Introduction
The Ordeliya REST API gives you programmatic access to orders, products, customers, reservations, and every aspect of your restaurant operations.
Ordeliya API
The Ordeliya API is a RESTful interface for the Ordeliya restaurant management platform. It powers the same operations available in the admin dashboard — creating products, processing orders, managing customers, configuring delivery zones, running email campaigns, and more — all accessible programmatically. Every request and response uses JSON.
Ordeliya follows a multi-tenant architecture where each restaurant (called a Website) is completely isolated. Within a Website, you can operate multiple physical locations (Stores), each with their own locale, currency, and tax settings. API tokens are always scoped to a single Store, ensuring strict data isolation between tenants.
Base URL
All API requests are made to:
https://api.ordeliya.comAll endpoints require HTTPS. Plain HTTP requests are rejected.
Authentication
The API supports two authentication methods:
| Method | Format | Use Case |
|---|---|---|
| Bearer Token | Authorization: Bearer <jwt> | Dashboard integrations, server-to-server |
| API Key | Authorization: Bearer ord_live_... | Third-party apps, long-lived integrations |
Bearer tokens (JWTs) expire in 15 minutes and are obtained via POST /auth/login. API Keys are long-lived and created in Settings → API Keys in the dashboard.
curl https://api.ordeliya.com/products \
-H "Authorization: Bearer ord_live_sk_7f3a9b2c1d4e5f6a7b8c9d0e1f2a3b4c"See the Authentication guide for full details on all three auth realms.
Response Format
Every response follows a consistent envelope:
Success (200, 201)
{
"success": true,
"data": {
"id": "prod_8kx2m4n7",
"name": "Margherita Pizza",
"basePrice": 8900
},
"meta": {
"timestamp": "2026-03-15T14:22:31.000Z",
"requestId": "req_a1b2c3d4e5f6"
}
}Paginated (200)
{
"success": true,
"data": [...],
"meta": {
"total": 247,
"page": 1,
"limit": 20,
"totalPages": 13,
"requestId": "req_f6e5d4c3b2a1"
}
}Error (4xx, 5xx)
{
"success": false,
"error": {
"statusCode": 422,
"message": "Validation failed",
"errors": [
{ "field": "basePrice", "message": "Must be a positive integer (minor units)" }
]
},
"meta": {
"requestId": "req_x9y8z7w6v5u4"
}
}The requestId is included in every response. Reference it when contacting support.
Rate Limits
Rate limits vary by plan tier. Limits are applied per Store, per minute.
| Plan | Requests / min | Burst | Webhook Deliveries / hr |
|---|---|---|---|
| Starter | 60 | 10 | 500 |
| Grow | 300 | 30 | 2,000 |
| Professional | 1,000 | 100 | 10,000 |
| Enterprise | Custom | Custom | Unlimited |
When you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header:
HTTP/1.1 429 Too Many Requests
Retry-After: 12
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1710510180Auth endpoints (/auth/login, /auth/refresh) have a stricter limit of 10 requests per minute regardless of plan.
Money Format
All monetary values are stored as integers in minor units (cents, ore, kurus):
8900 = 89.00 DKK
1999 = 19.99 EUR
24900 = 249.00 TRYNever use floating-point arithmetic for money. Divide by 100 only for display purposes.
The currency field on each Store determines the unit. Multi-currency is supported through the StoreView system.
Idempotency
For POST requests that create resources (orders, payments, customers), include an X-Idempotency-Key header to prevent duplicate operations:
curl -X POST https://api.ordeliya.com/orders \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "X-Idempotency-Key: order_checkout_abc123_1710510180" \
-H "Content-Type: application/json" \
-d '{ ... }'Idempotency keys are valid for 24 hours. Replaying a request with the same key returns the original response without creating a duplicate.
Request ID Tracing
Every response includes an X-Request-Id header and a meta.requestId field. Use this for:
- Debugging — Correlate frontend errors with backend logs
- Support tickets — Include the request ID when reporting issues
- Audit trails — Track specific operations across systems
X-Request-Id: req_a1b2c3d4e5f6SDKs & Client Libraries
Official client libraries:
| Language | Package | Status |
|---|---|---|
| TypeScript / Node.js | @ordeliya/sdk | Coming soon |
| Python | ordeliya | Coming soon |
| PHP | ordeliya/sdk | Coming soon |
In the meantime, use any HTTP client. The API follows standard REST conventions and returns JSON for all endpoints.
Quick Links
| Guide | Description |
|---|---|
| Getting Started | Make your first API call in 5 minutes |
| Authentication | JWT realms, API Keys, roles and permissions |
| Orders API | Create, track, and manage orders |
| Webhooks | Real-time event subscriptions with signature verification |