# Whatalo API > REST API reference, authentication, webhooks, and resource endpoints - [Authentication](/docs/api/authentication): API keys, scopes, and security best practices. - [Categories & Organization](/docs/api/categories-and-organization): Organize your product catalog with categories. - [Customers & Contacts](/docs/api/customers-and-contacts): Manage customer records and contact information through the API. - [Discounts & Promotions](/docs/api/discounts-and-promotions): Create and manage discount codes and promotional campaigns. - [Error Handling](/docs/api/error-handling): HTTP status codes, error format, and complete error code reference. - [Quick Start](/docs/api/getting-started): Make your first API call in 5 minutes. - [Whatalo API](/docs/api): REST API reference and guides for the Whatalo platform. - [Managing Orders](/docs/api/managing-orders): Learn how to retrieve, update, and process orders through the API. - [What is the Whatalo API](/docs/api/overview): An overview of the Whatalo REST API and what you can build with it. - [Pagination](/docs/api/pagination): Navigate large result sets with pagination. - [Rate Limits](/docs/api/rate-limits): Understand API rate limits and how to handle them. - [API Versioning](/docs/api/versioning): How the Whatalo API handles versions and breaking changes. - [Webhooks](/docs/api/webhooks): Receive real-time notifications when events happen in a store. - [Working with Products](/docs/api/working-with-products): Learn how to create, list, update, and manage products through the API. - [Authorization Flow](/docs/api/oauth/authorization-flow): Authorization Code with PKCE step by step — the only supported flow in Whatalo OAuth 2.1. - [Building MCP Servers](/docs/api/oauth/building-mcp-servers): Advanced guide for developers building their own MCP servers that authenticate against Whatalo using OAuth 2.1. - [Discovery (RFC 8414)](/docs/api/oauth/discovery): Fetch Whatalo's Authorization Server metadata programmatically. - [OAuth Errors](/docs/api/oauth/errors): Whatalo OAuth 2.1 error codes, their meaning, and how to resolve them. - [Token Introspection (RFC 7662)](/docs/api/oauth/introspection): Validate Whatalo Bearer tokens from your Resource Server. - [OAuth 2.1 — Overview](/docs/api/oauth/overview): How OAuth enables third-party applications to act on behalf of merchants in Whatalo. - [Client Registration (RFC 7591)](/docs/api/oauth/registration): Register your application dynamically as an OAuth client in Whatalo. - [Token Revocation (RFC 7009)](/docs/api/oauth/revocation): Revoke active access tokens or refresh tokens immediately. - [OAuth Scopes](/docs/api/oauth/scopes): The 17 available scopes and the access each one grants. - [Token Endpoint](/docs/api/oauth/token-endpoint): Exchange codes for tokens and renew access tokens using refresh tokens. - [Token Exchange (RFC 8693)](/docs/api/oauth/token-exchange): Exchange a valid access token for a new one bound to a different audience or a reduced scope set, without changing the resource owner. - [Health check](/docs/api/reference/health/get) - [Health check](/docs/api/reference/api/health/get) - [Authorization Server Metadata](/docs/api/reference/-well-known/oauth-authorization-server/get) - [Token Introspection](/docs/api/reference/oauth/introspect/post) - [Dynamic Client Registration](/docs/api/reference/oauth/register/post) - [Token Endpoint](/docs/api/reference/oauth/token/post) - [Authorization Endpoint](/docs/api/reference/oauth/authorize/get) - [List categories](/docs/api/reference/v1/categories/get) - [Create a category](/docs/api/reference/v1/categories/post) - [Token Revocation](/docs/api/reference/oauth/revoke/post) - [List discounts](/docs/api/reference/v1/discounts/get) - [Create a discount](/docs/api/reference/v1/discounts/post) - [List customers](/docs/api/reference/v1/customers/get) - [Create a customer](/docs/api/reference/v1/customers/post) - [List orders](/docs/api/reference/v1/orders/get) - [List media library items](/docs/api/reference/v1/media/get) - [List products](/docs/api/reference/v1/products/get) - [Create a product](/docs/api/reference/v1/products/post) - [Get store info](/docs/api/reference/v1/store/get) - [List webhooks](/docs/api/reference/v1/webhooks/get) - [Create a webhook](/docs/api/reference/v1/webhooks/post) - [Count categories](/docs/api/reference/v1/categories/count/get) - [Delete a category](/docs/api/reference/v1/categories/id/delete) - [Get a category](/docs/api/reference/v1/categories/id/get) - [Update a category](/docs/api/reference/v1/categories/id/patch) - [Delete a discount](/docs/api/reference/v1/discounts/id/delete) - [Get a discount](/docs/api/reference/v1/discounts/id/get) - [Update a discount](/docs/api/reference/v1/discounts/id/patch) - [Validate a discount code](/docs/api/reference/v1/discounts/validate/post) - [Count customers](/docs/api/reference/v1/customers/count/get) - [Get a customer](/docs/api/reference/v1/customers/id/get) - [Update a customer](/docs/api/reference/v1/customers/id/patch) - [List countries](/docs/api/reference/v1/geo/countries/get) - [Count orders](/docs/api/reference/v1/orders/count/get) - [Get an order](/docs/api/reference/v1/orders/id/get) - [Update order status](/docs/api/reference/v1/orders/id/patch) - [Count products](/docs/api/reference/v1/products/count/get) - [Delete a product](/docs/api/reference/v1/products/id/delete) - [Get a product](/docs/api/reference/v1/products/id/get) - [Update a product](/docs/api/reference/v1/products/id/patch) - [Confirm a completed upload](/docs/api/reference/v1/uploads/complete/post) - [Request a presigned upload URL](/docs/api/reference/v1/uploads/sign/post) - [Delete a webhook](/docs/api/reference/v1/webhooks/id/delete) - [Update a webhook](/docs/api/reference/v1/webhooks/id/patch) - [Get a country](/docs/api/reference/v1/geo/countries/iso2/get) - [List order items](/docs/api/reference/v1/orders/id/items/get) - [Get inventory by product](/docs/api/reference/v1/inventory/products/productid/get) - [Adjust inventory by product](/docs/api/reference/v1/inventory/products/productid/patch) - [Attach an image to a product](/docs/api/reference/v1/products/product_id/images/post) - [List provinces for a country](/docs/api/reference/v1/geo/countries/iso2/provinces/get) - [Remove an image from a product](/docs/api/reference/v1/products/product_id/images/media_id/delete) ## See Also - [Plugin SDK](/docs/plugin-sdk/llms.txt): CLI, App Bridge, scopes, billing, UI components, and publishing guide - [Theme SDK](/docs/theme-sdk/llms.txt): Build custom themes for Whatalo storefronts - [Third-Party Integrations](/docs/third-party/llms.txt): Integration guides for external services - [Legal & Policies](/docs/policies/llms.txt): Terms, agreements, review guidelines, and data privacy