Documentation
Authentication
Bearer token authentication and error handling for the public integration API.
Authentication
Every request must include the integration token in the Authorization header.
Authorization: Bearer <PUBLIC_INTEGRATION_API_TOKEN>curl https://expo.wie.dev/v1/stores \
-H "Authorization: Bearer $PUBLIC_INTEGRATION_API_TOKEN"Warning
Requests without a valid bearer token return 401 unauthorized. If the server-side integration token is not configured, the API returns 503 not_configured.
Response format
Successful responses return JSON. Validation and authentication failures use a shared error envelope.
{
"error": {
"code": "validation_failed",
"message": "Request validation failed",
"issues": [
{
"path": "limit",
"message": "Limit must be between 1 and 100",
"code": "invalid_value"
}
]
}
}| Status | Code | When it happens |
|---|---|---|
400 | validation_failed | Query parameters, path parameters, or request body fields are invalid. |
401 | unauthorized | The bearer token is missing or incorrect. |
404 | not_found | The requested store, protocol, exposition, or related resource does not exist. |
503 | not_configured | Public integration access is not configured on the server. |
Token handling
- Keep the token server-side. Do not expose it in browser clients.
- Rotate the token if it is shared outside trusted integration infrastructure.
- Use HTTPS only; production requests should target
https://expo.wie.dev.