General (general)

The Wildberries API provides sellers with tools to manage their store and obtain real-time and statistical information via the HTTP REST API protocol.

The main advantage of the API is the ability to automate processes through integration with the seller's information systems, such as ERP, WMS, OMS, CRM. With the WB API, sellers can manage their store without manually using the website interface.

Using the API to operate a store on Wildberries is a great way to:

• automate routine processes
• access up-to-date information
• optimize inventory management

The API documentation is provided in the Swagger OpenAPI format and can be used for import into other tools, such as Postman, or for generating client code in various programming languages using Swagger CodeGen.

For manual API testing you can use:

• For Windows — PostMan
• For Linux — curl

1. Register in the seller's personal account.
2. Go to the store settings and create an API token. The token will allow you to access the WB API. The token system lets you control who interacts with your data through the API and how.
3. Develop an integration with the API using your own developers or outsource specialists. You can also connect partner services from our business solutions catalog.

Practical tips:

• Use the documentation.
  Official WB API documentation will help you understand the functionality and capabilities of the API. It includes examples of possible requests and responses, a list of potential errors, rate limits, security rules, and more.
• Regularly check the integration.
  Ensure that you are transmitting data correctly and note the responses you receive to timely update the integration. Remember the restrictions and take into account the request limits.
• Keep the API token secure.
  Do not share it with third parties unnecessarily. Use only trusted services. If you detect suspicious activity, immediately delete and replace the token.
• Contact technical support if needed.
• Stay updated on WB API news and changes in:
  • release notes
  • Telegram channel
  • Wildberries news feed

Technical support is conducted through dialogues in the seller's personal account. When creating a new support request, use the API category.

Main response status codes for requests in the WB API:

Example of an error:

{
  "title": "path not found",
  "detail": "Please consult the https://dev.wildberries.ru/openapi/api-information",
  ...
  "status": 404,
  "statusText": "Not Found",
  "timestamp": "2025-04-24T07:25:28Z"
}

The WB API has request rate limits. To evenly distribute the load, the token bucket algorithm is used. Limits for specific API methods are specified in the documentation.

For example:

• Period — the time interval during which the maximum number of requests according to the limit can be sent.
• Limit — the maximum number of requests per period. In the example, up to 300 requests can be sent in one minute. Requests should be evenly distributed over time.
• Interval — the time gap for pauses between requests. In the example, it should be 60 seconds/300 requests — 200 milliseconds or 0.2 seconds. Use the interval to evenly distribute the sending of requests.
• Burst — the maximum number of requests that can be sent simultaneously, without interval pauses. The allowed burst is also returned in the response header X-Ratelimit-Remaining. It appears in all response statuses except for error 429.

X-Ratelimit-Remaining is the number of requests that can currently be sent without pauses. The value of X-Ratelimit-Remaining decreases by one after each request. If X-Ratelimit-Remaining is 0 and you make the next request without a delay, you will receive a 429 error in response. The value of X-Ratelimit-Remaining is restored over time.

If you exceed the request rate limit, you will receive a 429 error. In this case, you need to wait a short period before making the next request. To determine how long you need to wait, use the headers from the 429 response:

• X-Ratelimit-Retry — the number of seconds after which you can retry the request. If you attempt it earlier, you will continue to receive a 429 error.
• X-Ratelimit-Limit — the maximum allowable burst of requests, which will be replenished after X-Ratelimit-Reset seconds.
• X-Ratelimit-Reset — the number of seconds after which the allowable burst of requests will be restored to the maximum value specified in X-Ratelimit-Limit.

Response example:

HTTP/1.1 429 Too Many Requests
...
X-Ratelimit-Reset: 29
X-Ratelimit-Retry: 2
...
X-Ratelimit-Limit: 10

You need API token to authenticate requests. It is valid for 180 days after creation. Add the token to the Authorization request header.

Four types of tokens are available for authorization:

Personal access token

• Purpose: An exclusive token with advanced features. It is designed to grant access to seller data only to your own programs, including corporate (on-premise) systems hosted on your own or third-party infrastructure.
  Advanced features mean that over time, a personal access token will provide access to additional categories of seller data that are not available with the basic token. We will announce this in the news in advance.
• Suitable for:
  • a company's own software products or systems hosted on its own or third-party servers
  • ready-made on-premise ERP/CRM systems, including local (packaged) versions of 1C hosted on company servers or user computers
• Restrictions: A personal access token provides access to sensitive information, so it must not be shared with third parties or used in cloud services. When creating the token, the system will display a liability warning — you must accept it to proceed.
  You choose the token settings yourself. If you are unsure which parameters to specify, check with the developer or IT specialist responsible for the system you are connecting.

Service token

• Purpose: A special token for connecting a specific cloud service from the official Catalog of business solutions on Wildberries.
• Features: Select a service from the Catalog when creating the token. Then all necessary settings, including data categories and access levels, are filled in automatically. You only need to confirm the token creation and provide it to the service.
• Restrictions: Token is created for one service only and doesn't work with any other

Base token

• Purpose: An additional token that provides access to a limited set of seller data and is used in all cases where a service or personal access token is not suitable.
• Suitable for:
  • testing integration on real data before launch
  • other cases where you cannot use a service or personal access token
• Restrictions: You can only work with a limited set of data.

Test token

• Purpose: A special token for securely testing and debugging integrations in an isolated environment — the WB API sandbox.
• Suitable for:
  • developing and debugging integrations without risk to real data
  • exploring API capabilities and experimenting with methods
  • testing new features before launching in the production environment
• Restrictions: A test token only works with the sandbox and provides access to generated test data. Real seller's data is not accessible.

1. In your personal access account, go to the API Integrations section.
2. Click + Create token. A window for creating token with two tabs will open. For all token types except Service token, select the Manual integration tab.
3. Choose the token type.
4. For base and personal access tokens:

• Enter the token name
• Select the API categories you will be working with
• Set the data access level: Read and Write or Read Only

5. Optionally, add a comment to the token. For a personal access token, check the I understand that the token should not be shared with third parties box.
6. Click Create. A window with your token will appear.
7. Click the Copy and close button — the window will close, and the token will be copied to the clipboard. After this, you will not be able to view the token in your personal account again.
8. Save the token in a safe place. If you lose the token, create a new one.

The token is a JWT according to RFC 7519. To check if your token is valid and which categories of API methods are available with it, you can decode it.

Token fields

The token type can be determined by the list of fields from the decoded token payload:

Other fields:

The remaining payload fields are for internal use and may be removed.

s field

The s field is a bitmask, an integer, each bit of which means the presence or absence of some option.

Learn more about bitmask

Bit values

Token decoding will allow to check if the token is valid and which categories of API methods are available. You can decode the token on the separate page.