Replace a section's visibility map
Overwrites the section’s per-provider visibility set. Omit
zoneStores to update the business-level value; include it to
write per-store overrides only. See
UpdateVisibilityRequest
for the persist-on-sync interaction.
Authorizations
Authorization: Basic base64(partner_key:secret_key).
Credentials are issued by a klikit operator. The plaintext
secret_key is shown once at issuance and cannot be retrieved
later — store it securely. If lost, ask your operator to rotate
the secret to receive a new one. The old secret stops working
immediately on rotation; there is no overlap window.
Path Parameters
Body
Wholesale replacement of an entity's visibility map. Used by
every setXxxVisibilities operation (sections, categories,
items, modifier groups, modifiers).
Two scopes of write:
- Business-level (omit
zoneStores) — overwrites the entity's default visibility map. Applies to every store that inherits this entity. - Per-store override (populate
zoneStores) — writes a row in the matchingstore_*_overridestable for each listed(brandID, branchID)pair. The business-level map is left untouched.
Reminder on sync: business-level edits are propagated into
store overrides by syncMenuToStores,
but visibilities is on the default persist list — your
business-level change won't overwrite an existing store-level
visibility unless you add visibilities to
fieldIncludeOnSync. See the
menu-publish tag for the round-trip.
Per-provider visibility flag. Keys are provider ids (as strings)
from GET /v1/partner/providers. Set a provider's value to
true to publish on that channel. Providers absent from the map
default to hidden.
Klikit's own marketplace is provider id "1".
{ "1": true, "6": true }Per-store override targets. Each entry writes (or replaces)
the store-level visibility row for that (brandID, branchID).
Response
Visibilities updated
Canonical response wrapper. Every response — success or error —
carries the request_id so you can quote one id to klikit
support to correlate a request end-to-end.
"req_4d1b7e3f-..."
Endpoint-specific payload on success.
Machine-readable error code + human message. The code is stable
across releases — switch on code in your client code rather
than parsing the message text.
Common codes you will encounter as a partner:
| Code | HTTP | Meaning |
|---|---|---|
auth_missing | 401 | Authorization header absent / malformed |
auth_invalid_credential | 401 | partner_key or secret_key did not verify |
auth_revoked | 403 | Credential is revoked |
auth_forbidden | 403 | Credential not authorized for the requested scope |
request_invalid | 400 | Body / query parameters failed validation |
request_missing_idempotency_key | 400 | Write endpoint called without Idempotency-Key |
request_invalid_range | 400 | Date range > 90 days |
resource_not_found | 404 | Order / store / mapping does not exist |
resource_unmapped | 404 | Stock / availability call referenced an unknown SKU |
state_invalid_transition | 409 | Order PATCH not allowed by current state |
state_idempotency_conflict | 409 | Same Idempotency-Key reused with a different body |
rate_limit_exceeded | 429 | Per-credential rate cap hit |
downstream_unavailable | 502 | An internal klikit dependency is unreachable |