API Reference¶
GTIN1 exposes two REST APIs for programmatic access to the platform. Both APIs use the same authentication mechanism.
| API | Base Path | Interactive Docs |
|---|---|---|
| EPCIS 2.0 API | /api/epcis/2.0/ |
Explore endpoints |
| Catalog API | /api/catalog/ |
Explore endpoints |
The EPCIS 2.0 API implements a subset of the GS1 EPCIS 2.0 standard for capturing and querying supply-chain events, EPC entry tracking, and serial number pool management.
The Catalog API provides CRUD operations for managing platform data: organizations, brands, products, trade items, product images, resolver rules, and resolver settings.
Interactive Documentation¶
Try the APIs directly in your browser with code samples in Python, JavaScript, curl, and more:
The interactive references are auto-generated from the OpenAPI specifications and always reflect the latest available endpoints.
Authentication¶
Both APIs authenticate via Bearer token in the Authorization header. Every request (except health checks) must include a valid token.
API Key (recommended for integrations)¶
Pass your organization API key as a Bearer token in the Authorization header. Keys use the gtin1_ prefix followed by 46 alphanumeric characters (40-character random string + 6-character CRC32 checksum). Keys are SHA-256 hashed on the server. Each key is scoped to a single organization and supports optional expiry dates.
curl -H "Authorization: Bearer gtin1_a1B2c3D4..." \
https://gtin1.com/api/epcis/2.0/events
curl -H "Authorization: Bearer gtin1_a1B2c3D4..." \
https://gtin1.com/api/catalog/brands
You can create and manage API keys from your organization's settings page in the GTIN1 dashboard.
Common Patterns¶
All APIs return JSON responses with consistent error formatting:
{
"error": "Human-readable error message.",
"details": { "message": "Additional context for debugging." }
}
Timestamps use ISO 8601 format (e.g., 2025-06-15T14:30:00Z). Identifiers for user-facing resources use 12-character nanoid slugs rather than sequential integers.