If you're building a B2B SaaS product, the ecommerce platform your customer uses is rarely the one you planned for. A fulfillment tool, a tax app, an inventory sync service — each needs to read orders, access product data, and write back to stores your team doesn't control. This distinction shapes every integration decision, from auth model to rate limit handling to webhook reliability.

This article covers 20 ecommerce platforms and tools your team is most likely to encounter: the platforms where merchants sell, the payment and shipping services powering checkout, and the tax and search tools increasingly embedded in modern commerce stacks. For each one you'll find the auth pattern, rate limit specifics, and at least one real production consideration that documentation rarely mentions.

Shopify

Shopify runs the largest third-party app ecosystem in commerce, which makes its API the most battle-tested of the platforms here. The Admin API covers products, orders, customers, inventory, fulfillment, metafields, and payouts. Auth uses OAuth 2.0 with granular read/write scopes per resource — you request only what you need during install, and Shopify rejects installs that request unnecessary scopes. Rate limits on the REST API follow a leaky bucket model: 40 requests per bucket, refilling at 2 per second per app per store. The GraphQL Admin API uses a cost-based system (1,000 points per second) where each query has a calculable cost you can inspect before sending. As of the 2025-07 API version, Shopify deprecated several REST endpoints in favor of GraphQL-only coverage; check the Shopify API changelog before assuming REST parity. Webhooks include HMAC-SHA256 verification via the X-Shopify-Hmac-Sha256 header. The most common production issue is leaking bucket capacity across concurrent workers — queue requests per store, not globally. Connect via Apideck's Shopify connector.

Amazon Seller Central

Amazon's Selling Partner API (SP-API) replaced the legacy MWS API and is now the only supported path for seller automation. Auth is OAuth 2.0 via a multi-step authorization through Seller Central, with role-based permissions that Amazon assigns to your developer profile. Some API groups (Finances, Reports, Feeds) require a separate role request that goes through manual review, which can take days or weeks. Rate limits are per-endpoint — the Orders API runs at 0.0167 requests per second for getOrders, which surprises teams expecting REST-standard limits. Use the Reports API for bulk order and inventory data instead of polling getOrders. The Notifications API handles real-time events via webhook to HTTPS, EventBridge, or SQS — SQS is the most reliable delivery target for high-volume sellers. The sandbox uses static test data by default; dynamic testing requires generating specific test scenarios manually.

WooCommerce

WooCommerce is the most widely installed ecommerce plugin, powering roughly a third of all online stores according to BuiltWith's 2025 data. Its REST API lives at /wp-json/wc/v3/ and covers orders, products, customers, and coupons. Auth uses consumer key and secret generated from the WooCommerce admin; pass them via HTTP Basic over HTTPS. There is no platform-level rate limit — throttling is determined by the merchant's server and hosting configuration. A store on managed WordPress hosting will respond predictably; a store on shared cPanel hosting can time out under normal load. Pagination uses page and per_page (max 100), with X-WP-TotalPages in the response header. Webhooks have no built-in retry mechanism and depend on WordPress cron for delivery — on stores with broken cron setups, webhooks fail silently. Plan for polling as a fallback on any critical sync. Connect via Apideck's WooCommerce connector.

Wix

Wix has moved beyond drag-and-drop templates with its Headless API and the Velo developer platform. The REST API covers stores, orders, products, inventory, and collections, with OAuth 2.0 for third-party app auth. Rate limits sit at 200 requests per minute per app for most endpoints. The useful integration surface for B2B SaaS is the Wix Stores API, which covers order sync and product catalog access for smaller merchants. The friction point is that Wix merchants who built their store before enabling headless features often have inconsistent data structures — product fields present in the UI aren't always exposed via the API without enabling specific site capabilities first. Connect via Apideck's Wix connector.

Magento / Adobe Commerce

Adobe Commerce (formerly Magento) is the dominant choice for enterprise B2B and high-complexity catalog setups. The REST and GraphQL APIs cover catalog, cart, checkout, customer accounts, orders, and the multi-source inventory (MSI) module. Auth uses OAuth 1.0a for third-party integrations — a more involved handshake than modern OAuth 2.0, with token and token secret pairs that need signing per request. There is no application-level rate limit by default; it depends on the merchant's server configuration. The data model is the most complex here: configurable, bundle, grouped, and virtual products each have different attribute structures, and custom attributes are the norm in enterprise setups. Build your attribute mapping to be configurable rather than hardcoded. Connect via Apideck's Magento connector.

BigCommerce

BigCommerce targets mid-market and enterprise merchants who want SaaS reliability without the limitations of a closed platform. Their v3 REST API covers products, orders, customers, inventory locations, price lists, and multi-storefront management. Auth uses API keys for server-side integrations or OAuth for apps in their marketplace. Rate limits run at 400 requests per minute, with X-Rate-Limit-Requests-Left and X-Rate-Limit-Time-Reset-Ms in response headers for pacing. The multi-location inventory API (v3) supports per-location stock levels and location-specific availability, which matters for merchants running multiple warehouses. B2B Edition extends the API with price lists, customer groups, purchase orders, and quote management — one of the few platforms with genuine API-level support for wholesale workflows. Connect via Apideck's BigCommerce connector.

TikTok Shop

TikTok Shop hit $33 billion in GMV in 2024, and for SaaS platforms serving social commerce sellers it is no longer optional coverage. The API covers product management, order management, fulfillment, returns, and creator/affiliate operations. Auth is OAuth 2.0 with merchant authorization through TikTok Seller Center; apps go through a review process before receiving production credentials, with a sandbox environment available during development. The API is newer than the other platforms here — documentation gaps and webhook reliability that is less consistent than Shopify are real concerns. Build in polling reconciliation for any sync that cannot tolerate missed events. TikTok's app review process requires submitting use case documentation, so account for that timeline before committing to a delivery date. Connect via Apideck's TikTok Shop connector.

Walmart Marketplace

Walmart Marketplace gives sellers access to Walmart.com's customer base, which reaches roughly 120 million unique monthly US visitors per Walmart's own investor materials. The Marketplace API covers listings, inventory, orders, shipping, returns, and reporting. Auth requires registering as a developer through the Walmart Developer Center and obtaining Consumer ID and Private Key credentials. Some API categories require additional approval. Rate limits are enforced dynamically per endpoint rather than published as a fixed number — plan for 429 handling and exponential backoff from day one. The developer portal has historically had reliability issues, though Walmart has improved OpenAPI spec availability and Postman collections in recent releases. Connect via Apideck's Walmart connector.

Etsy

Etsy is the primary marketplace for handmade, vintage, and craft goods, with 90 million active buyers as of Etsy's 2024 annual report. The v3 API covers listings, inventory, shipping profiles, receipts, and shop management. Auth is OAuth 2.0 with a standard authorization code flow; apps require manual approval from Etsy before going live, and Etsy has historically been restrictive about new app approvals for automation use cases. Rate limits are set at 10 requests per second per key, with a 10,000 request daily cap on the standard tier. For inventory sync, Etsy uses quantity-based inventory at the listing level rather than variant-level SKUs, which requires a mapping layer if your canonical model uses SKUs. Connect via Apideck's Etsy connector.

Lightspeed Retail POS

Lightspeed Retail is the leading cloud POS for brick-and-mortar retail, commonly used by specialty retailers and apparel stores. The API uses OAuth 2.0 and covers sales, inventory, customers, employees, and purchase orders. Rate limits are set at 2 requests per second with a burst of 10 — build your sync logic to use webhooks for real-time events rather than polling. The inventory model is location-aware and well-structured for multi-site retail operations. Where integrations get complex is around item matrices (Lightspeed's term for product variants) — the matrix structure stores each variant combination as a matrix entry with its own item ID, requiring two levels of ID resolution when syncing products to other platforms. Connect via Apideck's Lightspeed connector.

Lightspeed eCom (C-Series)

Lightspeed eCom C-Series is the newer generation of Lightspeed's ecommerce platform, distinct from the legacy E-Series. The REST API covers products, orders, customers, and store configuration, with OAuth 2.0 auth. The key integration use case is syncing with Lightspeed Retail POS for unified inventory — changes to stock in the POS should reflect on the eCom storefront and vice versa. The C-Series API is better documented and more predictable than the legacy E-Series. For new integrations, target C-Series; E-Series is still live but in maintenance mode. Connect via Apideck's Lightspeed eCom connector.

Picqer

Picqer is a warehouse management system built specifically for ecommerce fulfillment operations, popular with mid-sized European online retailers. The REST API covers products, stock, purchase orders, pick lists, shipments, and returns. Auth uses Basic auth with an API key as the username and an empty password. Picqer's documentation recommends staying under 1 request per second to avoid throttling on shared infrastructure. The most practical integration pattern is inbound order sync (push new orders from your storefront or OMS into Picqer) and outbound shipment tracking (pull tracking numbers and fulfillment status back out). Stock mutations flow from physical warehouse activity rather than being writeable via API directly — stock levels reflect picks, receipts, and corrections rather than accepting arbitrary set-quantity calls.

Mollie

Mollie is the leading payments API for European ecommerce, covering online payments, subscriptions, point-of-sale terminals, and refunds. Auth uses Bearer token with an API key in the Authorization header. Mollie provides separate test and live keys, and the API is identical in both environments. The payment methods available depend on the merchant's account country — iDEAL is Dutch-only, Bancontact is Belgian-only, SEPA Direct Debit requires additional activation. For SaaS platforms processing payments across multiple merchants, Mollie's Organization Access Tokens allow managing multiple Mollie accounts under one API credential, which simplifies multi-tenant architecture significantly.

PrestaShop

PrestaShop is an open-source ecommerce platform with strong adoption in France, Spain, and Eastern Europe. The webservice API uses API key auth passed as a Basic auth username with an empty password. The default API format is XML, though a JSON wrapper exists. As of PrestaShop 8, a new API layer based on OAuth 2.0 is in development but not yet stable for production use — most integrations still target the legacy webservice. Rate limits are server-dependent, similar to WooCommerce. The data model uses a resource-based structure where most objects have both a lightweight list endpoint and a full detail endpoint, requiring two levels of calls to sync a full product catalog. Connect via Apideck's PrestaShop connector.

Shopware

Shopware is an open-source commerce platform with a strong foothold in DACH markets and growing adoption across Europe. Shopware 6 ships with a full REST and GraphQL API, the Store API (for headless storefronts), and the Admin API (for backend automation). Auth on the Admin API uses OAuth 2.0 with password grant or client credentials. Rate limits are configurable by the merchant's server setup and not enforced at the application level by default. The plugin architecture is Symfony-based, making API extension straightforward for teams with PHP experience. Where Shopware lags is webhook maturity — the event system is capable but webhook management is less polished than Shopify's, and delivery guarantees depend on the merchant's queue configuration. Connect via Apideck's Shopware connector.

Stripe

Stripe is the payment infrastructure layer for most developer-first commerce stacks. Its API covers payment processing, subscriptions and billing, invoicing, fraud detection (Radar), identity verification, tax calculation, and marketplace payouts via Connect. Auth uses secret API keys server-side and publishable keys client-side. Stripe recommends restricted keys scoped to the minimum permissions needed rather than full-access keys in production. The API runs at 100 requests per second in live mode per account; the Retry-After header on 429 responses tells you when to retry. The most critical design decision for SaaS platforms is choosing the right Stripe Connect account type — Standard accounts let sellers manage their own Stripe compliance and tax obligations; Custom accounts give you full UI control but put KYC and compliance responsibility on your platform. Stripe webhooks are signed with HMAC-SHA256 via the Stripe-Signature header and support endpoint-level event filtering. For platforms that also need to sync payment data with accounting systems, see Apideck's accounting integrations for the downstream reconciliation layer.

Algolia

Algolia is the most widely used hosted search API in ecommerce, built for fast product discovery, faceted filtering, and AI-powered recommendations. The Search API delivers sub-20ms response times via distributed infrastructure with automatic geographic routing. Auth uses Application ID and API key pairs — search-only keys are safe to expose in frontend code; admin keys must stay server-side. Usage is metered by operations (searches, indexing calls, recommendations), not by request volume per second. Re-indexing large product catalogs requires batching into chunks of 1,000 records per call using the batch endpoint; larger single-call imports will time out. The AI Recommend API offers four models (bought-together, related-products, trending-products, and custom) and requires sufficient event data before producing useful recommendations — plan for a cold-start period of several weeks on new indices.

Kintsugi

Kintsugi is an AI-native sales tax compliance platform that handles nexus monitoring, rate calculation, registration, filing, and remittance across 12,000+ US jurisdictions and 36 countries including Canada, the UK, Australia, and the EU. For ecommerce SaaS platforms, the integration case is straightforward: your customers sell across states and countries, trigger economic nexus thresholds they're often unaware of, and need automated calculation and filing without switching their existing stack. Auth uses an API key passed as a Bearer token. SDKs are available in Python, TypeScript, Java, PHP, and Ruby. The core workflow is: sync transaction records to Kintsugi (orders, line items, addresses, product codes), let Kintsugi calculate and apply the correct tax per jurisdiction, and have it handle filing and remittance on a schedule. The AI-powered product categorization classifies your SKUs against state-specific taxability rules automatically, removing a significant manual step. Pricing is flat per government action ($75/filing) with no hidden API call costs. Kintsugi also has an MCP server for agentic workflows. See Apideck's Kintsugi customer case and the tax automation use case for how ecommerce order data feeds the compliance layer.

Shippo

Shippo provides a multi-carrier shipping API covering rate comparison, label generation, tracking, and returns across 85+ carriers including UPS, FedEx, USPS, DHL, and regional carriers. Auth uses the API token passed as ShippoToken in the Authorization header. Rate limits are 100 calls per second on paid plans. Label generation is a two-step process: first create a Shipment object (origin, destination, parcels), then create a Transaction against one of the rates returned — the object_id from the shipment must carry through to the transaction call. Carrier API calls are asynchronous in Shippo's model; a transaction can come back with status QUEUED before resolving to SUCCESS or ERROR, so build polling or webhook handling for label status rather than assuming synchronous resolution. Tracking webhooks push updates per carrier tracking number and are reliable across major carriers, though regional carrier tracking data quality varies.

bol.com

bol.com is the dominant ecommerce marketplace in the Netherlands and Belgium, with more than 13 million active customers. For any SaaS platform serving Benelux merchants, bol.com integration is frequently a requirement. The Retailer API covers product offers, orders, shipments, returns, and performance metrics. Auth uses OAuth 2.0 with client credentials flow; apps must register via the bol.com partner portal to obtain a Client ID and Secret. Rate limits are set at 30 requests per second per client. The most important structural difference from other platforms is that bol.com uses EAN (European Article Number) codes as the primary product identifier rather than SKUs — products are submitted against EANs in the bol.com catalog, requiring EAN-to-product mapping if you're syncing from Shopify or WooCommerce stores that use internal SKUs. Orders must be accepted and shipped within defined SLA windows; the API exposes SLA deadline timestamps on each order line that your integration needs to surface clearly to avoid seller penalties. Connect via Apideck's bol.com connector.

Integrating with Apideck

Every individual integration above is buildable. The problem is building and maintaining all of them simultaneously. Each connector represents ongoing work: tracking platform API version changes, handling auth renewal edge cases, managing platform-specific error codes, and updating field mappings when platforms add or remove attributes. Multi-platform coverage across five or six connectors can become the work of a full-time engineer.

Instead of building separate, point-to-point connections for every platform, Apideck's Ecommerce Unified API gives your team a single integration point that maps to a common ecommerce schema, handles platform-specific auth renewal and pagination, and absorbs API version changes. You can connect to Shopify, WooCommerce, BigCommerce, Magento, Amazon, TikTok Shop, Walmart, Etsy, bol.com, and others through one API surface, with normalized objects for orders, products, customers, and inventory.

Before committing to an integration path, the ecommerce partnership guide covers which connectors require platform-side developer registration versus which are available to use immediately. And if you're building Shopify specifically, the Shopify OAuth app guide walks through the full app setup.

Wrapping Up

This article covered 20 ecommerce platforms and tools — from Shopify and Amazon to Kintsugi, Shippo, and bol.com. In practice, most B2B SaaS products don't stop at one. You'll end up supporting whichever platforms your customers use, and that set grows over time. Building and maintaining direct integrations individually becomes a significant engineering overhead before long.

Apideck's Unified APIs let you build native integrations through a single, normalized interface so your team can focus on product rather than connector maintenance.