Authentication

EGKits uses OAuth2 with JWT bearer tokens scoped per tenant. Obtain credentials from your tenant administrator and include the token in the Authorization header for every API call.

Security

Always store client secrets securely. Never expose them in client-side code or version control.

Token endpoint
http
POST https://apps.egkits.com/connect/token
Content-Type: application/x-www-form-urlencoded

client_id={clientId}&client_secret={clientSecret}&grant_type=client_credentials&scope=api
Authenticated request
http
GET https://apps.egkits.com/catalog/products?page=1&pageSize=20
Authorization: Bearer {access_token}
Tenant scoping

All API calls are tenant-scoped. Include the tenant context from your OAuth token; cross-tenant access is denied.

Each API client is bound to a single tenant workspace

Tokens carry tenant_id and scope claims validated on every request

Attempting to access another tenant's resources returns 403 Forbidden

Common Endpoints

GET

/catalog/products

List products with pagination and filters

GET

/catalog/products/{id}

Get product details by id

POST

/catalog/products

Create a new product

PUT

/catalog/products/{id}

Update an existing product

DELETE

/catalog/products/{id}

Delete a product

GET

/invoices

List sales invoices

POST

/invoices

Create a new invoice

POST

/invoices/{id}/issue

Issue a draft invoice

POST

/invoices/{id}/payments

Record a payment against an invoice

GET

/tenants

List tenants and subscription info

POST

/webhooks

Register a webhook endpoint

GET

/webhooks/{id}/deliveries

List recent webhook delivery attempts

See the Invoicing guide for invoice lifecycle API examples.
Webhooks

Register webhook endpoints to receive real-time events for invoices, payments, and catalog changes.

invoice.issued, invoice.paid, payment.received

product.created, product.updated, stock.adjusted

HMAC-SHA256 signatures on every payload for verification

Webhook registration
http
POST /api/v1/webhooks
{
  "url": "https://your-app.com/hooks/egkits",
  "events": ["invoice.issued", "invoice.paid"],
  "secret": "{yourSigningSecret}"
}
Rate limits

Default 1,000 requests/minute per tenant API key. Burst allowance applies; 429 responses include Retry-After.

Tier Limit Notes
Standard 1,000 / min Per tenant API key
enterprise 5,000 / min Negotiated per contract
Conventions

Versioning

Path-based: /api/v1/...

Pagination

page, pageSize, totalCount

Filtering

q, sortBy, sortDir

Errors

Problem Details (RFC 7807)

Error response example
json
{
  "type": "https://tools.ietf.org/html/rfc7807",
  "title": "Not Found",
  "status": 404,
  "detail": "Product with id '123' was not found.",
  "instance": "/catalog/products/123"
}
SDKs

.NET SDK (coming soon)

JavaScript SDK (coming soon)


Guides

Support