ReviewFlow REST API overview

Base URL

Use the production Gen 2 API front door unless Tailoredd gives you a tenant-specific endpoint. Staging smoke tests use the direct apiV2 Cloud Functions URL.

export RF_BASE_URL="https://cdn.tailoredd.com/apiV2"

Authentication

All requests require X-Merchant-Id. Additional auth depends on the call context:

Context	Headers
Browser / widget	`X-Merchant-Id` + `Origin` (whitelisted domain)
Server-to-server	`X-Merchant-Id` + `X-API-Key` (prefix: `tr_`)
Admin endpoints	`X-Merchant-Id` + `Authorization: Bearer <token>`

See Authentication for full details.

Response format

Admin and write endpoints return a structured JSON envelope:

{
  "success": true,
  "data": { /* endpoint-specific payload */ }
}

On error:

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Human-readable description"
  }
}

Public read endpoints can return resource-shaped payloads directly, for example GET /products/{productId}/reviews returns top-level reviews, totalReviews, and pagination fields. See Error codes for the full list.

Rate limits

Endpoint type	Limit
Public read (reviews, ratings)	100 req/min per origin
Upload signature	10 req/min per user
Admin write	60 req/min per token
Webhooks	30 req/min per merchant

Rate-limited responses return 429 Too Many Requests with a Retry-After header.

Pagination

Review endpoints use page-number pagination (page=1&limit=20). Q&A endpoints use cursor-based pagination (startAfter={id}).

Plan-gated features

Some features return 403 PLAN_UPGRADE_REQUIRED on lower-tier plans:

Feature	Required plan
Sentiment analysis	Growth+
Custom attributes	Growth+
Google Shopping feed	Growth+
Featured reviews	Growth+
Review update requests	Growth+

See Plans for full comparison.

Batch reviews

​Base URL

​Authentication

​Response format

​Rate limits

​Pagination

​Plan-gated features