Developer quickstart · 5 minutes

Give your AI agent a catalog
and idempotent checkout

Add a working product catalog, orders, and retry-safe checkout to a Claude or GPT agent — without building or securing a commerce backend (Stripe wiring, order DB, idempotency) yourself. Start offline in mock mode with no signup, then switch to a live key.

1. Run the demo2. Get a key3. JS 4. curl5. Idempotency6. Why not X7. Troubleshoot

Step 1

Run the demo (offline, no signup)

Node 18+ (built-in fetch), zero dependencies. Grab the example and run it in mock mode:

# from the OrderCore repo
cd examples/agent-commerce-demo
node run.mjs

Expected output — it creates a checkout session, completes it, then retries the same session:

OrderCore agent-commerce demo — MOCK (offline, no key)...
▸ Agent tool: create_checkout_session      { "session_id": "sess_demo_1", ... }
▸ Agent tool: complete_checkout_session (attempt 1)          { "order": { "id": "ord_9F3K21" } }
▸ Agent tool: complete_checkout_session (retry, same session){ "order": { "id": "ord_9F3K21" } }
✅ AHA: retry returned the SAME order (ord_9F3K21). No duplicate, no double charge.

Exit code 0 means idempotency held. Run node run.mjs --help for options.

Step 2

Get an API key

Request a key at ordercore.ai/bootstrap — it starts a 3-day trial (no charge during the trial period).

What happens after you request a key: eligible new accounts get a first key issued instantly and can start calling the API right away. Otherwise the onboarding team finishes provisioning and emails your key. Either way you can inspect the live API at api.ordercore.ai/health first.

Then run the same demo live:

ORDERCORE_API_KEY=oc_live_xxx node run.mjs
# optional: a real SKU UUID from your catalog
ORDERCORE_API_KEY=oc_live_xxx ORDERCORE_SKU_ID=<sku-uuid> node run.mjs
Step 3

Call it from JavaScript

The four tools your agent calls, over plain REST. Live mode mints a short-lived public checkout token, then:

const BASE = 'https://api.ordercore.ai', KEY = process.env.ORDERCORE_API_KEY;

// short-lived public checkout token (agent/MCP flow)
const { token } = await (await fetch(BASE + '/v1/account/checkout-access-tokens', {
  method: 'POST', headers: { 'X-API-Key': KEY } })).json();

const H = { 'Content-Type': 'application/json', 'X-Checkout-Token': token };

// 1) create a checkout session for catalog line items
const { session_id } = await (await fetch(BASE + '/ucp/public/checkout/sessions', {
  method: 'POST', headers: H,
  body: JSON.stringify({ line_items: [{ item: { id: SKU }, quantity: 2 }], currency: 'USD' }) })).json();

// 2) complete it -> an idempotent OrderCore order (safe to retry)
const pay = { session_id, payment_data: { handler_id: 'card', payment_intent_id: 'pi_...' } };
const order = await (await fetch(BASE + `/ucp/public/checkout/sessions/${session_id}/complete`, {
  method: 'POST', headers: H, body: JSON.stringify(pay) })).json();

Expose these to Claude or GPT as tools (or use the ready-made MCP server); schemas for OpenAI/Claude/Gemini/DeepSeek/Grok are served at /direct-ai/tooling.

Step 4

Or with curl

# mint a checkout token
TOKEN=$(curl -s -X POST https://api.ordercore.ai/v1/account/checkout-access-tokens \
  -H "X-API-Key: $ORDERCORE_API_KEY" | jq -r .token)

# create a session
SID=$(curl -s -X POST https://api.ordercore.ai/ucp/public/checkout/sessions \
  -H "X-Checkout-Token: $TOKEN" -H "Content-Type: application/json" \
  -d '{"line_items":[{"item":{"id":"<sku-uuid>"},"quantity":2}],"currency":"USD"}' | jq -r .session_id)

# complete -> idempotent order
curl -s -X POST https://api.ordercore.ai/ucp/public/checkout/sessions/$SID/complete \
  -H "X-Checkout-Token: $TOKEN" -H "Content-Type: application/json" \
  -d "{\"session_id\":\"$SID\",\"payment_data\":{\"handler_id\":\"card\",\"payment_intent_id\":\"pi_...\"}}"
The point

Why idempotency matters for agents

An autonomous agent retries tool calls. If a network blip happens during complete, a naive backend creates a second order and a second charge. OrderCore keys completion to the checkout session, so completing the same session again returns the same order — never a duplicate.

Retry complete_checkout_session as many times as you like for one session → one order. The demo proves it by completing twice and asserting the order IDs match.

The same guarantee applies to POST /v1/orders via an idempotency key: the same key with a different payload returns 409 Conflict instead of silently creating a divergent order.

Build vs buy

Why not just Stripe / Shopify / Medusa / your own backend?

If you reach for…You still have to build…
Stripe alonecatalog, order records, idempotency, fulfillment state
Shopifya storefront you don't need; agent access is a bolt-on
Medusa / commercetoolshost + operate a full commerce platform first
Roll your ownPaymentIntents, order DB, retry dedup, signed webhooks + their edge cases

Full breakdown: OrderCore vs Stripe + a custom order backend →

Step 7

Troubleshooting

SymptomFix
ReferenceError: fetch is not definedUse Node 18+. The demo also prints a clear version error.
HTTP 401/403Check ORDERCORE_API_KEY is valid and has write/checkout scope.
HTTP 404 on a sessionORDERCORE_SKU_ID is invalid — use a real SKU UUID from your catalog.
network error reaching …Check connectivity or ORDERCORE_BASE_URL. Verify /health.
Want to test with no accountUnset ORDERCORE_API_KEY — the demo runs fully offline in mock mode.