Lacspace
Loading
Lacspace isn't just apps — it's a platform. Every product ships with a REST API, real-time webhooks and scoped keys, so your systems and ours work as one. Sell faster, automate the busywork, and keep your data in sync.
The same infrastructure that powers our own apps is available to you — secure, documented and production-ready.
Clean, predictable JSON endpoints for every product — orders, billing, inventory, catalog and analytics. Live data, same as our own apps consume.
Subscribe to real-time events — a new order, a paid bill, a settled payout — and push them straight into your own systems.
Issue per-integration keys with the exact permissions you need. Rotate or revoke instantly, with full audit visibility.
Multi-tenant by design. Every business gets its own isolated data boundary, so an integration only ever sees its own records.
All traffic is encrypted end-to-end. Sensitive fields are protected at rest and in motion with enterprise-grade controls.
Need a bespoke bridge to your CRM, accounting or supply-chain tool? We build and host the middleware so the two systems just talk.
Authenticate, make a request, subscribe to events. Most teams go live in an afternoon.
Request a scoped key from your dashboard or our team. Keep it server-side — never ship it to the browser.
Pass the key as a Bearer token. Every endpoint returns predictable JSON with clear error codes.
Register a webhook once and we'll push every order, payment and payout to you in real time.
# 1 — Exchange your key for a short-lived token
curl https://api.scansewa.com/v1/auth/token \
-H "Authorization: Bearer sk_live_••••••"
# 2 — List today's paid orders for your tenant
curl https://api.scansewa.com/v1/orders \
-H "Authorization: Bearer sk_live_••••••" \
-G -d status=paid -d date=today
# 3 — Subscribe to new orders
curl -X POST https://api.scansewa.com/v1/webhooks \
-H "Authorization: Bearer sk_live_••••••" \
-H "Content-Type: application/json" \
-d '{ "url": "https://yourapp.com/hooks", "events": ["order.created"] }'Same request, your stack. Official SDKs for Node and Python, plus plain HTTP for everything else.
import { Lacspace } from "@lacspace/sdk";
const client = new Lacspace({
apiKey: process.env.LACSPACE_API_KEY,
product: "scansewa",
});
// List today's paid orders
const orders = await client.orders.list({
status: "paid",
date: "today",
});
console.log(orders.data.length, "orders");from lacspace import Lacspace
client = Lacspace(
api_key=os.environ["LACSPACE_API_KEY"],
product="scansewa",
)
# List today's paid orders
orders = client.orders.list(
status="paid",
date="today",
)
print(len(orders.data), "orders")Every product exposes the same core resources. Here's a taste — full reference comes with your API key.
| Method | Endpoint |
|---|---|
| POST | /v1/auth/token |
| GET | /v1/orders |
| POST | /v1/orders |
| GET | /v1/products |
| PATCH | /v1/products/:id |
| GET | /v1/payments |
| POST | /v1/webhooks |
| GET | /v1/analytics/sales |
Stop polling. Register an endpoint once and we deliver a signed JSON payload the moment something happens — with automatic retries and a verifiable signature on every delivery.
order.createdA new order was placedorder.updatedOrder status changed (preparing, ready, delivered)payment.succeededA payment was captured and verifiedpayment.refundedA refund was processedinventory.low_stockAn item crossed its low-stock thresholdpayout.settledA settlement was paid out to the merchant{
"id": "evt_3Pl9aZ",
"type": "order.created",
"created": 1718000000,
"tenant": "merchant_8Kf2",
"data": {
"order_id": "ord_8Kf2",
"total": 1480,
"currency": "NPR",
"table": "T-7",
"items": 4,
"status": "paid"
}
}import crypto from "crypto";
// Verify the signature on every webhook
export function verify(req) {
const sig = req.headers["x-lacspace-signature"];
const digest = crypto
.createHmac("sha256", process.env.WEBHOOK_SECRET)
.update(req.rawBody)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(sig),
Buffer.from(digest)
);
}| 400 | bad_request |
| 401 | unauthorized |
| 403 | forbidden |
| 404 | not_found |
| 409 | conflict |
| 429 | rate_limited |
| 5xx | server_error |
{
"error": {
"type": "unauthorized",
"message": "API key is invalid or expired.",
"request_id": "req_a91f2c"
}
}Rate limits are returned on every response via X-RateLimit-Remaining. A 429 includes a Retry-After header — back off and retry.
Pagination is cursor-based and stable under writes — pass the next_cursor from the previous page.
# Page through results with a stable cursor
curl https://api.scansewa.com/v1/orders \
-H "Authorization: Bearer sk_live_••••••" \
-G -d limit=50 -d cursor=eyJpZCI6Im9yZF84S2YyIn0
# Response
{
"data": [ /* … */ ],
"has_more": true,
"next_cursor": "eyJpZCI6Im9yZF85TGc3In0"
}Each Lacspace product exposes its own developer surface. Mix and match them to compose your own operations layer.
First-class libraries for Node.js and Python, with typed responses and built-in retries. Plain REST for every other language.
Test against realistic sandbox data with sk_test_ keys, then flip to sk_live_ when you're ready. Same API, zero surprises.
Every endpoint is versioned under /v1. We never break a released version — new behaviour ships behind new versions.
Encrypted transport, scoped keys and per-tenant isolation on every request.
Webhooks and live endpoints mean your data is never stale.
No API on the other side? We write and host custom middleware for you.
Tell us what you want to connect and we'll provision keys, share docs and help you ship. Most integrations go live in days, not months.