Partner API v1

Stok Güncelle

Bu endpoint, yetkili partner uygulamasının bağlı olduğu satıcının ürün stoklarını ERP, depo, muhasebe veya stok yönetim sisteminden BaZaaRDan’a aktarmak için kullanılır.

POST /stock_update.php

Authentication HMAC SHA256 required

Scope Seller scoped

Permission stock:write

Overview

Partner uygulaması yalnızca kurulu olduğu satıcının ürün stoklarını güncelleyebilir. Farklı satıcıya ait ürün veya varyant için stok güncellemesi yapılamaz.

Stok güncelleme istekleri partner backendinden gönderilmelidir. Client Secret frontend, mobil uygulama veya tarayıcı içinde kullanılmamalıdır.

Base URL

Environment

Production:
https://bazaardan.com/api/partner/v1

Endpoint:
POST /stock_update.php

Required Headers

Header	Required	Description
`X-BZ-CLIENT-ID`	Yes	Partner uygulaması için üretilen Client ID.
`X-BZ-TIMESTAMP`	Yes	Unix timestamp. İmza üretiminde kullanılır.
`X-BZ-SIGNATURE`	Yes	Client Secret ile üretilen HMAC SHA256 imzası.
`Content-Type`	Yes	`application/json`
`Accept`	Recommended	`application/json`

Signature Base String

HMAC Base String

METHOD + "
" + PATH + "
" + TIMESTAMP + "
" + RAW_BODY

POST isteklerinde RAW_BODY, HTTP request body içinde gönderilen JSON string ile birebir aynı olmalıdır. Boşluk, satır sonu veya key sırası değişirse imza farklı üretilebilir.

Request Body

Field	Type	Required	Description
`product_id`	integer	Yes	BaZaaRDan ürün ID değeri.
`variant_combination_id`	integer/null	No	Varyantlı ürünlerde stok güncellenecek varyant kombinasyonu.
`stock`	integer	Yes	Yeni stok adedi. Negatif olamaz.
`external_ref`	string	No	ERP/depo sistemindeki referans kodu veya işlem ID değeri.

Example Request

JSON Body

{
  "product_id": 356,
  "variant_combination_id": 778,
  "stock": 24,
  "external_ref": "ERP-STOCK-20260508-001"
}

cURL

curl -X POST "https://bazaardan.com/api/partner/v1/stock_update.php" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -H "X-BZ-CLIENT-ID: YOUR_CLIENT_ID" \
  -H "X-BZ-TIMESTAMP: 1778269200" \
  -H "X-BZ-SIGNATURE: GENERATED_HMAC_SIGNATURE" \
  -d '{"product_id":356,"variant_combination_id":778,"stock":24,"external_ref":"ERP-STOCK-20260508-001"}'

Example Response

JSON

{
  "ok": true,
  "data": {
    "product_id": 356,
    "variant_combination_id": 778,
    "old_stock": 18,
    "new_stock": 24,
    "updated": true,
    "external_ref": "ERP-STOCK-20260508-001",
    "updated_at": "2026-05-08 19:10:00"
  }
}

PHP Example

PHP

<?php

$clientId = 'YOUR_CLIENT_ID';
$clientSecret = 'YOUR_CLIENT_SECRET';

$method = 'POST';
$path = '/stock_update.php';
$timestamp = (string) time();

$body = json_encode([
    'product_id' => 356,
    'variant_combination_id' => 778,
    'stock' => 24,
    'external_ref' => 'ERP-STOCK-20260508-001',
], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);

$baseString = strtoupper($method) . "\n" . $path . "\n" . $timestamp . "\n" . $body;
$signature = hash_hmac('sha256', $baseString, $clientSecret);

$ch = curl_init('https://bazaardan.com/api/partner/v1' . $path);

curl_setopt_array($ch, [
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POSTFIELDS => $body,
    CURLOPT_HTTPHEADER => [
        'Accept: application/json',
        'Content-Type: application/json',
        'X-BZ-CLIENT-ID: ' . $clientId,
        'X-BZ-TIMESTAMP: ' . $timestamp,
        'X-BZ-SIGNATURE: ' . $signature,
    ],
]);

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

echo $httpCode . PHP_EOL;
echo $response . PHP_EOL;

Node.js Example

Node.js

import crypto from "node:crypto";

const clientId = "YOUR_CLIENT_ID";
const clientSecret = "YOUR_CLIENT_SECRET";

const method = "POST";
const path = "/stock_update.php";
const timestamp = Math.floor(Date.now() / 1000).toString();

const body = JSON.stringify({
  product_id: 356,
  variant_combination_id: 778,
  stock: 24,
  external_ref: "ERP-STOCK-20260508-001"
});

const baseString = [
  method.toUpperCase(),
  path,
  timestamp,
  body
].join("\n");

const signature = crypto
  .createHmac("sha256", clientSecret)
  .update(baseString)
  .digest("hex");

const response = await fetch(`https://bazaardan.com/api/partner/v1${path}`, {
  method,
  headers: {
    "Accept": "application/json",
    "Content-Type": "application/json",
    "X-BZ-CLIENT-ID": clientId,
    "X-BZ-TIMESTAMP": timestamp,
    "X-BZ-SIGNATURE": signature
  },
  body
});

console.log(response.status);
console.log(await response.json());

Python Example

Python

import time
import json
import hmac
import hashlib
import requests

client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"

method = "POST"
path = "/stock_update.php"
timestamp = str(int(time.time()))

body = json.dumps({
    "product_id": 356,
    "variant_combination_id": 778,
    "stock": 24,
    "external_ref": "ERP-STOCK-20260508-001",
}, ensure_ascii=False, separators=(",", ":"))

base_string = "\n".join([
    method.upper(),
    path,
    timestamp,
    body,
])

signature = hmac.new(
    client_secret.encode("utf-8"),
    base_string.encode("utf-8"),
    hashlib.sha256
).hexdigest()

response = requests.post(
    "https://bazaardan.com/api/partner/v1" + path,
    headers={
        "Accept": "application/json",
        "Content-Type": "application/json",
        "X-BZ-CLIENT-ID": client_id,
        "X-BZ-TIMESTAMP": timestamp,
        "X-BZ-SIGNATURE": signature,
    },
    data=body.encode("utf-8"),
    timeout=30,
)

print(response.status_code)
print(response.json())

Related Endpoints

Stok güncellemeden önce ürün/sipariş eşleştirmesi için GET /orders.php ve GET /order_detail.php endpointlerini kullanabilirsiniz.