API documentation

Public JSON API for this store: keys created on your profile charge your wallet on XZian Store for POST /orders. That is separate from any upstream provider wallet you configure in Admin → API providers (import catalog + their GET /me balance).

Which balance?

  • XZian Store API (/api/v1/orders): uses your wallet on this store (the account that owns the API key) — top up under Wallet.
  • Upstream provider (admin import): the key you save for a partner panel is their account; GET /me on their site is their balance (shown in Admin → API providers). Purchasing through their API uses their wallet rules.

1. Base URL

https://xzian.com/api/v1

All routes live under /api/v1.

2. Authentication

GET /health and GET /products are public. GET /me and POST /orders need a key from your account.

Send one of:

HeaderExample
AuthorizationBearer sk_live_…
X-API-Keysk_live_…

Full secret is shown once at creation; we store a hash only.

3. GET /health

GET https://xzian.com/api/v1/health

Response 200: {"ok":true,"version":1}

4. GET /products

GET https://xzian.com/api/v1/products

Active catalog. Each row includes item_id (use for orders), price / currency (BDT), slug, names, description.

5. GET /me

GET https://xzian.com/api/v1/me

Auth required. Returns currency (store display currency), balance_display (formatted like the web wallet), user.balance (internal USD string), user.balance_display (same as top-level), plus api_key_id. Errors: 401 unauthorized, 404 user_not_found.

6. POST /orders

POST https://xzian.com/api/v1/orders

Auth required. Body: JSON.

For normal catalog items, this charges the wallet of the user who owns the API key (no card redirect). For imported reseller packages (synced from an upstream provider in Admin → API products), this store does not debit your local wallet: the order is forwarded to the upstream panel, and wholesale is charged on the provider account configured there (Bearer key in API providers).

FieldRequiredNotes
item_idYesFrom GET /products
player_idIf neededWhen the product has no custom checkout fields
checkoutIf neededObject: cf_*, smm_*, etc., same as web checkout

200: ok, order_id, status, amount, currency.

Common errors: 402 insufficient_balance (non-import items only), 409 out_of_stock, 400 validation, 404 item_not_found, 503 wallet_disabled (non-import items when wallet checkout is off). Failed attempts appear under Admin → API failures.

curl -sS -X POST "https://xzian.com/api/v1/orders" \
  -H "Authorization: Bearer sk_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"item_id":123,"player_id":"user@example.com"}'

curl -sS "https://xzian.com/api/v1/products"
curl -sS -H "Authorization: Bearer sk_live_YOUR_KEY" "https://xzian.com/api/v1/me"

7. Other

Unknown paths return 404 with {"ok":false,"error":"not_found"}. Responses are application/json; charset=utf-8.

Sign in to create keys and fund your wallet.