Skip to content

Authentication

The Malovex API lets your storefront or connector read your finished catalog — stores, products, prices, and a feed of what’s changed. It’s a server-to-server API authenticated with a bearer token.

All endpoints live under /v1 on the API host:

https://api.malovex.com/v1

Every request must include an API token as a bearer token in the Authorization header:

Terminal window
curl https://api.malovex.com/v1/products \
-H "Authorization: Bearer mlx_xxx"

Create and manage tokens in the panel under Sales Channels → API Access — see API Access & Tokens. Tokens come in two access levels:

  • Connector — read only. Sufficient for every endpoint in this reference.
  • Full — read and write. Required only for the write endpoints (creating and updating stores, categories, attributes, and so on).

You never pass an account ID in the URL or a query parameter. Malovex identifies your account from the token itself, and scopes every response to your data only. A token from one account can never see another account’s catalog.

Most catalog endpoints accept an optional store query parameter — the slug of the store you want to read:

Terminal window
curl "https://api.malovex.com/v1/products?store=eu-store" \
-H "Authorization: Bearer mlx_xxx"

If you omit store, Malovex uses your default store. Call GET /v1/stores to discover the slugs you can pass.

The API always responds with JSON. You don’t need to send an Accept header — Malovex forces JSON responses — but it’s good practice to send:

Accept: application/json

Authentication problems return a 401 (missing or invalid token) or 403 (a token not tied to an account). See Errors & Rate Limits for the full list.