Introduction
GunsAmerica selling APIs enable dealers to manage their sales by using simple REST API. In 2016 we introduced Bulk Upload, where inventory is managed by uploading a .CSV file containing the entire inventory. The new GunsAmerica APIs infrastructure provides major advancement over traditional Bulk Upload. With our new APIs dealers are able to incorporate their sales and listings from GunsAmerica into their system or their web site.
Overview
GunsAmerica selling APIs are built on the latest RESTfull and JSON technologies and are secured with OAuth 2.0 protocol.
We are using seller stock number based inventory management, which allows you to manage multiple listings by your internal stock number rather than by the listing IDs.
The Base URL for all api calls is: https://functions-prod.gunsamerica.com/
Inventory API
The inventory API allows sellers to manage their inventory on GunsAmerica web site. It allows users to post and update items to GunsAmerica web site or to the Seller Store (if there is one). Items are managed by the seller stock number instead of listing id.
Restrictions:
- Seller stock numbers can only be listed once on GunsAmerica.
- In cases where an item with the same seller stock number already exists on the seller’s account that item cannot be created/posted by the Inventory API.
- If the item that is posted by API is edited on GunsAmerica that item becomes a manual listing and cannot be updated by the Inventory API anymore.
Authentication
All GunsAmerica APIs use OAuth 2.0 protocol for application authentication and user authorization. To access our API, you will first need to obtain an access token from GunsAmerica access token service by providing your Client ID and Client secret.
All requests made to GunsAmerica REST operations require the authorization HTTP header for authentication
To obtain Client Id and Client secret you must sign up for GA API.
Obtaining OAuth access token
The request requires the following values:
- ClientID – your client id (provided to you when you sign up for the service).
- ClientSecret – Base64-encoded string (provided to you when you sign up for the service).
- OAuth scope(s) – required for access to the REST interfaces.
Access token Request example:
HTTP method: POST
URL: https://functions-prod.gunsamerica.com/api/identity/connect/token
HTTP headers:
content-type: application/x-www-form-urlencoded
Request body
grant_type:”client_credentials”
scope:”InventoryServiceAPI”
client_id:”TestSeller”
client_secret:”XXXXX-XXX-XXXX-XXXX-XXXXXXX”
Response Body
access_token:”5404d41b24a788u9khknhd0eac9360092″
expires_in:3600
token_type:”Bearer”
Inventory API Reference
GET Inventory
{{url}}/api/inventory
Returns uploaded inventory on GunsAmerica associated with the dealer account.
HEADERS
The authorization header is the only required HTTP header for this call.
| Header | Data Type | Description |
| Content-Type | application/json | The format and encoding of the request message |
| Authorization | OAuth 2.0 access token | OAuth 2.0 protocol used for application authentication and user authorization |
RESPONSE
| Field | Type | Description |
| AddToGA | boolean | Is item posted to GA Listings |
| ListingType | int |
|
| Caliber | string | The caliber that item uses Required if firearm |
| CategoryID | int | GunsAmerica category Id |
| CategoryName | string | GunsAmerica category name |
| Condition | int | Item Condition:
|
| CountOfDrops | int | Count of quantity reduced |
| DeletedOn | datetime | When the item was deleted |
| Description | String | Item description |
| Error | string | List of errors if any |
| FixedPrice | decimal | Item price |
| ItemID | int | Inventory item id |
| ListingId | int | Listing Id |
| ListingUrl | string | URL of listing on GunsAmerica |
| ListingStatus | string | Last listing status:
|
| ListingDuration | int | Number of days before listings ends |
| Manufacturer | string | Name of manufacturer Required |
| MfgPartNumber | string | Manufacturer |
| Model | string | Name of model Required if firearm |
| ModifiedOn | datetime | Modified date time |
| PictureURLs | string | Comma delimited image URLs |
| Quantity | int | Quantity |
| SerialNumber | string | Deprecated use Seller stock number instead |
| ShippingCost | string | Shipping cost, if no cost is entered shipping will default to free |
| ShippingText | string | Shipping text |
| Title | string | Item title |
| UPC | string | Item UPC |
| Weight | decimal | Item weight in pounds |
GET Inventory Item
{{url}}/api/inventory/{your seller stock number}
Returns an item that matches your seller stock number.
HEADERS
The authorization header is the only required HTTP header for this call.
| Header | Data Type | Description |
| Content-Type | application/json | The format and encoding of the request message |
| Authorization | OAuth 2.0 access token | OAuth 2.0 protocol used for application authentication and user authorization |
INPUT – URI parameters
| Parameter | Data Type | Description |
| id | string | Seller stock number Required |
RESPONSE
| Field | Data Type | Description |
| AddToGA | boolean | Is item posted to GA Listings |
| ListingType | int |
|
| Caliber | string | The caliber that item uses Required if firearm |
| CategoryID | int | GunsAmerica category Id |
| CategoryName | string | GunsAmerica category name |
| Condition | int | Item Condition:
|
| CountOfDrops | int | Count of quantity reduced |
| DeletedOn | datetime | When the item was deleted |
| Description | String | Item description |
| Error | string | List of errors if any |
| FixedPrice | decimal | Item price |
| ItemID | int | Inventory item id |
| ListingId | int | Listing Id |
| ListingUrl | string | URL of listing on GunsAmerica |
| ListingStatus | string | Last listing status:
|
| Manufacturer | string | Name of manufacturer Required |
| MfgPartNumber | string | Manufacturer |
| Model | string | Name of model Required if firearm |
| ModifiedOn | datetime | Modified date time |
| PictureURLs | string | Comma delimited image URLs |
| Quantity | int | Quantity |
| SerialNumber | string | Deprecated use Seller stock number instead |
| ShippingCost | string | Shipping cost, if no cost is entered shipping will default to free |
| ShippingText | string | Shipping text |
| Title | string | Item title |
| UPC | string | Item UPC |
| Weight | decimal | Item weight |
| WeightUnit | int | Item weight in pounds |
RESPONSE CODES
This call returns one of the following HTTP status codes:
| Status | Description |
| 200 | OK |
| 400 | Bad Request |
| 404 | Not Found |
| 500 | Internal Server Error |
POST Inventory Item
{{url}}/api/inventory/
This API enables you to create (post listing) or update inventory item.
Important notes/rules:
If the same seller stock number is listed manually the item will not be created.
If you edit a listing on GunsAmerica that is created by API or bulk upload, that listing cannot be updated anymore by API/Bulk upload.
If the item has already been posted to your inventory an UPDATE will be performed. In this case the fields that are not sent and not required will not be updated. For example if you only send required fields and Item Title, only the Title (plus required fields) will be updated. Other fields will be ignored.
Once item quantity reaches 0 the listing will be made inactive.
You can create listings with limited data: UPC, Price, Seller Stock Number, & Condition. This will create listings with manufacture specification data, including descriptions and pictures.
If UPC is not provided: Manufacturer, Model, Category ID, Caliber, Seller stock number, PictureURL, Title, Price, Quantity, Weight, Condition, and Description are required.
HEADERS
| Header | Data Type | Description |
| Content-Type | application/json | The format and encoding of the request message. |
| Authorization | OAuth 2.0 access token | OAuth 2.0 protocol used for application authentication and user authorization. |
INPUT – JSON
| Field | Data Type | Description |
| AddToGA | boolean | List item on GA Listings |
| ListingType | int |
|
| Caliber | string | The caliber that item uses Required if UPC is not provided |
| CategoryID | int | Valid GunsAmerica Category ID Required if UPC is not provided |
| Description | String | Item description. Non ASCII characters will be removed. If length is > 5000, the rest is truncated. |
| Condition | int | Item Condition:
Required |
| FixedPrice | decimal | Item price Required |
| Manufacturer | string | Name of manufacturer Required if UPC is not provided |
| MfgPartNumber | string | Item part number |
| Model | string | Name of model Required if UPC is not provided |
| PictureURLs | string | Comma delimited image URLs Required if UPC is not provided |
| Quantity | int | Quantity Required |
| SerialNumber | string | Deprecated use Seller stock number instead Required |
| ShippingCost | string | Shipping cost, if no cost is entered shipping will default to free |
| ShippingText | string | Shipping text. Non ASCII characters will be removed. Maximum 500 characters. |
| Title | string | Item title Required if UPC is not provided |
| UPC | string | Item UPC if available |
| Warning | string | Warning messages |
| Weight | decimal | Item weight |
| WeightUnit | int | Item weight in pounds |
RESPONSE CODES
This call returns one of the following HTTP status codes:
| Status | Description |
| 200 | OK |
| 201 | Created |
| 400 | Bad Request |
| 404 | Not Found |
| 500 | Internal Server Error |
This call will return created or updated inventory items.
Status can be:
- CREATED
- UPDATED
- MANUAL
- DROP
- NO CHANGE
The returned item will also have a list of error messages if any.
POST ITEM Request example:
var settings = {
“async”: true,
“crossDomain”: true,
“url”: “http://{{url}}/api/inventory/”,
“method”: “POST”,
“headers”: {
“Content-Type”: “application/json”
},
“processData”: false,
“data”: “{
“CategoryID”: 4,
“Condition”: 2,
“Description”: “For sale is a Glock 19 gen 5 chambered in 9mm!”,
“FixedPrice” : “600”,
“MfgPartNumber” : ,
“SerialNumber” : “135686-mro997”,
“UPC” : “723175704183”,
“ShippingCost”: 19.99,
“ShippingText”:”not expensive shipping…
only $19.99″,
“Title”:”Glock 19 gen 5 w/ 3 mags and add ons!”,
“Quantity”:5,
“ShippingCost”:30,
“AddToGA”:”true”,
“AddToLSF”:”true”
}”
}
$.ajax(settings).done(function (response) {
console.log(response);
});
POST ITEM response example:
{
“ItemID”: 246266,
“ListingId”: 933227534,
“ListingStatus”: “CREATED”,
“ListingUrl”: “https://gunsamerica.com/firearms/handguns/semi-auto/Glock/19?p=3a57e6b9-6603-43db-95cf-b70f00e22985”,
“Message”: null,
“ModifiedOn”: “2017-12-29T01:24:31.567”,
“DeletedOn”: null,
“Error”: [],
“Warning”: [],
“AddToGA”: true,
“AddToLSF”: true,
“BuyNowPrice”: null,
“CategoryID”: 894,
“CategoryName”: null,
“Condition”: 2,
“ConditionDescription”: “NIB”,
“CountOfDrops”: 0,
“Description”: “For sale is a Glock 19 gen 5 chambered in 9mm!”,
“FixedPrice”: 600,
“InspectionPeriod”: 14,
“MfgPartNumber”: “glock”,
“ListingDuration”: null,
“PictureURLs”: null,
“Quantity”: 5,
“ReserverPrice”: null,
“SerialNumber”: “135686-mro997”,
“ShippingCost”: 19.99,
“ShippingText”: “not very expensive shipping… <br>only $19.99”,
“SKU”: “JRC10G3-TB/BL”,
“Title”: “Glock 19 gen 5 w/ 3 mags and add ons!”,
“UPC”: “723175704183”,
“Weight”: 0,
“WeightUnit”: 0
}
DELETE Inventory Item
{{url}}/api/inventory/{your seller stock number}
This will mark your uploaded item as deleted. Listings with the same seller stock number that are not manually listed will become inactive.
HEADERS
| Header | Data Type | Description |
| Content-Type | application/json | The format and encoding of the request message. |
| Authorization | OAuth 2.0 access token | OAuth 2.0 protocol used for application authentication and user authorization. |
INPUT – URI parameters
| Parameter | Data Type | Description |
| id | string | Seller stock number Required |
RESPONSE
This call returns one of the following HTTP status codes:
| Status | Description |
| 200 | OK |
| 400 | Bad Request |
| 404 | Not Found |
| 500 | Internal Server Error |
GET /api/Categories
Request
Method: GET
URL: https://gunamerica.com/api/Categories
Query Parameters
| Name | In | Type | Required |
|---|---|---|---|
| Manufacturer | query | string | No |
| Model | query | string | No |
| Caliber | query | string | No |
| Upc | query | string | No |
Example Request (cURL)
curl -X GET "https://gunsamerica.com/api/Categories?Manufacturer=manufacturerValue&Model=modelValue&Caliber=caliberValue&Upc=upcValue" \
-H "Authorization: Bearer <token>"Example Request (HTTP)
GET /api/Categories?Manufacturer=manufacturerValue&Model=modelValue&Caliber=caliberValue&Upc=upcValue HTTP/1.1
Host: api.yoursite.com
Authorization: Bearer <token>Response
200 OK
Schema: object with property items (Dictionary<int, string>)
Example Response
{
"items": {
"0": "Collectible Firearms",
"1": "Black Powder Muzzleloaders",
"2": "Everything Else",
"3": "Other Pistols",
"4": "Semi Auto Pistols",
"5": "Revolvers",
"6": "Single Shot Pistols",
"7": "Pump Action Rifles",
"8": "Single Shot Rifles",
"9": "Semi Auto Rifles",
"10": "Bolt Action Rifles",
"11": "Lever Action Rifles",
"12": "Other Rifles",
"13": "Pump Action Shotguns",
"14": "Semi Auto Shotguns",
"15": "Side By Side Shotguns",
"16": "Other Shotguns",
"17": "Single Shot Shotguns",
"18": "Over Under Shotguns",
"19": "Ammunition",
"20": "Accessories",
"21": "Magazines",
"22": "Suppressor",
"23": "NFA",
"24": "Optics"
}
}401 Unauthorized
{
"error": "Unauthorized"
}Family Enum Values
| Value | Name |
|---|---|
| 0 | CollectibleFirearms |
| 1 | BlackPowderMuzzleloaders |
| 2 | EverythingElse |
| 3 | OtherPistols |
| 4 | SemiAutoPistols |
| 5 | Revolvers |
| 6 | SingleShotPistols |
| 7 | PumpActionRifles |
| 8 | SingleShotRifles |
| 9 | SemiAutoRifles |
| 10 | BoltActionRifles |
| 11 | LeverActionRifles |
| 12 | OtherRifles |
| 13 | PumpActionShotguns |
| 14 | SemiAutoShotguns |
| 15 | SideBySideShotguns |
| 16 | OtherShotguns |
| 17 | SingleShotShotguns |
| 18 | OverUnderShotguns |
| 19 | Ammunition |
| 20 | Accessories |
| 21 | Magazines |
| 22 | Suppressor |
| 23 | NFA |
| 24 | Optics |
add the below for webhooks section
Webhooks
Webhooks let your application receive real-time notifications whenever key events occur in the Seller API. Instead of polling for changes, simply register an HTTP endpoint and we’ll POST payloads to you as things happen.
Supported Events
| Event Name | When It Fires |
|---|---|
order.created | A new order is placed on your listings |
order.paid | Payment has been successfully captured |
1. Registering a Webhook Endpoint
Request
POST /api/webhooks
Content-Type: application/json
Authorization: Bearer {your_jwt_token}
{
"callbackUrl": "https://yourapp.com/api/hooks/incoming",
"eventType": "order.created"
}
- callbackUrl (string, required): The full URL where you’ll receive HTTP POSTs.
- eventType (string, required): One of the supported event names listed above.
Response
201 Created
{
"id": "a3f47b2e-9d14-4d93-8e75-1c2f4df1fa4c",
"callbackUrl": "https://yourapp.com/api/hooks/incoming",
"eventType": "order.created",
"signingSecret": "XyZAbC123...def",
"createdAt": "2025-07-25T18:42:00Z"
}
| Property | Type | Description |
|---|---|---|
id | UUID | Unique identifier for this registration |
signingSecret | string | HMAC key you’ll use to verify incoming payloads |
createdAt | date-time | When this webhook was registered |
2. Receiving & Verifying Payloads
When your registered event fires, we POST to your callbackUrl:
POST /api/hooks/incoming HTTP/1.1
Host: yourapp.com
Content-Type: application/json
X-Webhook-Timestamp: 1626873600
X-Webhook-Signature: sha256=abcdef1234567890...
{
"event": "order.created",
"data": {
"orderId": "d4e5f6a7-8b9c-0d1e-2f3g-4h5i6j7k8l9m",
"sellerId": "a3f47b2e-9d14-4d93-8e75-1c2f4df1fa4c",
"total": 349.95,
"items": [ … ]
}
}
- X-Webhook-Timestamp (integer): Unix-epoch seconds; helps prevent replay attacks.
- X-Webhook-Signature (string): HMAC-SHA256 of
"{timestamp}.{payload}"using yoursigningSecret, prefixed withsha256=.
Verifying the Signature
- Reconstruct the string:
"{X-Webhook-Timestamp}.{raw_request_body}" - Compute HMAC-SHA256 with your
signingSecret. - Compare (constant-time) to the hex digest after the
sha256=prefix. - Reject if timestamps differ by more than ±5 minutes.
3. Managing Your Webhooks
- List all:
GET /api/webhooks→ returns an array of your registrations. - Get one:
GET /api/webhooks/{id}→ details for a specific registration. - Delete:
DELETE /api/webhooks/{id}→ removes that endpoint (no more deliveries).
Best Practices
- Use HTTPS for all
callbackUrls. - Rotate your
signingSecretperiodically; support both old & new keys during overlap. - Respond with
2xxquickly—if we receive non-2xx, we’ll retry with exponential backoff. - Log both successes and failures on your side to diagnose delivery issues.
With webhooks in place, your system can react instantly to new orders, payments, and registrations—no polling required. If you have any questions or need further examples, please reach out to our developer support team.