Authentication
The Malovex API lets your storefront or connector read your finished catalog — stores, products, prices, and a feed of what’s changed. It’s a server-to-server API authenticated with a bearer token.
Base URL
Section titled “Base URL”All endpoints live under /v1 on the API host:
https://api.malovex.com/v1Bearer tokens
Section titled “Bearer tokens”Every request must include an API token as a bearer token in the Authorization header:
curl https://api.malovex.com/v1/products \ -H "Authorization: Bearer mlx_xxx"Create and manage tokens in the panel under Sales Channels → API Access — see API Access & Tokens. Tokens come in two access levels:
- Connector — read only. Sufficient for every endpoint in this reference.
- Full — read and write. Required only for the write endpoints (creating and updating stores, categories, attributes, and so on).
Your account is derived from the token
Section titled “Your account is derived from the token”You never pass an account ID in the URL or a query parameter. Malovex identifies your account from the token itself, and scopes every response to your data only. A token from one account can never see another account’s catalog.
Choosing a store
Section titled “Choosing a store”Most catalog endpoints accept an optional store query parameter — the slug of the store you want to read:
curl "https://api.malovex.com/v1/products?store=eu-store" \ -H "Authorization: Bearer mlx_xxx"If you omit store, Malovex uses your default store. Call GET /v1/stores to discover the slugs you can pass.
Request format
Section titled “Request format”The API always responds with JSON. You don’t need to send an Accept header — Malovex forces JSON responses — but it’s good practice to send:
Accept: application/jsonErrors
Section titled “Errors”Authentication problems return a 401 (missing or invalid token) or 403 (a token not tied to an account). See Errors & Rate Limits for the full list.