Quick Start

This quick start tutorial will provide you with simple steps to start using the Vend API.

You can think of this document as the ‘Hello, World!’ of Vend’s API. It will take you from zero to your first API request. Vend’s API can be used to extend Vend’s functionality, and to integrate with other software in the Retail ecosystem.

What you’ll need

Please install Postman, or alternatively, use your favourite software development environment.

With simplicity in mind, we will use a GUI to connect to Vend’s API for this tutorial. Please feel free to use a software development platform instead, but this tutorial will use a GUI tool called Postman. By all means use your favourite software development platform in place of Postman, but software development tools are out of scope for this document.


  • Choose how to connect:
    • A. Personal Tokens: retailers can create a Personal Token.
    • B. Add-ons: independent developers should register as a Vend developer, and create an application.
      • For add-ons, set up a test retailer account, and then pair a retailer account with your application.
  • For both personal tokens and add-ons:
    • Consult the API documentation to discover API Endpoints.
    • Invoke the API using Postman, to retrieve some useful information about the retailer.
  • What Next?

Choose how to connect

There are two ways to work with Vend’s API - Personal Tokens and Add-ons. You can decide which to use, as follows:

  • A. Personal Tokens are for use by individual retailers (and their developers), to connect to that single Vend retailer account.
  • B. Add-ons are registered independently by developers, and can be connected to multiple retailers.
  • Add-ons and applications are interchangeable names. The Developer Portal uses the term ‘application’, but elsewhere, ‘add-on’ is used.

Head over to Authorization for a detailed reference about authentication and authorization.

A. Personal Tokens

As a retailer [Admin users only], you can use a Personal Token to access the API.

Even as an integrator, Personal Tokens can be used as a quick way to explore the API - you can set up a Test Store for testing, and then generate personal tokens to interact with that store.

Personal Tokens, Step 1 - Create a Personal Token

Create a Personal Token, and keep the token somewhere secure.

Personal Tokens, Step 2 - Connect to the API

Using Postman (please download and install it), you can configure the OAuth flow, as follows.

These instructions are correct as of Postman v7.20.1.

  • Create a new request. GET, https://{domain_prefix}.vendhq.com/api/2.0/retailer
  • Select the Authorization tab.
    • Type: Bearer Token
    • Token: (enter the Personal Token which you created in Step 1)
    • If you want to share this request in Postman, you should use Environment Variables to store the token separately.
  • Click Send.
    • You should now see the response body with a JSON representation of the retailer entity associated with this account.
    • Congratulations, you are now a Vend API user!

B. Add-ons

As a developer - independent of retailers - you should consider registering yourself on our developer portal, and creating a Vend Application. Add-ons are also known as Vend applications.

This will provide you with a secured way to register your application with a retailer, and to grow your user-base.

Add-ons, Step 1 - Registration as a Developer and Create an application

To create an application, first of all you’ll need to register as a Vend Developer.

Secondly, you will need to create an application. When you create an application, you will be asked to specify a ‘Callback URL’.

Callback URL

The Callback URL is a page on your website which is intended to pair your application with a Vend retailer. See the Authorization page for more details.

For the purposes of this tutorial, when using Postman, it doesn’t matter what you use, as long as it is a valid URL - it can just be ‘http://example.org/callback’. Postman will intercept the OAuth 2.0 flow before following the redirect, and complete the steps itself. Postman is clever.

**NOTE: You will notice that a newly created app is marked as Not Approved. Don’t worry! You can still use this app. Not Approved just means that you can only connect your application to 30 Vend retailer accounts. This should be more than enough for private apps or testing/staging environments. You only need to get our approval for production ready, public applications. **

The application will have 3 fields associated with it, a Redirect URL, a Client ID, and a Client Secret. We will need these in order to connect the application to a retailer, below.

Add-ons, Step 2 - set up a test store

As an integrator, you may want to set up a retailer account to test your software before shipping it to retailers.

Initially you can sign up for a trial store in the usual way.

Please contact api@vendhq.com to discuss long-term requirements.

For the following steps, let’s assume your test store’s domain prefix is {domain_prefix}.

Add-ons, Step 3 - Connect your application to the retailer account, and send a request.

In order to connect your add-on to a retailer, you need to perform the OAuth2 connection flow.

Typically an add-on initiates this flow, and the retailer will be presented with a ‘Consent’ screen.

Using Postman (please download and install it), you can configure the OAuth flow, as follows.

These instructions are correct as of Postman v7.20.1.

  • Create a new Request. GET, https://{domain_prefix}.vendhq.com/api/2.0/retailer
  • Select the Authorization tab.
    • Type: OAuth 2.0
    • Click on Get a new Access Token.
  • In the Get New Access Token dialog:
    • Grant Type: Authorization Code
    • Callback URL: (see Step 1). This would normally point to a URL hosted by you, the developer.
    • Auth URL: https://secure.vendhq.com/connect
    • Access Token URL: https://{domain_prefix}.vendhq.com/api/1.0/token
    • Client ID: (see Add-ons, Step 1)
    • Client Secret: (see Add-ons, Step 1)
    • Scope: [blank]
    • State: any string of your choice (you can use this to match the oauth callback to the original request)
  • Click Request Token.
    • You will then be asked to specify your Domain Prefix {domain_prefix}, and then log into your retailer credentials. This will need to be any user with the admin role.
    • You will then be asked to ‘Connect to the Application’.
    • Finally, you will be redirected back to Postman. You’ll see a dialog showing your token, with ‘Access Token’, ‘Type: Bearer’, expires_in: 86400 (24 hours), your domain prefix, and a ‘Refresh Token’.
  • Click Use Token.
    • The dialog will now close.
  • Click Send.
    • You should now see the Response Body, containing a JSON representation of the retailer entity for your account.
    • Congratulations, you are now a Vend API user!

What Next?

Now that you know how to access Vend’s API, please explore the documentation - we recommend returning to the Introduction document.

Postman is a useful tool for exploring the API, but add-on developers normally need to perform some extra steps to work with OAuth (unless using a platform like Zapier, which supports OAuth2 already):

  • Add-on developers will usually need some extra work to manage tokens and registration. Unless you are using a packaged platform like Zapier (or Vend Personal Tokens), you will need to implment an OAuth 2.0 client.
    • The Redirect URL should be a dynamic web page hosted by you, the developer. It should be designed to interpret an OAuth 2.0 Code Grant.
    • The Redirect URL processes the redirect according to the OAuth 2.0 spec, and then invoke Vend’s /api/1.0/token endpoint.
    • The add-on needs to securely store an access token and a refresh token for each retailer.
    • The add-on needs to handle access token expiry and refreshing of tokens (again, according to the OAuth 2 standard). Depending on your technology platform, there may be a library which you can use for this. Even if not, it’s feasible to write the handler yourself.
    • Refer to Authorization for a more detailed reference for these steps.
  • Typically an add-on invokes the API several times, using the data from one response in subsequent requests.

For more Postman tips, please check the Postman documentation.