required

Unix timestamp in seconds (current time). Must be within 5 minutes of server time. Used to prevent replay attacks.

X-Signature
string
required

HMAC-SHA256 signature of the payload (timestamp + "." + request_body), base64-encoded. Sign using your HMAC secret from the Integrations page (Developer section).

Body

application/json
customer_email
string<email>
required

Customer email address. Required.

customer_name
string
required

Customer full name. Required.

Example:

"John Doe"

billing_address
object
required

Billing address. Required.

shipping_address
object
required

Shipping address. Required.

items
object[]
required

Order line items (at least one required)

Minimum array length: 1

Provide variant_id OR product_id (at least one). Prefer variant_id β€” it is the exact variant (SKU) the shopper chose, so pass the same variant_id you put in the cart straight through to the order. If you send only product_id, the order is placed against the product's default variant β€” convenient for single-variant products, but for a product with multiple variants it may not be the one the shopper selected. When both are sent, variant_id wins (and product_id is resolved from it).

payment_method
enum<string>
required

Payment method identifier (required)

Available options:
card,
stripe,
paypal,
paystack,
mpesa,
cash
Example:

"card"

subtotal
number<float>
required

Subtotal before tax and shipping. Required.

Example:

2000

total_amount
number<float>
required

Total order amount (required)

Example:

2520

customer_id
string<uuid>

Customer UUID (optional - guest checkout supported)

Example:

"c320094c-eb65-4879-804c-83d2e1dd7f99"

customer_phone
string

Customer phone number (optional)

Example:

"+14155550199"

payment_status
enum<string>

Payment status (defaults to pending)

Available options:
pending,
paid,
failed,
refunded
Example:

"pending"

order_status
enum<string>

Order fulfillment status (defaults to pending)

Available options:
pending,
processing,
shipped,
delivered,
cancelled
Example:

"pending"

tax_amount
number<float>

Tax amount

Example:

320

shipping_amount
number<float>

Shipping cost

Example:

200

discount_amount
number<float>

Discount amount

Example:

0

notes
string

Additional order notes

Example:

"Please deliver between 9 AM - 5 PM"

tracking_number
string

Shipping tracking number (optional, usually set on PATCH)

Example:

"1Z999AA10123456784"

estimated_delivery
string<date-time>

Estimated delivery date and time (optional)

Example:

"2026-02-15T14:00:00Z"

payment_reference
string

External payment reference (e.g., Stripe charge ID, M-Pesa receipt)

Example:

"ch_1NqFvE2eZvKYlo2C8Z3y4abc"

shipping_metadata
object | null

Shipping calculation details from /v1/shipping/calculate for audit trail

gift_card_redemption
object | null

Optional gift card to redeem towards this order

promotion_usages
object[] | null

Promotion usages applied to this order (tracked when payment_status is paid)

apply_store_credit
boolean

Apply the customer's redeemable store credit to this order. When true (and the order has a customer_id), store credit is spent against the order total, capped at the total. The amount actually applied is returned as store_credit_applied. Requires a customer.

Example:

true

store_credit_amount
number<float>

Optional cap on how much store credit to apply. When omitted (and apply_store_credit is true) up to the full order total is applied. The applied amount never exceeds the available balance or the total.

Example:

25

gclid
string | null

Google ad click id, when the shopper arrived from a Google ad. On a paid order this lets the merchant's Google advertising get credit for the sale. Forward the true captured value; omit if not present.

Example:

"Cj0KCQiA...gclid"

fbclid
string | null

Meta (Facebook & Instagram) ad click id, when the shopper arrived from a Meta ad. On a paid order this lets the merchant's Meta advertising get credit for the sale. The conversion is sent server-side (Conversions API) and de-duplicated against the storefront's Meta Pixel by the order id, so it counts even when the browser blocks the Pixel. Forward the true captured value; omit if not present.

Example:

"IwAR1abc...fbclid"

Advertising privacy-consent state captured at checkout, used to decide whether a conversion may be reported to an ad platform for this shopper's region (required for EEA shoppers; UK/Swiss records are not dropped for a missing signal). Always forward the true captured values β€” never guess.

Response

Order created successfully (or existing order returned if idempotency key matches)

order
object
required
store_credit_applied
number<float>

Present only when store credit was applied to this order. The amount of the customer's store credit spent against the order.

Example:

25

post_processing_warnings
object[]

Optional. Present only when one or more post-order processing steps (gift card redemption, stock reduction, etc.) failed. The order itself was created successfully, but a downstream side effect needs human follow-up. Each warning indicates the stage that failed and a human-readable message.