> ## Documentation Index > Fetch the complete documentation index at: https://docs.salesive.com/llms.txt > Use this file to discover all available pages before exploring further. # Apps API overview > The store data API an installed app calls with its app_ access token — read and write a merchant's data at api.salesive.com, gated by the scopes the merchant granted. ## Welcome The **Salesive Apps API** is what your **installed** app calls to read and write a merchant's store data — orders, catalog, customers, notifications, and more. You authenticate with the **app access token** (prefixed `app_`) your app receives when a merchant installs it, and every endpoint is gated by the OAuth **scopes** that merchant granted. ```text theme={null} https://api.salesive.com/api/v1 ``` The target **store is bound to your token server-side** from the installation. You never send a shop id — no `x-shop-id` header — so a token can only ever touch the one store it was installed on. Use the **Try it** playground on any endpoint page: paste your `app_` token as the Bearer credential and call the live endpoint. ## Three things, don't confuse them | | Apps API (this) | Store API | App management | | --------- | ---------------------------------------- | ------------------------------------------------------- | ------------------------------ | | **Where** | `https://api.salesive.com` | `https://store.salesive.com` | Salesive dashboard | | **What** | An installed app reads/writes store data | A storefront serves shoppers (products, cart, checkout) | Create, edit & submit your app | | **Auth** | `app_` access token (Bearer) | Shopper JWT / guest session | Your dashboard login | * The **[Store API](/api-reference/introduction)** (`store.salesive.com`) is a *different* API for *storefronts*, not for apps. * **Managing your app** — registering it, editing its listing, requesting scopes, submitting it for review — happens in the Salesive dashboard **Developer console**, not through an API. ## Authentication Send your app access token as a Bearer header on every request: ```http theme={null} Authorization: Bearer app_ ``` You obtain this token through the **OAuth install flow** when a merchant installs your app — see [Install your app](/apps/oauth-install). The token is bound to that one installation (one store); uninstalling it revokes the token immediately. ## Scopes gate everything Every endpoint requires a specific scope that the merchant granted at install. A call without the required scope is rejected with **`403`**. Request only the scopes your app needs — see [Scopes & permissions](/apps/scopes-permissions) for the full catalog and what each unlocks. ```bash cURL theme={null} # List the installed store's orders — no shop id needed; the token is store-bound. curl https://api.salesive.com/api/v1/orders \ -H "Authorization: Bearer app_" ``` A successful response uses the standard envelope: ```json theme={null} { "status": 200, "success": true, "message": "Orders retrieved", "data": { "orders": [], "pagination": { "total": 0, "page": 1, "limit": 10, "pages": 0 } } } ``` ## What you can call Each resource group is gated by its matching `READ_*` / `WRITE_*` scope (a few are read-only for apps). Open any group in the sidebar to see its endpoints and run them from the **Try it** playground. List, inspect, create POS orders, and update orders. Products, menu items (foods) and services — full CRUD. Read and manage the store's customers. Organize the catalog into categories. Coupons and discount codes. Storefront blog posts. Read the merchant's notifications and send new ones. Email the merchant, customers, or subscribers. Operational tasks and notes. Custom storefront scripts and tracking. Reply to and moderate storefront comments. Shipping options, shipments and Shipday dispatch. Read-only access to store domains, roles and payouts. Read status and start identity verification.