URL
Rebilly API Support
License
The Rebilly API is built on HTTP and is RESTful. It has predictable resource URLs and returns HTTP response codes to indicate errors. It also accepts and returns JSON in the HTTP body. Use your favorite HTTP/REST library in your programming language when using this API, or use one of the Rebilly SDKs, which are available inPHP andJavaScript.
Every action in theRebilly UI is supported by an API which is documented and available for use, so that you may automate any necessary workflows or processes. This API reference documentation contains the most commonly integrated resources.
This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.
Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.
To create or manage API keys, select one of the following:
For more information on API keys, seeAPI keys.
Rebilly follows the error response format proposed inRFC 9457, which is also known as Problem Details for HTTP APIs. As with any API responses, your client must be prepared to gracefully handle additional members of the response.
Rebilly provides a JavaScript SDK and a PHP SDK to help interact with the Rebilly API. However, no SDK is required to use the API.
Rebilly also providesFramePay, a client-side iFrame-based solution, to help create payment tokens while minimizing PCI DSS compliance burdens and maximizing your customization ability.FramePay interacts with thepayment tokens creation operation.
For installation and usage instructions, seeSDKs. All JavaScript SDK code examples are included in the API reference documentation.
For installation and usage instructions, seeSDKs. All SDK code examples are included in the API reference documentation. To use them, you must configure the$client as follows:
$client= new Rebilly\Client([ 'apiKey' => 'YourApiKeyHere', 'baseUrl' => 'https://api.rebilly.com',]);The fullRebilly API has over 500 operations. This is likely more than you may need to implement your use cases. If you would like to implement a particular use case,contact Rebilly for guidance and feedback on the best API operations to use for the task.
To integrate Rebilly, and learn about related resources and concepts, seeGet started.
To create and manage API keys, seeAPI keys.
Rebilly enforces rate limits on the API to ensure that no single organization consumes too many resources. Rate limits are applied to the organization, and not to the API key. In sandbox environment, rate limits are enforced for non-GET endpoints and are set at 3000 requests per 10 minutes. You can find the exact number of consumed requests in theX-RateLimit-Limit andX-RateLimit-Remaining headers in the response. If the rate limit is exceeded, the API returns a429 Too Many Requests response and aX-RateLimit-Retry-After header that includes a UTC timestamp of when the rate limit resets.
https://www.rebilly.com/_mock/catalog/all/
https://api-sandbox.rebilly.com/organizations/{organizationId}/
https://api.rebilly.com/organizations/{organizationId}/
Use allowlists to exclude specific customer attribute data from risk score checks.
Allowlists are lists of data that are excluded from risk score checks. Allowlists prevent specific data from being added to ablocklist record when arisk score threshold reached.
Use API keys to identify and authenticate applications and users. Always keep your API keys private. When creating API keys, you can restrict them to a given set of permissions. For information on how to create and manage API keys, seeAPI keys.
Use application owner operations to register applications to the Rebilly App Store, and manage application instances. An application owner is a person or organization that submits an app to the Rebilly App Store. For more information on submitting apps, seeSubmit an app.
Use application user operations to browse available apps in the Rebilly App Store, and to manage installed application instances in your organization. An application user is a person or organization that uses an app that is installed from the Rebilly App Store. For more information, seeInstall or uninstall an app.
Use broadcast messages to notify customers and leads about upcoming promotions, service updates, and events. Broadcast messages are emails that are sent to a specific group of customers, or all customers. For more information, seeCreate a broadcast message.
Use coupons to reward customers, generate sales, or to test new pricing strategies. Coupons enable you to apply different types of discounts to invoices, subscriptions, and pricing plans.
Redeemed coupons are attached to a customer's account. Depending on the coupon restrictions, the redeemed coupons are then applied from the customer's account to subsequent invoices or subscriptions. Redeemed coupons can only be applied to invoices of the same currency.
Once a coupon is redeemed it cannot be modified. You may deactivate a coupon or create a new coupon, but you cannot reuse the same coupon code. If you have a use case where you must reuse the same code,contact Rebilly.
Use credit memos to provide a customer with store credit. A common use case for using a credit memo is to provide a customer with store credit, rather than a refund, if the customer pays more than they owe or returns a product. For information on the credit memo resource, seeResources.
Use custom domains to configure and use your own domain for forms and billing portals, instead of the default Rebilly domain:portal.secure-payments.app. For more information, seeConfigure a custom domain.
Use custom fields to extend a resource scheme to include custom data that is not provided as a common field. Depending on the resource on which the custom field is added, it may be available in the Rebilly UI.
Example: A custom field calledpreferredCommunicationChannel is added to the customer resource. It has two allowed values, which are 'email' and 'phone'.
{ "customFields": { "preferredCommunicationChannel":"email" }}For detailed information on Rebilly resources, seeResources.
Use these operations to manage customers. A customer is an entity that purchases goods or services from you (a merchant), and is the payee in any transaction that is credited to you. Customers are associated with payment instruments, subscriptions, invoices, and other related resources.
In other systems, customers may be referred to as accounts, clients, members, patrons, or players. For information on the customer resource, seeResources.
Use data export operations to manage the export of resource data, such as: transactions, customers, subscriptions, invoices, or invoice item data. Common data export use cases are: accounting, data analysis, reporting, or importing into other databases.
For detailed information on Rebilly resources, seeResources.
For information on how manage reconciliation, seeTransaction reconciliation.
Create and manage deposit requests and manage strategies that determine the deposit amounts to display on the page. Rebilly hosted deposit form provides a secure and compliant way to deposit funds. Deposit forms are customizable, and use fully responsive design, built-in error messaging and validation.
Important: These operations are experimental and may change.
Use email notifications to keep customers informed on events, and to inform them of events that may require action on their end. Email notifications are targeted email messages that can be plain text or HTML.
Email notifications can also be used to notify teammates about new customers, blocklist matches, risk score changes, and more. For more information, seeEmail notifications.
Use fees to reconcile transactions with applicable fees and discount rates. Fees are not applied directly to transaction amounts, they do not modify the transaction amount. Fees help to describe each part of the transaction amount.
Important: These operations are experimental and may change.
Use the file entity to store files and related metadata. Files can be sorted by size, MIME-type, user-defined tags, and description.
The following methods are available to upload files: multipart/form-data encoded form, RAW POST — by sending the file contents as the POST body, and fetching from URL — by providing the file URL using the 'url' parameter.
Use the attachments entity to link a file to one or multiple objects, such as: customer, dispute, transaction, order, plan, product, invoice, or timeline comment. Attachments enable you to quickly find and use files related to specific entities.
Use histograms operations to generate transaction histogram reports with cohorts and periods. For information on the invoice resource, seeResources.
Use these operations to manage third-party apps that are integrated to your Rebilly account. For more information on third-party apps, and how to integrate them, seeApp store.
Use Know Your Customer (KYC) documents to verify your customers identity. The KYC document operations generate a signed link to the RebillyKYC document gatherer.
Document types:
identity-proof: Validates a customer's identity.address-proof: Validates a customer's address.purchase-proof: Validates a customer's purchase.funds-proof: Validates that a customer has funds.credit-file-proof: Verifies that there is an existing credit file with two sources that match the customer's name, DOB, and address.Rebilly parses and analyzes the documents and accepts or rejects them according to a configurable scoring algorithm. When all document types in a KYC request are accepted, the status is fulfilled, and theKYC request fulfilled webhook is sent.
Use lists to create and maintain sets of values that may be referenced in rule conditions. Commonly used lists contain values related to conditions that target specific properties such as: customers, transactions, or BINs.
You may grant list edit permissions to members of your team without enabling them to edit rules. This may be useful if your workflow involves frequent updates to value sets that are used in rule or bind conditions. List order may not be maintained and duplicates may be removed.
For more information, seeValue lists.
Use these operations to manage customer orders. An order is a customer's request to purchase items. It can contain subscription and one-time sale items. When an order contains one or more subscription items, it is a subscription order.
An order generates an invoice. A subscription order generates an invoice for each service period. For more information, seeOrders.
Use these operations to manage your organizations in Rebilly. An organization is an entity that represents you, or your company, as a merchant. You can have multiple organizations. For more information, seeMy organizations and websites.
Note: No data, including organizations, is shared between the live and sandbox environments.
Use these operations to manage payment instruments. Payment instrument is a term which describes any means of making a digital payment, such as: credit cards, debit cards, direct debits, payment service providers, and digital wallets.
For more information on payment instruments, seePayment instruments.
Use payment tokens to reduce the scope ofPCI DSS compliance.
A payment token can be made using a different authentication scheme (public key authentication), which enables you to create a payment token directly from the browser. This bypasses the need to send sensitive cardholder info to your servers. We recommend using this with the FramePay library, which helps you integrate a form into this API resource and create payment tokens.
Use pricing plans to describe how the customer must pay forproducts.
Rebilly provides the following plan types:
For information on the plans resource, seePlans.
For information on plan pricing, seePricing formulas.
Use rules to automate. In the Rebilly rules engine, an action is an operation that executes when an event occurs. Action and event conditions are defined in rules. Rulesets are collections of rules that are associated with an event. The order in which the rules are placed within a ruleset specifies the execution order.
For a list of events and related actions, seeEvents.
Use these operations to manage Storefront accounts. A Storefront account is an account that the customer is subscribed to in order to use the Rebilly product.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token.
Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront billing portals.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront cashiers.
Cashiers are customer-scoped configuration resources that define the deposit and payout (withdrawal) settings for a specific customer, website, and currency.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Important: These operations are experimental and may change.
Use these operations to access Storefront checkout forms.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront custom fields.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront deposits.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront invoices.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront KYC documents.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront orders.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront payment instruments.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront plans.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront products.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to manage Storefront purchases. Purchases are transactions that have been executed related to the purchase of goods or services.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront quotes.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront transactions.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to access Storefront websites.
Storefront operations interact directly with the customer, and provide the customer with access to their own data.
To use Storefront operations, the customer must be issued a JWT with limited permissions. For more information, seeCreate a session with username and password andExchange an authentication token. Storefront operations are intended to be used directly from an untrusted browser.
Use these operations to manage the product usage of a subscription item for metered billing purposes.
Use metered billing when product quantity is unknown to the customer at the moment of creating a subscription. Metered billing is based on reported usage records. Every reported usage updates the quantity of an upcoming invoice item for a specified subscription and a plan. To create a metered billing plan, seePlans.
Use these operations to manage websites. A website is where your organization obtains a customer. It is also the processor account and billing descriptor used for payment transactions. You can create multiple websites.
Websites are related to each invoice and each payment gateway account. This enables you to associate gateway accounts with multiple websites, or make them exclusive to particular websites. For more information, seeMy organizations and websites.