Beispiele¶

Request- und Response-Beispiele verifiziert auf Dev (org1, shop1) am 2026-06-14. Kundendaten in den JSON-Beispielen sind als Max Mustermann / max@example.com anonymisiert.

Host	URL
Manager (Dev)	`https://manager.pharmaone.dev.secpaid.com`
Shop-Proxy (Dev)	`https://shop1.pharmaone.dev.secpaid.com`
Manager (Produktion)	`https://manager.prod.pharmaone.shop`

API-Schlüssel: Manager → Org Settings → Integrations → External API keys (einmalig bei Erstellung).

Setup¶

export BASE="https://manager.pharmaone.dev.secpaid.com"
export SHOP="https://shop1.pharmaone.dev.secpaid.com"
export ORG="org1"
export APIKEY="your-integration-api-key"

export TOKEN="$(curl -s -X POST "$BASE/api/v2/public/orgs/$ORG/auth/token" \
  -H "apikey: $APIKEY" | jq -r .access_token)"

1. API-Schlüssel gegen JWT tauschen¶

RequestResponse 200Response 401 (ungültiger Schlüssel)

POST /api/v2/public/orgs/org1/auth/token HTTP/1.1
Host: manager.pharmaone.dev.secpaid.com
apikey: <your-integration-api-key>

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdfaWQiO…",
  "expires_in": 3600,
  "token_type": "Bearer"
}

{
  "message": "Unauthorized",
  "request_id": "cd736522b658367429e55f72dc5c6040"
}

2. Shops auflisten¶

Response 200

{
  "data": [
    { "is_active": true, "name": "Demo Shop DEV", "shop_id": "shop1" },
    { "is_active": true, "name": "Weed Bank", "shop_id": "shop3" }
  ]
}

3. Bestellungen auflisten¶

Response 200 (Auszug)

{
  "data": [
    {
      "id": "ORD_20260614_8v039dhnrv",
      "shop_id": "shop1",
      "customer_name": "Max Mustermann",
      "status": "awaiting_packing",
      "total_amount": 98.25
    }
  ],
  "pagination": { "limit": 2, "offset": 0, "total": 731 }
}

4. Bestellung nach ID¶

Response 200 (Auszug)

{
  "id": "ORD_20260614_8v039dhnrv",
  "shop_id": "shop1",
  "customer_name": "Max Mustermann",
  "customer_email": "max@example.com",
  "items": [{ "name": "24/1 IUVO KC OJ Zainbow", "quantity": 11, "price": 8.75 }],
  "shipping_address": {
    "street": "Musterstr. 1",
    "city": "Berlin",
    "postal_code": "10115",
    "phone": "+49123456789"
  }
}

5. Bestellstatus patchen¶

RequestResponse 200

{ "status": "awaiting_packing" }

{
  "order_id": "ORD_20260614_8v039dhnrv",
  "status": "awaiting_packing",
  "updated_at": "2026-06-14T11:44:21.735875899Z"
}

6. Bestellanfrage (v2 + JWT)¶

Response 200

{
  "id": "08ec979e-67fc-4012-8c32-f003cb406d65",
  "status": "pending",
  "message": "Order request received.",
  "external_reference": "pos-20260614-001"
}

7. Bestellanfrage (v1 + API-Schlüssel)¶

Kong prüft apikey. shop_id im Payload ist Pflicht.

Response 200

{
  "id": "4ee3b265-867a-4aeb-aee1-b346b27f265f",
  "status": "pending",
  "message": "Order request received."
}

8. Shop-Proxy — externe Telemedizin-Bestellung¶

Kein JWT. Shop setzt shop_id automatisch. Siehe Externer Telemedizin-Connector.

RequestResponse 200

POST https://shop1.pharmaone.dev.secpaid.com/api/v1/external-order
apikey: <your-integration-api-key>

{
  "external_reference": "TM-RX-2026-0042",
  "source": "external-telemedicine",
  "payload": {
    "customer_name": "Max Mustermann",
    "customer_email": "max@example.com",
    "shipping_option": "Abholung",
    "total_amount": 25.50,
    "items": [{ "name": "Cannabis flos 27/1", "quantity": 5, "price": 5.10 }]
  }
}

{
  "id": "5dbdd185-98ec-4973-8ab0-7033b76c9eb2",
  "status": "pending",
  "message": "Order request received.",
  "external_reference": "TM-RX-2026-0042"
}

9. Rezepte — Liste & Ingest¶

GET prescriptions — Response 200POST prescriptions — Response 200

{
  "data": [{ "id": "org1-pq-8LLI8R", "shop_id": "shop1", "status": "new", "customer_email": "max@example.com" }],
  "pagination": { "limit": 1, "offset": 0 }
}

{ "id": "org1-pq-1AUOPV", "upsert": "ok" }

10. Bestand, Produkte, Berichte¶

GET inventory — AuszugGET products?shop_id=shop1 — AuszugGET reports/stats — Auszug

{
  "data": [
    { "p1_id": 57672, "name": "24/1 IUVO KC OJ Zainbow", "stockquantity": 989, "price": 8.75 }
  ]
}

{
  "data": [
    { "p1_id": "57674", "name": "ZOIKS 31/1 MN Moonlight Nectar", "price": 6.45, "available": true }
  ]
}

{
  "data": {
    "prescriptions": { "total": 961, "pending": 174, "approved": 770 },
    "shop_performance": [{ "shop_id": "shop1", "name": "Demo Shop DEV", "order_count": 696 }]
  }
}

Smoke-Test¶

TOKEN=$(curl -s -X POST "$BASE/api/v2/public/orgs/$ORG/auth/token" -H "apikey: $APIKEY" | jq -r .access_token)
curl -s "$BASE/api/v2/public/orgs/$ORG/shops" -H "Authorization: Bearer $TOKEN" | jq .

Vollständige Beispiele (EN): Examples (English).

Import: Interaktiver API-Explorer.