API documentation
Public JSON API for this store: keys created on your profile charge your wallet on XZian Store for POST /orders. That is separate from any upstream provider wallet you configure in Admin → API providers (import catalog + their GET /me balance).
Which balance?
- XZian Store API (
/api/v1/orders): uses your wallet on this store (the account that owns the API key) — top up under Wallet. - Upstream provider (admin import): the key you save for a partner panel is their account;
GET /meon their site is their balance (shown in Admin → API providers). Purchasing through their API uses their wallet rules.
1. Base URL
https://xzian.com/api/v1All routes live under /api/v1.
2. Authentication
GET /health and GET /products are public. GET /me and POST /orders need a key from your account.
Send one of:
| Header | Example |
|---|---|
Authorization | Bearer sk_live_… |
X-API-Key | sk_live_… |
Full secret is shown once at creation; we store a hash only.
3. GET /health
GET https://xzian.com/api/v1/health
Response 200: {"ok":true,"version":1}
4. GET /products
GET https://xzian.com/api/v1/products
Active catalog. Each row includes item_id (use for orders), price / currency (BDT), slug, names, description.
5. GET /me
GET https://xzian.com/api/v1/me
Auth required. Returns currency (store display currency), balance_display (formatted like the web wallet), user.balance (internal USD string), user.balance_display (same as top-level), plus api_key_id. Errors: 401 unauthorized, 404 user_not_found.
6. POST /orders
POST https://xzian.com/api/v1/orders
Auth required. Body: JSON.
For normal catalog items, this charges the wallet of the user who owns the API key (no card redirect). For imported reseller packages (synced from an upstream provider in Admin → API products), this store does not debit your local wallet: the order is forwarded to the upstream panel, and wholesale is charged on the provider account configured there (Bearer key in API providers).
| Field | Required | Notes |
|---|---|---|
item_id | Yes | From GET /products |
player_id | If needed | When the product has no custom checkout fields |
checkout | If needed | Object: cf_*, smm_*, etc., same as web checkout |
200: ok, order_id, status, amount, currency.
Common errors: 402 insufficient_balance (non-import items only), 409 out_of_stock, 400 validation, 404 item_not_found, 503 wallet_disabled (non-import items when wallet checkout is off). Failed attempts appear under Admin → API failures.
curl -sS -X POST "https://xzian.com/api/v1/orders" \
-H "Authorization: Bearer sk_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"item_id":123,"player_id":"user@example.com"}'
curl -sS "https://xzian.com/api/v1/products"
curl -sS -H "Authorization: Bearer sk_live_YOUR_KEY" "https://xzian.com/api/v1/me"7. Other
Unknown paths return 404 with {"ok":false,"error":"not_found"}. Responses are application/json; charset=utf-8.
Sign in to create keys and fund your wallet.