Authentication
Authorization: Bearer <API_KEY> header. Rotate keys from the integrations panel.
REST v1 endpoints
GET /api/v1/catalog, POST /api/v1/orders, GET /api/v1/orders/:id, GET /api/v1/invoices/:id.
Webhooks
order.created · order.dispatched · order.delivered · invoice.issued — signed with HMAC-SHA256.
Example · Create an order
curl -X POST https://azulprovisions.com/api/v1/orders \
-H "Authorization: Bearer ${AZUL_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"contactName": "Capt. Grimaldi",
"marinaId": 3,
"berthCode": "Pontoon C · 24",
"requestedAt": "2026-05-12T08:00:00Z",
"items": [
{ "sku": "FR-AGUA-1L", "quantity": 24 },
{ "sku": "BK-PAN-PAY", "quantity": 6 }
]
}'Example · Verify a webhook (Node.js)
import crypto from "crypto";
const signature = req.header("x-azul-signature");
const expected = crypto
.createHmac("sha256", process.env.AZUL_WEBHOOK_SECRET)
.update(req.rawBody)
.digest("hex");
if (signature !== expected) return res.status(401).end();