Unfortunately, this feature is not supported on mobile devices. For the best experience, please use a computer.

Core APIs (latest)

Introduction

The Rebilly API is built on HTTP and is RESTful. It has predictable resource URLs and returns HTTP response codes to indicate errors. It also accepts and returns JSON in the HTTP body. Use your favorite HTTP/REST library in your programming language when using this API, or use one of the Rebilly SDKs, which are available in PHP and JavaScript.

Every action in the Rebilly UI is supported by an API which is documented and available for use, so that you may automate any necessary workflows or processes. This API reference documentation contains the most commonly integrated resources.

Authentication

This topic describes the different forms of authentication that are available in the Rebilly API, and how to use them.

Rebilly offers four forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.

  • Secret API key: Use to make requests from the server side. Never share these keys. Keep them guarded and secure.
  • Publishable API key: Use in your client-side code to tokenize payment information.
  • JWT: Use to make short-life tokens that expire after a set period of time.

Manage API keys

To create or manage API keys, select one of the following:

For more information on API keys, see API keys.

Errors

Rebilly follows the error response format proposed in RFC 9457, which is also known as Problem Details for HTTP APIs. As with any API responses, your client must be prepared to gracefully handle additional members of the response.

SDKs

Rebilly provides a JavaScript SDK and a PHP SDK to help interact with the Rebilly API. However, no SDK is required to use the API.

Rebilly also provides FramePay, a client-side iFrame-based solution, to help create payment tokens while minimizing PCI DSS compliance burdens and maximizing your customization ability. FramePay interacts with the payment tokens creation operation.

JavaScript SDK

For installation and usage instructions, see SDKs. All JavaScript SDK code examples are included in the API reference documentation.

PHP SDK

For installation and usage instructions, see SDKs. All SDK code examples are included in the API reference documentation. To use them, you must configure the $client as follows:

$client = new Rebilly\Client([
    'apiKey' => 'YourApiKeyHere',
    'baseUrl' => 'https://api.rebilly.com',
]);

Get started

The full Rebilly API has over 500 operations. This is likely more than you may need to implement your use cases. If you would like to implement a particular use case, contact Rebilly for guidance and feedback on the best API operations to use for the task.

To integrate Rebilly, and learn about related resources and concepts, see Get started.

Rate limits

Rebilly enforces rate limits on the API to ensure that no single organization consumes too many resources. Rate limits are applied to the organization, and not to the API key. In sandbox environment, rate limits are enforced for non-GET endpoints and are set at 3000 requests per 10 minutes. You can find the exact number of consumed requests in the X-RateLimit-Limit and X-RateLimit-Remaining headers in the response. If the rate limit is exceeded, the API returns a 429 Too Many Requests response and a X-RateLimit-Retry-After header that includes a UTC timestamp of when the rate limit resets.

Download OpenAPI description
Languages
Servers
Mock server
https://www.rebilly.com/_mock/docs/dev-docs/api/
Sandbox server
https://api-sandbox.rebilly.com/organizations/{organizationId}/
Live server
https://api.rebilly.com/organizations/{organizationId}/

Customers

Use these operations to manage customers. A customer is an entity that purchases goods or services from you (a merchant), and is the payee in any transaction that is credited to you. Customers are associated with payment instruments, subscriptions, invoices, and other related resources.

In other systems, customers may be referred to as accounts, clients, members, patrons, or players. For information on the customer resource, see Resources.

Operations

Customer authentication

Use these operations to validate the identity of users and manage authentication credentials.

Operations

Tags

Use tags to organize and categorize customers or KYC documents based on keywords.

Operations

Customers timeline

Use customer timelines to maintain an audit trail of changes and activity for each customer.

Operations

Payment instruments

Use these operations to manage payment instruments. Payment instrument is a term which describes any means of making a digital payment, such as: credit cards, debit cards, direct debits, payment service providers, and digital wallets.

For more information on payment instruments, see Payment instruments.

OperationsWebhooks

Payment tokens

Use payment tokens to reduce the scope of PCI DSS compliance.

A payment token can be made using a different authentication scheme (public key authentication), which enables you to create a payment token directly from the browser. This bypasses the need to send sensitive cardholder info to your servers. We recommend using this with the FramePay library, which helps you integrate a form into this API resource and create payment tokens.

Operations

Transactions

Use these operations to:

  • set up payment instruments for payments
  • authorize and hold funds
  • capture funds
  • make payments
  • make payouts
  • refund transactions.
Operations

Disputes

Use these operations to manage disputes. A dispute occurs when a customer contests a charge to their account. The dispute and related information is made available to the merchant by the bank or credit card company. The merchant then has the option to represent the charge and win the case. This process is called dispute resolution. If the merchant is unable to represent the charge, the card issuer typically reverses the sale and adds fees on top of the charge. This process is called a chargeback.

OperationsWebhooks

Fees

Use fees to reconcile transactions with applicable fees and discount rates. Fees are not applied directly to transaction amounts, they do not modify the transaction amount. Fees help to describe each part of the transaction amount.

Important: These operations are experimental and may change.

Operations

Transactions timeline

Use transaction timelines to maintain an audit trail of changes and activity for each transaction.

Operations

Orders

Use these operations to manage customer orders. An order is a customer's request to purchase items. It can contain subscription and one-time sale items. When an order contains one or more subscription items, it is a subscription order.

An order generates an invoice. A subscription order generates an invoice for each service period. For more information, see Orders.

Operations

Invoices

Use invoices to bill for the goods or services that you provide. If your invoice includes subscription items, it also includes the corresponding service periods and prices.

Operations

Usage

Use these operations to manage the product usage of a subscription item for metered billing purposes.

Use metered billing when product quantity is unknown to the customer at the moment of creating a subscription. Metered billing is based on reported usage records. Every reported usage updates the quantity of an upcoming invoice item for a specified subscription and a plan. To create a metered billing plan, see Plans.

Operations

Credit memos

Use credit memos to provide a customer with store credit. A common use case for using a credit memo is to provide a customer with store credit, rather than a refund, if the customer pays more than they owe or returns a product. For information on the credit memo resource, see Resources.

OperationsWebhooks

Plans

Use pricing plans to describe how the customer must pay for products.

Rebilly provides the following plan types:

  • Trial only: Use this plan to create and offer a free or discounted trial period for your product. For example, a free 2 week trial of an internet service. After the trial, the customer can choose to sign up for a paid subscription, or stop using the service.
  • Recurring: Use this plan to create and offer a subscription for your product. For example, a monthly subscription to an internet service that is charged at 20 USD per month.
  • One time sale: Use this plan to create and offer a one-off sale for your products. For example, a one time purchase of two bags of coffee.

For information on the plans resource, see Plans.

For information on plan pricing, see Pricing formulas.

Operations

Products

Use products to describe the goods and services that your business sells. A product also describes sales items on invoices and receipts. Product pricing is defined in plans. A product may have one or many plans.

For information on the product resource, see Product.

Operations

Coupons

Use coupons to reward customers, generate sales, or to test new pricing strategies. Coupons enable you to apply different types of discounts to invoices, subscriptions, and pricing plans.

Redeemed coupons are attached to a customer's account. Depending on the coupon restrictions, the redeemed coupons are then applied from the customer's account to subsequent invoices or subscriptions. Redeemed coupons can only be applied to invoices of the same currency.

Once a coupon is redeemed it cannot be modified. You may deactivate a coupon or create a new coupon, but you cannot reuse the same coupon code. If you have a use case where you must reuse the same code, contact Rebilly.

Operations

Quotes

Use quote operations to create and manage quotations. Quotations describe the cost of goods or services to potential customers before they commit to a purchase. A quote contains an initial invoice preview that can be accepted to become an order.

A quote can contain subscription and one-time sale items. When a quote contains one or more subscription items, it is a subscription order quote.

Operations

Quotes timeline

Use quote timelines to maintain an audit trail of changes and activity for each quote.

Operations

Shipping rates

Use these operations to manage shipping rates. A shipping rate contains a filter and a pricing for a specific shipping destination.

Operations

Orders timeline

Use order timelines to maintain an audit trail of changes and activity for each order.

Operations

Invoices timeline

Use invoice timelines to maintain an audit trail of changes and activity for each invoice.

Operations

Credit memos timeline

Use credit memo timelines to maintain an audit trail of changes and activity for each credit memo. Credit memos are a means of providing a customer with store credit.

Operations

Blocklists

Use blocklists to prevent fraud and criminal activity.

Blocklists are lists of customer attribute values that are blocked from buying from you. For example, if a customer attempts to make a purchase from you with a credit card that is in a blocklist, the transaction is blocked and is not processed.

Before a new transaction is processed in Rebilly, blocklists are examined to check for attributes related to the entity. If a match is detected, the operation is aborted. A blocklist that expires after a period of time is called a greylist.

Operations

Allowlists

Use allowlists to exclude specific customer attribute data from risk score checks.

Allowlists are lists of data that are excluded from risk score checks. Allowlists prevent specific data from being added to a blocklist record when a risk score threshold reached.

Operations

KYC documents

Use Know Your Customer (KYC) documents to verify your customers identity. The KYC document operations generate a signed link to the Rebilly KYC document gatherer.

Document types:

  • identity-proof: Validates a customer's identity.
  • address-proof: Validates a customer's address.
  • purchase-proof: Validates a customer's purchase.
  • funds-proof: Validates that a customer has funds.
  • credit-file-proof: Verifies that there is an existing credit file with two sources that match the customer's name, DOB, and address.

Rebilly parses and analyzes the documents and accepts or rejects them according to a configurable scoring algorithm. When all document types in a KYC request are accepted, the status is fulfilled, and the KYC request fulfilled webhook is sent.

Operations

AML

Use Anti-Money Laundering (AML) operations to screen customers and help prevent your business from becoming directly or indirectly involved in criminal activity.

Use AML operations during customer creation, and some transaction processing, to help determine if a potential customer (lead), or customer, has political or economic sanctions against them.

AML operations search the following for screening purposes: Politically Exposed Persons (PEPs) lists, sanction lists, and adverse media lists.

OperationsWebhooks

Risk score

Use risk score operations to configure blocklists based on transaction risk factors.

Operations

Retrieve risk score rules

Request

Retrieves risk score rules.

curl -i -X GET \
  https://www.rebilly.com/_mock/docs/dev-docs/api/risk-score-rules \
  -H 'REB-APIKEY: YOUR_API_KEY_HERE'
Experience it firsthand in the API Explorer!

Responses

Risk score rules retrieved.

Bodyapplication/json
isProxyobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to a proxy.

isProxy.valueintegerrequired

Value added to the risk score of the transaction.

isVpnobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to a VPN.

isVpn.valueintegerrequired

Value added to the risk score of the transaction.

isTorobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to TOR.

isTor.valueintegerrequired

Value added to the risk score of the transaction.

isHostingobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to hosting.

isHosting.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedBillingAddressCountryobject or null(RiskScoreBoolean)required

Specifies whether the customer's billing address country and geo-IP address are not the same.

hasMismatchedBillingAddressCountry.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedBankCountryobject or null(RiskScoreBoolean)required

Specifies whether the customer's bank country and geo-IP address are not the same.

hasMismatchedBankCountry.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedTimeZoneobject or null(RiskScoreBoolean)required

Specifies whether the customer's browser time zone and the IP address associated time zone are not the same.

hasMismatchedTimeZone.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedHolderNameobject or null(RiskScoreBoolean)required

Specifies whether the customer's billing address name and primary address name are not the same.

hasMismatchedHolderName.valueintegerrequired

Value added to the risk score of the transaction.

hasFakeNameobject or null(RiskScoreBoolean)required

Specifies whether the holder name seems fake.

hasFakeName.valueintegerrequired

Value added to the risk score of the transaction.

isHighRiskCountryobject or null(RiskScoreBoolean)required

Specifies whether the geo-IP country, or the customer's billing country, is considered a high risk country.

isHighRiskCountry.valueintegerrequired

Value added to the risk score of the transaction.

paymentInstrumentVelocityobject or null(RiskScoreBracket)required

Number of transactions for this payment instrument, based on fingerprint, in the last 24 hours.

paymentInstrumentVelocity.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

paymentInstrumentVelocity.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

paymentInstrumentVelocity.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

paymentInstrumentVelocity.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

declinedPaymentInstrumentVelocityobject or null(RiskScoreBracket)required

Number of declined transactions for this payment instrument fingerprint in the last 24 hours.

declinedPaymentInstrumentVelocity.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

declinedPaymentInstrumentVelocity.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

declinedPaymentInstrumentVelocity.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

declinedPaymentInstrumentVelocity.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

deviceVelocityobject or null(RiskScoreBracket)required

Number of transactions for this device, based on fingerprint, in the last 24 hours.

deviceVelocity.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

deviceVelocity.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

deviceVelocity.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

deviceVelocity.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

ipVelocityobject or null(RiskScoreBracket)required

Number of transactions for this IP address in the last 24 hours.

ipVelocity.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

ipVelocity.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

ipVelocity.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

ipVelocity.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

emailVelocityobject or null(RiskScoreBracket)required

Number of transactions for this email address in the last 24 hours.

emailVelocity.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

emailVelocity.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

emailVelocity.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

emailVelocity.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

billingAddressVelocityobject or null(RiskScoreBracket)required

Number of transactions for this billing address in the last 24 hours.

billingAddressVelocity.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

billingAddressVelocity.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

billingAddressVelocity.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

billingAddressVelocity.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

isRebillobject or null(RiskScoreBoolean)required

Specifies whether the transaction is one of a number of recurring payments in a subscription, excluding trials or setup fees.

isRebill.valueintegerrequired

Value added to the risk score of the transaction.

isRetryobject or null(RiskScoreBoolean)required

Specifies whether the transaction is a retry.

isRetry.valueintegerrequired

Value added to the risk score of the transaction.

customerLifetimeValueobject or null(RiskScoreBracket)required

Total revenue from the customer, in USD.

customerLifetimeValue.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

customerLifetimeValue.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

customerLifetimeValue.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

customerLifetimeValue.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

browserAdBlockEnabledobject or null(RiskScoreBoolean)required

Specifies whether an ad blocker was detected.

browserAdBlockEnabled.valueintegerrequired

Value added to the risk score of the transaction.

paymentInstrumentApprovedTransactionCountobject or null(RiskScoreBracket)required

Number of approved transactions for this payment instrument.

paymentInstrumentApprovedTransactionCount.bracketsArray of objectsnon-emptyrequired

Risk factor values range with corresponding risk score increment value. First matched bracket is applied.

paymentInstrumentApprovedTransactionCount.brackets[].startinteger>= 0required

Minimal risk factor value when condition is applied.

paymentInstrumentApprovedTransactionCount.brackets[].endinteger>= 1required

Maximal risk factor value when condition is applied.

paymentInstrumentApprovedTransactionCount.brackets[].valueintegerrequired

Value added to the risk score of the transaction.

Response
application/json
{ "isProxy": { "value": 0 }, "isVpn": { "value": 0 }, "isTor": { "value": 0 }, "isHosting": { "value": 0 }, "hasMismatchedBillingAddressCountry": { "value": 0 }, "hasMismatchedBankCountry": { "value": 0 }, "hasMismatchedTimeZone": { "value": 0 }, "hasMismatchedHolderName": { "value": 0 }, "hasFakeName": { "value": 0 }, "isHighRiskCountry": { "value": 0 }, "paymentInstrumentVelocity": { "brackets": [] }, "declinedPaymentInstrumentVelocity": { "brackets": [] }, "deviceVelocity": { "brackets": [] }, "ipVelocity": { "brackets": [] }, "emailVelocity": { "brackets": [] }, "billingAddressVelocity": { "brackets": [] }, "isRebill": { "value": 0 }, "isRetry": { "value": 0 }, "customerLifetimeValue": { "brackets": [] }, "browserAdBlockEnabled": { "value": 0 }, "paymentInstrumentApprovedTransactionCount": { "brackets": [] } }

Modify risk score rules

Request

Modifies risk score rules.

Bodyapplication/jsonrequired

Risk score rules.

isProxyobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to a proxy.

isProxy.valueintegerrequired

Value added to the risk score of the transaction.

isVpnobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to a VPN.

isVpn.valueintegerrequired

Value added to the risk score of the transaction.

isTorobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to TOR.

isTor.valueintegerrequired

Value added to the risk score of the transaction.

isHostingobject or null(RiskScoreBoolean)required

Specifies whether the customer's IP address is related to hosting.

isHosting.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedBillingAddressCountryobject or null(RiskScoreBoolean)required

Specifies whether the customer's billing address country and geo-IP address are not the same.

hasMismatchedBillingAddressCountry.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedBankCountryobject or null(RiskScoreBoolean)required

Specifies whether the customer's bank country and geo-IP address are not the same.

hasMismatchedBankCountry.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedTimeZoneobject or null(RiskScoreBoolean)required

Specifies whether the customer's browser time zone and the IP address associated time zone are not the same.

hasMismatchedTimeZone.valueintegerrequired

Value added to the risk score of the transaction.

hasMismatchedHolderNameobject or null(RiskScoreBoolean)required

Specifies whether the customer's billing address name and primary address name are not the same.

hasMismatchedHolderName.valueintegerrequired

Value added to the risk score of the transaction.