B2B platform for digital goods

FoxReload API Quickstart Guide 2026 — Your First Call in 10 Minutes

From API key to first successful catalog request in under 10 minutes — auth, curl, and the response schema explained.

FoxReload API Quickstart Guide 2026 — Your First Call in 10 Minutes

This FoxReload API quickstart is written for backend developers and procurement engineers who need to integrate a wholesale digital-goods catalog into their storefront, bot, or internal tooling. By the end of this article you will have made a real authenticated request against https://public-api.foxreload.com and placed a mock order.

1. Get your API key

Open the FoxReload dashboard, go to Dashboard → API → Create New Key. The key is shown exactly once — copy it into your secrets manager immediately. Optionally restrict it to an IP allowlist (up to 10 addresses or CIDR ranges). There are no test_ or live_ key prefixes; the same key works against the production API.

Never commit keys to git. Store them in your secrets manager (AWS Secrets Manager, Doppler, Vault) and inject at runtime.

2. Authentication header

FoxReload uses a single API key header. Every request must include:

X-API-Key: YOUR_API_KEY
Content-Type: application/json

Requests without the header return HTTP 401 Unauthorized. Requests from an IP not in your allowlist return HTTP 403 Forbidden. Only HTTPS is accepted.

3. Verify your key

The simplest test is GET /api/access/me, which returns your account details:

curl -X GET "https://public-api.foxreload.com/api/access/me" \
  -H "X-API-Key: YOUR_API_KEY"

A successful call returns HTTP 200 with:

{
  "email": "you@example.com",
  "firstName": "Jane",
  "lastName": "Doe",
  "isActive": true,
  "isSuper": false
}

4. Browse the catalog

List categories, then list products within a category. A product's id is the itemId you will use when placing orders.

# List categories
curl "https://public-api.foxreload.com/api/categories/?limit=20" \
  -H "X-API-Key: YOUR_API_KEY"

# List products in a category (category_id_or_slug is required)
curl "https://public-api.foxreload.com/api/products/?category_id_or_slug=gift-cards&limit=50" \
  -H "X-API-Key: YOUR_API_KEY"

Each product in the response has id, name, and price. The id (a TypeID like product_01k...) is what you pass as itemId in order creation.

You can also search:

curl "https://public-api.foxreload.com/api/products/search?query=Steam&limit=10" \
  -H "X-API-Key: YOUR_API_KEY"

5. Place a test order

Use isMock: true to receive fake codes without spending balance:

curl -X POST "https://public-api.foxreload.com/api/orders" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "items": [
      {
        "itemId": "product_01krgfgww8eth9xvvysd6y7r4j",
        "quantity": 1
      }
    ],
    "isMock": true
  }'

The response is HTTP 201 with an order object. Note the id field.

6. Poll for results

FoxReload does not push webhooks. Poll GET /api/orders/{order_id} until the status is completed:

curl "https://public-api.foxreload.com/api/orders/{order_id}" \
  -H "X-API-Key: YOUR_API_KEY"

When status == "completed", each items[].externalData array contains the delivered codes. A cancelled or failed order ends in status: "cancelled" or status: "failed".

7. Rate limits and errors

The API returns HTTP 429 when the rate limit is exceeded. Implement exponential backoff (start at 500 ms, double each attempt, add jitter) and never retry on 4xx errors other than 429. For POST /api/orders timeouts, check the order status with GET /api/orders/{id} before retrying — there are no idempotency keys, so a retry creates a new order.

Ready to wire this into your stack? API keys are free with a FoxReload account — request access at foxreload.com and start procuring digital goods at wholesale margins this week.

Frequently asked questions

How do I get a FoxReload API key?
Go to Dashboard → API → Create New Key. The key is shown once — store it as a server-side environment variable; it cannot be re-revealed. You can restrict the key to an IP allowlist (up to 10 addresses or CIDR ranges) for added security.
What authentication does FoxReload use?
A single header: X-API-Key: YOUR_API_KEY. There is no OAuth, no Bearer token, and no client_id/client_secret. Missing or invalid key returns HTTP 401; a disabled key or IP not in the allowlist returns HTTP 403.
How fast does an order get delivered via the API?
Most orders complete within seconds to a minute. Poll GET /api/orders/{id} to check status. When status is 'completed', each items[].externalData array contains the delivered codes. FoxReload does not push webhooks — polling is the correct pattern.
Does FoxReload have a sandbox environment?
No. There is no sandbox URL. Use isMock: true in POST /api/orders to receive fake codes without spending real balance. Mock orders go through the full status lifecycle so you can test your polling and delivery logic.
How do I test order creation without spending real balance?
Pass "isMock": true in the order body. You will receive realistic but fake codes in externalData. Switch to isMock: false (or omit it) when going live.
Get FoxReload API access

Related articles