Indibaba developer docs

Build against Indibaba’s marketplace + Growth Engine APIs. Wire webhooks to your CRM, automate seller workflows, or embed the catalog in your own surfaces.

Where to start

• Quickstart — sign up, generate a token, make your first authenticated request.
• API reference — the seller + public REST endpoints with payload examples.
• Webhook signatures — HMAC-SHA256 verification samples in Python, Node, Go, and Ruby.

API surface at a glance

Indibaba ships three router groups under /v1/*:

• Public — unauthenticated. Pricing catalog, contact form, marketplace browse.
• Seller — authenticated. Per-tenant contacts, campaigns, voice agents, automations, chatbots, webhook endpoints, billing wallet.
• Admin — authenticated. Operator surface for verification, dispute resolution, marketplace moderation. Most third-party integrations don’t need this.

Authentication

Most routes use JWT bearer tokens. Generate one via the seller login flow at POST /v1/auth/login and pass it in the Authorization: Bearer <token> header on subsequent requests. See the Quickstart for an end-to-end example.

Rate limits + abuse

Public endpoints (contact form, pricing catalog) carry per-IP rate limits — typically 5 requests / hour / IP for write endpoints. Seller endpoints are throttled implicitly by the wallet’s metered credits, not by a request-rate cap. Webhook endpoints auto-disable after 10 consecutive failures so a misconfigured receiver doesn’t burn deliveries forever.

Versioning

The API lives at /v1/. We follow additive evolution within v1: new endpoints and new fields land without notice; removals or breaking changes get a 30-day deprecation window via email to all accounts plus a banner in the seller dashboard.

Need help?

Email developers@indibaba.com for integration questions, or use the contact form at /contact. We aim to respond within one business day.