Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sellfern.com/llms.txt

Use this file to discover all available pages before exploring further.

Public integrations authenticate with the x-api-key header. Do not use browser session JWTs for server-to-server integrations. 
curl https://api.sellfern.com/orders \
  -H "x-api-key: $SELLFERN_API_KEY"

API keys

API keys are scoped to one organization and a narrow set of permissions. Create separate keys for separate integrations so they can be revoked independently.

Scopes

Use the minimum scope set required for the integration. The API Reference lists the required scope behavior for each endpoint. Examples of public V1 scopes include orders:read; request additional scopes only when the referenced endpoint requires them. If a valid key lacks the required scope, Sellfern returns 403 missing_scope.

Organization isolation

Every public API read and write is evaluated within the API key’s organization boundary. If a request references a resource from another organization, Sellfern returns 404 not_found instead of disclosing that another organization owns the resource.

Do not use browser JWTs

Browser or user session JWTs are for the Sellfern web app. Server-to-server integrations, scripts, workflow tools, and AI agents must use scoped API keys through x-api-key.