API Reference

Complete API endpoint reference for QBitFlow. All endpoints require an X-API-Key header.

Base url: https://api.qbitflow.app/v1

Products

POST/product

Create a product

Header: X-API-Key: <your-api-key>

Request Body

GET/product

Get all products

Header: X-API-Key: <your-api-key>

GET/product/id/{id}

Get a product by ID

Header: X-API-Key: <your-api-key>

PUT/product/{id}

Update a product

Header: X-API-Key: <your-api-key>

Request Body

DELETE/product/{id}

Delete a product

Header: X-API-Key: <your-api-key>

Users

POST/user

Create a user

⚠Requires admin or owner role.

Header: X-API-Key: <your-api-key>

Request Body

GET/user

Get Me

Returns the user associated with the API key.

Header: X-API-Key: <your-api-key>

GET/user/all

Get all users

⚠Requires admin or owner role.

Header: X-API-Key: <your-api-key>

GET/user/id/{id}

Get a user by ID

⚠Requires admin or owner role.

Header: X-API-Key: <your-api-key>

PUT/user/{id}

Update a user

⚠If the API key belongs to the user, the organization fee is ignored.

⚠If the API key belongs to an admin or owner, the organization fee is updated.

Header: X-API-Key: <your-api-key>

Request Body

DELETE/user/{id}

Delete a user

⚠Requires admin or owner role.

Header: X-API-Key: <your-api-key>

API Keys

POST/api-key

Create an API key

⚠If the API key belongs to a user, creates an API key for that user.

⚠If the API key belongs to an admin or owner, creates an API key for the specified userId (within the same organization).

Header: X-API-Key: <your-api-key>

Request Body

GET/api-key

Get all my API keys

Header: X-API-Key: <your-api-key>

DELETE/api-key/{id}

Delete an API key

Header: X-API-Key: <your-api-key>

Customers

POST/customer

Create a customer

Header: X-API-Key: <your-api-key>

Request Body

GET/customer/all

Get all customers

Header: X-API-Key: <your-api-key>

GET/customer/uuid/{uuid}

Get a customer by ID

Header: X-API-Key: <your-api-key>

PUT/customer

Update a customer

Header: X-API-Key: <your-api-key>

Request Body

DELETE/customer/uuid/{uuid}

Delete a customer

Header: X-API-Key: <your-api-key>

One-Time Payments

POST/transaction/session-checkout

Create a one-time payment (without a product)

Creates a payment session from scratch. Customer information can be provided with the request or collected during the payment process.

Header: X-API-Key: <your-api-key>

Request Body

POST/transaction/session-checkout

Create a one-time payment (from a product)

Creates a payment session from an existing product. Customer information can be provided with the request or collected during the payment process.

Header: X-API-Key: <your-api-key>

Request Body

GET/transaction/session-checkout/{sessionId}

Retrieve session checkout details

Header: X-API-Key: <your-api-key>

Transaction Info

GET/transaction/info/{transactionId}

Retrieve transaction details

Header: X-API-Key: <your-api-key>

GET/transaction/payments/combined

Get all payments

Header: X-API-Key: <your-api-key>

Subscriptions

POST/transaction/session-checkout

Create a subscription

Header: X-API-Key: <your-api-key>

Request Body

POST/transaction/session-checkout

Create a subscription with trial period

Header: X-API-Key: <your-api-key>

Request Body

GET/transaction/subscription/history/{subscriptionId}

Get subscription payment history

Header: X-API-Key: <your-api-key>

GET/transaction/subscription/{subscriptionId}

Get subscription details

Header: X-API-Key: <your-api-key>

Webhooks

POST/webhooks/verify

Verify webhook signature

⚠The payload must be exactly the same as the one received in the webhook request. Read the raw body of the request received on your webhook endpoint and use it as the payload — do not parse it as JSON and re-stringify it, as formatting changes will cause signature verification failure.

Header: X-API-Key: <your-api-key>

Request Body