The OpenCart API allows your application to access current data within OpenCart. Through the API, several common operations can be performed on OpenCart. Operations include:

  • create — Creates with the specified parameters.
    For example, you can add products to the cart as given by OpenCart API post request of products or product_id at
  • read — Retrieves information about the specified object.
  • query — Retrieves objects that match specified criteria.
  • update — Updates elements of an existing object.
  • upsert — Updates elements of an existing object if it exists. If the object does not exist, one is created using the supplied parameters.

Developers must authenticate with the API before issuing requests.

Some considerations must be taken while performing requests. When performing update requests, only the fields specified in the request are updated, and all others are left unchanged. If a required field is cleared during an update, the request will be declined.

Request Format

All requests to the OpenCart API:

  • Must use either HTTP GET or POST
  • Must pass credentials in an HTTP Authorization header – or – in the body of a POST request

Authentication and Request Format of OpenCart API:

Authentication requests sent to the OpenCart API URL:

  1. Must be made via SSL encrypted connection
  2. Must use HTTP POST
  3. Must contain usernameand key for the Opencart user account that will be submitting API requests

Login requests that meet these criteria will be granted an api_token id.

You can see the API username and API key at Admin >> System >> Users >> API

Both UserNAME and API key are unique to individual users. API Token ID are valid for 60 minutes. In contrast, user keys are valid indefinitely which you can regenerate as needed.

Request Parameters

usernameXThe API username
keyXThe API keys generated for the API user

CURL login example:

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => "",
    CURLOPT_POSTFIELDS => "key=ijLJxZa1kUO8DP4gp0iSHewnDN8zpf7T4c0d8qE3OBZi5sJnkWmi5GQ1UcGR6SttzCtHXv80ImiBGz8saVx5JBrQf5zTmetuSLGjLZNiLDoOWY0zpDQIHWWyh0mr4WATp4HJ3knAiV3G8AE6km0BgY4liu5Uik5w2FKFqkZHldVNOoDaKyOJhp2bCeVqxbDHJpHlv2lECKIBsglLFSZmUmv1e7rpWnyi7HCzyX14Odpq37j4coM5iuspzm3dwloX&username=rupak",
        "cache-control: no-cache",
        "content-type: application/x-www-form-urlencoded",
        "postman-token: 60329eeb-62ad-78e6-f564-486a6a1fe051"
$response = curl_exec($curl);
$err = curl_error($curl);
if ($err) {
    echo "cURL Error #:" . $err;
} else {
    echo $response;

If authentication was successful, a 32-character hexadecimal API token will be returned in the following format:

{"success":"Success: API session successfully started!","api_token":"10f6607afd57b954a853f7ce29"}

Example Curl POST Request in OpenCart API:

curl -X POST \
  '' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'postman-token: 2ef6e7f4-84d1-28ae-84b0-ae2dcebeab2f' \
  -d 'key=ijLJxZa1kUO8DP4gp0iSHewnDN8zpf7T4c0d8qE3OBZi5sJnkWmi5GQ1UcGR6SttzCtHXv80ImiBGz8saVx5JBrQf5zTmetuSLGjLZNiLDoOWY0zpDQIHWWyh0mr4WATp4HJ3knAiV3G8AE6km0BgY4liu5Uik5w2FKFqkZHldVNOoDaKyOJhp2bCeVqxbDHJpHlv2lECKIBsglLFSZmUmv1e7rpWnyi7HCzyX14Odpq37j4coM5iuspzm3dwloX&username=rupak'

Example curl GET request in Opencart API:

curl -X GET \
'' \
-H 'cache-control: no-cache' \
-H 'postman-token: 969b0a8f-aa76-5ec5-10f5-a5f768a2868d'

Here api_token=YOUR_TOKEN_VALUE

It will give the following results when there are no products:

    "products": [],
    "vouchers": [],
    "totals": [
            "title": "Sub-Total",
            "text": "$0.00"
            "title": "Total",
            "text": "$0.00"

Similarly, you can use the following OpenCart API URL:

  • index.php?route=api/login
  • index.php?route=api/cart/add
  • index.php?route=api/cart/edit
  • index.php?route=api/cart/remove
  • index.php?route=api/cart/products
  • index.php?route=api/coupon
  • index.php?route=api/currency
  • index.php?route=api/customer
  • index.php?route=api/order/add
  • index.php?route=api/order/edit
  • index.php?route=api/order/delete
  • index.php?route=api/order/info
  • index.php?route=api/order/history
  • index.php?route=api/payment/address
  • index.php?route=api/payment/methods
  • index.php?route=api/payment/method
  • index.php?route=api/reward
  • index.php?route=api/reward/maximum
  • index.php?route=api/reward/available
  • index.php?route=api/shipping/address
  • index.php?route=api/shipping/methods
  • index.php?route=api/shipping/method
  • index.php?route=api/voucher
  • index.php?route=api/voucher/add

See this post, how you can get all products through API in OpenCart:


  1. Nice tutorial Sir,
    I did exactly mentioned in tutorial.
    however I am getting this error while trying to authenticate in ( index.php?route=api/login route. )

    Notice : Undefined index: api_token in /home/public_html/catalog/controller/startup/session.php on line 8

    I think, we will get api_token after successful authentication as a respone. How can i pass the value of api_token sir.


Please enter your comment!
Please enter your name here