Introduction
The Qapla' v2 API provides an advanced platform for both reading and writing integration with proprietary e-commerce systems or those that do not have a specific plugin or connector available.
The architecture is based on a RESTful style that ensures intuitive resource management and compliance with international standards, simplifying integration and process automation.
- The API is structured according to REST principles (RESTful API).
- It supports GET, POST, PUT, DELETE, and PATCH requests, using the JSON format for both sending and receiving data.
- Responses include HTTP status codes to indicate the result of the request (HTTP Status Codes).
- The reference time zone for all dates and timestamps in the API is UTC.
- Dates are provided in the ISO 8601 format (
YYYY-MM-DDTHH:MM:SSZ). Example:2025-04-24T05:17:19Z
API Key
To use the APIs, you must have a private API Key, which is assigned to the enabled channels.
You can find the API Key in the Control Panel under the Channels section.
The API Key must be kept confidential and secure.
Each channel has one or more private API Keys, which define the permissions and accessible endpoints.
Authentication
Channel authentication is performed through the Qapla' SSO service following the Bearer Token Authentication flow.
To obtain an access token, you need to send a POST request to the dedicated endpoint with the channel's API Key:
POST https://sso.qapla.it/auth/channel
The request must contain the following JSON in the body:
{"apiKey":"API_KEY"}
| apiKey (string) | The Qapla' channel API Key. |
|---|
curl -X POST https://sso.qapla.it/auth/channel \
-H "Content-Type: application/json" \
-d '{"apiKey": "API_KEY"}'
Response Body 200
Description
| accessToken (string) | The access token used to authenticate all subsequent requests. It must be included as a Bearer Token in the HTTP `Authorization` header. |
|---|---|
| tokenType (string) | Indicates the type of token (always "Bearer"). |
| expiresIn (int) | The token's duration in seconds (24 hours). |
| scopes (array) | List of endpoints authorized for the current API Key. |
Errors
If an error occurs during authentication, the following HTTP status codes may be returned:
| 401 | Unauthorized: The API Key is invalid or does not have the necessary permissions to access the requested endpoint. |
|---|---|
| 400 | Bad Request: The request is invalid or required parameters are missing from the request body. |
Access token
The access token must be included in the `Authorization` HTTP header of all subsequent requests, preceded by the string `Bearer`:curl -X GET https://api.qapla.it/v2/endpoint \
-H "Authorization: Bearer ACCESS_TOKEN" \
-H "Content-Type: application/json"
Errors
All errors returned by the Qapla' API are represented using standard HTTP status codes.Each code indicates the type of error encountered while processing the request, providing a clear and standard-compliant indication of any authentication, validation, or incorrect endpoint usage issues.
HTTP Status Codes
400 |
Bad Request: The request is invalid or required parameters are missing from the request body. |
|---|---|
401 |
Unauthorized: The API Key is invalid or does not have the necessary permissions to access the requested endpoint. |
403 |
Forbidden: Access denied. The API Key does not have the necessary permissions or the user is not authorized. |
404 |
Not Found: The specified endpoint does not exist or the requested resource was not found. |
405 |
Method Not Allowed: The HTTP method used (GET, POST, PUT, DELETE) is not supported for this endpoint. |
406 |
Not Acceptable: The server is unable to generate a response in the requested format or language. |
409 |
Conflict: The request cannot be completed due to a conflict with the current state of the resource. |
423 |
Locked: The requested resource is locked and cannot be modified or accessed. |
429 |
Too Many Requests: The maximum number of requests has been exceeded. Please wait before trying again. |
500 |
Internal Server Error: An internal server error occurred while processing the request. |
503 |
Service Unavailable: The service is currently unavailable. Please try again later. |
Body
JSON error body.| status | The type of error. |
|---|---|
| code | The internal error code. |
| message | The error description. |
Header
| X-Error-Message | The descriptive error text. |
|---|
Usage Limits
The request management system uses a Token Bucket algorithm to limit the number of API calls within a specified time interval, with the following parameters:
| Bucket capacity | 120 | Maximum number of requests allowed within a specified time period. |
|---|---|---|
| Tokens per second | 2 | The system refills at a rate of 2 requests per second. |
A multi-request (e.g., 100 shipments or orders) is counted as 100 tokens.
HTTP Response Status Codes
If the usage limit is exceeded, the response will be:
429 Too Many RequestsAbuse
Abuse of the API may lead to temporary or permanent suspension of the associated API Key.
Parcel
A Parcel (package) is uniquely identified by:
- Channel, represented by the Bearer Token
- Order reference (reference)
- Order origin (origin)
POSTParcel
Allows you to upload one or more parcels to an order reference before an order or shipment is created.The order or shipment (label) created will "inherit" the parcels previously uploaded.
The API can generate a provisional label in ZPL format if requested.
Note
Authentication is done through the Bearer Token obtained with the authentication service.
POSThttps://api.qapla.it/v2/parcel
Body
The request body must be a JSON containing the following parameters:*Mandatory parameter
| reference*(string) | The unique reference of the order that will be uploaded later. |
|---|---|
| origin(string) |
The origin of the order, for example: shopify, amazon. It can be null, and the system will set it to "API".
amazon, carrefour_es, cdiscount, ebay, ecwid, eprice, ibs, magento, magento2, manomano_de, manomano_es, manomano_fr, manomano_gb, manomano_it, prestashop, privalia_es, privalia_it, shopify, spartoo_be, spartoo_cn, spartoo_de, spartoo_es, spartoo_fr, spartoo_gb, spartoo_gr, spartoo_it, spartoo_nl, spartoo_pl, spartoo_pt, storeden, vtex, woocommerce, worten_es, worten_pt, mediaMarkt_de, modivo_pl, bricobravo, miravia_es
Consult our customer care to identify the correct value.
|
| weight length width height(float) |
Values in kg and cm, with a maximum of 2 decimal places for dimensions and parcel weight.
Note
|
| content(string) | Optional content of the parcel. |
| originCountry(string) | The ISO 3166-1 alpha-2 code of the parcel's country of origin. |
| code(string) | The customer's internal code. |
| notes(string) | Optional notes to be printed on the provisional label. |
Header
The request header parameters must be set as follows:| x-label-format(string) | ZPL To get the provisional label in ZPL format. |
|---|
Body
| hash(string) | The unique hash for each parcel. Used to uniquely identify the parcel in the GET and DEL APIs. | ||||
|---|---|---|---|---|---|
| number(int) | The sequential number. | ||||
| label |
The label in the requested format (only ZPL available)
|
||||
| totalParcelCount(int) | The total number of parcels uploaded. |
Errors
All errors returned by the Qapla' API are represented using standard HTTP status codes.GETParcel
Allows you to retrieve the details of a single parcel using its unique hash identifier.GEThttps://api.qapla.it/v2/parcel/{PARCEL-HASH}
Parameters
| hash(string) | The parcel's unique hash identifier. |
|---|
Body
| number(int) | The sequential number. |
|---|---|
| weight(float) | The weight in kg with a maximum of 2 decimal places. |
| length(float) | The length in cm with a maximum of 2 decimal places. |
| width(float) | The width in cm with a maximum of 2 decimal places. |
| height(float) | The height in cm with a maximum of 2 decimal places. |
| code(string) | The internal code. |
| notes(string) | Optional notes to be printed on the label. |
| content(string) | The contents of the shipment. |
| originCountry(string) | The ISO code of the country of origin. |
| labelFormat(string) | The label format. |
| label(string) | The content of the label. |
| createdAt(string) | The creation date. |
| updatedAt(string) | The update date. |
DELETEParcel
Allows you to delete a single parcel identified by the hash.DELETEhttps://api.qapla.it/v2/parcel/{PARCEL-HASH}
Parameters
| hash(string) | The identifying hash of the parcel |
|---|
Body
| status(string) | The status of the request |
|---|---|
| message(string) | The response message |
| deletedHash(string) | The hash of the deleted parcel |
| timestamp(string) | The date and time of the request |
| affectedRows(int) | The number of affected rows |
Parcels
- Channel, represented by the Bearer Token
- Order reference (reference)
- Order origin (origin)
GETParcels
Returns the list of parcels based on the order reference and origin.GEThttps://api.qapla.it/v2/parcels/{REFERENCE}-{ORIGIN}
Parameters
| reference(string) | The order reference. |
|---|---|
| origin(string) | The origin of the order. |
Body
| totalParcelCount(int) | The total number of parcels. | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| parcels(array) | The list of parcels.
|
DELETEParcels
Allows you to delete all parcels of an order.DELETEhttps://api.qapla.it/v2/parcels/{REFERENCE}-{ORIGIN}
Parameters
| reference(string) | The order reference. |
|---|---|
| origin(string) | The origin of the order. |
Body
| status(string) | The status of the request |
|---|---|
| message(string) | The response message |
| deletedReference(string) | The reference of the deleted order |
| deletedOrigin(string) | The origin of the deleted order |
| timestamp(string) | The date and time of the request |
| affectedRows(int) | The number of affected rows |