Getting Started

First, please make sure that the AlzaTrade API is what you really want to use. This is not the Drop API. Drop API and AlzaTrade API are different services and are not related.

To start using the AlzaTrade API, you first need to request activation of the API client from your AlzaTrade account. Once your request is processed and the API client is activated, your Client ID and Secret Key will appear in the portal.

We recommend trying out the available endpoints first through the generated Swagger documentation (see the Documentation section for more details) before proceeding with programmatic integration.

Documentation

API documentation is available in the form of Swagger. You can choose the API version from the selection in the top-right corner. We recommend always using the most up-to-date version, as old versions are gradually phased out.

You can test individual endpoints directly in Swagger. First, log in by clicking the Authorize button and entering your Client ID and Secret Key. You can find these details in your AlzaTrade account. Then you can expand any endpoint, click Try it out, fill in the parameters, and execute the request with the Execute button.

AlzaTrade API Client

First, you need to authenticate your client. Authentication is handled via a Bearer token, which you obtain with a POST request to https://identity.alza.cz/connect/token. The request body must include the following data:

• client_id: *your_client_id*
• client_secret: *your_secret_key*
• grant_type: client_credentials

If your secret key contains special characters (e.g., &, ^, %) for cURL, make sure to escape them. Here's an example of obtaining a token using cURL:

curl -X POST "https://identity.alza.cz/connect/token" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=ENTER_HERE&client_secret=ENTER_HERE&grant_type=client_credentials"

The token is valid for 1 hour (3600 seconds). Once it expires, you need to request a new token from the identity server.

We strongly recommend not sending excessive requests to the identity server but instead reusing the obtained token. Otherwise, you will be automatically blacklisted and need to request manual removal. The same will happen if you repeatedly send requests with incorrect credentials.

Once you have the authorization token, you must include it in the headers of every request you make to the AlzaTrade API. Here's an example of calling an endpoint to get supported languages using cURL:

curl "https://portalapi.alza.cz/v2/languages" -H "Authorization: Bearer ENTER_HERE"

Versions and Changes

If you are using the AlzaTrade API with the URL https://marketplaceapi.alza.cz, please change it to https://portalapi.alza.cz. The old URL will be removed over time.

• v2 - 11.03.2026
  • Added new GET endpoint /orders with identical data structure as /orders/unshipped to get a collection of orders regardless of their states with the ability to filter and sort
  • Added new value state to the /orders/unshipped endpoint
• v2 - 12.11.2025
  • Added new value packageSortingGroup to the /orders/unshipped endpoint
• v2 - 29.05.2025
  • Enabled calling the /orders/unshipped endpoint also for partners using an integration other than AlzaTrade
• v2 - 23.01.2025
  • Added new value parcelShopBranchCode (Alzabox ID) to the /order/unshipped endpoint
• v2 - 04.12.2024
  • The /order group was renamed to /orders
  • The structure of the /orders/unshipped endpoint response was changed – items are now a collection in the main object, and the structure of items inside the packages collection has been modified
  • Null values in the JSON response are now omitted
  • New endpoint groups /languages and /listings were added
• v1 - 11.04.2023 The version was removed on 11.03.2026
  • The /order endpoint group was added