Alright, let’s zoom in specifically on PrestaShop Webservice (the built-in API) and keep it simple + practical 👌
What is PrestaShop Webservice?
PrestaShop Webservice is the native API system that lets external systems interact with your store using HTTP.
Think of it as:
👉 a secure door to read / create / update / delete store data programmatically.
It works without installing any extra module.
What You Can Control via Webservice
Using /api/ endpoints, you can manage:
- 🛍 Products
- 📂 Categories
- 👤 Customers
- 🧾 Orders
- 🛒 Carts
- 📦 Stock (stock_availables)
- 🚚 Carriers
- 💳 Order states
- 🌍 Languages, currencies
- 👨💼 Employees (limited)
Enable PrestaShop Webservice (Step-by-Step)
- Back Office → Advanced Parameters
- Click Webservice
- Enable PrestaShop Webservice
- Click Add new webservice key
- Generate key 🔑
- Select permissions:
- GET (read)
- POST (create)
- PUT (update)
- DELETE (remove)
- Save
⚠️ No permission = no access, even with correct key.
Base Webservice URL
https://yourstore.com/api/
Example resource:
/api/products
That endpoint lists products or allows product creation (depending on HTTP method).
Authentication Method
PrestaShop uses HTTP Basic Auth
- Username → API KEY
- Password → empty
Example:
Authorization: Basic base64(API_KEY:)
Browser test:
https://API_KEY@yourstore.com/api/products
Request Types (Very Important)
| Method | Purpose |
|---|---|
| GET | Fetch data |
| POST | Create new data |
| PUT | Update existing data |
| DELETE | Remove data |
Example: Get Products (CURL)
curl -X GET "https://yourstore.com/api/products" \
-u API_KEY:
XML vs JSON
- XML → Default & safest (recommended)
- JSON → Supported in newer versions (1.7.8+)
Headers for JSON:
Accept: application/json
Content-Type: application/json
⚠️ For POST / PUT, XML is still more reliable.
Create Product Flow (Important Concept)
- GET blank schema
/api/products?schema=blank
- Fill required fields
- POST back to:
/api/products
Skipping required fields = ❌ 500 error.
Common Webservice Errors
| Error | Reason |
|---|---|
| 401 | Wrong API key |
| 403 | Permission not granted |
| 404 | Invalid endpoint |
| 500 | Invalid XML structure |
| 406 | Missing required field |
Best Practices
✔ Always fetch schema=blank
✔ Validate XML before POST
✔ Limit API key permissions
✔ Disable API if not used
✔ Use HTTPS only
Typical Real-World Uses
- ERP integration
- Mobile app backend
- Auto product upload
- Stock sync
- Order sync with accounting software
- Marketplace connectors (Amazon, Flipkart, etc.)
