On This Page
Overview
The BuildMyOnlineStore API enables third-party applications to integrate with merchant storefronts for checkout processing. This API is designed for separating consumer checkout experiences from merchant shopping carts.
Base URL
https://app.buildmyonlinestore.com
Use Cases
- External checkout applications (secure.checkout.best integration)
- Custom payment gateways
- Shopping cart integrations
- Product feed aggregators
- ChatGPT commerce integrations (ACP)
Architecture
- Product Catalog: db.51exports.com (product database only - read-only)
- Payment Processing: secure.checkout.best (handles ALL payments, cart, checkout)
- Storefront Builder: app.buildmyonlinestore.com (this API - CMS/builder only)
Important: BuildMyOnlineStore does NOT handle payments or Stripe.
All payment processing is managed by secure.checkout.best.
BuildMyOnlineStore is purely a storefront builder/CMS.
Authentication
All API requests require authentication using GFAVIP SSO tokens.
Token Format
Authorization: Bearer gfavip-session-{token}How to Obtain Tokens
- Merchants authenticate via GFAVIP SSO
- Token is provided in the SSO callback
- Token must be validated with
GET /api/auth/validate - Use the token in API requests
GET
/api/auth/validate
Validate GFAVIP SSO token and retrieve user data
Headers: Authorization: Bearer gfavip-session-{token} Required
Response:
{
"valid": true,
"user": {
"id": "7ee04dbe-17f1-45ca-b8b5-a6e34098b074",
"email": "merchant@example.com",
"username": "merchant123",
"tier": "paid",
"credits": 150
}
}Storefronts API
Access merchant storefronts and configuration data.
GET
/api/storefronts
List all storefronts for the authenticated merchant
GFAVIP Mini-App Compatible: This endpoint accepts GFAVIP SSO tokens from mini-apps like DropShipSiteToday.
Headers: Authorization: Bearer gfavip-session-{token} Required
Response:
{
"storefronts": [
{
"id": "uuid",
"store_name": "My Store",
"catalog_id": "catalog-uuid",
"product_id": "SKU-123",
"storefront_type": "multi_product",
"theme": "modern",
"color_code": "#667eea",
"status": "active",
"checkout_best_store_id": "checkout-uuid",
"created_at": "2025-11-24T10:00:00Z",
"updated_at": "2025-11-24T12:00:00Z"
}
]
}
GET
/api/storefronts/{id}
Get detailed information about a specific storefront
URL Parameters: id (storefront UUID) Required
Headers: Authorization: Bearer gfavip-session-{token} Required
Response: Same structure as above, single object
POST
/api/storefronts
Create a new storefront for the authenticated merchant
Headers: Authorization: Bearer gfavip-session-{token} Required
Body:
catalog_id- UUID of the product catalog Requiredproduct_id- SKU or product ID Requiredstore_name- Name for the storefront Requiredstorefront_type- "ai_single_product" or "buy_now_buttons" Optionaltheme- "modern", "minimal", "bold", or "elegant" Optionalcolor_code- Hex color for branding (e.g., "#667eea") Optionaluse_stripe- Enable Stripe payments (default: true) Optional
Request Example:
{
"catalog_id": "abc123-uuid",
"product_id": "SKU-001",
"store_name": "My Awesome Store",
"storefront_type": "ai_single_product",
"theme": "modern",
"color_code": "#667eea"
}
Response:
{
"id": "new-storefront-uuid",
"checkout_best_store_id": "checkout-store-uuid"
}
Tier Limits: Free tier: 1 storefront max. Paid tiers: 50 storefronts max.
Product Feed API
OpenAI Agentic Commerce Protocol (ACP) compatible product feeds. The public BMOS feed schema, examples, and version proposals are maintained in the BMOS Agentic Commerce Standard.
GET
/agentic-commerce/feeds/{storefront_id}
Get OpenAI-compliant product feed for a storefront
URL Parameters: storefront_id (UUID) Required
Versioning: the primary endpoint returns the current recommended feed version. Legacy consumers may request
?version=0.1 when supported.
Standard: Feed v0.1 spec and Feed v0.2 proposal
Response (OpenAI ACP Format):
{
"merchant_id": "merchant-uuid",
"storefront_id": "storefront-uuid",
"products": [
{
"id": "SKU-123",
"name": "Premium Wireless Speaker",
"description": "High-quality bluetooth speaker...",
"price": 79.99,
"currency": "USD",
"image_url": "https://example.com/image.jpg",
"availability": "in_stock"
}
],
"checkout_enabled": true
}
GET
/api/products/{product_id}
Get detailed product information from db.51exports.com
URL Parameters: product_id (SKU) Required
Headers: Authorization: Bearer gfavip-session-{token} Required
Response:
{
"id": "SKU-123",
"title": "Premium Wireless Speaker",
"description": "High-quality bluetooth speaker...",
"price": 79.99,
"image": "https://example.com/image.jpg",
"category": "Electronics",
"in_stock": true
}Checkout Integration
BuildMyOnlineStore uses secure.checkout.best for ALL checkout processing.
Storefronts automatically include the checkout.best JavaScript widget. No API calls needed from your application.
How It Works
- When a storefront is created, BuildMyOnlineStore provisions a dedicated checkout.best store
- Exported static HTML includes the widget script with the store ID
- The widget handles cart, checkout, and payment processing
- Order confirmations are sent via webhook (for display purposes only)
Widget Integration (Automatic)
<script src="https://secure.checkout.best/widget.js"
data-store="STORE_ID"></script>
<button class="checkout-best-btn"
data-sku="PROD-001"
data-name="Product Name"
data-price="19.99">
Buy Now
</button>Webhook Endpoint
POST
/api/webhooks/checkout-best
Internal endpoint that receives order.paid events from checkout.best (not for external use)
GET
/agentic-commerce/status
Check ACP availability and regional support
Query Parameters: country (ISO code, default: US) Optional
Response:
{
"acp_enabled": true,
"message": "ChatGPT commerce integration available",
"regions_supported": ["US"]
}Code Examples
JavaScript/Node.js
// Get merchant's storefronts
async function getMerchantStorefronts(ssoToken) {
const response = await fetch('https://app.buildmyonlinestore.com/api/storefronts', {
headers: {
'Authorization': `Bearer ${ssoToken}`,
'Content-Type': 'application/json'
}
});
return await response.json();
}
// Get product feed
async function getProductFeed(storefrontId) {
const response = await fetch(
`https://app.buildmyonlinestore.com/agentic-commerce/feeds/${storefrontId}`
);
return await response.json();
}
// Initiate checkout
async function initiateCheckout(productId, storefrontId, quantity = 1) {
const response = await fetch(
'https://app.buildmyonlinestore.com/agentic-commerce/checkout',
{
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
product_id: productId,
storefront_id: storefrontId,
quantity: quantity
})
}
);
const data = await response.json();
if (data.checkout_url) {
window.location.href = data.checkout_url;
}
return data;
}Python
import requests
def get_merchant_storefronts(sso_token):
"""Get all storefronts for authenticated merchant"""
headers = {
'Authorization': f'Bearer {sso_token}',
'Content-Type': 'application/json'
}
response = requests.get(
'https://app.buildmyonlinestore.com/api/storefronts',
headers=headers
)
return response.json()
def get_product_feed(storefront_id):
"""Get OpenAI ACP-compliant product feed"""
response = requests.get(
f'https://app.buildmyonlinestore.com/agentic-commerce/feeds/{storefront_id}'
)
return response.json()
def initiate_checkout(product_id, storefront_id, quantity=1):
"""Initiate checkout process"""
data = {
'product_id': product_id,
'storefront_id': storefront_id,
'quantity': quantity
}
response = requests.post(
'https://app.buildmyonlinestore.com/agentic-commerce/checkout',
json=data
)
return response.json()cURL
# Get storefronts (authenticated)
curl -X GET "https://app.buildmyonlinestore.com/api/storefronts" \
-H "Authorization: Bearer gfavip-session-abc123" \
-H "Content-Type: application/json"
# Get product feed (public)
curl -X GET "https://app.buildmyonlinestore.com/agentic-commerce/feeds/{storefront_id}"
# Initiate checkout
curl -X POST "https://app.buildmyonlinestore.com/agentic-commerce/checkout" \
-H "Content-Type: application/json" \
-d '{
"product_id": "SKU-123",
"storefront_id": "uuid",
"quantity": 1
}'Internal Service-to-Service API
For authorized GFAVIP mini-apps (e.g., dropshipsitetoday) to provision storefronts on behalf of users.
Authentication: These endpoints require a shared service secret in the
X-Service-Secret header.
Contact GFAVIP to obtain your service secret.
POST
/api/internal/provision-storefront
Create a storefront on behalf of a GFAVIP user
Headers:
X-Service-Secret- Shared service secret RequiredContent-Type: application/json
Body:
gfavip_user_id- User's GFAVIP ID Requiredgfavip_email- User's email for account linking Requiredstore_name- Name for the storefront Requiredsource_app- Your app identifier (e.g., "dropshipsitetoday") Requiredcatalog_id- 51Exports catalog UUID Optionalstorefront_type- Default: "multi_product" Optionaltheme- Default: "modern" Optionalcolor_code- Default: "#667eea" Optional
Success Response (201 Created):
{
"success": true,
"storefront": {
"id": "new-storefront-uuid",
"store_name": "My Store",
"checkout_best_store_id": "checkout-store-uuid",
"status": "active",
"created_at": "2025-12-18T10:00:00Z"
}
}
Error Response (409 Conflict - Limit Reached):
{
"success": false,
"error": "STOREFRONT_LIMIT_REACHED",
"message": "User has reached maximum storefront limit for their tier",
"current_count": 1,
"max_allowed": 1,
"tier": "free"
}
GET
/api/internal/storefronts
List storefronts for a GFAVIP user
Headers: X-Service-Secret: {service-secret} Required
Query Parameters: gfavip_user_id Required
Response:
{
"success": true,
"storefronts": [
{
"id": "storefront-uuid",
"store_name": "My Store",
"storefront_type": "multi_product",
"status": "active",
"checkout_best_store_id": "checkout-uuid",
"created_at": "2025-12-18T10:00:00Z"
}
]
}Integration Workflow
- Merchant Authentication: Merchant logs in via GFAVIP SSO and authorizes your app
- Get Storefronts: Use merchant's SSO token to fetch their storefronts
- Display Products: Access product feeds (product data from db.51exports.com)
- Process Checkout: When customer clicks "Buy", call checkout API
- Secure Payment: API redirects customer to secure.checkout.best for payment processing
- Complete Order: secure.checkout.best handles payment and order fulfillment
System Architecture
Data Flow:
- Product data:
db.51exports.com→ BuildMyOnlineStore API → Your App - Checkout request: Your App → BuildMyOnlineStore API →
secure.checkout.best - Payment: Customer →
secure.checkout.best(secure payment processing)
Response Codes
| Code | Status | Description |
|---|---|---|
| 200 | OK | Request successful |
| 201 | Created | Resource created successfully |
| 400 | Bad Request | Invalid request parameters |
| 401 | Unauthorized | Invalid or missing authentication |
| 403 | Forbidden | Insufficient permissions |
| 404 | Not Found | Resource not found |
| 500 | Server Error | Internal server error |
Rate Limits
Currently, there are no enforced rate limits. However, please be respectful:
- Product feeds: Cache for at least 5 minutes
- Storefront data: Cache for at least 15 minutes
- Avoid making more than 100 requests per minute per merchant
Additional Resources
- BMOS Buy Buttons for AI Developers - Give an AI developer agent the exact .bmos-buy implementation pattern
- Custom Buy Now Buttons Guide - Build custom buttons for Astro, Next.js, and static sites
- BMOS Agentic Commerce Standard - Public feed specs, examples, and version proposals
- GFAVIP SSO Documentation
- 51Exports Product Catalog API (read-only product data)
- Secure Checkout Best Payment API (payment processing)
- OpenAI Agentic Commerce Protocol
Support
For API support and questions:
- Email: support@gfavip.com
- GFAVIP Community Forum
- Report issues on GitHub (if applicable)