API v1 · REST · JSON

Build on YarnTally

Every YarnTally instance ships with a REST API and webhook system. Integrate with your Tally, your ERP, your BI, or your custom automation.

Authentication

Generate an API key from Settings → API Keys. Every request needs an Authorization: Bearer YOUR_KEY header.

curl https://yarntally.vercel.app/api/v1/customers \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json"

Rate limits: 60 req/min on Trial/Suitable, 300 req/min on Pro, 1200 req/min on Premium+.

Endpoints (partial list)

MethodPathDescription
GET/api/v1/customersList all customers (paginated)
POST/api/v1/customersCreate a new customer
GET/api/v1/customers/{id}Fetch a specific customer
GET/api/v1/inventoryList inventory across all godowns
GET/api/v1/inventory/{sku}Get stock for a specific SKU
POST/api/v1/salesCreate a sale (generates invoice + decrements stock)
GET/api/v1/salesList sales (filter by date/customer/status)
GET/api/v1/sales/{id}Fetch a specific sale + invoice PDF URL
POST/api/v1/purchase-ordersCreate a purchase order
GET/api/v1/reports/sales-summaryAggregated sales summary
GET/api/v1/reports/gstr1GSTR-1 formatted export

Webhooks

Subscribe to any of these events from Settings → Webhooks. Every payload is HMAC-signed with your webhook secret in the X-YarnTally-Signature header.

sale.created

Fires when a new sale is logged

sale.cancelled

Fires when a sale is cancelled

sale.dispatched

Fires when order status changes to shipped

invoice.paid

Fires when payment is received against an invoice

customer.created

Fires when a new customer is added

stock.low

Fires when a SKU crosses the low-stock threshold

compliance.due

Fires 7 days before any compliance deadline (LUT, EDPMS, GST)

// Verify webhook signature (Node.js)
import crypto from "crypto";
function verify(payload, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  );
}

Security first

API keys are scoped to your org via row-level security — you cannot accidentally read another org's data even with a hijacked key. Rotate keys any time from Settings. See our Security page for full details.

Ready to build?

14-day trial — full API access included.