How we protect your data, our GDPR commitment, and how to integrate with the SehaCore API.
SehaCore is built with security at the core. We protect your data and our systems through technical and organisational measures so you can run your business with confidence.
We have procedures to detect, contain, and respond to security incidents. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected users in accordance with applicable law (e.g. within 72 hours where required by the GDPR). We will also take steps to mitigate harm and prevent recurrence.
If you become aware of a potential security issue (e.g. unauthorised access or a vulnerability), please report it to us at security@sehacore.com. We do not pursue legal action against researchers who report issues in good faith and follow responsible disclosure.
For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar laws, we process personal data in line with the GDPR and related legislation. This section summarises our approach; our Privacy Policy contains the full details.
Legal bases we rely on: performance of contract (providing the Service), legitimate interests (e.g. security, analytics, product improvement), consent (where we ask for it, e.g. marketing or non-essential cookies), and legal obligation (e.g. tax, anti-fraud).
You have the right to:
To exercise any of these rights, contact us at privacy@sehacore.com or use the details in our Privacy Policy. We will respond within the time required by law (typically one month) and may need to verify your identity.
Data Protection Officer (DPO): For questions about our processing of personal data or to exercise your rights, you can contact our privacy team at privacy@sehacore.com. If we designate a formal DPO, their contact details will be published here and in our Privacy Policy.
International transfers: Your data may be processed in countries outside the EEA/UK. We ensure appropriate safeguards (e.g. standard contractual clauses approved by the European Commission or UK authorities, or other mechanisms permitted by law) so that your data receives an adequate level of protection. Details can be provided on request.
The SehaCore API lets you integrate your applications with SehaCore to read and write data (e.g. products, sales, inventory) programmatically. All API access is over HTTPS. This section describes authentication, base URL, common endpoints, and usage limits.
API requests must be authenticated. We support:
Authorization header:Obtain tokens or API keys from your SehaCore account under Settings → Integrations → API (or the equivalent path in your workspace). Keep credentials secret and do not expose them in client-side code or public repositories.
Base URL: API requests are sent to your instance base URL, for example:
Replace your-domain with your workspace subdomain or the host provided in your account. The path may include a version prefix (e.g. /api/v1). Check the in-app API or developer section for your exact base URL.
Below is a representative list. Actual paths and parameters may vary; always refer to the latest in-app API documentation or OpenAPI/Swagger spec if provided.
| Method | Path | Description |
|---|---|---|
| GET | /products | List products (paginated). Query: page, per_page, warehouse_id, search. |
| GET | /products/{id} | Get a single product by ID. |
| POST | /products | Create a product. Body: name, sku, selling_price, cost_price, etc. |
| PUT | /products/{id} | Update a product. |
| GET | /sales | List sales/invoices. Query: date_from, date_to, warehouse_id, customer_id. |
| POST | /sales | Create a sale/invoice. Body: customer_id, items[], warehouse_id, etc. |
| GET | /inventory/stock | Get stock levels. Query: warehouse_id, product_id. |
| GET | /warehouses | List warehouses. |
| GET | /customers | List customers. Query: search, page, per_page. |
| POST | /customers | Create a customer. |
Requests should send Content-Type: application/json when including a body. Responses are typically JSON with a structure such as:
For list endpoints, data may be an object with items (array) and meta (pagination: total, current_page, per_page).
200 – Success (GET, PUT, PATCH).201 – Created (POST).400 – Bad request (invalid parameters or body).401 – Unauthorised (missing or invalid token).403 – Forbidden (insufficient permissions).404 – Resource not found.422 – Unprocessable entity (validation errors).429 – Too many requests (rate limit exceeded).500 – Server error; retry with backoff.On error, the body may look like:
To ensure fair use and stability, we apply rate limits (e.g. requests per minute per token or per IP). When exceeded, the API returns 429 Too Many Requests. Response headers may include X-RateLimit-Limit, X-RateLimit-Remaining, and Retry-After. Implement exponential backoff when you receive 429.
We version the API (e.g. /api/v1). New versions may be introduced with notice; we will support previous versions for a reasonable period. Deprecation and migration details will be communicated via release notes or email to API users.
For the most up-to-date list of endpoints, parameters, and examples, use the API documentation available in your SehaCore workspace (Settings → API / Developer) or contact support@sehacore.com for developer access.