Third party systems are connected to Nitrobox via the Nitrobox REST API. The range of functions and the end points offered depend on the selected tariff and the main API version used. The API is secured with SSL and OAuth 2.0.

The REST API is adhering to Level 2 of the Richardson Maturity Model.

Number of applications (client)

Every application that has its own client credentials is counted. For IT security reasons, different applications (e.g. different shop systems, additional CRM or ERP systems) may not share their client credentials. Each application must have its own client credentials stored in the Nitrobox Platform. The number of allowed, active applications is defined in the respective tariff and applies per stage.

2 applications in the tariff "XY" allows two applications on Stage and two applications on Live


Depending on the contract, an automatic throttling of API requests may take place.

Rate-Limit Throttling

This is a simple throttle that enables the requests to pass through until a limit is reached for a time interval. A throttle may be incremented by a count of requests, size of a payload or it can be based on content; for example, a throttle can be based on order totals. This is also known as the API burst limit or the API peak limit.

IP-level Throttling

You can make your API accessible only to a certain list of whitelisted IP addresses. You can also limit the number of requests sent by a certain client IP.

API documentation

Access the Nitrobox API documentation.