The Rebilly API is built on HTTP and is RESTful. It has predictable resource URLs and returns HTTP response codes to indicate errors. It also accepts and returns JSON in the HTTP body. Use your favorite HTTP/REST library in your programming language when using this API, or use one of the Rebilly SDKs, which are available in PHP and JavaScript.
Every action in the Rebilly UI is supported by an API which is documented and available for use, so that you may automate any necessary workflows or processes. This API reference documentation contains the most commonly integrated resources.
Authentication
This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.
Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.
Secret API key: Use to make requests from the server side. Never share these keys. Keep them guarded and secure.
Publishable API key: Use in your client-side code to tokenize payment information.
JWT: Use to make short-life tokens that expire after a set period of time.
Manage API keys
To create or manage API keys, select one of the following:
Rebilly follows the error response format proposed in RFC 9457, which is also known as Problem Details for HTTP APIs. As with any API responses, your client must be prepared to gracefully handle additional members of the response.
SDKs
Rebilly provides a JavaScript SDK and a PHP SDK to help interact with the Rebilly API. However, no SDK is required to use the API.
Rebilly also provides FramePay, a client-side iFrame-based solution, to help create payment tokens while minimizing PCI DSS compliance burdens and maximizing your customization ability. FramePay interacts with the payment tokens creation operation.
JavaScript SDK
For installation and usage instructions, see SDKs. All JavaScript SDK code examples are included in the API reference documentation.
PHP SDK
For installation and usage instructions, see SDKs. All SDK code examples are included in the API reference documentation. To use them, you must configure the $client as follows:
The full Rebilly API has over 500 operations. This is likely more than you may need to implement your use cases. If you would like to implement a particular use case, contact Rebilly for guidance and feedback on the best API operations to use for the task.
To integrate Rebilly, and learn about related resources and concepts, see Get started.
Rate limits
Rebilly enforces rate limits on the API to ensure that no single organization consumes too many resources. Rate limits are applied to the organization, and not to the API key. In sandbox environment, rate limits are enforced for non-GET endpoints and are set at 3000 requests per 10 minutes. You can find the exact number of consumed requests in the X-RateLimit-Limit and X-RateLimit-Remaining headers in the response. If the rate limit is exceeded, the API returns a 429 Too Many Requests response and a X-RateLimit-Retry-After header that includes a UTC timestamp of when the rate limit resets.
Use allowlists to exclude specific customer attribute data from risk score checks.
Allowlists are lists of data that are excluded from risk score checks. Allowlists prevent specific data from being added to a blocklist record when a risk score threshold reached.
Operations
AML
Use Anti-Money Laundering (AML) operations to screen customers and help prevent your business from becoming directly or indirectly involved in criminal activity.
Use AML operations during customer creation, and some transaction processing, to help determine if a potential customer (lead), or customer, has political or economic sanctions against them.
AML operations search the following for screening purposes: Politically Exposed Persons (PEPs) lists, sanction lists, and adverse media lists.
OperationsWebhooks
API keys
Use API keys to identify and authenticate applications and users. Always keep your API keys private. When creating API keys, you can restrict them to a given set of permissions. For information on how to create and manage API keys, see API keys.
Operations
Application owners
Use these operations to register applications to the Rebilly Apps Store and manage application instances. An application owner is a person or organization that has submitted an app to the Rebilly App Store. For more information, see Submit an app.
OperationsWebhooks
Application users
Use these operations to install or uninstall apps from the Rebilly App Store to your Rebilly account, and to manage application instances. An application user is a person or organization that uses an app that is installed from the Rebilly App Store. For more information, see Install or uninstall an app.
Operations
Balance transactions
Use these operations to view and manage balance transactions.
Important: These operations are experimental and may change.
OperationsWebhooks
Billing portals
Use these operations to create and manage billing portals. Rebilly hosted billing portals provide secure, Rebilly hosted pages, where customers can: view invoices, cancel subscriptions, update payment instruments, and update their address.
Operations
Blocklists
Use blocklists to prevent fraud and criminal activity.
Blocklists are lists of customer attribute values that are blocked from buying from you. For example, if a customer attempts to make a purchase from you with a credit card that is in a blocklist, the transaction is blocked and is not processed.
Before a new transaction is processed in Rebilly, blocklists are examined to check for attributes related to the entity. If a match is detected, the operation is aborted. A blocklist that expires after a period of time is called a greylist.
Operations
Broadcast messages
Use broadcast messages to notify customers and leads about upcoming promotions, service updates, and events. Broadcast messages are emails that are sent to a specific group of customers, or all customers. For more information, see Create a broadcast message.
Operations
Checkout forms
Use these operations to create and manage checkout forms. Rebilly hosted checkout forms provide secure and compliant checkouts. Checkout forms are customizable, and use fully responsive design, built-in error messaging, validation, and expedited checkout for returning customers.
Operations
Coupons
Use coupons to reward customers, generate sales, or to test new pricing strategies. Coupons enable you to apply different types of discounts to invoices, subscriptions, and pricing plans.
Redeemed coupons are attached to a customer's account. Depending on the coupon restrictions, the redeemed coupons are then applied from the customer's account to subsequent invoices or subscriptions. Redeemed coupons can only be applied to invoices of the same currency.
Once a coupon is redeemed it cannot be modified. You may deactivate a coupon or create a new coupon, but you cannot reuse the same coupon code. If you have a use case where you must reuse the same code, contact Rebilly.
Operations
Credit memos
Use credit memos to provide a customer with store credit. A common use case for using a credit memo is to provide a customer with store credit, rather than a refund, if the customer pays more than they owe or returns a product. For information on the credit memo resource, see Resources.
OperationsWebhooks
Credit memos timeline
Use credit memo timelines to maintain an audit trail of changes and activity for each credit memo. Credit memos are a means of providing a customer with store credit.
Operations
Custom domains
Use custom domains to configure and use your own domain for forms and billing portals, instead of the default Rebilly domain: portal.secure-payments.app. For more information, see Configure a custom domain.
Operations
Custom fields
Use custom fields to extend a resource scheme to include custom data that is not provided as a common field. Depending on the resource on which the custom field is added, it may be available in the Rebilly UI.
Example: A custom field called preferredCommunicationChannel is added to the customer resource. It has two allowed values, which are 'email' and 'phone'.
For detailed information on Rebilly resources, see Resources.
Operations
Customer authentication
Use these operations to validate the identity of users and manage authentication credentials.
Operations
Customers
Use these operations to manage customers. A customer is an entity that purchases goods or services from you (a merchant), and is the payee in any transaction that is credited to you. Customers are associated with payment instruments, subscriptions, invoices, and other related resources.
In other systems, customers may be referred to as accounts, clients, members, patrons, or players. For information on the customer resource, see Resources.
Operations
Customers timeline
Use customer timelines to maintain an audit trail of changes and activity for each customer.
Operations
Data exports
Use data export operations to manage the export of resource data, such as: transactions, customers, subscriptions, invoices, invoice item data, or revenue audit. Common data export use cases are: accounting, data analysis, reporting, or importing into other databases.
For detailed information on Rebilly resources, see Resources.
Create and manage deposit requests and manage strategies that determine the deposit amounts to display on the page. Rebilly hosted deposit form provides a secure and compliant way to deposit funds. Deposit forms are customizable, and use fully responsive design, built-in error messaging and validation.
Important: These operations are experimental and may change.
Operations
Disputes
Use these operations to manage disputes. A dispute occurs when a customer contests a charge to their account. The dispute and related information is made available to the merchant by the bank or credit card company. The merchant then has the option to represent the charge and win the case. This process is called dispute resolution. If the merchant is unable to represent the charge, the card issuer typically reverses the sale and adds fees on top of the charge. This process is called a chargeback.
OperationsWebhooks
Email delivery settings
Use email delivery settings to configure from which email address notifications and broadcast message are sent. In Rebilly, this email address is referred to as a "From address". Supported email service providers are: SMTP, Mailgun, SendGrid, AWS SES, Postmark, and Rebilly.
Operations
Email messages
Use email messages to email customers directly.
Operations
Email notifications
Use email notifications to keep customers informed on events, and to inform them of events that may require action on their end. Email notifications are targeted email messages that can be plain text or HTML.
Email notifications can also be used to notify teammates about new customers, blocklist matches, risk score changes, and more. For more information, see Email notifications.
Operations
External identifiers
Use external identifier operations to associate entities such as customers, invoices, transactions, journal accounts, journal entries, and more with external services.
To use external identifiers, you must use an active service credential.
Operations
Fees
Use fees to reconcile transactions with applicable fees and discount rates. Fees are not applied directly to transaction amounts, they do not modify the transaction amount. Fees help to describe each part of the transaction amount.
Important: These operations are experimental and may change.
Operations
Files
Use the file entity to store files and related metadata. Files can be sorted by size, MIME-type, user-defined tags, and description.
The following methods are available to upload files: multipart/form-data encoded form, RAW POST — by sending the file contents as the POST body, and fetching from URL — by providing the file URL using the 'url' parameter.
Use the attachments entity to link a file to one or multiple objects, such as: customer, dispute, transaction, order, plan, product, invoice, or timeline comment. Attachments enable you to quickly find and use files related to specific entities.
Operations
Gateway accounts
Use these operations to manage payment gateway accounts. A payment gateway is a service which enables merchants to receive payments from their customers to their merchant account. A merchant account is a bank account that enables businesses to receive payments. Use payment gateway accounts to connect payment requests to third party networks and platforms.
Operations
Gateway accounts timeline
Use gateway account timelines to maintain an audit trail of changes and activity for each gateway account.
Operations
Histograms
Use histograms operations to generate transaction histogram reports with cohorts and periods. For information on the invoice resource, see Resources.
Operations
Integrations
Use these operations to manage third-party apps that are integrated to your Rebilly account. For more information on third-party apps, and how to integrate them, see App store.
Operations
Invoices
Use invoices to bill for the goods or services that you provide. If your invoice includes subscription items, it also includes the corresponding service periods and prices.
Operations
Retrieve invoices
Request
Retrieves a list of invoices.
Query
filterstring
Filters the collection items. This field requires a special format. Use , for multiple allowed values. Use ; for multiple fields.
Mock server https://www.rebilly.com/_mock/catalog/all
Sandbox server https://api-sandbox.rebilly.com/organizations/unknown
Live server https://api.rebilly.com/organizations/unknown
curl
JavaScript
Node.js
Python
Java
C#
PHP
Go
Ruby
R
Payload
curl-i-X GET \'https://www.rebilly.com/_mock/catalog/all/invoices?expand=string&filter=string&limit=1000&offset=1000&q=string&sort=string'\-H'REB-APIKEY: YOUR_API_KEY_HERE'
Experience it firsthand in the API Explorer!
Responses
List of invoices retrieved.
Headers
Pagination-Totalinteger
Total number of items.
Example:
332
Pagination-Limitinteger
Maximum number of items per page.
Example:
100
Pagination-Offsetinteger
Specifies the starting point within the collection of resource results. For example, a request with limit=20 retrieves and displays the first 20 results on a page. A following request with limit=20 and offset=20, retrieves the next page of 20 results.
Date and time which updates automatically when the resource is updated.
paymentFormUrlstring or null(url)read-only
URL where the customer is redirected to pay the invoice using one of the methods which are available to the customer. This is an alternative to creating a new transaction with empty methods.
customerIdstring<= 50 charactersrequired
ID of the customer resource.
Example:
"cus_0YV7DDSDD1C8DA64KHH2W33CPF"
transactionsArray of objects(Transaction)<= 10 itemsread-only
Invoice transactions array.
retryInstructionobject or null
Invoice payment retry instruction. This object specifies how to proceed if a payment related to the invoice fails.
revisionintegerread-only
Number of times the invoice data has been modified.
Use the revision number when analyzing webhook data to determine if a change should take precedence over the current representation.
Date and time when a past due reminder event is triggered.
dueReminderNumberinteger or nullread-only
Number of past due reminder events that have been triggered.
organizationIdstring<= 50 charactersread-only
Unique organization identifier. An organization is an entity that represents a company. For more information, see Obtain an organization ID.
Example:
"org_0YVDM8RC7GDADADSBSMW124JA8"
delinquencyTimestring or null(date-time)
Date and time when the related order is considered delinquent, and is canceled. If this value is null, no delinquency time is configured. If the dueTime of the order becomes greater than the delinquencyTime value, the delinquencyTime value becomes equal to dueTime.
If an invoice is not related to an order, this field can only be null.
Default null
_linksArray of objectsread-only
Related links.
_embeddedobjectread-only
Embedded objects that are requested by the expand query parameter.