Opencart API documentation for the developer: supports output formats which return a JSON response. Output formats are defined by specifying the output request parameter. With opencart API we can perform CRUD functionalities.

When we see API at Admin >> System >> Users >> API, then we are interested to explore it. We checked the catalog folder and found as in the image below:

All these tests are made in Checking the code we have to log in first. So we type the following URL but it gives me following error.

<b>Notice</b>: Undefined index: key in <b>D:\xampp\htdocs\opencart2302\catalog\controller\api\login.php</b> on line <b>11</b>[]

Again we checked the code and found that:

// Login with API Key
$api_info = $this->model_account_api->getApiByKey($this->request->post['key']);
if ($api_info) {

Which means we have to log in through the POST request. So we wrote following curl code to log in through POST URL.

We write the following code in opencartapi.php and upload to root server:


$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "",
  CURLOPT_POSTFIELDS => "------WebKitFormBoundary7MA4YWxkTrZu0gW\r\nContent-Disposition: form-data; name=\"key\"\r\n\r\nG63RZVjNnkPS3KdI8DZRrDph4LueZCRJcPwTfgnH8KzMFvVrsjp4g73YM1W3RdkTHRHyXK7c6vDVUsadxtx8c8r1uW2NWt0flPFNm5pVCq862jrBbrmztbBlPi4GWf9kQeB3YqT3uyOp7KldgRrvRu3eROSyGZZH2HEJ9sh9zSbXpm0u6wIOOdBoaNARzUOD74fHSn5iAYwCwPHeVkA29p3tkIPr8OFIzA9r3UGOXJ9xhWKojsGuKwnWEyaKuMB0\r\n------WebKitFormBoundary7MA4YWxkTrZu0gW--",
    "cache-control: no-cache",
    "content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW",
    "postman-token: dc6b20c6-b84d-3b12-3b89-e586d0058347"

$response = curl_exec($curl);
$err = curl_error($curl);


if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;


Below is the part of the code where you add your key that you have to change to yours:


Then I run

{"error":{"ip":"Warning: Your IP **.**.**.** is not allowed to access this API!","key":"Warning: Incorrect API Key!"}}

I add my IP at Admin >> Users >> API >> edit >> IP Addresses tab:

After I add my IP and run the URL again I got the successful message:

{"success":"Success: API session successfully started!","token":"kyJoxIKh9wEShzUxvBz2urUZSq"}

Following is the POSTMAN workout to achieve it.

Hope it will help somewhat to dig more about the OpenCart API.

You can check following Opencart API related posts:


  1. Hey rupak , I have a query , What if a prson has a dynamic IP or What if the IP is keep on changing on every post request. How are we going to handle that.


    • Hi @Sushil,

      May not the good Idea but you can make following changes to allow all IPs:

      Go to catalog/controller/startup/session.php and comment out if ($api_query->num_rows) { statement like below:

      //if ($api_query->num_rows) {
      // keep the session alive
      $this->db->query(“UPDATE `” . DB_PREFIX . “api_session` SET `date_modified` = NOW() WHERE `api_session_id` = ‘” . (int)$api_query->row[‘api_session_id’] . “‘”);

      With this, it will not check the listed IPs.

      Hope it is helpful

  2. how to login customer username and password ? But your article indicates it returns api token , since the login function requires 2 parameter such as username and password ? Can you please enlighten me thank you

  3. Hi thanks for the blogs you do, they extremely helpful. When using GET to fetch orders from Opencart ( index.php?route=api/order/info ) it doesn’t return but when I add order ID it does? (index.php?route=api/order/info/order_id=81) How am I able to retrieve all the orders in a list? Your advice would be greatly appreciated. Thanks

  4. Hello, I have followed your steps, but this error appeared “CORS Error: The request has been blocked because of the CORS policy”. would you please advise what is the problem?


Please enter your comment!
Please enter your name here