API Reference

REST API endpoints for Sync As A Service.

Note: Most developers don't need to call these APIs directly. The SDK widget handles authentication, retailer connection, syncing, and MFA automatically. Use these endpoints for advanced backend integrations or custom UIs.

Base URLs:

• Production: https://sync-api.stackline.com

• Sandbox: https://sync-api-beta.stackline.com

Authentication: All requests (except GET /sync/retailers) require an OAuth access token:

Authorization: Bearer {access_token}

The SDK handles token management automatically.

Retailers (Catalog)

List Available Retailers

GET /sync/retailers

Public endpoint (no auth required). Returns all retailers users can connect.

Response:

[
  {
    "displayName": "Amazon",
    "logo": "https://media.brandclub.com/retailer_logo/1.webp",
    "syncConfig": {
      "serverSide": true
    }
  }
]

Connections (User's Linked Accounts)

List Connected Retailers

Returns user's linked retailer accounts.

Query Parameters:

Response:

Connection Statuses:

Get Connection Details

Returns a single connection. Same shape as an item in the list response.

Connect a Retailer

Connect a new retailer account. Credentials must be encrypted using the TOTP from GET /sync/auth/totp.

Note: The SDK widget handles this entire flow automatically, including credential encryption and MFA. Use this endpoint only if building a custom connection UI.

Request Body:

Response:

After connecting, poll GET /sync/sessions/:batchId to track sync progress.

Update Connection (Fix)

Re-authenticate a broken connection (status: invalid). Same encryption requirements as connect.

Request Body:

Response:

Trigger Sync for Connection

Manually trigger sync for a specific connected retailer.

Response:

Sync All Connections

Triggers sync for all connected retailers at once.

Response:

Returns { "status": "no_retailers" } if no valid connections exist.

Orders

List Orders

Returns purchase history as line-item level data.

Query Parameters:

JSON Response:

CSV Response (format=csv):

Returns a downloadable CSV file with columns: Retailer, Retailer Order ID, Order Date, Item Name, Brand, Dept, Category, SubCategory, SKU, Quantity, Price, Currency, Shipment Status, Order Total. See Data Reference for details.

Get Order Details

Returns a single order. Same shape as an item in the list response.

Trigger Order Sync

Trigger a sync to fetch latest orders.

Query Parameters:

Response:

Sync Sessions

Get Latest Sync

Returns the most recent sync session.

Response:

Global Status:

Get Sync By ID

Returns a specific sync batch. Same response shape as latest.

Per-Retailer Sync Statuses (in retailerSyncSessions[].syncStatus):

Submit MFA

Submit an MFA response during sync. Required when a retailer's syncStatus is userintervention.

Note: The SDK widget handles MFA automatically. Use this endpoint only if building a custom sync UI.

Request Body (choose method):

Request Body (enter code):

Response:

Credential Encryption

Get TOTP

Returns a time-based token for encrypting retailer credentials before calling POST /sync/connections/connect.

Note: The SDK widget handles credential encryption automatically. Use this endpoint only if building a custom connection UI.

Response:

Use token to encrypt credentials client-side. Pass currentStamp back when connecting.

User Profile

Get Profile

Returns the authenticated user's profile.

Response:

Phone number is masked for privacy (last 4 digits only).

OAuth Endpoints

Authorization

SDK handles this automatically. Permissions are configured per-client during onboarding.

Token Exchange

SDK handles this automatically.

Revoke Token

User Info (OIDC)

Standard OIDC endpoint. Returns user claims.

Response:

Errors

All errors follow this format:

Status Codes:

Rate Limits

• 100 requests/minute per user

• 10 syncs/hour per retailer

Discovery

OIDC discovery document:

JWKS for token validation: