# Calling Norce Commerce Management API This page provides a comprehensive guide to integrating with the Norce Commerce Management API. The API enables programmatic access to configuration and business logic that is otherwise managed through the Norce Admin UI. ## Overview The Norce Management API is designed for system integration scenarios where automation or synchronization of configuration and business logic is required. It supports most tasks available in the Admin UI, except those already covered by other APIs or those that are UI-specific. ### Common Use Cases - Update product catalogue metadata (flags, categories, parametrics) - Manage price lists and promotion rules - Manage client and application configurations - Extract, compare, or synchronize configurations between environments, applications, or clients **API Reference:** - [Management API Reference Documentation](/api-reference/management/openapi) - [Postman Example Collection](https://documenter.getpostman.com/view/2973406/2sAYkDNgen) ## Scope, Limits, and Restrictions The Management API is available only for Norce Commerce environments. Most Admin UI tasks are supported unless they are already available through other APIs. **Not in Scope:** - Product data management (handled by the Connect API) - UI-related features (e.g., reports, dashboards) - Payment and delivery methods > **Note:** Product management is performed via the Connect API, not the Management API. ## Authentication and Security The Management API uses [OAuth2](https://oauth.net/2/) for authentication. Credentials are created in the Admin UI. - **Resource Access:** Ensure the "Norce Management" resource is enabled for your OAuth account in the Admin section. - **HTTPS Required:** All API calls must use HTTPS. **Figure description:** The following image shows the required resource selection in the Admin UI: ![Order receiver config](/assets/oauth-resources-access-2.6a17fa17095effcf03813cfc9e30478d0d3b116dcad2fe37c231c319a69c12a1.003e135d.png) *Image: OAuth resource selection for Management API access in Norce Admin UI* For more details, see [Accessing APIs with OAuth2 accounts](/api-reference/accessing-apis-with-oauth2-accounts). ## HTTP Status Codes The API uses [standard HTTP status codes](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) to indicate request outcomes. ## REST API Standards The Management API follows REST conventions for endpoints and HTTP methods: - `GET`: Retrieve items or lists - `POST`: Insert new items - `PUT`: Update all fields of an item - `DELETE`: Remove an item (used only in specific cases) > **Important:** - `PATCH` is not supported. - `DELETE` is rarely used; most deletions are handled by setting `isActive = 0` via `PUT`. - To "undelete," update the item with `isActive = 1`. ## Data Structure Notes ### The `$id` Field Each returned data element may include a `$id` field. This is used internally for reference tracking and can be ignored by integrators. ## Required HTTP Headers To ensure correct processing and traceability, the following headers must be included in all requests: - `application-id`: Identifies the application context. The format follows REST API conventions. - `account-id`: Tags changes to a specific account. This should be a valid, active system account (preferred) or user account. > **Account ID Restrictions:** The account ID must belong to an active account for the application. If the account is deleted or locked, integration will fail. **How to create a system account:** Create and manage system accounts in the Admin UI under [System Settings](https://norce-open-demo.admin-se.playground.norce.tech/settings/system). ## Example: Using Postman A [Postman collection with example requests](https://documenter.getpostman.com/view/2973406/2sAYkDNgen) is available to help you get started with the Management API.