Skip to main content
GET
/
v1
/
cart
Get cart
curl --request GET \
  --url https://api.tybritelabs.com/v1/cart \
  --header 'Authorization: Bearer <token>'
{
  "items": [
    {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "product_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "variant_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "product_name": "Sony WH-1000XM4",
      "variant_name": "Black",
      "variant_attributes": {
        "color": "Black"
      },
      "product_sku": "SNY-WH1002",
      "thumbnail_url": "https://pub-41977a...r2.dev/.../primary-image.jpg",
      "media": [
        {
          "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
          "url": "<string>",
          "position": 123,
          "alt_text": "<string>",
          "is_primary": true
        }
      ],
      "quantity": 2,
      "unit_price": 34999,
      "selling_price": 34999,
      "total_price": 69998,
      "stock_available": 10,
      "has_variants": true,
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z"
    }
  ],
  "total_items": 123,
  "subtotal": 123,
  "session_id": "<string>",
  "customer_id": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.tybritelabs.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

API Key Authentication

Use your API key in the Authorization header:

Authorization: Bearer tybrite_sk_live_YOUR_KEY

Key Types:

Secret Keys (Server-Side Only):

  • Format: tybrite_sk_live_* (production) or tybrite_sk_test_* (sandbox)
  • Full read/write access to all endpoints
  • ⚠️ NEVER expose in client-side code or public repositories
  • Required for: write operations, authentication, payment verification, AI recommendations

Publishable Keys (Client-Safe):

  • Format: tybrite_pk_live_* (production) or tybrite_pk_test_* (sandbox)
  • Read-only access (GET requests only, plus POST semantic search)
  • ✅ Safe for client-side JavaScript, mobile apps, and public code
  • Allowed for: browsing products, search, CMS content, pricing queries

Endpoint-Specific Requirements:

  • Authentication endpoints (/v1/auth/*): Secret key required
  • Payment verification (POST /v1/payments/verify): Secret key required
  • AI Recommendations (POST /v1/recommendations): Secret key required
  • Semantic Search (POST /v1/search): Both key types allowed (read-only operation)
  • All write operations: Secret key required
  • All read operations: Both key types allowed

Using a publishable key for restricted operations returns 403 Forbidden.

Headers

x-auth-token
string

Customer session access_token from /v1/auth/login or /v1/auth/verify-otp. Required whenever customer_id is supplied so the gateway can prove the caller owns that customer record. Anonymous (session-only) carts may omit it.

X-Session-Id
string

Session ID for anonymous carts (UUID or random string stored in localStorage)

Query Parameters

customer_id
string<uuid>

Customer UUID for authenticated carts

Response

Success

items
object[]
total_items
integer
subtotal
number
session_id
string
customer_id
string