Introduction

The Paykickstart API allows for a wide variety of interactions with the Paykickstart Platform using an application.

The API endpoint is located here: https://app.paykickstart.com/api

  • All API requests should use the above URL as their base url.
  • All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

With the exception of the Instant Payment Notification system which uses a different validation method, every api call must include an auth_token field, which is located in your Platform Settings, under “API Key”. This key is used to verify the vendor’s account and respective API access permissions.

Responses from the Paykickstart API are returned in JSON format, unless otherwise stipulated.

Topics

Instant Payment Notification

IPN POST

Example Response

$_POST => [
    'event'                             => 'sales',
    'mode'                              => 'live',
    'payment_processor'                 => 'stripe',
    'amount'                            => 9.99,
    'buyer_ip'                          => '196.215.215.215',
    'buyer_first_name'                  => 'Ruggero',
    'buyer_last_name'                   => 'Sandri-Boriani',
    'buyer_email'                       => 'ruggero@sandri.com',
    'vendor_first_name'                 => 'Digital',
    'vendor_last_name'                  => 'Kickstart',
    'vendor_email'                      => 'support@digitalkickstart.com',
    'transaction_id'                    => 'PK-TN0LNO7XWR',
    'invoice_id'                        => 'PK-PZ1WK636WR',
    'tracking_id'                       => 216,
    'transaction_time'                  => 1469014598,
    'product_id'                        => 2354,
    'product_name'                      => 'SEO Snapshot - Main',
    'campaign_id'                       => 215,
    'campaign_name'                     => 'SEO Snapshot',
    'affiliate_first_name'              => 'Bob',
    'affiliate_last_name'               => 'Jones',
    'affiliate_email'                   => 'bob@jones.com',
    'affiliate_commission_amount'       => 4.99,
    'affiliate_commission_percent'      => 50,
    'ref_affiliate_first_name'          => null,
    'ref_affiliate_last_name'           => null,
    'ref_affiliate_email'               => null,
    'ref_affiliate_commission_amount'   => null,
    'ref_affiliate_commission_percent'  => null,
    'custom_var1'                       => 123,
    'custom_var2'                       => 'email@user.com',
    'licenses'                          => ['HPLD-XSQW-KDW3-8HTD', 'AWDF-XADWR-HYTF-4T7B']
    'verification_code'                 => 'e2288202ad23b877c3498a6db6214b5a417b75a4'
];

IPN Validation Function

function is_valid_ipn($data, $secret_key) {

    $paramStrArr = array();
    $paramStr = NULL;

    foreach($data as $key=>$value)
    {
        // Ignore if it is encrypted key
        if($key == "verification_code") continue;
        if(!$key OR !$value) continue;
        $paramStrArr[] = (string) $value;
    }

    ksort( $paramStrArr, SORT_STRING );
    $paramStr = implode("|", $paramStrArr);
    $encKey = hash_hmac( 'sha1', $paramStr, $secret_key );

    return $encKey == $data["verification_code"] ;
}

PayKickstart’s Instant Payment Notification (IPN) is a message service that automatically notifies vendors of events related to PayKickstart transactions. Vendors can use it to automate back-office and administrative functions, including automatically creating users on apps, providing customers with their login credentials via email etc.

ARGUMENTS

event

Stipulates the type of transaction event which has occurred. The event types are:

  • sales
  • refund
  • subscription-payment
  • subscription-created
  • subscription-cancelled

mode

Indicates whether the transaction was executed in “live” mode or “test” mode. The parameter’s possible value are:

  • live
  • test

payment_processor

Indicates the payment gateway used to create the transaction. Supported payment gateways include:

  • stripe
  • paypaladaptive
  • braintree*
  • authnet*

* Braintree and Authorize.net are coming soon.


amount

The transaction amount

buyer_ip
buyer_first_name
buyer_last_name
buyer_email

The transaction’s buyer’s details

vendor_first_name
vendor_last_name
vendor_email

The transaction’s Paykickstart vendor’s details

transaction_id

The unique Paykickstart transaction ID


invoice_id

The unique Paykickstart purchase ID


tracking_id

The transaction’s Paykickstart affiliate’s tracking link id


transaction_time

The time when the transaction was generated, in UNIX timestamp format.


product_id
product_name

The transaction’s product details

campaign_id
campaign_name

The transaction’s campaign details

affiliate_first_name
affiliate_last_name
affiliate_email
affiliate_commission_amount
affiliate_commission_percent

The transaction’s Paykickstart affiliate’s details and the amount paid to the affiliate for this transaction. Both the commission value and percentage amounts are indicated.

 


ref_affiliate_first_name
ref_affiliate_last_name
ref_affiliate_email
ref_affiliate_commission_amount
ref_affiliate_commission_percent

The transaction’s Paykickstart 2nd tier affiliate’s details and the amount paid to that affiliate for this transaction. Both the commission value and percentage amounts are indicated.

 


custom_{field}

Field names prefixed with “custom_” in the IPN POST are custom fields which you may set in the checkout page URL. For example, if your Paykickstart checkout page URL is https://app.paykickstart.com/checkout/123, you can add additional information to the URL in the form of GET variables like this:

https://app.paykickstart.com/checkout/123?var1=123&var2=email@user.com

Continuing with the example above, we’d pass these custom variables back to you in the IPN POST, like this:

custom_var1 = 123
custom_var2 = ’email@user.com’



licenses

Returns any licenses linked to the transaction, either as an array if more than 1 license, or a string if only 1 license.

 


verification_code

This is a hashed security key that can be used to validate that the IPN POST received is in fact valid / verified. You should generate a hash using the function provided (see IPN Validation Function on the left) and compare it against the hash within the POST. If they match, the IPN is verified. The secret key variable required by the IPN validation function is located in your campaign settings (see screenshot below).

pk_ipn_secret_key

 

 

Licensing

PayKickstart’s licensing system is a service which creates and manages licenses on a per-product basis for vendors who activate the service.

The service is activated by enabling “Licensing” in the Product Details section when editing a product. The “License Usage” field indicates the number of licenses which will be issued each time the product is purchased.

The issued licenses are given to the customer on Paykickstart’s default “thank you” page and on Paykickstart’s Order Lookup page. They are also indicated in the IPN service. The link to Paykickstart’s Order Lookup page is included by default to the buyer’s sales receipt email.

Get License Data

Example Request

//Set up API path and method
$base_url = "https://app.paykickstart.com/api/";
$route = "licenses/data";
$url = $base_url . $route;
$post = false;

//Create request data string
$data = http_build_query([
    'auth_token' => '3A0GTRFIJHYE',
    'license_key' => 'D3WS-UCTG-IDFZ-ASHU'
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 0,
  "message": "",
  "data": {
    "license_key": "D3WS-UCTG-IDFZ-ASHU",
    "purchase_id": "PK-P0DHYTR0WZ",
    "status": 1,
    "guid": null
  }
}

This GET request returns license information for a specific license key

ARGUMENTS

license_key

The customer’s license key


auth_token

The Paykickstart vendor’s API Key

 

Get License Status

Example Request

//Set up API path and method
$base_url = "https://app.paykickstart.com/api/";
$route = "licenses/status";
$url = $base_url . $route;
$post = false;

//Create request data string
$data = http_build_query([
    'auth_token' => '3A0GTRFIJHYE',
    'license_key' => 'D3WS-UCTG-IDFZ-ASHU'
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 1,
  "message": "",
  "data": {
    "valid": 1,
    "active": 1
  }
}

This GET request returns license status information for a specific license key

ARGUMENTS

license_key

The customer’s license key


auth_token

The Paykickstart vendor’s API Key

Activate License

Example Request

//Set up API path and method
$base_url = "https://app.paykickstart.com/api/";
$route = "licenses/activate";
$url = $base_url . $route;
$post = true;

//Create request data string
$data = http_build_query([
    'auth_token' => '3A0GTRFIJHYE',
    'license_key' => 'D3WS-UCTG-IDFZ-ASHU',
    'guid' => '46B4560CC-128A-6EDA-439F-80623S7A'
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 1,
  "message": "",
  "data": {
    "license_key": "A4FE-UPYH-EN5Z-PW5E",
    "status": 1,
    "guid": "46B4560CC-128A-6EDA-439F-80623S7A"
  }
}

This POST request activates the license for a specific license key / GUID combination

ARGUMENTS

license_key

The customer’s license key


guid

The GUID is usually a 128-bit integer number used to identify unique resources, but for the purpose of activating a license on Paykickstart it can be any unique hash or “identifier” to identify where the license has been activated, such as a unique hardware identifier, or a unique URL. This prevents the license from being activated in multiple environments at once (1 license per use).


auth_token

The Paykickstart vendor’s API Key

Clear License ("De-Register")

Example Request

//Set up API path and method
$base_url = "https://app.paykickstart.com/api/";
$route = "licenses/clear";
$url = $base_url . $route;
$post = true;

//Create request data string
$data = http_build_query([
    'auth_token' => '3A0GTRFIJHYE',
    'license_key' => 'D3WS-UCTG-IDFZ-ASHU',
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 1,
  "message": "License successfully cleared.",
  "data": []
}

This POST request “clears” / de-registers the license from its specified GUID, allowing it to be activated again for a new (or the same) GUID

ARGUMENTS

license_key

The customer’s license key


auth_token

The Paykickstart vendor’s API Key

Enable License

Example Request

<?php
//Set up API path and method
$base_url = "https://app.paykickstart.com/api/";
$route = "licenses/enable";
$url = $base_url . $route;
$post = true;

//Create request data string
$data = http_build_query([
    'auth_token' => '3A0GTRFIJHYE',
    'license_key' => 'D3WS-UCTG-IDFZ-ASHU'
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 1,
  "message": "License successfully enabled.",
  "data": []
}

This POST request enables the license for being activated and verified

ARGUMENTS

license_key

The customer’s license key


auth_token

The Paykickstart vendor’s API Key

Disable License

Example Request

<?php
//Set up API path and method
$base_url = "https://app.paykickstart.com/api/";
$route = "licenses/disable";
$url = $base_url . $route;
$post = true;

//Create request data string
$data = http_build_query([
    'auth_token' => '3A0GTRFIJHYE',
    'license_key' => 'D3WS-UCTG-IDFZ-ASHU'
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 1,
  "message": "License successfully disabled.",
  "data": []
}

This POST request disables the license from being activated or verified

ARGUMENTS

license_key

The customer’s license key


auth_token

The Paykickstart vendor’s API Key

Subscriptions

The subscriptions methods allow you to update a subscription’s status and set the next charge date, or to cancel the subscription.

Cancel Subscription

Example Request

<?php
//Set up API path and method
$base_url = "https://app.paykickstart.com/api/";
$route = "subscriptions/cancel";
$url = $base_url . $route;
$post = true;

//Create request data string
$data = http_build_query([
    'auth_token' => '3A0GTRFIJHYE',
    'invoice_id' => 'PK-PORW20JQE5'
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 1,
  "message": "Subscription was cancelled"
}

This POST request cancels an active subscription

ARGUMENTS

invoice_id

The unique Paykickstart purchase ID


auth_token

The Paykickstart vendor’s API Key

Payments

The following API calls offer checkout and payment-related API functions.

Update Credit Card

Example Request

<?php
//Set up API path and method
$base_url = "https://dev.paykickstart.com/api/";
$route = "purchase/update-cc";
$url = $base_url . $route;
$post = true;

//Create request data string
$data = http_build_query([
    "invoice_id" => "PK-PMNW0V5NLP",
    "auth_token" => "52YjafEGX4P8",
    "updateCcPw" => "9E780SDF",
    "ccNum" => "4222222222222",
    "ExpireMonth" => 5,
    "ExpireYear" => 2017,
    "csv" => "879"
]);

//Execute cURL request
$ch = curl_init();
if ($post) {
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
} else {
    $url = $url . "?" . $data;
}
curl_setopt($ch, CURLOPT_URL, $url);
$output = curl_exec($ch);
curl_close($ch);

//Output Response
echo json_decode($output);

Example Response

{
  "success": 1,
  "message": "Card updated"
}

This POST request updates a customer’s credit card information for a specified purchase. Please note that we DO NOT store your customer’s credit card details in Paykickstart. All information supplied via this API call is directly relayed to the linked payment gateway for the relevant purchase, and the payment method is updated directly on that payment gateway.

ARGUMENTS

invoice_id

The unique Paykickstart purchase ID


updateCcPw

The unique security token sent to the customer when his payment was declined, which allows him to update the payment details for the declined transaction. Usually this token is attached to the credit card update page URL indicated in the customer’s failed transaction notification email as a GET variable.


ccNum

The customer’s new credit card number

ExpireMonth

The customer’s new credit card expiry month

ExpireYear

The customer’s new credit card expiry year

csv

The customer’s new credit card security code





auth_token

The Paykickstart vendor’s API Key