REST API · OpenAPI 3.1

Todo lo que hace Wafle es callable por REST. La spec OpenAPI 3.1 está pública y se regenera con cada release del core. Si la podés hacer en el dashboard, la podés hacer por API.

Spec en vivo
https://wafle.click/wp-json/waffle/v1/openapi.json
Pegala en Swagger UI, Stoplight, Insomnia, Postman o el viewer que prefieras. Genera clients automáticamente con openapi-generator.

Namespaces

El árbol de endpoints está organizado por dominio:

  • /wp-json/waffle/v1/auth/* — login, refresh, API keys, OAuth providers.
  • /wp-json/waffle/v1/products/* — catálogo, variantes, stock, categorías, imágenes (R2 signed URLs).
  • /wp-json/waffle/v1/orders/* — checkout, fulfillment, refunds, notes, tracking.
  • /wp-json/waffle/v1/customers/* — CRUD de customers, vista 360°, tags, notas.
  • /wp-json/waffle/v1/integrations/* — Mercado Pago, Stripe, Andreani, AFIP, Meta Ads, Google Ads, marketplace feeds.
  • /wp-json/waffle/v1/ai/* — chat con el agente, ejecutar tools, históricos, créditos.
  • /wp-json/waffle/v1/agents/* — gestionar agentes (multi-staff, scopes, routines).
  • /wp-json/waffle/v1/emails/* — flows, templates, sender reputation, quota.
  • /wp-json/waffle/v1/identity/* — Identity Graph, lookalike, audiencias, forget/export.
  • /wp-json/waffle/v1/pixel/* — ingestión de eventos, validación, bot filtering.
  • /wp-json/waffle/v1/webhooks/* — registrar destinos, reintentar entregas, firma HMAC.

Auth

API keys con scope per-tenant. Formato: wpk_ + 32 chars firmado. Generá las tuyas desde /admin/account → API Keys. Soportan scopes (read/write por namespace) y expiry.

curlbash
curl https://wafle.click/wp-json/waffle/v1/products \
  -H "Authorization: Bearer wpk_•••••••••••••"

3 ejemplos curl reales

1. Crear un producto con variantes

bashbash
curl -X POST https://wafle.click/wp-json/waffle/v1/products \
  -H "Authorization: Bearer wpk_••••" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Remera oversize negra",
    "description": "Algodón peinado 24/1, corte oversize.",
    "category_id": 14,
    "currency": "ARS",
    "variants": [
      { "sku": "TEE-OVS-BLK-S", "size": "S", "price": 18900, "stock": 5 },
      { "sku": "TEE-OVS-BLK-M", "size": "M", "price": 18900, "stock": 8 },
      { "sku": "TEE-OVS-BLK-L", "size": "L", "price": 18900, "stock": 3 }
    ],
    "images": [
      "https://r2.wafle.click/uploads/tee-blk-front.jpg",
      "https://r2.wafle.click/uploads/tee-blk-back.jpg"
    ]
  }'

2. Listar órdenes de hoy con pagos OK

bashbash
curl "https://wafle.click/wp-json/waffle/v1/orders?\
status=paid&\
created_after=2026-05-06T00:00:00Z&\
include=customer,items,shipping&\
per_page=50" \
  -H "Authorization: Bearer wpk_••••"

3. Marcar una orden como enviada y disparar email

bashbash
curl -X POST https://wafle.click/wp-json/waffle/v1/orders/8842/fulfill \
  -H "Authorization: Bearer wpk_••••" \
  -H "Content-Type: application/json" \
  -d '{
    "carrier": "andreani",
    "tracking_number": "1Z999AA10123456784",
    "notify_customer": true
  }'

SDKs

  • JavaScript/TypeScriptnpm i @wafle/sdk
  • PHPcomposer require wafle/sdk
  • Pythonpip install wafle
tsts
import { Wafle } from '@wafle/sdk';

const w = new Wafle({ apiKey: process.env.WAFLE_KEY!, tenant: 'gamerland' });

const order = await w.orders.create({
  customer_id: 482,
  items: [{ sku: 'TEE-OVS-BLK-M', qty: 2 }],
  shipping: { carrier: 'andreani', address_id: 91 },
});

console.log('ARS', order.total / 100, 'orden', order.id);

Rate limits

  • /wp-json/waffle/v1/track — 200 req/burst, 30 conn — ingestión Pixel.
  • /wp-json/waffle/v1/* — 20 req/burst, 10 conn — uso normal.
  • /wp-json/waffle/v1/webhooks/* — sin límite (bursty by design).

Cuando te pasás, la API devuelve 429 con header Retry-After. Los SDKs implementan exponential backoff por default.

Webhooks

Registrá un endpoint con POST /webhooks. Cada evento llega firmado con HMAC-SHA256 en X-Wafle-Signature. Verificá:

tsts
import { createHmac, timingSafeEqual } from 'crypto';

function verify(rawBody: string, signature: string, secret: string) {
  const expected = createHmac('sha256', secret).update(rawBody).digest('hex');
  return timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
}

Errores

Todos los errores siguen el shape RFC 7807 (problem+json):

jsonjson
{
  "type": "https://wafle.click/errors/insufficient_stock",
  "title": "Stock insuficiente",
  "status": 422,
  "detail": "El SKU TEE-OVS-BLK-M tiene stock 3, pediste 5.",
  "instance": "/wp-json/waffle/v1/orders",
  "fields": { "items[0].qty": "max=3" }
}

Siguientes

  • MCP Server — los mismos endpoints como tools para Claude.
  • Plugin SDK — agregar tus propios endpoints REST.