Public API: Scanner
Public API to query products by barcode or name
Last updated: 2025-01-26
The Scanner public API allows querying product information using an access token. It's ideal for mobile applications, barcode scanners, or external systems that need to query products.
Endpoint
GET /api/public/scanner
Authentication
The API uses a Scanner Token unique per company for authentication.
Get Scanner Token
- Log in to Sarah
- Go to Settings > Integrations
- Find your Scanner Token
- Copy it and save it securely
Important: Don't share your Scanner Token publicly.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
token | string | ✅ Yes | Company's Scanner Token |
query | string | ✅ Yes | Barcode or product name to search |
companyId | number | ⚠️ Optional | Company ID (resolved from token if not provided) |
Request
Basic Example
httpGET /api/public/scanner?token=scanner_token_abc123&query=1234567890123
Example with Company ID
httpGET /api/public/scanner?token=scanner_token_abc123&query=1234567890123&companyId=42
Response
Success (200)
json{
"product": {
"id": 123,
"name": "Example Product",
"description": "Product description",
"BC": "1234567890123",
"base_price": 1500.00,
"photo": "https://example.com/photo.jpg",
"mark": "Example Brand",
"category_id": 5,
"enable": true
},
"alternatives": [
{
"id": 124,
"name": "Alternative Product",
"BC": "1234567890124",
"base_price": 1600.00
}
]
}
Product Not Found (200)
json{
"product": null,
"alternatives": []
}
Errors
Missing token (400):
json{
"error": "Missing required parameter: token"
}
Missing query (400):
json{
"error": "Missing required parameter: query"
}
Invalid token (401):
json{
"error": "Invalid token"
}
Company not found (404):
json{
"error": "Company not found"
}
Search Logic
The API searches products in the following order:
- Exact barcode search: If
queryexactly matchesBC, returns that product - Name search: If no exact match, searches products whose name contains
query - Alternative products: If there's an exact match, also returns similar products (same brand or category)
Search Example
Request:
httpGET /api/public/scanner?token=abc123&query=1234567890123
Processing:
- Search product with
BC = "1234567890123"→ Found - Returns that product + alternatives
Request:
httpGET /api/public/scanner?token=abc123&query=Product
Processing:
- Search product with
BC = "Product"→ Not found - Search products with
name LIKE "%Product%"→ Found several - Returns first + alternatives
Product Fields
| Field | Type | Description |
|---|---|---|
id | number | Unique product ID |
name | string | Product name |
description | string | Product description |
BC | string | Barcode |
base_price | number | Base price |
photo | string | Photo URL |
mark | string | Product brand |
category_id | number | Category ID |
enable | boolean | If product is enabled |
Use Cases
1. Mobile Scanner Application
javascriptasync function scanProduct(barcode) {
const response = await fetch(
`https://sarah.ar/api/public/scanner?token=${SCANNER_TOKEN}&query=${barcode}`
);
const data = await response.json();
if (data.product) {
displayProduct(data.product);
if (data.alternatives.length > 0) {
showAlternatives(data.alternatives);
}
} else {
showNotFound();
}
}
2. Query Terminal
javascriptasync function searchProduct(query) {
const response = await fetch(
`https://sarah.ar/api/public/scanner?token=${SCANNER_TOKEN}&query=${encodeURIComponent(query)}`
);
return await response.json();
}
3. External System Integration
pythonimport requests
def get_product_info(token, barcode):
url = "https://sarah.ar/api/public/scanner"
params = {
"token": token,
"query": barcode
}
response = requests.get(url, params=params)
return response.json()
Security
Access Token
- Scanner Token is unique per company
- Only allows querying products (read)
- Doesn't allow modifying data
- Can be regenerated from settings
Validation
- Token is validated against database
- Only returns products from associated company
- Only returns enabled products (
enable = true)
Rate Limiting
Consider implementing rate limiting in your application to prevent abuse.
Get Company Information
Endpoint
GET /api/public/scanner/company
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
token | string | ✅ Yes | Scanner Token |
companyId | number | ⚠️ Optional | Company ID |
Response
json{
"name": "My Company",
"logo_url": "https://example.com/logo.png"
}
Usage:
javascriptasync function getCompanyInfo() {
const response = await fetch(
`https://sarah.ar/api/public/scanner/company?token=${SCANNER_TOKEN}`
);
const data = await response.json();
displayCompanyLogo(data.logo_url);
displayCompanyName(data.name);
}
Best Practices
- Cache results: Cache frequently queried products
- Handle errors: Implement error handling for failed requests
- Validate input: Validate
querybefore sending - Use HTTPS: Always use HTTPS in production
- Protect token: Never expose token in frontend code
- Implement retry: Retry failed requests with exponential backoff
Troubleshooting
Error: "Invalid token"
- Verify token: Ensure it's correct
- Regenerate token: If necessary, regenerate from Settings
- Verify company: Ensure company exists
Product not found
- Verify code: Ensure barcode is correct
- Verify it's enabled: Only products with
enable = trueare returned - Try with name: Try searching by name instead of code
Slow request
- Verify connection: Ensure you have good connection
- Implement cache: Cache frequently queried products
- Optimize searches: Use barcodes when possible (faster)
Additional Resources
- Products API - Internal API for products
- Public Scanner - Scanner web interface
Support
If you need help:
- Verify token is correct
- Review API logs
- Contact Sarah support with error details