Appearance
API Calls
Base: https://api.g3nretailstack.com/slc
Source of truth: /internal-docs/slc-openapi.yaml → /slc/openapi.yaml
Notes: samples are schema-derived placeholders. Replace placeholder values (ORGCODE, SESSION_GUID, etc.) with real values.
Inventory
| Method | Path | Summary | Request schema | Response schema |
|---|---|---|---|---|
| GET | / | OAuth redirect — Shopify app install entry point | None | Envelope |
| POST | / | Dispatch SLC admin action | ActionRequest | Envelope |
| GET | /oauth/callback | OAuth callback — Shopify completes token exchange | None | Envelope |
Call details
GET /
Purpose: OAuth redirect — Shopify app install entry point
Notes: Public endpoint (no auth). Shopify redirects merchants here when they install the app (custom distribution). The handler validates the HMAC signature from Shopify and issues a 302 redirect to the Shopify OAuth authorization URL with the required scopes. Query parameters are provided by Shopify: ?hmac=...&shop=...&host=...×tamp=...
Request schema: None Response schema: Envelope
Sample request (schema-derived)
json
{}Sample response (shape-only)
json
{
"success": true,
"data": {
"note": "See Envelope"
},
"build": {
"build_id": "MONDAY-0000000000"
},
"stats": {
"call": "GET /",
"service": "slc",
"timestamp_utc": "2026-01-01T00:00:00Z"
}
}POST /
Purpose: Dispatch SLC admin action
Notes: All SLC admin operations are dispatched via a single POST endpoint. The action field in the request body determines which operation to perform. Available actions: - channel/create — Create inactive channel - channel/get — Get channel (credentials redacted) - channel/list — List channels for org - channel/update — Update name/config - channel/activate — inactive → active - channel/pause — active → paused - channel/resume — paused → active - channel/deactivate — any → inactive - channel/delete — Permanent removal (requires confirmation) - channel/export — Export config (credentials redacted) - channel/force-sync — Enqueue all explicit variants → SQS - channel/force-sync-variant — Enqueue specific variant(s) → SQS - channel/stats — Sync stats for period - channel/uninstall — Revoke token, delete webhooks, deactivate channel - channel/purge-maps — Delete all SHOPIFY_MAP# records for a channel - variants/add — Batch add to inclusion list - variants/remove — Batch remove from inclusion list - variants/list — Paginated list of included variants - facility/bind — Bind facility to channel - facility/unbind — Unbind facility - credentials/rotate — Rotate Shopify token (tests connectivity first) - audit/variant-history — Query audit by variant GUID - audit/shopify-history — Query audit by Shopify variant ID - audit/sku-history — Query audit by SKU across channels - oauth/install-url — Generate Shopify OAuth authorization URL - oauth/exchange — Exchange Shopify auth code for access token - vacuum/org — Delete all channel data for org - ping — Health check
Request schema: ActionRequest Response schema: Envelope
Sample request (schema-derived)
json
{
"action": "string"
}Sample response (shape-only)
json
{
"success": true,
"data": {
"note": "See Envelope"
},
"build": {
"build_id": "MONDAY-0000000000"
},
"stats": {
"call": "POST /",
"service": "slc",
"timestamp_utc": "2026-01-01T00:00:00Z"
}
}GET /oauth/callback
Purpose: OAuth callback — Shopify completes token exchange
Notes: Public endpoint (no auth). After the merchant approves the app on Shopify, Shopify redirects here with the authorization code. The handler: 1. Validates the HMAC signature 2. Finds the inactive channel matching the shop domain 3. Exchanges the auth code for an access token 4. Validates granted scopes against required scopes 5. Tests connectivity with a GraphQL health query 6. Encrypts the token via KMS and persists to the channel entity 7. Returns an HTML page indicating success or failure This is a separate Lambda from the admin handler, with its own DynamoDB and KMS grants.
Request schema: None Response schema: Envelope
Sample request (schema-derived)
json
{}Sample response (shape-only)
json
{
"success": true,
"data": {
"note": "See Envelope"
},
"build": {
"build_id": "MONDAY-0000000000"
},
"stats": {
"call": "GET /oauth/callback",
"service": "slc",
"timestamp_utc": "2026-01-01T00:00:00Z"
}
}