HomeREST API

Developer Integration

EYP Ops REST API — programmable F&B operations

Read inventory, purchase orders, recipes, and supplier data from your custom workflows. JSON responses, API key authentication, scoped per tenant.

Request API access All integrations

What this integration covers

EYP Ops REST API: exposes purchasing, inventory, recipe, and finance data programmatically. Authenticate with API keys, scope requests by tenant, and integrate with custom workflows or BI stacks. JSON responses, OpenAPI spec on roadmap.

Authentication

API key authentication — no OAuth flow required

Every request is authenticated with a Bearer token. Keys are created and managed by a Company Admin from within EYP Ops.

Bearer token

Send your API key in the Authorization header as Bearer eo_live_... on every request. Test keys use the eo_test_ prefix and are restricted to non-production data.

Tenant isolation

Each API key is bound to exactly one company. Cross-tenant data access is architecturally blocked — a key for Company A will never return data belonging to Company B. There is no way to accidentally leak another tenant's records.

Key rotation

API keys have optional expiry dates and can be deactivated instantly from the EYP Ops dashboard without affecting your account. Expired keys are auto-deactivated on first use. Rotate keys during credential reviews without downtime.

Permission scopeseach key carries only the scopes it needs

Scope	Grants
items:read	List and read item master data
items:write	Create and update items via sync
orders:read	List and read purchase orders
stock:write	Write stock level data from external sources
suppliers:write	Create and update supplier records via sync

Core endpoints

Six endpoints available today

All endpoints are versioned under /v1/external. Requests are authenticated via API key; responses are JSON.

GET/v1/external/itemsrequires: items:read

List your item master. Returns paginated results — use ?page=1&limit=20. Every item is scoped to your company; no cross-tenant data is returned.

curl -H "Authorization: Bearer eo_live_YOUR_KEY" \
  "https://api.eypops.com/v1/external/items?page=1&limit=20"

POST/v1/external/items/syncrequires: items:write

Upsert items in bulk. Send an array of item objects in the request body. Useful for syncing your master catalogue from an external PIM or ERP.

curl -X POST \
  -H "Authorization: Bearer eo_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"items": [{"code": "BEEF-200", "name": "Beef Tenderloin 200g"}]}' \
  "https://api.eypops.com/v1/external/items/sync"

GET/v1/external/ordersrequires: orders:read

List purchase orders. Filter by status, supplier, or date range using query params: ?status=APPROVED&supplierId=...&dateFrom=2026-01-01&dateTo=2026-01-31.

curl -H "Authorization: Bearer eo_live_YOUR_KEY" \
  "https://api.eypops.com/v1/external/orders?status=APPROVED&dateFrom=2026-05-01&dateTo=2026-05-31"

GET/v1/external/orders/:idrequires: orders:read

Retrieve a single purchase order by ID, including order lines and supplier detail.

curl -H "Authorization: Bearer eo_live_YOUR_KEY" \
  "https://api.eypops.com/v1/external/orders/ord_abc123"

POST/v1/external/stock-levelsrequires: stock:write

Write stock level data from an external source (e.g. a physical count device or connected WMS). Payload: array of {itemId, locationId, qty}.

curl -X POST \
  -H "Authorization: Bearer eo_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"levels": [{"itemId": "itm_123", "locationId": "loc_456", "qty": 12.5}]}' \
  "https://api.eypops.com/v1/external/stock-levels"

POST/v1/external/suppliers/syncrequires: suppliers:write

Upsert supplier records in bulk. Sync your supplier directory from an accounting system or procurement platform.

curl -X POST \
  -H "Authorization: Bearer eo_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"suppliers": [{"name": "Gulf Foods Trading", "code": "GFT-001"}]}' \
  "https://api.eypops.com/v1/external/suppliers/sync"

Rate limits

Tier-dependent rate limits per API key

Rate limits are enforced per API key over a 60-second window. External API key requests allow up to 60 requests per minute; internal app sessions allow 120. When the limit is exceeded, the API returns 429 Too Many Requests. Implement exponential backoff on retry. Higher-volume tiers are available — contact us if your integration needs a higher limit.

Rate limiting is active in production only. Test keys issued in development environments are not throttled.

Error handling

Standard HTTP error codes

401

Unauthorized

Missing or invalid API key. Key must start with eo_live_ or eo_test_ and be sent as Bearer token.

403

Forbidden

API key lacks the required permission scope for this endpoint (e.g. items:read), or a tenant boundary violation was detected.

429

Too Many Requests

Rate limit exceeded. Reduce request frequency or contact support for a higher tier.

500

Internal Server Error

Server-side error. Retry with exponential backoff. If persistent, contact [email protected].

All error responses include a JSON body with a message field explaining the cause. Permission errors specify which scope is missing.

Webhooks

Outbound event subscriptions — roadmap

Webhook infrastructure is under construction and not yet available in production.

Outbound event subscriptions for inventory, purchase orders, and finance events are on the roadmap. When available, webhook endpoints and event schemas will be documented at /integrations/webhooks. Until then, use polling against the read endpoints above or batch export via the GET /v1/external/orders date-range filter.

AI & agent toolchains

Built for programmatic consumption

EYP Ops API returns clean JSON responses with consistent field naming across all endpoints. An OpenAPI spec is on the roadmap to support agent toolchains (LangChain, OpenAI function calling, MCP servers). Markdown twins of all marketing pages are available at <page>.md (e.g. /integrations/api.md) for AI agent context ingestion. Read more at /llms.txt.

REST API — FAQ

Do I need API access on the Core plan?

API access is available on Growth and Enterprise tiers. Core is for self-serve operations without programmatic integration.

What can I read from the API today?

Items, invoices, stock moves (append-only ledger), recipes, food cost reports, suppliers. Write operations require write-scope keys.

How are API requests authenticated?

Bearer header with API key (eo_live_... or eo_test_... prefix). Scoped per tenant — cross-tenant access is architecturally prevented.

What are the rate limits?

60 requests/minute for external API keys, 120/minute for internal app sessions. Burst tolerance varies by endpoint.

Is there an OpenAPI/Swagger spec?

On roadmap. Today, endpoint documentation lives at this page; a machine-readable OpenAPI 3.1 spec will land in a future release.

Can I use the API for AI agent integrations?

Yes — JSON responses are LLM-friendly. Markdown twins of marketing pages (e.g., /methodology.md) provide context. MCP server is on roadmap.

Security & compliance

Data isolation, audit trail, and access controls.

Plan options

API access available on Growth and Enterprise tiers.

Product overview

All EYP Ops modules — purchasing, inventory, finance.

/llms.txt — AI agent context

Machine-readable index for AI agent context ingestion.

Request API access for your operation

API access is available on request. A Company Admin creates and manages keys within the dashboard once access is enabled. Contact us to get started.