The Thor Storefront API is organized around GraphQL. Our API allows you to define the exact data you need in a single request, reducing over-fetching and under-fetching of data. It accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes.

The Thor Storefront GraphQL API uses API keys to authenticate requests. You can view and manage your API keys in the Thor Dashboard.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

To authenticate with the API, you must set the X-Api-Key header in your HTTP requests.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.