Skip to content

Developer

Public API

Read-only access to Trovekit's live catalog. No auth required. JSON. CORS enabled. Cached 5 minutes at the edge.

List products

GET https://trovekit.shop/api/v1/products
GET https://trovekit.shop/api/v1/products?category=visual
GET https://trovekit.shop/api/v1/products?q=poster&limit=10

Query params:

Get one product

GET https://trovekit.shop/api/v1/products/[slug]

Returns full details including live channels + Stripe payment link if set.

Rate limits

No hard cap yet. Be reasonable — < 60 req/min. We'll add a key-based limit if abuse becomes a problem.

OpenAPI spec

Machine-readable OpenAPI 3.1 contract:

GET https://trovekit.shop/api/openapi.json

Import into Postman, Stoplight, or your code generator of choice. Cached 1h at the edge. Spec versions with the deployed code.

Errors

Error responses follow RFC 7807 Problem Details with Content-Type: application/problem+json.

{
  "type": "https://trovekit.shop/errors/invalid_field",
  "title": "Invalid field value",
  "status": 400,
  "detail": "A valid email is required.",
  "instance": "/api/v1/dsar/request",
  "request_id": "8e1b2c4d-7890-4abc-9def-0123456789ab"
}

Every response (success + error) carries an X-Request-ID header. Quote it in any support request — server logs are indexed on it and the round trip is fast.

Idempotency

POST endpoints that mutate state accept an Idempotency-Key header. Repeating a request with the same key + same body returns the cached response without re-running the handler. Repeating with the same key + different body returns 422. Concurrent retries while the original is still in flight return 409. Keys expire after 24 hours.

POST /api/v1/dsar/request
Idempotency-Key: 8e1b2c4d-7890-4abc-9def-0123456789ab
Content-Type: application/json

{"email":"buyer@example.com","kind":"export"}

Allowed key format: 8–200 chars, [A-Za-z0-9_-./:+=]. Keys outside that shape are silently ignored — the request runs without caching.

Feeds

If you want passive updates instead of polling: