To use the Miva JSON API you must be using Miva 9.12.00 or greater.
Every store has its own unique API endpoint associated with the domain name. The format will be as follow:
Note: Some stores use an alternate folder name other than "/mm5" such as "Merchant2" or "/store/". You can see what folder structure is being used under Domain Settings -> Site Configuration.
Access to the API is determined by an API Access Token. This token is generated in the Miva admin under Users - > API Tokens
It has an IP address restriction as well as user level access control. This determines the functions the API Token can run based on the user it is tied to.
Each access token is restricted to a list of IP addresses you want to have access to make API calls. It accepts a comma separated list of IPs.
|Module:module_code:Function||Domain-level module function|
|store_code:Module:module_code:Function||Store-level module function|
The API Access token needs to be passed with each API request in the JSON object. While technically the api_token can be passed as a POST/GET parameter the best practice for keeping the token obfuscated is pass it in the body of the request in the JSON data.
The Miva JSON API is accepts data in JSON format passed in the body of the request. The data sent will be determined by the funciton you wish to run and whether you are pushing or pulling data. Please see each functions specific definition on which json data is needed.
Required JSON Data with Each Request
Then depending on the function you're running, it will have its own required json you must pass to get the correct data out or to push the correct data in. See the API Function Reference Guide for details on all available functions.
All response to the JSON API whether it was successful or an error is returned will be formatted valid JSON.
Successful calls return their data as a JSON structure in the following format:
Some success response will contain additional data as well. For example when OrderItem_Update the success response looks like this:
Errors are returned in the following format:.
Some errors will include additional fields with further information about input validation errors:
There is no throttling we enforce on API requests. To the server it will appear just like any other http request. Miva will process the request and then return the results back to the client. This does mean that the burden is placed on the developer doing any integration to prevent API requests inadvertently causing a Denial Of Service attack because a client made too many API requests.
The API uses the same timeouts defined the the Miva’s stores mivavm.conf file. These are the global timeouts used across any Miva page for each site. If you need adjust timeouts, it would need to be adjusted for the entire site, not just the API requests. Default timeout in most Miva stores is 60 seconds.
API requests are not logged separately against regular requests. The server's access logs can be used to help troubleshoot any API related issues.
All date/time fields in the API will return Unix timestamps. You'll need convert the unix time to the proper date format depending on your needs.