https://api.vori.com, and full endpoint-level documentation — including every available field and parameter — is published at api.vori.com/api.
Get a bearer token
If you or the integration consuming this API only need to read data, create a user with the Read-only role at the banner level and authenticate with that account instead of a full-access one. This avoids errors from write attempts you didn’t anticipate needing, and limits the blast radius if the credentials are mishandled.
Authorization header. Get one by exchanging your Vori login email and password for a token via Google’s Identity Toolkit:
1
Request a token
Send a with a JSON body containing your Vori credentials:Example using
POST request to:curl:2
Extract the token
The response is a JSON object that includes an
idToken field. This is your bearer token — use it in the Authorization header of subsequent requests to https://api.vori.com:Tokens expire after an hour, so you’ll need to repeat this exchange periodically rather than hardcoding a token indefinitely.
Use the refresh token instead of re-authenticating
TheverifyPassword response also includes a refreshToken field. Instead of resending your email and password every hour, exchange that refresh token for a new idToken via Google’s secure token endpoint:
curl:
id_token (your bearer token) and a new refresh_token — store the new refresh token for the next exchange, since the old one may be rotated.
This uses Google Identity Toolkit’s standard secure token exchange rather than a Vori-specific endpoint. Verify the response field names (
id_token, refresh_token) against what you receive, since Google’s REST API is documented outside of Vori’s own docs.Example: retrieve store products
Once you have a bearer token, call/v1/store-products to retrieve your store’s products: