Guidelines & conventions

Before you start using the API, we recommend you review these guidelines.

Protocol support

The Yotpo API supports both HTTP and HTTPS requests.

Data format

Data must be in JSON format. As such, the HTTP header content-type must be set to: application/json


Use the following parameters to paginate results in API requests which support pagination:
page - Number of pages to return
count - Number of results to return per page

Rate limiting

To improve the experience for all our users, we impose limits on some API requests. You’ll receive a 429 Too Many Requests error message if you reach this limit. Where a rate limit applies, this will be indicated under the specific endpoint or group of endpoints.

Data freshness SLA

For some endpoints, we impose a Service Level Agreement (SLA) to ensure the endpoint returns fresh data. Where the SLA applies, this will be indicated under the specific endpoint or group of endpoints.

Status code

Yotpo API uses standard HTTP response codes to indicate the success of failure status of an API endpoint.

Response Code



Successful Response


Unauthorized Request


Internal Server Error e.g. Timeout



Certain API calls return special responses to indicate specific errors.
Special responses are noted for relevant API endpoints within the documentation.


Email and URL parameters you send in the calls must be in the correct format, otherwise the call will not be processed.





[email protected]

[email protected]


http://www.domain/full path of resource




UTF-8 support

The Yotpo API calls support special characters according to the UTF-8 coding.

Finding your API key (app key)

The API key and API secret are unique codes for your account. You need the API key to perform most API calls and the API secret to generate the utoken.

If you need help finding your API key and API secret, see this article.


API Secret

The API secret is only visible to Yotpo account administrators. Users with staff permissions cannot view the API secret.