Things to know before getting started


Authentication is done using OAuth. OAuth is a protocol, which allows third-party applications to grant controlled access to an API.
In other words, like in the ATM example, OAuth checks your card and pin to see if you’re allowed to withdraw from that bank, and if yes, from which account.
On Swagger, clicking on OAuth for any API will result in a pop up asking you to choose a “scope”. Each “scope” has different levels of authorization. And each scope will allow you to use different APIs.

Basic – User logs in as merchant or consumer. Authorization will be denied if you decide to try admin APIs, even if you use admin credentials to authenticate.

Admin – User logs in as admin. Authorization will be given to try all APIs.

Corporate and masteradmin – These are still being worked on and not usable yet.

This is why understanding the 3 types of users on a marketplace is important before starting to play with APIs.

Marketplace Users

In all marketplace types provided by Arcadier, there will always be 3 types of users:

The marketplace owner, technically, and bearer of the most power over the marketplace. Has the ability to change features and settings of the whole marketplace

The one listing items/spaces/service to sell. They have control over their own respective inventory.

Consumer / Guest
The ones with the money and buying whatever is being sold on the marketplace
- Guests are people (mostly consumers) that come to the marketplace as “visitors” only, i.e, they are not browsing the website signed-in

Marketplace Types

Arcadier provides 3 types of marketplaces:

The bespoke marketplace is the one where goods and items are the unit purchase. Examples: Books marketplace, Food marketplace, clothing marketplaces, Amazon, E-bay. Example:

A space marketplace allows the booking the spaces from the space owner/manager for any number of uses, including vacation stays, doing work, hosting events or even to leave a car parked

Things being listed on a Time marketplace type will be mostly services, which are bought in units of time. Example:

Knowing the type of marketplace in which APIs are being called from is mandatory to prevent errors on your coding.(e.g. The BESPOKE marketplace type has no reason or functionality to be calling the Merchant - Get All Booking Details List API, from SPACE/TIME – which has time fields).

  • Retail Goods for BESPOKE
  • Rental Goods by Location for SPACE
  • Space Rental for SPACE
  • Rental Goods by Type for TIME
  • Service Bookings for TIME

Sandboxes and Live Environments

Sandbox marketplaces can be created to test our APIs without having to subscribe for a free trial or a paid plan!

They are test marketplaces used strictly for development testing and cannot be used for real life transactions.

Their features mirror the live environment and they can receive API updates much faster than Live environments enabling developers to freely play around their ideas and code.

To Onboard
Simply go to and onboard as you would on our live sites.

Take note!
When switching between different scopes, logout from previous scopes everywhere including marketplace, OAuth, and Swagger. This will make sense further down.


Swagger is a 3rd party environment which aids in development across the entire API lifecycle: from design to documentation, and testing.Swagger categorises our APIs for easy browsing, includes descriptions of what they do, and includes examples of how to use them.

The UI provided allows simple and fast API calling and authentication. It also displays responses, error messages and headers in a very user friendly way.

As Arcadier’s user, you can use our swagger explorer to play around and/or test our APIs and familiarise yourself with them without needing deep technical knowledge. After creating your sandbox marketplace, e.g https://{yourmarketplacename} , just add a /swagger/ to the URL like this: https://{yourmarketplacename}

The last “/” is important!

Response Codes and what they mean

Responses that correspond to 2xx are successful (e.g. 200 - OK)
Responses that correspond to 4xx are unsuccessful ones, a mistake in the input or authentication occurred. (e.g. 404 - FORBIDDEN)
Responses that correspond to 5xx are unsuccessful ones, due to a problem with Arcadier servers. (e.g. 500 - INTERNAL SERVER ERROR)

Status Code Description
200 OK - The request has succeeded. The client can read the result of the request in the body and the headers of the response
201 CREATED – The request has been fulfilled and resulted in a new resource being created.
202 ACCEPTED – The request has been accepted for processing, but the processing has not been completed.
204 NO CONTENT – The request has succeeded but returns no message body.
400 BAD REQUEST – The request could not be understood by the server due to malformed syntax. The message body will contain more information; see Response Schema.
401 UNAUTHORIZED – The request requires user authentication or, if the request included authorization credentials, authorization has been refused for those credentials.
404 FORBIDDEN – The server understood the request but is refusing to fulfil it.
429 NOT FOUND – The requested resource could not be found. This error can be due to temporary or permanent condition.
500 INTERNAL SERVER ERROR – You should not be getting that. If you do, contact us immediately.
502 BAD GATEWAY – The server was acting as a gateway or proxy and received an invalid response from the upstream server.
503 SERVICE UNAVAILABLE – The server is currently unable to handle the request due to a temporary condition which will be alleviated after some delay. You can choose to resend the request again.
Table 1: Response Codes