Core APIs (latest)

Introduction

The Rebilly API is built on HTTP and is RESTful. It has predictable resource URLs and returns HTTP response codes to indicate errors. It also accepts and returns JSON in the HTTP body. Use your favorite HTTP/REST library in your programming language when using this API, or use one of the Rebilly SDKs, which are available in PHP and JavaScript.

Every action in the Rebilly UI is supported by an API which is documented and available for use, so that you may automate any necessary workflows or processes. This API reference documentation contains the most commonly integrated resources.

Authentication

This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.

Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.

  • Secret API key: Use to make requests from the server side. Never share these keys. Keep them guarded and secure.
  • Publishable API key: Use in your client-side code to tokenize payment information.
  • JWT: Use to make short-life tokens that expire after a set period of time.

Manage API keys

To create or manage API keys, select one of the following:

For more information on API keys, see API keys.

Errors

Rebilly follows the error response format proposed in RFC 9457, which is also known as Problem Details for HTTP APIs. As with any API responses, your client must be prepared to gracefully handle additional members of the response.

SDKs

Rebilly provides a JavaScript SDK and a PHP SDK to help interact with the Rebilly API. However, no SDK is required to use the API.

Rebilly also provides FramePay, a client-side iFrame-based solution, to help create payment tokens while minimizing PCI DSS compliance burdens and maximizing your customization ability. FramePay interacts with the payment tokens creation operation.

JavaScript SDK

For installation and usage instructions, see SDKs. All JavaScript SDK code examples are included in the API reference documentation.

PHP SDK

For installation and usage instructions, see SDKs. All SDK code examples are included in the API reference documentation. To use them, you must configure the $client as follows:

$client = new Rebilly\Client([
    'apiKey' => 'YourApiKeyHere',
    'baseUrl' => 'https://api.rebilly.com',
]);

Get started

The full Rebilly API has over 500 operations. This is likely more than you may need to implement your use cases. If you would like to implement a particular use case, contact Rebilly for guidance and feedback on the best API operations to use for the task.

To integrate Rebilly, and learn about related resources and concepts, see Get started.

Rate limits

Rebilly enforces rate limits on the API to ensure that no single organization consumes too many resources. Rate limits are applied to the organization, and not to the API key. In sandbox environment, rate limits are enforced for non-GET endpoints and are set at 3000 requests per 10 minutes. You can find the exact number of consumed requests in the X-RateLimit-Limit and X-RateLimit-Remaining headers in the response. If the rate limit is exceeded, the API returns a 429 Too Many Requests response and a X-RateLimit-Retry-After header that includes a UTC timestamp of when the rate limit resets.

Download OpenAPI description
Languages
Servers
Mock server
https://www.rebilly.com/_mock/docs/dev-docs/api/
Sandbox server
https://api-sandbox.rebilly.com/organizations/{organizationId}/
Live server
https://api.rebilly.com/organizations/{organizationId}/

Customers

Use these operations to manage customers. A customer is an entity that purchases goods or services from you (a merchant), and is the payee in any transaction that is credited to you. Customers are associated with payment instruments, subscriptions, invoices, and other related resources.

In other systems, customers may be referred to as accounts, clients, members, patrons, or players. For information on the customer resource, see Resources.

Operations

Retrieve customers

Request

Retrieves a list of customers.

Query
limitinteger[ 0 .. 1000 ]

Limits the number of collection items to be returned.

offsetinteger[ 0 .. 1000 ]

Specifies the starting point within the collection of items to be returned.

filterstring

Filters the collection items. This field requires a special format. Use , for multiple allowed values. Use ; for multiple fields.

For more information, see Using filter with collections.

qstring

Use this field to perform a partial search of text fields.

expandstring

Expands a request to include embedded objects within the _embedded property of the response. This field accepts a comma-separated list of objects.

For more information, see Expand to include embedded objects.

fieldsstring

Limits the returned fields to the specified list, each field separated by a comma. The ID value is always returned.

sortArray of strings

Sorts and orders the collection of items. To sort in descending order, prefix with -. Multiple fields can be sorted by separating each with ,.

curl -i -X GET \
  'https://www.rebilly.com/_mock/docs/dev-docs/api/customers?expand=string&fields=string&filter=string&limit=1000&offset=1000&q=string&sort=string' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'

Responses

List of customers retrieved.

Headers
Pagination-Totalinteger

Total number of items.

Example: 332
Pagination-Limitinteger

Maximum number of items per page.

Example: 100
Pagination-Offsetinteger

Specifies the starting point within the collection of resource results. For example, a request with limit=20 retrieves and displays the first 20 results on a page. A following request with limit=20 and offset=20, retrieves the next page of 20 results.

Example: 2
Bodyapplication/jsonArray [
idstring<= 50 charactersread-only

ID of the customer.

Example: "cus_0YV7DDSDD1C8DA64KHH2W33CPF"
emailstring or null(email)read-only

Customer's email address.

firstNamestring or nullread-only

Customer's first name.

lastNamestring or nullread-only

Customer's last name.

websiteIdstring<= 50 characters
Example: "web_0YV7DE4Z26DQSA1AC92FBJ7SEG"
defaultPaymentInstrumentVaulted payment instrument (object) or Alternative instrument (object) or Cash (object) or Check (object) or null
Any of:

Vaulted payment instrument.

To use this payment instrument for automatic subscription renewals, and for transactions when no specific payment instrument is provided by the user, set this as the default payment instrument.

createdTimestring(date-time)(CreatedTime)read-only

Date and time which is set automatically when the resource is created.

updatedTimestring(date-time)(UpdatedTime)read-only

Date and time which updates automatically when the resource is updated.

customFieldsobject(ResourceCustomFields)

Use custom fields to extend a resource scheme to include custom data that is not provided as a common field. For more information, see Custom fields.

primaryAddressContactObject (object) or null

Customer's primary address.

One of:

Customer's primary address.

companyobject or null(Company)read-only

Company information that is associated with the customer's primary email address domain.

This is a paid feature, to enable it contact Rebilly.

averageValueobject(CustomerAverageValue)read-only

Average customer value.

paymentCountintegerread-only

Total number of approved payments made by the customer.

lastPaymentTimestring or null(date-time)read-only

Time and date of the customer's last approved payment.

lifetimeRevenueobject(CustomerLifetimeRevenue)read-only

Customer's lifetime revenue.

invoiceCountintegerread-only

Total number of invoices issued to the customer. This value is auto-incrementing. If this value is 0, the record relates to a lead. A lead is a customer who has not made a payment yet. If this value is greater than or equal to 1 the record relates to a customer.

tagsArray of objects(Tag)read-only

List of customer tags.

revisionintegerread-only

Number of times the customer's data has been modified.

Use this value when analyzing webhook data to determine if a change must take precedence over the current representation.

isEddRequiredboolean

Specifies if Enhanced Due Diligence (EDD) is enabled for this customer. For more information, see Enhanced Due Diligence.

Default false
hasFulfilledKycbooleanread-only

Specifies if the customer has accepted and reviewed identity and address documents, or an accepted credit file document.

organizationIdstring<= 50 charactersread-only

Unique organization identifier. An organization is an entity that represents a company. For more information, see Obtain an organization ID.

Example: "org_0YVDM8RC7GDADADSBSMW124JA8"
localestring or null

Language locale identifier in RFC 5646 format.

Default null
Example: "fr-FR"
taxNumbersArray of objects or null(TaxNumber)

Tax numbers of the customer.

_linksArray of objectsread-only

Related links.

_embeddedobjectread-only

Embedded objects that are requested using the expand query string parameter.

]
Response
application/json
[ { "id": "cus_0YV7DDSDD1C8DA64KHH2W33CPF", "email": "user@example.com", "firstName": "string", "lastName": "string", "websiteId": "web_0YV7DE4Z26DQSA1AC92FBJ7SEG", "defaultPaymentInstrument": { … }, "createdTime": "2019-08-24T14:15:22Z", "updatedTime": "2019-08-24T14:15:22Z", "customFields": { … }, "primaryAddress": { … }, "company": { … }, "averageValue": { … }, "paymentCount": 0, "lastPaymentTime": "2019-08-24T14:15:22Z", "lifetimeRevenue": { … }, "invoiceCount": 0, "tags": [ … ], "revision": 0, "isEddRequired": false, "hasFulfilledKyc": true, "organizationId": "org_0YVDM8RC7GDADADSBSMW124JA8", "locale": "fr-FR", "taxNumbers": [ … ], "_links": [ … ], "_embedded": { … } } ]

Create a customer

Request

Creates a new customer and customer ID.

The customer's primary address is used as the default address for payment instruments, subscriptions, and invoices if none are provided.

If the customer already has an identifier within your system, and you want to create customer with a predefined ID — to prevent duplicate customers, use the Upsert a customer with predefined ID operation. For more information, see Prevent duplicate customers.

Bodyapplication/jsonrequired

Customer resource.

websiteIdstring<= 50 characters
Example: "web_0YV7DE4Z26DQSA1AC92FBJ7SEG"
paymentTokenstringwrite-only

Write-only payment token. If supplied, the token is converted into a payment instrument and set as the defaultPaymentInstrument value. If both are supplied, the value of this property overrides the defaultPaymentInstrument value. The token expires after first use.

defaultPaymentInstrumentVaulted payment instrument (object) or Alternative instrument (object) or Cash (object) or Check (object) or null
Any of:

Vaulted payment instrument.

To use this payment instrument for automatic subscription renewals, and for transactions when no specific payment instrument is provided by the user, set this as the default payment instrument.

customFieldsobject(ResourceCustomFields)

Use custom fields to extend a resource scheme to include custom data that is not provided as a common field. For more information, see Custom fields.

primaryAddressContactObject (object) or null

Customer's primary address.

One of:

Customer's primary address.

isEddRequiredboolean

Specifies if Enhanced Due Diligence (EDD) is enabled for this customer. For more information, see Enhanced Due Diligence.

Default false
localestring or null

Language locale identifier in RFC 5646 format.

Default null
Example: "fr-FR"
taxNumbersArray of objects or null(TaxNumber)

Tax numbers of the customer.

curl -i -X POST \
  https://www.rebilly.com/_mock/docs/dev-docs/api/customers \
  -H 'Content-Type: application/json' \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE' \
  -d '{
    "websiteId": "web_0YV7DE4Z26DQSA1AC92FBJ7SEG",
    "paymentToken": "string",
    "defaultPaymentInstrument": {
      "method": "payment-card",
      "paymentInstrumentId": "inst_0YVB8KPKNXCBR9EDX7JHSED75N"
    },
    "customFields": {
      "foo": "bar"
    },
    "primaryAddress": {
      "firstName": "Benjamin",
      "lastName": "Franklin",
      "organization": "Rebilly",
      "address": "36 Craven St",
      "address2": "string",
      "city": "Austin",
      "region": "Texas",
      "country": "GB",
      "postalCode": "WC2N 5NF",
      "phoneNumbers": [
        {
          "label": "main",
          "value": "512-710-1640",
          "primary": true
        }
      ],
      "emails": [
        {
          "label": "main",
          "value": "rebilly@example.com",
          "primary": true
        }
      ],
      "dob": "1980-04-01",
      "jobTitle": "CEO"
    },
    "isEddRequired": false,
    "locale": "fr-FR",
    "taxNumbers": [
      {
        "type": "eu-vat",
        "value": "GB980780684",
        "isDefault": true
      }
    ]
  }'

Responses

Customer created.

Headers
Locationstring(uri)

Location of the related resource.

Example: "https://api.rebilly.com/example"
X-RateLimit-Limitinteger

Total number of rate limit tokens for this request within a rate limit period. For more information, see Rate limits.

Example: 3600
X-RateLimit-Remaininginteger

Remaining number of rate limit tokens for this request within the rate limit period. For example, in the sandbox environment, rate limits for non-GET endpoints are set at 3000 requests per 10 minutes.

Example: 3600
Bodyapplication/json
idstring<= 50 charactersread-only

ID of the customer.

Example: "cus_0YV7DDSDD1C8DA64KHH2W33CPF"
emailstring or null(email)read-only

Customer's email address.

firstNamestring or nullread-only

Customer's first name.

lastNamestring or nullread-only

Customer's last name.

websiteIdstring<= 50 characters
Example: "web_0YV7DE4Z26DQSA1AC92FBJ7SEG"
defaultPaymentInstrumentVaulted payment instrument (object) or Alternative instrument (object) or Cash (object) or Check (object) or null
Any of:

Vaulted payment instrument.

To use this payment instrument for automatic subscription renewals, and for transactions when no specific payment instrument is provided by the user, set this as the default payment instrument.

createdTimestring(date-time)(CreatedTime)read-only

Date and time which is set automatically when the resource is created.

updatedTimestring(date-time)(UpdatedTime)read-only

Date and time which updates automatically when the resource is updated.

customFieldsobject(ResourceCustomFields)

Use custom fields to extend a resource scheme to include custom data that is not provided as a common field. For more information, see Custom fields.

primaryAddressContactObject (object) or null

Customer's primary address.

One of:

Customer's primary address.

companyobject or null(Company)read-only

Company information that is associated with the customer's primary email address domain.

This is a paid feature, to enable it contact Rebilly.

averageValueobject(CustomerAverageValue)read-only

Average customer value.

paymentCountintegerread-only

Total number of approved payments made by the customer.

lastPaymentTimestring or null(date-time)read-only

Time and date of the customer's last approved payment.

lifetimeRevenueobject(CustomerLifetimeRevenue)read-only

Customer's lifetime revenue.

invoiceCountintegerread-only

Total number of invoices issued to the customer. This value is auto-incrementing. If this value is 0, the record relates to a lead. A lead is a customer who has not made a payment yet. If this value is greater than or equal to 1 the record relates to a customer.

tagsArray of objects(Tag)read-only

List of customer tags.

revisionintegerread-only

Number of times the customer's data has been modified.

Use this value when analyzing webhook data to determine if a change must take precedence over the current representation.

isEddRequiredboolean

Specifies if Enhanced Due Diligence (EDD) is enabled for this customer. For more information, see Enhanced Due Diligence.

Default false
hasFulfilledKycbooleanread-only

Specifies if the customer has accepted and reviewed identity and address documents, or an accepted credit file document.

organizationIdstring<= 50 charactersread-only

Unique organization identifier. An organization is an entity that represents a company. For more information, see Obtain an organization ID.

Example: "org_0YVDM8RC7GDADADSBSMW124JA8"
localestring or null

Language locale identifier in RFC 5646 format.

Default null
Example: "fr-FR"
taxNumbersArray of objects or null(TaxNumber)

Tax numbers of the customer.

_linksArray of objectsread-only

Related links.

_embeddedobjectread-only

Embedded objects that are requested using the expand query string parameter.

Response
application/json
{ "id": "cus_0YV7DDSDD1C8DA64KHH2W33CPF", "email": "user@example.com", "firstName": "string", "lastName": "string", "websiteId": "web_0YV7DE4Z26DQSA1AC92FBJ7SEG", "defaultPaymentInstrument": { "method": "payment-card", "paymentInstrumentId": "inst_0YVB8KPKNXCBR9EDX7JHSED75N" }, "createdTime": "2019-08-24T14:15:22Z", "updatedTime": "2019-08-24T14:15:22Z", "customFields": { "foo": "bar" }, "primaryAddress": { "firstName": "Benjamin", "lastName": "Franklin", "organization": "Rebilly", "address": "36 Craven St", "address2": "string", "city": "Austin", "region": "Texas", "country": "GB", "postalCode": "WC2N 5NF", "phoneNumbers": [ … ], "emails": [ … ], "dob": "1980-04-01", "jobTitle": "CEO", "hash": "056ae6d97c788b9e98b049ebafd7b229bf852221" }, "company": { "name": "string", "domain": "string", "yearFounded": 0, "industry": "string", "employeesCount": 0, "country": "string", "locality": "string", "_links": [ … ] }, "averageValue": { "currency": "USD", "amount": 0.1, "amountUsd": 0.1 }, "paymentCount": 0, "lastPaymentTime": "2019-08-24T14:15:22Z", "lifetimeRevenue": { "currency": "USD", "amount": 0.1, "amountUsd": 0.1 }, "invoiceCount": 0, "tags": [ { … } ], "revision": 0, "isEddRequired": false, "hasFulfilledKyc": true, "organizationId": "org_0YVDM8RC7GDADADSBSMW124JA8", "locale": "fr-FR", "taxNumbers": [ { … } ], "_links": [ { … } ], "_embedded": { "leadSource": {} } }

Retrieve a customer

Request

Retrieves a customer with a specified ID.

Path
idstring<= 50 characters^[@~\-\.\w]+$required

ID of the resource.

Query
expandstring

Expands a request to include embedded objects within the _embedded property of the response. This field accepts a comma-separated list of objects.

For more information, see Expand to include embedded objects.

fieldsstring

Limits the returned fields to the specified list, each field separated by a comma. The ID value is always returned.