Apparel Monster — Developer Portal

Everything you need to integrate with Apparel Monster's agent-facing APIs, MCP server, agentic-commerce protocols, and authentication — organized by role.

Quick start

No signup required for catalog reads. The Storefront API is public and JSON:API-formatted.

curl 'https://spree.apparel.monster/api/v2/storefront/products?per_page=5'

For a full working example (browse → cart → checkout in ~30 lines): see the quickstart guide.

Documentation

Quickstart

A working integration in 60 seconds. Curl + TypeScript SDK + MCP transport examples.

Authentication

Step-by-step OAuth 2.0, PKCE, order_token, and API-key flows. Pre-approved signing keys. Webmaster contact.

API reference

Structured endpoint reference for Storefront, Platform, and OAuth APIs. Filters, pagination, errors, rate limits.

Streaming

MCP streamable-HTTP transport, SSE patterns, long-running tool responses.

Webhooks

Outbound event model (polling today), inbound webhooks, and how agents can react to order/stock/price changes.

Scopes & permissions

read, write, admin — what each scope grants, plus the OpenAPI securitySchemes and RFC 8414 metadata.

APIs & OpenAPI specs

API	Base URL	Auth	OpenAPI 3.0
Storefront API v2	`/api/v2/storefront/`	none (reads), order_token (cart), Bearer (customer)	storefront.yaml
Platform API v2	`/api/v2/platform/`	OAuth2 Bearer (admin scope)	platform.yaml
OAuth 2.0	`/spree_oauth/`	—	oauth.yml

Agentic commerce protocols

Protocol	Discovery URL	Role
A2A Agent Card	/.well-known/agent-card.json	merchant (AP2 extension)
ACP (OpenAI)	/.well-known/acp.json	merchant
UCP (Google)	/.well-known/ucp	checkout / fulfillment / discount
MCP Server Card	/.well-known/mcp/server-card.json	8 tools + 3 UI resources
MCP Discovery	/.well-known/mcp	minimal URL pointer
MCP Endpoint	dfe0ea20ac20.agentic.checkouttools.com/mcp	streamable-http (JSON-RPC 2.0)
x402 payment	/api/agent-access	HTTP 402 on Base Sepolia (testnet)
Web Bot Auth	/.well-known/http-message-signatures-directory	Ed25519 JWKS

Discovery manifests

RFC 9727 API Catalog — machine-readable link-set with 4 API products
Agent Skills Index — 4 SKILL.md files with agent-facing usage guides
OAuth AS Metadata (RFC 8414)
OAuth Protected Resource Metadata (RFC 9728)
NLWeb Schema Map — XML index of structured feeds
Products feed — 116 schema.org Product records in JSON-LD
llms.txt — LLM-friendly site summary
llms-full.txt — full content bundle
Pricing — machine-readable pricing and shipping tiers
?mode=agent — structured JSON summary of site capabilities
/status — operational status JSON

Authentication at a glance

Method	Header	Scopes
Anonymous cart	`X-Spree-Order-Token: <token>`	implicit
OAuth2 password	`Authorization: Bearer <token>`	`read`, `write`
OAuth2 authorization_code + PKCE	`Authorization: Bearer <token>`	`read`, `write`
OAuth2 client_credentials	`Authorization: Bearer <token>`	`admin`
Publishable Store API key	`X-Spree-Token: <key>`	public read

SDKs

@spree/storefront-api-v2-sdk — official TypeScript/JavaScript SDK: github.com/spree/spree-api-v2-js-sdk
Next.js storefront — reference implementation: github.com/spree/storefront
OpenAPI codegen — generate clients for any language from storefront.yaml

Rate limits

Response headers on all calls: X-RateLimit-Limit: 60, X-RateLimit-Remaining: 60, X-RateLimit-Reset: 60, X-RateLimit-Policy: 60;w=60. On 429, honor Retry-After: <seconds>. Error responses are JSON with a retry_after_seconds hint. See /status for live policy.

Contact

For production API keys, admin OAuth client credentials, or agentic-commerce (ACP/UCP/MCP) access beyond the pre-approved UCP signing keys, contact the webmaster. Include your integration name, requested scopes, and callback URLs.