FHC API v1.1
For authorized FHC resellers

Submit resale orders to FHC programmatically.

The FHC Reseller API exposes authenticated endpoints that write orders directly into Frameless Hardware Company's D3 ERP and return order numbers, product availability, and customer-specific pricing.

API is operational
Live endpoint
POSThttps://api4.fhchardware.com/v1/orders
Auth
X-API-Key
Content
application/json
Idempotent
via X-Idempotency-Key
Spec
openapi.yaml
§ 01 / Quick start

Your first order in one call.

cURL

Replace $TOKEN with the API key delivered to you by FHC out-of-band. The token format is tok_<customer_id>.<secret> and is scoped to a single FHC customer account — you cannot place orders on behalf of a different customer.

request.shcurl -X POST https://api4.fhchardware.com/v1/orders \
  -H "X-API-Key: $TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-Idempotency-Key: po-12345-attempt-1" \
  -d '{
    "REC": {
      "SHIP_TO_FNAME":   "Jane",
      "SHIP_TO_LNAME":   "Doe",
      "SHIP_TO_ADDRESS": "123 Main St",
      "SHIP_TO_CITY":    "Charlotte",
      "SHIP_TO_STATE":   "NC",
      "SHIP_TO_ZIP":     "28202",
      "SHIP_TO_COUNTRY": "US",
      "PURCHASE_ORDER":  "PO-12345",
      "ORDER_LINES": [
        { "PRODUCT_CODE": "HP2X6SSS", "ORDER_QUANTITY": 4 }
      ]
    }
  }'

A successful call returns HTTP 200 with the D3 order number:

200 OK{
  "order_number": "918845",
  "customer_number": 46813,
  "status": "created"
}

See the full schema for every field and all optional fields (JOB_NAME, SHIP_VIA, LOC, and others). Carrier and warehouse code values are on the Codes page.

§ 02 / Authentication

Token-scoped, injection-safe.

X-API-Key

Every request must include an X-API-Key header. The token is issued by FHC in the form:

tok_<customer_id>.<secret>

Customer injection is enforced server-side. The customer ID bound to your token is the customer the order will be created under. Do not include a CUSTOMER_NUMBER field in your request body — any value supplied is ignored.

Tokens are delivered once via a secure out-of-band channel. They are stored hashed on our side and cannot be recovered — only rotated. If you lose a secret, contact FHC to rotate; the old value is invalidated immediately on rotation.

§ 03 / Error reference

Every status code, one page.

Response codes

HTTP 400 means the request was rejected — either the JSON was malformed or D3 rejected it on a business rule (inactive customer, unknown product code, etc.). HTTP 5xx means the request didn't reach completion; retry with the same idempotency key is safe.

StatusMeaningRecommended action
200Success (or idempotent replay)Persist the returned order_number
400Rejected — invalid JSON, unknown product, inactive customer, not a resale customer, etc.Read the error field; fix and resubmit with a new idempotency key
401Missing or malformed X-API-KeyCheck the token format and header name
403Token valid but not authorized for this operationContact FHC — your token's scope may need to be extended
429Rate limit exceededBack off and retry with exponential delay
500Unexpected internal errorRetry with the same X-Idempotency-Key
502Upstream ERP unreachableRetry with the same X-Idempotency-Key
504Upstream ERP timed outOrder may have been created — check before blind retry. Idempotency key protects against duplicates.