Base URL
https://warrantee.io/api/v1Authentication
API access is limited to registered Warrantee users. Use a signed-in user Bearer token or create a dedicated server integration token via x-api-key.
Authorization: Bearer YOUR_SUPABASE_ACCESS_TOKENx-api-key: YOUR_SERVER_INTEGRATION_TOKENRate Limiting: 100 requests per minute per signed-in user or integration token, plus IP-level abuse throttles.
Security Model
Every warranty request is authenticated, scoped to the owner, seller, or issuer records of the resolved user, rate-limited, and returned with no-store cache headers.
Responses include X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Cache-Control: no-store, and Vary: Authorization, x-api-key.
Integration Tokens
Create up to 20 active tokens from a signed-in session. Warrantee shows the secret once, stores only a hash, supports read/write scopes, expiry, last-used tracking, and revocation.
Create token
POST /api/integration-tokensRevoke token
DELETE /api/integration-tokens/:id{ "name": "ERP production", "scopes": ["warranties:read", "warranties:write"], "rate_limit_per_minute": 100 }Scopes: warranties:read for list/detail access and warranties:write for create/update/delete access.
Integration Notes
Use Idempotency-Key on create requests, keep a stable reference number when possible, and use scoped server-to-server integration tokens for ERP sync jobs.
Idempotency-Key: 8f5d07d0-erp-order-102044Endpoints
/api/v1/warrantiesList Warrantiespage, limit, status, category/api/v1/warrantiesCreate Warrantyproduct_name*, start_date*, end_date*, description, serial_number, category, supplier, seller_name, seller_email/api/v1/warranties/:idGet Warrantyid (path)/api/v1/warranties/:idUpdate Warrantyproduct_name, start_date, end_date, status, category, supplier/api/v1/warranties/:idDelete Warrantyid (path)Example Request
curl -X GET "https://warrantee.io/api/v1/warranties?page=1&limit=10" \ -H "Authorization: Bearer YOUR_TOKEN"