API Reference

The Vendor API enables authorized partners to manage inventories and query products efficiently. The API uses RESTful conventions, accepts JSON bodies, and uses HMAC-SHA256 based authentication.

Base URL https://api.relinx.xyz:3000

Authentication

All requests must include the following headers for authentication. The x-signature must be generated using your api_secret.

x-api-key

Your unique API Key Identifier.
x-timestamp

Current Unix timestamp in milliseconds.
x-signature

HMAC-SHA256 signature of the request.

Signature Algorithm

message = timestamp + method + path + body
signature = hmac_sha256(message, api_secret).hex()

Note: method should be uppercase (e.g., 'POST'). body is the raw JSON string (use empty string if no body).

GET

Query Products

Retrieve the list of active products. Use this to find valid skus for adding inventory.

Query Parameters

sku string

Filter by SKU (fuzzy match, case-insensitive).
name string

Filter by product name (fuzzy match).

GET

Query Inventories

Query the status of your inventories.

Query Parameters

status string

Filter by status: AVAILABLE, RESERVED, SOLD, etc.
card_number string

Filter by card number (fuzzy match).

POST

Add Inventories

Upload new inventory items.
Important: The card_pin must be encrypted locally using your vendor_password before sending. The API expects card_pin_en (encrypted), not the raw pin.

Body Parameters

inventories array REQUIRED

List of inventory items.

sku Product SKU (must exist).

card_number Unique card identifier.

card_pin_en Encrypted PIN (AES-256-CBC).

POST

Delete Inventories

Soft delete inventories using a list of IDs or filters.