API Overview
The SweetCode Cloud API is served from your configured proxy subdomain (e.g. ssp.yourshop.com) for proxy operations, and from ssp.sweetcode.cloud for management operations.
Base URLs
Section titled “Base URLs”| Purpose | Base URL |
|---|---|
| Proxy | https://ssp.yourshop.com |
| Management | https://ssp.sweetcode.cloud |
Authentication
Section titled “Authentication”Management API endpoints require a session token passed via the sc_session cookie. Sessions are created through the magic-link login flow.
The proxy endpoint (/v1/events) uses a different authentication mechanism — a per-domain verification token passed via the X-SSP-Token header. This token is generated automatically by Pixel Manager for WooCommerce.
Proxy Endpoints
Section titled “Proxy Endpoints”POST /v1/events
Section titled “POST /v1/events”Submit tracking events for processing and forwarding to configured destinations. This is the primary endpoint used by Pixel Manager for WooCommerce.
Headers:
| Header | Required | Description |
|---|---|---|
X-SSP-Token | Yes | HMAC verification token for the domain |
Content-Type | Yes | Must be application/json |
Request Body:
{ "events": [ { "eventName": "Purchase", "eventTime": 1700000000, "eventSourceUrl": "https://yourshop.com/checkout/order-received/123/", "userData": { "email": "customer@example.com", "ipAddress": "203.0.113.42", "userAgent": "Mozilla/5.0...", "fbc": "fb.1.1700000000.AbCdEf", "fbp": "fb.1.1700000000.1234567890" }, "customData": { "currency": "USD", "value": 49.99, "orderId": "T-12345", "contents": [ { "id": "SKU-001", "name": "Widget", "quantity": 1, "price": 49.99 } ], "numItems": 1 } } ]}Supported Event Types:
| Event Name | Description |
|---|---|
PageVisit | Page view (home, category, product, etc.) |
ViewContent | Product or content page view |
Search | Search query on the store |
AddToCart | Item added to shopping cart |
AddToWishlist | Item added to wishlist |
Purchase | Completed purchase / order |
Lead | Lead form submission |
SignUp | Account registration |
Custom | Custom event (passed through as-is) |
Response (success):
{ "success": true}Error Codes:
| Code | HTTP | Description |
|---|---|---|
domain_not_configured | 404 | No domain config found for the hostname |
subscription_inactive | 403 | Plan expired or suspended |
request_limit_exceeded | 429 | Monthly request quota exhausted |
rate_limited | 429 | Too many requests per minute from this IP |
invalid_payload | 400 | Body exceeds 100 KB or fails validation |
POST /v1/pmw-events
Section titled “POST /v1/pmw-events”Pre-formatted event passthrough for Pixel Manager for WooCommerce. Events are forwarded to destination APIs as-is — the Worker injects credentials but does not transform the payload. This endpoint is used internally by Pixel Manager and is not intended for direct use.
GET /health
Section titled “GET /health”Health check endpoint. Returns 200 OK with:
{ "status": "ok"}Management API
Section titled “Management API”Management endpoints are prefixed with /v1/ on the management base URL (ssp.sweetcode.cloud). All management endpoints require an authenticated session.
Authentication
Section titled “Authentication”| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/auth/login | Request a magic link email |
| GET | /v1/auth/callback | Verify magic link token |
| POST | /v1/auth/logout | Invalidate session |
| GET | /v1/auth/me | Get current user info |
Organizations
Section titled “Organizations”| Method | Endpoint | Description |
|---|---|---|
| GET | /v1/orgs | List user’s organizations |
| POST | /v1/orgs | Create a new organization |
| GET | /v1/org/settings | Get org details + subscription |
| PATCH | /v1/org/settings | Update org name |
| GET | /v1/org/members | List members with roles |
| POST | /v1/org/members/invite | Invite a member by email |
| GET | /v1/org/usage | Current billing period usage |
| GET | /v1/org/subscription | Subscription details |
| GET | /v1/org/daily-usage | Daily usage breakdown (charts) |
| GET | /v1/org/events | Query event logs (filtered) |
Domains
Section titled “Domains”| Method | Endpoint | Description |
|---|---|---|
| GET | /v1/domains | List domains for current org |
| POST | /v1/domains | Add a new domain |
| GET | /v1/domains/:id | Get domain details |
| POST | /v1/domains/:id/verify | Verify DNS configuration |
| POST | /v1/domains/:id/regenerate-token | Regenerate sync token |
| POST | /v1/domains/:id/resync | Trigger config resync |
| DELETE | /v1/domains/:id | Remove a domain |
Sync (used by Pixel Manager for WooCommerce)
Section titled “Sync (used by Pixel Manager for WooCommerce)”| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/sync/register-callback | Register WooCommerce callback URL |
| POST | /v1/sync/domain-config | Push destination configuration |
Rate Limits
Section titled “Rate Limits”| Endpoint | Limit |
|---|---|
| Proxy events | 120 req/IP/minute |
| Login | 5 req/email/hour |
| Management API | 60 req/session/min |
Exceeding a rate limit returns HTTP 429 with a rate_limited error code.