Unfortunately, this feature is not supported on mobile devices. For the best experience, please use a computer.

All APIs (latest)

Introduction

The Rebilly API is built on HTTP and is RESTful. It has predictable resource URLs and returns HTTP response codes to indicate errors. It also accepts and returns JSON in the HTTP body. Use your favorite HTTP/REST library in your programming language when using this API, or use one of the Rebilly SDKs, which are available in PHP and JavaScript.

Every action in the Rebilly UI is supported by an API which is documented and available for use, so that you may automate any necessary workflows or processes. This API reference documentation contains the most commonly integrated resources.

Authentication

This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.

Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.

  • Secret API key: Use to make requests from the server side. Never share these keys. Keep them guarded and secure.
  • Publishable API key: Use in your client-side code to tokenize payment information.
  • JWT: Use to make short-life tokens that expire after a set period of time.

Manage API keys

To create or manage API keys, select one of the following:

For more information on API keys, see API keys.

Errors

Rebilly follows the error response format proposed in RFC 9457, which is also known as Problem Details for HTTP APIs. As with any API responses, your client must be prepared to gracefully handle additional members of the response.

SDKs

Rebilly provides a JavaScript SDK and a PHP SDK to help interact with the Rebilly API. However, no SDK is required to use the API.

Rebilly also provides FramePay, a client-side iFrame-based solution, to help create payment tokens while minimizing PCI DSS compliance burdens and maximizing your customization ability. FramePay interacts with the payment tokens creation operation.

JavaScript SDK

For installation and usage instructions, see SDKs. All JavaScript SDK code examples are included in the API reference documentation.

PHP SDK

For installation and usage instructions, see SDKs. All SDK code examples are included in the API reference documentation. To use them, you must configure the $client as follows:

$client = new Rebilly\Client([
    'apiKey' => 'YourApiKeyHere',
    'baseUrl' => 'https://api.rebilly.com',
]);

Get started

The full Rebilly API has over 500 operations. This is likely more than you may need to implement your use cases. If you would like to implement a particular use case, contact Rebilly for guidance and feedback on the best API operations to use for the task.

To integrate Rebilly, and learn about related resources and concepts, see Get started.

Rate limits

Rebilly enforces rate limits on the API to ensure that no single organization consumes too many resources. Rate limits are applied to the organization, and not to the API key. In sandbox environment, rate limits are enforced for non-GET endpoints and are set at 3000 requests per 10 minutes. You can find the exact number of consumed requests in the X-RateLimit-Limit and X-RateLimit-Remaining headers in the response. If the rate limit is exceeded, the API returns a 429 Too Many Requests response and a X-RateLimit-Retry-After header that includes a UTC timestamp of when the rate limit resets.

Download OpenAPI description
Languages
Servers
Mock server
https://www.rebilly.com/_mock/catalog/all/
Sandbox server
https://api-sandbox.rebilly.com/organizations/{organizationId}/
Live server
https://api.rebilly.com/organizations/{organizationId}/

Allowlists

Use allowlists to exclude specific customer attribute data from risk score checks.

Allowlists are lists of data that are excluded from risk score checks. Allowlists prevent specific data from being added to a blocklist record when a risk score threshold reached.

Operations

AML

Use Anti-Money Laundering (AML) operations to screen customers and help prevent your business from becoming directly or indirectly involved in criminal activity.

Use AML operations during customer creation, and some transaction processing, to help determine if a potential customer (lead), or customer, has political or economic sanctions against them.

AML operations search the following for screening purposes: Politically Exposed Persons (PEPs) lists, sanction lists, and adverse media lists.

OperationsWebhooks

Retrieve AML checks

Request

Retrieves a list of AML checks. These checks are records of customer data and potentially matching data in AML lists.

Query
limitinteger[ 0 .. 1000 ]

Limits the number of collection items to be returned.

offsetinteger[ 0 .. 1000 ]

Specifies the starting point within the collection of items to be returned.

sortArray of strings

Sorts and orders the collection of items. To sort in descending order, prefix with -. Multiple fields can be sorted by separating each with ,.

filterstring

Filters the collection items. This field requires a special format. Use , for multiple allowed values. Use ; for multiple fields.

For more information, see Using filter with collections.

qstring

Use this field to perform a partial search of text fields.

curl -i -X GET \
  'https://www.rebilly.com/_mock/catalog/all/aml-checks?filter=string&limit=1000&offset=1000&q=string&sort=string' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Experience it firsthand in the API Explorer!

Responses

List of AML checks retrieved.

Headers
Pagination-Totalinteger

Total number of items.

Example:

332

Pagination-Limitinteger

Maximum number of items per page.

Example:

100

Pagination-Offsetinteger

Specifies the starting point within the collection of resource results. For example, a request with limit=20 retrieves and displays the first 20 results on a page. A following request with limit=20 and offset=20, retrieves the next page of 20 results.

Example:

2

Bodyapplication/jsonArray [
idstring<= 50 characters

Unique resource ID.

Example:

"aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM"

createdTimestring(date-time)(CreatedTime)read-only

Date and time which is set automatically when the resource is created.

updatedTimestring(date-time)(UpdatedTime)read-only

Date and time which updates automatically when the resource is updated.

websiteIdstring<= 50 characters

Website ID associated with the customer.

Example:

"web_0YV7DE4Z26DQSA1AC92FBJ7SEG"

reviewerIdstring or null<= 50 characters

User ID of the person who reviewed the AML check.

Example:

"44433322-2c4y-483z-a0a9-158621f77a21"

reviewerNamestring or null

First and last name of the person who reviewed the AML check.

reviewStartTimestring or null(date-time)

Date and time when the AML check review is started.

reviewTimestring or null(date-time)

Date and time when the AML check review is completed.

prioritystring or null

Highest matched priority of all hits within an AML check.

Default null
sourcestring

Source of the AML check.

Enum"sign-up""recurring""purchase"
statusstringread-only

Status of the AML check.

Enum ValueDescription
pending-review

Possible AML match detected and waiting to be manually reviewed.

in-review

A manual AML match review is in progress.

no-match

No possible AML match detected.

confirmed-match

Possible AML match manually reviewed and marked as confirmed.

false-positive

Possible AML match manually reviewed and marked as false positive.

customerobject
hitsArray of objects(AML)

List of hits returned during the AML check.

tagsArray of objects(Tag)read-only

List of AML check tags.

_linksArray of objects

Related links.

]
Response
application/json
[ { "id": "aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM", "createdTime": "2019-08-24T14:15:22Z", "updatedTime": "2019-08-24T14:15:22Z", "websiteId": "web_0YV7DE4Z26DQSA1AC92FBJ7SEG", "reviewerId": "44433322-2c4y-483z-a0a9-158621f77a21", "reviewerName": "string", "reviewStartTime": "2019-08-24T14:15:22Z", "reviewTime": "2019-08-24T14:15:22Z", "priority": null, "source": "sign-up", "status": "pending-review", "customer": {}, "hits": [], "tags": [], "_links": [] } ]

Retrieve an AML check

Request

Retrieves the results of a customer's AML check. Customer metadata and an array of matching AML hits is returned.

Path
idstring<= 50 characters^[@~\-\.\w]+$required

ID of the resource.

curl -i -X GET \
  'https://www.rebilly.com/_mock/catalog/all/aml-checks/{id}' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Experience it firsthand in the API Explorer!

Responses

AML check retrieved.

Bodyapplication/json
idstring<= 50 characters

Unique resource ID.

Example:

"aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM"

createdTimestring(date-time)(CreatedTime)read-only

Date and time which is set automatically when the resource is created.

updatedTimestring(date-time)(UpdatedTime)read-only

Date and time which updates automatically when the resource is updated.

websiteIdstring<= 50 characters

Website ID associated with the customer.

Example:

"web_0YV7DE4Z26DQSA1AC92FBJ7SEG"

reviewerIdstring or null<= 50 characters

User ID of the person who reviewed the AML check.

Example:

"44433322-2c4y-483z-a0a9-158621f77a21"

reviewerNamestring or null

First and last name of the person who reviewed the AML check.

reviewStartTimestring or null(date-time)

Date and time when the AML check review is started.

reviewTimestring or null(date-time)

Date and time when the AML check review is completed.

prioritystring or null

Highest matched priority of all hits within an AML check.

Default null
sourcestring

Source of the AML check.

Enum"sign-up""recurring""purchase"
statusstringread-only

Status of the AML check.

Enum ValueDescription
pending-review

Possible AML match detected and waiting to be manually reviewed.

in-review

A manual AML match review is in progress.

no-match

No possible AML match detected.

confirmed-match

Possible AML match manually reviewed and marked as confirmed.

false-positive

Possible AML match manually reviewed and marked as false positive.

customerobject
hitsArray of objects(AML)

List of hits returned during the AML check.

tagsArray of objects(Tag)read-only

List of AML check tags.

_linksArray of objects

Related links.

Response
application/json
{ "id": "aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM", "createdTime": "2019-08-24T14:15:22Z", "updatedTime": "2019-08-24T14:15:22Z", "websiteId": "web_0YV7DE4Z26DQSA1AC92FBJ7SEG", "reviewerId": "44433322-2c4y-483z-a0a9-158621f77a21", "reviewerName": "string", "reviewStartTime": "2019-08-24T14:15:22Z", "reviewTime": "2019-08-24T14:15:22Z", "priority": null, "source": "sign-up", "status": "pending-review", "customer": { "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21", "primaryAddress": {}, "tags": [], "organizationId": "org_0YVDM8RC7GDADADSBSMW124JA8" }, "hits": [ {} ], "tags": [ {} ], "_links": [ {} ] }

Start review of an AML check

Request

Starts the manual review process for an AML check with a specified ID.

This operation also sets the AML check reviewStartTime to the current date-time, and updates the review information.

Path
idstring<= 50 characters^[@~\-\.\w]+$required

ID of the resource.

curl -i -X POST \
  'https://www.rebilly.com/_mock/catalog/all/aml-checks/{id}/start-review' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Experience it firsthand in the API Explorer!

Responses

AML check review started.

Headers
Locationstring(uri)

Location of the related resource.

Example:

"https://api.rebilly.com/example"

X-RateLimit-Limitinteger

Total number of rate limit tokens for this request within a rate limit period. For more information, see Rate limits.

Example:

3600

X-RateLimit-Remaininginteger

Remaining number of rate limit tokens for this request within the rate limit period. For example, in the sandbox environment, rate limits for non-GET endpoints are set at 3000 requests per 10 minutes.

Example:

3600

Bodyapplication/json
idstring<= 50 characters

Unique resource ID.

Example:

"aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM"

createdTimestring(date-time)(CreatedTime)read-only

Date and time which is set automatically when the resource is created.

updatedTimestring(date-time)(UpdatedTime)read-only

Date and time which updates automatically when the resource is updated.

websiteIdstring<= 50 characters

Website ID associated with the customer.

Example:

"web_0YV7DE4Z26DQSA1AC92FBJ7SEG"

reviewerIdstring or null<= 50 characters

User ID of the person who reviewed the AML check.

Example:

"44433322-2c4y-483z-a0a9-158621f77a21"

reviewerNamestring or null

First and last name of the person who reviewed the AML check.

reviewStartTimestring or null(date-time)

Date and time when the AML check review is started.

reviewTimestring or null(date-time)

Date and time when the AML check review is completed.

prioritystring or null

Highest matched priority of all hits within an AML check.

Default null
sourcestring

Source of the AML check.

Enum"sign-up""recurring""purchase"
statusstringread-only

Status of the AML check.

Enum ValueDescription
pending-review

Possible AML match detected and waiting to be manually reviewed.

in-review

A manual AML match review is in progress.

no-match

No possible AML match detected.

confirmed-match

Possible AML match manually reviewed and marked as confirmed.

false-positive

Possible AML match manually reviewed and marked as false positive.

customerobject
hitsArray of objects(AML)

List of hits returned during the AML check.

tagsArray of objects(Tag)read-only

List of AML check tags.

_linksArray of objects

Related links.

Response
application/json
{ "id": "aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM", "createdTime": "2019-08-24T14:15:22Z", "updatedTime": "2019-08-24T14:15:22Z", "websiteId": "web_0YV7DE4Z26DQSA1AC92FBJ7SEG", "reviewerId": "44433322-2c4y-483z-a0a9-158621f77a21", "reviewerName": "string", "reviewStartTime": "2019-08-24T14:15:22Z", "reviewTime": "2019-08-24T14:15:22Z", "priority": null, "source": "sign-up", "status": "pending-review", "customer": { "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21", "primaryAddress": {}, "tags": [], "organizationId": "org_0YVDM8RC7GDADADSBSMW124JA8" }, "hits": [ {} ], "tags": [ {} ], "_links": [ {} ] }

Stop review of an AML check

Request

Stops the manual review process for an AML check with a specified ID.

This operation also sets the AML check reviewStartTime and the reviewer information to null. Use this operation when the reviewer must stop the review. For example, if the reviewer must take a break, or ends a shift.

Path
idstring<= 50 characters^[@~\-\.\w]+$required

ID of the resource.

curl -i -X POST \
  'https://www.rebilly.com/_mock/catalog/all/aml-checks/{id}/stop-review' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Experience it firsthand in the API Explorer!

Responses

AML document review stopped.

Headers
Locationstring(uri)

Location of the related resource.

Example:

"https://api.rebilly.com/example"

X-RateLimit-Limitinteger

Total number of rate limit tokens for this request within a rate limit period. For more information, see Rate limits.

Example:

3600

X-RateLimit-Remaininginteger

Remaining number of rate limit tokens for this request within the rate limit period. For example, in the sandbox environment, rate limits for non-GET endpoints are set at 3000 requests per 10 minutes.

Example:

3600

Bodyapplication/json
idstring<= 50 characters

Unique resource ID.

Example:

"aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM"

createdTimestring(date-time)(CreatedTime)read-only

Date and time which is set automatically when the resource is created.

updatedTimestring(date-time)(UpdatedTime)read-only

Date and time which updates automatically when the resource is updated.

websiteIdstring<= 50 characters

Website ID associated with the customer.

Example:

"web_0YV7DE4Z26DQSA1AC92FBJ7SEG"

reviewerIdstring or null<= 50 characters

User ID of the person who reviewed the AML check.

Example:

"44433322-2c4y-483z-a0a9-158621f77a21"

reviewerNamestring or null

First and last name of the person who reviewed the AML check.

reviewStartTimestring or null(date-time)

Date and time when the AML check review is started.

reviewTimestring or null(date-time)

Date and time when the AML check review is completed.

prioritystring or null

Highest matched priority of all hits within an AML check.

Default null
sourcestring

Source of the AML check.

Enum"sign-up""recurring""purchase"
statusstringread-only

Status of the AML check.

Enum ValueDescription
pending-review

Possible AML match detected and waiting to be manually reviewed.

in-review

A manual AML match review is in progress.

no-match

No possible AML match detected.

confirmed-match

Possible AML match manually reviewed and marked as confirmed.

false-positive

Possible AML match manually reviewed and marked as false positive.

customerobject
hitsArray of objects(AML)

List of hits returned during the AML check.

tagsArray of objects(Tag)read-only

List of AML check tags.

_linksArray of objects

Related links.

Response
application/json
{ "id": "aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM", "createdTime": "2019-08-24T14:15:22Z", "updatedTime": "2019-08-24T14:15:22Z", "websiteId": "web_0YV7DE4Z26DQSA1AC92FBJ7SEG", "reviewerId": "44433322-2c4y-483z-a0a9-158621f77a21", "reviewerName": "string", "reviewStartTime": "2019-08-24T14:15:22Z", "reviewTime": "2019-08-24T14:15:22Z", "priority": null, "source": "sign-up", "status": "pending-review", "customer": { "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21", "primaryAddress": {}, "tags": [], "organizationId": "org_0YVDM8RC7GDADADSBSMW124JA8" }, "hits": [ {} ], "tags": [ {} ], "_links": [ {} ] }

Review an AML check

Request

Reviews an AML check. The AML check can be either confirmed or marked as a false positive with a customer tag.

Path
idstring<= 50 characters^[@~\-\.\w]+$required

ID of the resource.

Bodyapplication/json
tagstring

AML-related customer tag.

Enum"aml-match-confirmed""aml-match-false-positive"
curl -i -X POST \
  'https://www.rebilly.com/_mock/catalog/all/aml-checks/{id}/review' \
  -H 'Content-Type: application/json' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE' \
  -d '{
    "tag": "aml-match-confirmed"
  }'
Experience it firsthand in the API Explorer!

Responses

AML check reviewed.

Headers
Locationstring(uri)

Location of the related resource.

Example:

"https://api.rebilly.com/example"

X-RateLimit-Limitinteger

Total number of rate limit tokens for this request within a rate limit period. For more information, see Rate limits.

Example:

3600

X-RateLimit-Remaininginteger

Remaining number of rate limit tokens for this request within the rate limit period. For example, in the sandbox environment, rate limits for non-GET endpoints are set at 3000 requests per 10 minutes.

Example:

3600

Bodyapplication/json
idstring<= 50 characters

Unique resource ID.

Example:

"aml_chk_0YV8XJT2ZWDR398Q8NFEM7DEPM"

createdTimestring(date-time)(CreatedTime)read-only

Date and time which is set automatically when the resource is created.

updatedTimestring(date-time)(UpdatedTime)read-only

Date and time which updates automatically when the resource is updated.

websiteIdstring<= 50 characters

Website ID associated with the customer.

Example:

"web_0YV7DE4Z26DQSA1AC92FBJ7SEG"

reviewerIdstring or null<= 50 characters

User ID of the person who reviewed the AML check.

Example:

"44433322-2c4y-483z-a0a9-158621f77a21"

reviewerNamestring or null

First and last name of the person who reviewed the AML check.

reviewStartTimestring or null(date-time)

Date and time when the AML check review is started.