config/ endpoint provides comprehensive access to the shop configuration. Through the REST API, configuration data can be retrieved, changed, deleted, or newly created. This includes both global settings and subshop-specific overrides.
The configuration is based on predefined schemas that determine which data is permitted. Changes to configuration nodes are validated server-side. The REST API thus allows complete management of the shop configuration — as it is also done via the admin interface.
Supported methods
List of all supported methods.| Command/info | Endpoints | GET | POST | PUT | DELETE |
|---|---|---|---|---|---|
| Settings | config/ | ||||
| Nodes in the shop | |||||
| Nodes in subshops |
Structure & use of the configuration via the API
The shop configuration is organized as a directed graph. Each node in this graph represents an independent configuration area and can reference other nodes — for example to specify a language or a country. Each configuration node has a clearly defined type, for which a schema defines which data fields are permitted, what data types they have, and whether a node may be overwritten per subshop or may only exist once. The schemas thus describe the structure of the configuration data, but not its content. The configuration can be fully maintained via the REST API. The admin interface (AI) is also a visual representation of this interface. All functions that can be performed in the interface are also available via the API — such as creating, adapting, deleting, or overwriting configuration nodes. The API is thus particularly suitable for automated management of the configuration, for example as part of:- CI/CD processes with clearly defined configuration states,
- the comparison of settings between test and production systems,
- or the management of multi-tenant environments with subshop-specific variants.
GET config/schemas/{type} endpoint. The structure of these schemas is described in the properties field. Among other things, it contains the fields id, type, and optionally subtype (e.g. for type: list). id defines the name of the field, while type and subtype indicate what content is expected. type: object indicates a nested structure.
Which configuration types are available in the system can be queried in two ways:
- via
GET config/nodeTypes, which provides a compact list of all types, - or alternatively via
GET config/schemas, which additionally contains theidfield.
Valid {type} and {selector} values
The following tables list the valid values that can be used for
GET /api/config/schemas/{type}as{type}andGET /api/config/nodes/{selector}as top-level{selector}.
| Type / selector | Short description |
|---|---|
accounts | → accounts - user accounts |
actions | → actions - error texts & emails |
app | → app - WEBSALE APP |
authentication | → authentication - authentication & access data |
b2b | → b2b - business-to-business (B2B) |
basket | → basket - shopping basket |
checkout | → checkout - order process |
content | → content - catalog (categories & products) |
creditCheck | → creditCheck - credit check (old) |
customer | → customer - customer data |
finance | → finance - currencies & taxes |
general | → general - general shop settings |
inquiry | → inquiry - forms |
maintenance | → maintenance - maintenance mode |
messages | → messages - event-driven emails |
newsletter | → newsletter - newsletter |
payment | → payment - payment methods |
search | → search - search (core) |
security | → security - security |
seoMetaData | → seoMetaData - meta data & SEO texts |
shopSystemServices | → shopSystemServices - additional modules |
urls | → urls - URL (web addresses) |
Methods for settings
This section describes the available REST endpoints for managing the shop configuration in the admin area. The interface can be used to retrieve schemas, analyze, check, delete, or completely reset configuration nodes. The configuration is divided into so-called schemas and nodes that are assigned to different areas such as accounts, actions, or system functions. All settings apply either globally or subshop-specifically and can be adjusted depending on the schema and type. The use of the methods requires appropriate read, write, or delete permissions.GET config/setup
This endpoint retrieves the setup configuration per subshop and stage (e.g.work, active).
The return contains technical information such as the host, staticDomain, and contentDomain values, which are required for runtime configuration and content delivery in the respective subshop. This endpoint is primarily intended for internal system or administrative analysis of the current shop setup.
Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions. |
GET config/status
This endpoint checks the configuration data for incompleteness and redundancy. It reports whether mandatory fields are missing or whether nodes with identical data exist multiple times.If no problem is detected,
"status": "ok" is returned.
Use requires read permission for configurations.
Example
Response
Response on errors
If errors are detected, the response additionally contains details about the problems found:nonUniqueFields and missingRequiredFields fields appear only when corresponding problems are detected.
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. |
GET config/schemas
This endpoint returns a complete list of all available configuration schemas in the system. A schema describes the structure and properties of a particular configuration type, including, for example, mandatory fields, data types, write protection, overwriteability per subshop, or singleton status. The schemas serve as a technical basis for the validation and editing of configuration data in the admin interface or in automated processes. Use requires read permissions for configuration data.Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. |
GET config/schemas/{type}
This endpoint can be used to retrieve the schema of a specific configuration type. The schema defines the permitted fields, their data types, optional and mandatory information, and administrative properties such as write protection, deletability, or subshop overwriteability. The information is used by the admin interface and other tools for structural validation and display of configuration entries in the system. Read rights for configuration data are required.Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. | |
| 404 Not Found | ”schema not found” | The schema was not found. |
GET config/schemas/{type}/defaults
This endpoint can be used to retrieve default parameters of a configuration. The response contains a complete template for the specified configuration type. Read rights for configuration data are required.Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. | |
| 404 Not Found | ”schema not found” | The schema was not found. |
GET config/nodeTypes
This endpoint returns an overview of all configuration node types present in the system, grouped by schema. For each type, the number of recorded nodes is returned — i.e. how many configuration entries of a given type currently exist. This information is suitable, for example, for inventory taking, validation of the configuration structure, or as a basis for dynamic display in the admin interface. Read permissions for configurations are required for retrieval.Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. |
Methods for managing nodes in the shop
These methods can be used to read, create, update, or delete configuration nodes in the shop. These are specific instances of settings maintained in the admin area of the shop — e.g. for account login behavior or for consent services such as cookie services. Depending on the type of the underlying schema, a configuration node can either:- be defined as a singleton — i.e. only a single node of this type may exist in the shop (e.g. a global login node),
- or as a multi-node — where multiple nodes of the same type are allowed (e.g. multiple cookie services under
general.consentCookieService).
GET config/nodes/{selector}
This method loads the configuration of one or more nodes based on the specifiedselector. The selector is generally composed of the schema and the node type (e.g. actions.guestRegister or general.consentCookieService).
Depending on the node, the endpoint returns either a single configuration element or a list of elements.
The response contains the configuration data as well as meta information such as id, type, label, and updatedAt.
Read permission for configuration data is required.
Example 1
Response 1
Example 2
Response 2
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. | |
| 400 Bad Request | ”invalidSelector” | {selector} has more than 3 parts separated by a .. The configuration was not found. |
| 400 Bad Request | ”invalidParams” | The sort query parameter is invalid. The response contains an errorContext object with details (e.g. {"sort": {"type": "invalidValue"}}). Valid format: {field}:{direction} with field = id or updatedAt and direction = asc or desc. |
PUT config/nodes/{selector}
This method is used to update a configuration node by its selector. The data content provided is automatically checked against the stored schema. If the schema is violated, a detailed error message is returned. The selector consists of two or three parts separated by dots (e.g.actions.guestRegister or general.consentCookieService.googleAnalytics). The format must be correct so that the configuration can be uniquely identified.
If validation fails, the response contains text hints in the detail field. For example: “The value of the field ‘name’ has the wrong type. Expected: string.”. Errors are also listed in the errorContext field.
Possible error types (errorContext.{field}.type):
WrongTypeWrongEnumValueKeyNotAllowedIsReadOnlyNotUniqueInvalidSelfAssociationServiceNotFoundAssociationWrongTypeServiceMissingAssociationNotFoundServiceWrongTypeTextMissing
Write permissions for configurations are required.
Example
Request body
Response
Response when validation failed
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to write configurations. An attempt was made to update a configuration that belongs to Websale AG. | |
| 400 Bad Request | Request body could not be loaded. | |
| 400 Bad Request | ”invalidSelector” | {selector} does not have 2 or 3 parts separated by a .. |
| 400 Bad Request | ”invalidParams” | Mandatory fields are missing or have the wrong type. The response contains an errorContext object with details about the affected fields (e.g. {"data": {"type": "missing", "expectedType": "object"}}). |
| 400 Bad Request | ”dataNotCorrect” | The data does not conform to the schema. A comment is supplied that states what exactly is wrong. |
| 409 Conflict | ”alreadyExists” | The node already exists (e.g. for simultaneous creation of a singleton node). |
| 400 Bad Request | ”updateFailed” | The update failed. |
| 404 Not Found | ”NodeNotFound” | The configuration was not found. |
| 503 Service Unavailable | ”internalError” | Other error. Details can be found in the logs. |
POST config/nodes/{selector}
A configuration node is created; the schema validity is checked. This method creates a new configuration node within the specified schema. It is checked whether the node may be created according to the schema (e.g. not for singleton schemas) and whether the provided data is valid. The structure must match the schema; otherwise, the operation is rejected with a precise error message. Theselector always consists of two parts separated by a dot (e.g. general.consentCookieService) that describe the schema type. Additionally, a unique id field must be specified in the request body, which is appended to the selector (e.g. test → results in general.consentCookieService.test).
If validation fails, the response contains text hints in the detail field. For example: “The value of the field ‘name’ has the wrong type. Expected: string.”. Errors are also listed in the errorContext field.
Possible error types (errorContext.{field}.type):
WrongTypeWrongEnumValueKeyNotAllowedIsReadOnlyNotUniqueInvalidSelfAssociationServiceNotFoundAssociationWrongTypeServiceMissingAssociationNotFoundServiceWrongTypeTextMissing
Create rights for configurations are required.
Example
Request body
Response
Response when validation failed
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to create configurations. | |
| 400 Bad Request | Request body could not be loaded. | |
| 400 Bad Request | ”invalidSelector” | {selector} does not have 2 parts separated by a .. |
| 400 Bad Request | ”typeInvalid” | There is no schema with the type of the configuration node. |
| 400 Bad Request | ”creationDenied” | The schema is a singleton. The schema has the property creatable: false. |
| 400 Bad Request | ”invalidParams” | Mandatory fields (id, data) are missing, have the wrong type, or are empty. The response contains an errorContext object with details about the affected fields (e.g. {"id": {"type": "missing", "expectedType": "string"}} or {"id": {"type": "invalidValue"}}). |
| 400 Bad Request | ”dataNotCorrect” | The data does not conform to the schema. A comment is supplied that states what exactly is wrong. |
| 409 Conflict | ”alreadyExists” | id is already in use. |
| 503 Service Unavailable | ”internalError” | Other error. Details can be found in the logs. |
DELETE config/nodes/{selector}
This method deletes an existing configuration node. The specifiedselector must contain exactly three parts separated by a dot (e.g. general.consentCookieService.google). Before deletion, it is checked whether the corresponding schema permits this — for example whether it is not a singleton or deletion is explicitly forbidden.
Delete rights for configurations are required.
Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to delete configurations. An attempt was made to delete a configuration that belongs to Websale AG. | |
| 400 Bad Request | ”invalidSelector” | {selector} has more or fewer than 3 parts separated by a .. |
| 400 Bad Request | ”idInvalid” | The configuration was not found. |
| 400 Bad Request | ”typeInvalid” | There is no schema with the type of the configuration node. |
| 400 Bad Request | ”deletionDenied” | The schema is a singleton. The schema has the property deletable: false. |
| 400 Bad Request | ”node not deleted” | The deletion failed. |
Methods for managing nodes in subshops
The endpoints documented here allow you to specifically overwrite configuration nodes for individual subshops. This makes it possible to implement differing settings per subshop — for example different privacy services or differing email configurations. The methods follow the general schema of node management but extend it with the additional specification of asubshopId.
GET config/nodes/{selector}/overwrites
This method returns a list of all overrides for a specific configuration node. These are configurations that have been specifically adapted for individual subshops. If the node is not overwriteable, an empty JSON array ([]) is returned. If no overrides exist, the result contains an items object with an empty array.
Read permissions for configurations are required.
Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. | |
| 400 Bad Request | ”invalidSelector” | {selector} does not have 2 or 3 parts separated by a .. |
| 400 Bad Request | ”typeInvalid” | There is no schema with the type from {selector}. |
| 404 Not found | ”nodeNotFound” | The configuration was not found. |
GET config/nodes/{selector}/overwrites/{subshopId}
This method loads the subshop-specific override of a specific configuration node. If no override exists for the specified subshop, a corresponding error is returned. If the node is not overwriteable, an error is returned (inappropriateScheme).
Read permissions for configurations are required.
Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to read configurations. | |
| 400 Bad Request | ”invalidSelector” | {selector} does not have 2 or 3 parts separated by a .. |
| 400 Bad Request | ”typeInvalid” | There is no schema with the type from {selector}. |
| 400 Bad Request | ”inappropriateScheme” | The node is not overwriteable. |
| 404 Not found | ”nodeNotFound” | The configuration was not found. |
| 404 Not found | ”nodeOverwriteNotFound” | The override was not found. |
PUT config/nodes/{selector}/overwrites/{subshopId}
With this method, a configuration node can be overwritten for a specific subshop. The data in the request body must conform to the schema of the original node. Only nodes with the appropriate property can be overwritten. If validation fails, the response contains text hints. For example: “The value of the field ‘name’ has the wrong type. Expected: string.”. Errors are also listed in theerrorContext field.
Possible error types (errorContext.<field>.type):
WrongTypeWrongEnumValueKeyNotAllowedIsReadOnlyNotUniqueInvalidSelfAssociationServiceNotFoundAssociationWrongTypeServiceMissingAssociationNotFoundServiceWrongTypeTextMissing
Create permissions for configurations are required.
Example
Request body
Response
Response when validation failed
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to create configurations. An attempt was made to update a configuration that belongs to Websale AG. | |
| 400 Bad Request | Request body could not be loaded. | |
| 400 Bad Request | ”invalidSubshopId” | Subshop was not found. |
| 400 Bad Request | ”invalidSelector” | {selector} does not have 2 or 3 parts separated by a .. |
| 400 Bad Request | ”typeInvalid” | There is no schema with the type from {selector}. |
| 400 Bad Request | ”overwriteDenied” | The node must not be overwritten. |
| 400 Bad Request | ”invalidParams” | data is missing or has a wrong type. The response contains an errorContext object with details. |
| 400 Bad Request | ”dataNotCorrect” | The data does not conform to the schema. A comment is supplied that states what exactly is wrong. |
| 409 Conflict | ”alreadyExists” | Conflict: the override already exists. |
| 404 Not Found | ”NodeNotFound” | The node to be overwritten was not found. |
| 503 Service Unavailable | ”internalError” | Other error. Details can be found in the logs. |
DELETE config/nodes/{selector}/overwrites/{subshopId}
This method removes the existing override of a configuration node for a specific subshop. If no valid override is found or deletion is not allowed, a corresponding error message is returned. Delete permissions for configurations are required.Example
Response
Error codes
| Error | Type | Reason |
|---|---|---|
| 401 Unauthorized | Not authorized: you are not logged in or do not have the required permissions to delete configurations. An attempt was made to delete a configuration that belongs to Websale AG. | |
| 400 Bad Request | ”invalidSelector” | {selector} does not have 2 or 3 parts separated by a .. |
| 400 Bad Request | ”typeInvalid” | There is no schema with the type from {selector}. |
| 400 Bad Request | ”subshopIdMissing” | subshopId was not provided. |
| 400 Bad Request | ”unknownOverwriting” | The deletion failed. |