Skip to content

REST API Reference

All routes live under upsellbay/v1.

These routes are designed for storefront interactions. They require a valid UpsellBay session token and are rate-limited.

RouteMethodPurposeRequired params
/bump-togglePOSTAccept or remove a checkout bump.offer_id, accepted, token, optional placement
/cart-offer-addPOSTAccept a product, cart, or thank-you offer.offer_id, token, optional placement, optional source_order_id
/dismissPOSTDismiss an offer for the current session.offer_id, token, optional placement

Public routes do not trust client-sent price, discount, stock, or eligibility values. Those are recalculated server-side.

These routes are intended for WooCommerce admins and editor tooling.

RouteMethodPurposeAccess
/offer-previewGETReturn a safe preview payload for an offer editor request.manage_woocommerce
/productsGETProduct search for offer setup.manage_woocommerce
/categoriesGETCategory search for rule and trigger setup.manage_woocommerce
/recommendationsGETProduct recommendations for offer setup.manage_woocommerce
/license/activatePOSTActivate a stored license key.manage_woocommerce
/license/statusGETRead current license status.manage_woocommerce
/license/deactivatePOSTRemove local license state.manage_woocommerce

The plugin architecture reserves space for analytics summary and import routes, but external developers should not rely on undocumented endpoints until they are shipped and documented here.

  • Public write routes require a valid plugin-issued session token.
  • Public write routes are rate-limited before expensive work runs.
  • Admin routes require manage_woocommerce.
  • Sensitive values such as license keys, raw tokens, and payment identifiers should never be exposed in custom route responses.