API Reference

Last updated: May 2026

Authentication

POST /api/auth/token
Body: { "email": "...", "password": "...", "device_name": "my-app" }
Returns: { "token": "..." }

Products

GET    /api/products          – list products (paginated)
GET    /api/products/{id}     – single product
POST   /api/products          – create (auth required)
PATCH  /api/products/{id}     – update (auth required)
DELETE /api/products/{id}     – delete (auth required)

Orders

GET    /api/orders            – list orders (auth required)
GET    /api/orders/{id}       – single order
POST   /api/orders            – place order
PATCH  /api/orders/{id}/status – update status (auth required)

Menu (Restaurant)

GET    /api/menu              – full menu with categories
GET    /api/menu/items/{id}   – single item
POST   /api/orders/food       – place food order

Subscriptions

GET    /api/subscription/plans        – available plans
POST   /api/subscription/subscribe    – subscribe (auth required)
PATCH  /api/subscription/pause        – pause (auth required)
DELETE /api/subscription/cancel       – cancel (auth required)

Webhooks

Register webhooks in Settings → Webhooks. Events fired:

• order.created
• order.paid
• order.shipped
• order.delivered
• subscription.created
• subscription.cancelled

Webhook payloads include an X-Qwikr-Signature header (HMAC-SHA256). Verify it against your webhook secret.