API & webhooks
Everything a seller can do in the dashboard, your systems can do over HTTPS: upload files, create quotes and orders, and listen for signed events.
Keys and authentication
Create keys in the dashboard under Settings, API keys. A key is shown once at creation, starts m3d_live_, and is sent as a bearer token:
Authorization: Bearer m3d_live_…
Keys carry scopes, granted per key: parts, products, quotes, orders and webhooks, each as :read or :write. Give an integration only the scopes it needs. There are no unauthenticated endpoints, and every key is rate-limited; a 429 response tells you how long to wait.
Versioning
The base path is https://makr3d.app/api/v1 and v1 is version-locked: fields are never removed or narrowed, and breaking changes would ship as a new /api/v2. The contract is an OpenAPI 3.1 document maintained alongside the routes.
What you can do
| Surface | Endpoints |
|---|---|
| Parts | Create and list Parts, upload model files, pin a plate or a file from an archive, submit for review, and order a sample print. |
| Products | Create Products from Parts, manage and reorder members, and turn revenue sharing on or off with a per-unit share. |
| Quotes | Create fulfilment quotes against a Part and read the results. |
| Orders | Create orders, list and read them, read tracking, and cancel. |
| Materials | List printable materials and colours. |
| Webhooks | Register endpoints, inspect the delivery log, and retry a failed delivery. |
| Account | Read your account and manage your subscription. |
Idempotency
Money-adjacent writes require an Idempotency-Key header: POST /orders, POST /quotes, POST /orders/{id}/cancel and POST /webhook-endpoints. Retrying with the same key returns the original result instead of creating a duplicate, so a network timeout can never double-order.
Errors
Every failure uses one envelope: { "error": { "code", "message", "request_id" } }, with optional details and retry_after_seconds. Quote the request_id when you contact the team about an API problem; it lets us find the exact request.
Webhooks
Register an HTTPS endpoint and Makr3D pushes events to it: order lifecycle, quote results, QA outcomes and more. Each delivery is signed with HMAC-SHA256 in the Makr3D-Signature header (v1=<hex> over timestamp.body) so you can verify it came from us, failed deliveries are retried, and the full delivery log is queryable over the API and visible in the dashboard.
The contract in full
This page is the overview. The complete request and response schemas live in the OpenAPI 3.1 document (openapi.v1.yaml), which ships in the repository alongside the API and is the single source of truth for the wire contract. The API terms cover acceptable use.