Base URL: https://api.foxreload.com Β· Sandbox: https://api-sandbox.foxreload.com
Authentication
Every request passes `Authorization: Bearer YOUR_API_KEY`. Keys are issued in `Dashboard β Settings β API Keys` and shown only once. HTTPS required.
curl https://api.foxreload.com/v1/catalog \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"Core endpoints
| Method | Path | Description |
|---|---|---|
| GET | /v1/catalog | List SKUs with pricing and stock. |
| GET | /v1/catalog/{sku_id} | Detail for one SKU. |
| POST | /v1/orders | Create an order. Idempotency-Key recommended. |
| GET | /v1/orders/{order_id} | Order state and delivery payload when ready. |
| POST | /v1/orders/{order_id}/replacement | Request a replacement for a failed code (60-day window). |
| GET | /v1/balance | Current wholesale balance per currency. |
| GET | /v1/orders | Paginated history with filter and date range. |
| POST | /v1/webhooks | Register / rotate a webhook endpoint. |
Webhooks
Events `order.created`, `order.delivered`, `order.failed`, `order.refunded` POST to your endpoint. HMAC-SHA256 signature in the `X-FoxReload-Signature` header. See the library article for verification details.
POST https://your-shop.com/webhooks/foxreload
Headers:
X-FoxReload-Signature: t=...,v1=hex(hmac_sha256(secret, raw_body))
Content-Type: application/json
Body:
{
"event": "order.delivered",
"order_id": "ord_abc123",
"sku_id": "psn-tr-100",
"wholesale_cost_usd": "8.45",
"delivered_at": "2026-05-18T14:32:11Z",
"delivery_data": { "code": "XXXX-YYYY-ZZZZ", "type": "redeem_code" }
}Rate limits
Standard tier: 100 req/min per API key. Enterprise: 1,000 req/min. Excess returns `HTTP 429` with a `Retry-After` header. Use exponential backoff (30s, 60s, 120s).
Full OpenAPI 3.1 specification
/api/openapi.json Β· OpenAPI 3.1 / JSON. Compatible with swagger-ui, redoc, insomnia, postman.