FAQs

A small spec + toolkit that makes stores AI-friendly so agents can find products, select variants, and start checkout safely with your normal brand and payment flow.

Usually no. You copy a few discovery tags into your theme’s <head> and enable the per-domain product sitemap. That’s enough for assistants to understand how to help customers.

No. Agents create a draft/pending order and get an invoice URL. Customers pay in your existing checkout, on your domain.

Not for the default “public, draft-only” flow. Agents don’t store secrets; they just create draft intents that customers complete. Bearer/OAuth can be added later for private or advanced features if you choose.

Each domain exposes a simple product sitemap that lists products and variants in a predictable way no scraping. The discovery tags point agents to that sitemap.

• Shopify: agents must send a variantId. Draft orders do not reserve stock.
• WooCommerce: we create a pending order and return a payment URL.

Your store’s own settings control invoice behavior (e.g., link expirations). The API keeps the flow “draft-only” so customers confirm payment themselves.

By default, no. Draft/pending flows are informational and reversible. If you add reservations later, the API will surface that via fields like stockConfirmed and holdExpiresAt.

Every create call must include an Idempotency-Key (UUID). Reusing the same key with the same body returns a safe replay; using it with a different body returns 409. Agents also get clear guidance on when to retry (transient errors only) and how to back off.

Default is 10 requests/minute with a burst of 20. Responses include X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and Retry-After so agents can pace themselves automatically.

Errors are normalized and machine-friendly. You’ll see fields like error, code, message, retryable, traceId, and timestamp. Common codes include missing_idempotency_key, variant_required_for_shopify, product_not_found_for_domain, rate_limited.

Yes, if your store has SMTP configured (or you enable a public “send email” token). Otherwise the response includes the URL for the agent to share with the user directly.

The merchant remains the data controller for purchase data. Agents link to the merchant’s privacy and terms pages. Sitewai provides platform documentation and contact details for the API itself.

Yes. The public flow avoids long-lived tokens, requires idempotency, enforces rate limits, and uses your normal checkout. Agents are encouraged to ask for customer consent where needed and only send the minimal data required to create the invoice link.

Remove the discovery tags from your theme and disable the product sitemap in your dashboard. You can also delete the domain/project from Sitewai; existing draft links created earlier will continue to follow your store rules.

Yes. The spec is intentionally small. If you can expose the product sitemap and support the draft-create endpoint with safety rails, agents will work even if your platform isn’t Shopify/Woo.

Agents can pass locale and currency preferences; your store is the source of truth for prices, taxes, and shipping at checkout. If you expose language/currency hints, agents will respect them.