All the basics


The API is accessed by making HTTPS requests a specific endpoint URL, in which GET, POST, PUT, PATCH, and DELETE methods dictate how your interact with the information available. Every endpoint is accessed only via the SSL-enabled HTTPS (port 443) protocol.

An example of an endpoint:


Requests must be sent over HTTPS with any payload formatted in JSON. All requests must include the APIkey header to authenticate.


In order to use the API you need an API key for authentication. This is sent along in the headers as APIkey. If you have an account, you can find your API key in Upload orders within your Dropboy account.


Find the API key here

Missing API key

If you try to send a request to our API without an API key, you will receive this error:

    "success": false,
    "errors": [
        "Missing API key"
    "error": "Missing API key",
    "result": null

Invalid API key

If you try to send a request to our API with an invalid API key, you will receive this error:

    "success": false,
    "errors": [
        "Invalid API key"
    "error": "Invalid API key",
    "result": null

Content-types & mimetypes

Make sure to use the correct content types and mimetypes when making a request. The correct content types and mimetypes can be found in each endpoint reference.


Depending on your request, the results returned may be limited. You can page through the returned results with the following query parameters.

takeDefines how many results to take. If the number is 200, it will respond with max 200 results. Usually this number is constant
skipDefines how many results to skip. Usually this number changes. To get page one, start with 0, and then add the value of take on the last skip, to get the next page.

If take is 50, skip will act this way:
Page 1: 0
Page 2: 50
Page 3: 100
Page 4: 150

Rate Limiting

Currently there is no rate limiting, however, you are requested to only poll our API with reasonable frequency. Note that Rate limiting will be implemented within the foreseeable future.


Unsure what reasonable is?

Please contact us, and tell us what you want to do. Then we can find out if it's reasonable, or find a solution for your use case.


Each response from the API will be a JSON object. The response object will contain following:

successA boolean that is true if the request was a success
errorsAn array containing all the error messages regarding the request. Is empty if there was no errors
resultIs an object or an array depending the result, but will contain the result of the request
infoAn object that contains information about the request, example the query parameters.

Information about the result

All date returning from the API, will be in UTC ISO-8601 format containing milliseconds, forexample:

Example of a success response

  "success": true,
  "errors": null,
  "result": {
    "batchFileId": "58a014865b09850011050000"

Example of an error response

    "success": false,
    "errors": [
        "File upload failed"
    "error": "File upload failed",
    "result": null

HTTP Content-Type

The response format can be determined from the HTTP Content-Type header. Most API responses are JSON (Content-Type: application/json).

application/jsonResponse is a JSON object
text/plainResponse is a textual item
application/x-yamlResponse is a YAML object
application/octet-streamResponse is raw data (reserved for later use)

HTTP response codes

The status of a response can be determined from the HTTP status code.

200OKRequest successful
304Not modified
400Bad RequestRequest was invalid
401UnauthorizedUser does not have permission
403ForbiddenRequest not authenticated
429Too many requestsClient is rate limited
405Method Not AllowedIncorrect HTTP method provided
415Unsupported Media TypeResponse is not valid JSON


The API provides access to the data stored in documents. Each document is uniquely identified with an Object ID that will be saved in the data in various ways. You can almost always use this ID to interact with a given data document (fx an order).

How to get an Order ID

Nearly every resource in the API may be uniquely identified by a 32-byte string of hex characters ([a-f0-9]). Identifier values are usually captured during resource creation (POST requests) or when fetching entire collections (GET requests) of resources. Typically they appear as an id field in the JSON resource.

  "result": {

You can always find the IDs for API resources by making a GET request to its corresponding collection endpoint. For example, to list all Order objects, a GET request may be sent to All objects listed in the result array will contain an id field; this is also known as an orderId.


The SSL certificate for Wuxus domains are changing automatically about every 6 months