Instructions on calling APIs
The Seller Center APIs are called through an HTTP request directed to an endpoint. Partners (ISVs) and sellers can use the official Java SDK (download link) directly or assemble HTTP requests to call the Seller Center APIs.
This section introduces how to assemble HTTP requests to call the Seller Center APIs.
API calling process
API calls require data for input and return output as the responses. The general steps for calling an API through generating HTTP request are as follows:
- Populate parameters and values
- Generate signature
- Assemble HTTP request
- Initiate HTTP request
- Get HTTP response
- Interpret JSON/XML results
System and API endpoint URLs
For each venture, staging environment and live environment are available for calling APIs. The staging environment is provided to facilitate test phases during the integration project. You must integrate your system with a server correctly. The following table lists the live and staging environment for each venture.
| Venture | Environment | URL |
|---|---|---|
| Singapore | Live environment | https://api.sellercenter.lazada.sg/ |
| Staging environment | https://api-staging.sellercenter.lazada.sg/ | |
| Thailand | Live environment | https://api.sellercenter.lazada.co.th/ |
| Staging environment | https://api-staging.sellercenter.lazada.co.th/ | |
| Malaysia | Live environment | https://api.sellercenter.lazada.com.my/ |
| Staging environment | https://api-staging.sellercenter.lazada.com.my/ | |
| Vietnam | Live environment | https://api.sellercenter.lazada.vn/ |
| Staging environment | https://api-staging.sellercenter.lazada.vn/ | |
| Philippines | Live environment | https://api.sellercenter.lazada.com.ph/ |
| Staging environment | https://api-staging.sellercenter.lazada.com.ph/ | |
| Indonesia | Live environment | https://api.sellercenter.lazada.co.id/ |
| Staging environment | https://api-staging.sellercenter.lazada.co.id/ |
Retrieving the API key
Each API call is performed by a specific Seller Center user (specified by the UserID parameter and signed by a matching API key). Take the following steps to retrieve your API key.
Step 1. Register as a seller on Lazada at:
- For the live environment: https://sellercenter.lazada.xxx/seller/register/registration_open (xxx represents the country domain name)
- For the staging environment: https://sellercenter-staging.lazada.xxx/seller/register/registration_open
Step 2. Log in the Seller Center at:
- For the live environment: https://sellercenter.lazada.xxx (xxx represents the country domain name)
- For the staging environment: https://sellercenter-staging.lazada.xxx
Step 3. Click Settings -> Manage Users.
- Add or remove users under the seller account.
- Specify the role of a user to define API groups that the user can call.
- Each user will have a unique API key when calling an API.
Security of the API key
You must ensure the security of your API key and do not share the API key with any third party.
Requests and responses
While most methods are called via GET, some write methods get additional request data sent via POST. However, sometimes the data that needs to be supplied is more than what can be transported in request parameters. In those cases, additional data is sent to the server using a POST request. The request body must be in XML format. All data (including parameter names and values) must be UTF8-encoded.
All methods return a response document, which indicates the status of the operation (either Success or Error) and optionally provides results and/or details related to the specified action. The response can be in XML or JSON format.
Common parameters
Common parameters are required in the HTTP request of every API call, listed in the following table:
| Field | Type | Description |
|---|---|---|
| Action | string | Name of the API that is to be called. Mandatory. |
| Format | string | The response format, with XML as the default. Can be XML or JSON. Optional. |
| Timestamp | datetime | Time when the request is sent, in ISO 8601 format (e.g., Timestamp=2016-04-01T10:00:00+0200). Mandatory. |
| UserID | string | The ID of the user making the call. The list of authorized users is maintained in the Seller Center web interface under Settings -> Manage Users. Mandatory. |
| Version | string | The API version against which this call is to be executed. The current version is "1.0". Mandatory. |
| Signature | string | The cryptographic signature, authenticating the request. You must create this value by computing the SHA256 hash of the request, using the API key of the user specified in the UserID parameter. The signature algorithm is described below. Mandatory. |
Business parameters
In addition to the common parameters that must be included in the API call request, the business parameters for the request are also required. Refer to the documentation of each API call for details about the business parameters.
Signature algorithm
Refer to the Signing requests section for detailed information about how to generate signature.
HTTP request sample
Assemble the HTTP request with the following information:
- API endpoint URLs
- API call name and return format
- Public parameters and business parameters
- Timestamp, user ID, and API version
- Signature
Taking the GetCategoryTree API call as example, the assembled HTTP request call looks like this:
https://api.sellercenter.lazada.sg?Action=GetCategoryTree&Format=json&Timestamp=2017-11-25T07%3A00%3A32%2B00%3A00&UserID=xxx&Version=1.0&Signature=xxx
Call limitation
You can make at most 10 parallel API calls concurrently.
Updated about 7 years ago