RESTful Design
Clean, predictable URLs and standard HTTP methods. Easy to understand and integrate.
Build powerful integrations with your POS, mobile apps, and third-party services using our comprehensive REST API.
Available on the Scale planClean, predictable URLs and standard HTTP methods. Easy to understand and integrate.
API key authentication with granular scopes. All requests over HTTPS.
60 requests per minute per key. Fair usage ensures reliability for all.
Get started in minutes with our simple REST API.
Go to your admin dashboard → API Access → Create Key
# For Restaurants/Retail:
curl -X GET "https://waveorder.app/api/v1/products" \
-H "Authorization: Bearer wo_live_YOUR_API_KEY"
# For Salons:
curl -X GET "https://waveorder.app/api/v1/services" \
-H "Authorization: Bearer wo_live_YOUR_API_KEY"# Restaurants/Retail Response:
{
"products": [
{
"id": "507f1f77bcf86cd799439011",
"name": "Margherita Pizza",
"price": 12.99,
"stock": 50,
"isActive": true
}
],
"pagination": {
"page": 1,
"limit": 50,
"total": 125,
"pages": 3
}
}
# Salons Response:
{
"services": [
{
"id": "507f1f77bcf86cd799439011",
"name": "Classic Haircut",
"price": 20.00,
"serviceDuration": 30,
"requiresAppointment": true,
"isActive": true
}
],
"pagination": {
"page": 1,
"limit": 50,
"total": 25,
"pages": 1
}
}All API requests require authentication using an API key. Include your key in the Authorization header:
Authorization: Bearer wo_live_YOUR_API_KEYAlternatively, use the X-API-Key header:
X-API-Key: wo_live_YOUR_API_KEYBase URL: https://waveorder.app/api/v1
/productsList all products (paginated)products:read/products/:idGet single productproducts:read/productsCreate new productproducts:write/products/:idUpdate productproducts:write/products/:idDelete productproducts:writeQuery Parameters: page, limit (max 100), categoryId, brandId, search, isActive
/ordersList all orders (paginated)orders:read/orders/:idGet single orderorders:readQuery Parameters: page, limit (max 100), status, type (DELIVERY/PICKUP/DINE_IN), from, to
/servicesList all services (paginated)services:read/services/:idGet single serviceservices:read/servicesCreate new serviceservices:write/services/:idUpdate serviceservices:write/services/:idDelete serviceservices:writeQuery Parameters: page, limit (max 100), categoryId, search, isActive
/appointmentsList all appointments (paginated)appointments:read/appointments/:idGet single appointmentappointments:read/appointmentsCreate new appointmentappointments:write/appointments/:idUpdate appointmentappointments:writeQuery Parameters: page, limit (max 100), status, from, to
/categoriesList all categoriescategories:read/categories/:idGet single categorycategories:read/categoriesCreate new categorycategories:write/categories/:idUpdate categorycategories:write/categories/:idDelete categorycategories:writeQuery Parameters: includeProducts (boolean)
/meGet authenticated business infoanyAPI requests are limited to 60 requests per minute per API key.
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window (60) |
X-RateLimit-Remaining | Remaining requests in current window |
X-RateLimit-Reset | Seconds until rate limit resets |
Retry-After | Seconds to wait (only on 429 response) |
The API returns standard HTTP status codes and JSON error responses.
| Code | Meaning |
|---|---|
200 | Success |
201 | Created (for POST requests) |
400 | Bad Request — Invalid parameters |
401 | Unauthorized — Missing or invalid API key |
403 | Forbidden — Missing required scope or Scale plan |
404 | Not Found — Resource doesn't exist |
429 | Too Many Requests — Rate limit exceeded |
500 | Internal Server Error |
Example error response:
{
"error": "Missing required scope: products:write"
}API access is part of the Scale plan. Talk to our team to get set up and start integrating.