Overview
Overview
Use this API for white-label organization operations only. It is not the reseller portal API.
All documented endpoints were audited from server/src/api/routes/white-label.ts.
Authentication
Sign requests on your backend. Never place the API secret in browser or mobile code.
Nonce and timestamp are required for replay protection.
Errors
White-label client API errors use { success: false, error, requestId } with HTTP 400 for handler errors and 401/403 in auth middleware.
Implementation audit
These docs are tied to the current backend implementation.
Overview
Get account context
Loads the current white-label account context for an enabled account.
GET /api/white-label/v1/contextAuthentication
White-label HMAC authentication
Permissions
settings:read
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
Campaigns
List campaigns
Lists campaigns visible to the authenticated white-label account.
GET /api/white-label/v1/campaignsAuthentication
White-label HMAC authentication
Permissions
campaigns:read
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| search | query | string | No | Optional campaign search text. |
| status | query | string | No | Optional campaign status filter. |
Create campaign
Creates a white-label campaign. Supported campaign_type values are voting, donation, and ticketing.
POST /api/white-label/v1/campaignsAuthentication
White-label HMAC authentication
Permissions
campaigns:write
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| title | body | string | Yes | 3 to 255 characters. |
| description | body | string | Yes | 10 to 5000 characters. |
| campaign_type | body | voting | donation | ticketing | Yes | Implemented campaign types. |
| start_date | body | ISO datetime | Yes | Campaign start date. |
| end_date | body | ISO datetime | Yes | Campaign end date. |
Update campaign
Partially updates an existing campaign owned by the white-label account.
PATCH /api/white-label/v1/campaigns/:campaignIdAuthentication
White-label HMAC authentication
Permissions
campaigns:write
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| campaignId | path | string | Yes | Campaign identifier. |
Ticketing
List ticket types
Lists ticket types, optionally filtered by campaignId.
GET /api/white-label/v1/ticket-typesAuthentication
White-label HMAC authentication
Permissions
tickets:read
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| campaignId | query | uuid | No | Optional campaign filter. |
Create ticket type
Creates a ticket type for a ticketing campaign.
POST /api/white-label/v1/ticket-typesAuthentication
White-label HMAC authentication
Permissions
tickets:write
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| campaignId | body | uuid | Yes | Campaign ID. |
| name | body | string | Yes | Ticket type name. |
| price | body | number | Yes | Ticket price. |
| quantity_available | body | number | Yes | Available quantity. |
Voting
List participants
Lists voting participants/nominees for white-label campaigns.
GET /api/white-label/v1/participantsAuthentication
White-label HMAC authentication
Permissions
campaigns:read
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| campaignId | query | uuid | No | Optional campaign filter. |
| search | query | string | No | Optional search text. |
| status | query | string | No | Optional participant status. |
Payments
Initialize payment
Initializes a vote, donation, or ticket payment through the white-label account provider routing.
POST /api/white-label/v1/payments/initializeAuthentication
White-label HMAC authentication
Permissions
payments:write
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| transactionType | body | vote | donation | ticket | Yes | Transaction type. |
| amount | body | number | Yes | Positive amount. |
| body | Yes | Customer email. | ||
| callbackUrl | body | URL | Yes | Callback URL. |
Withdrawals
Create withdrawal request
Creates a withdrawal request. This route requires a secret key, withdrawal-enabled API key, and idempotency key.
POST /api/white-label/v1/withdrawalsAuthentication
White-label HMAC authentication with secret key only
Permissions
withdrawals:write, withdrawal capability, X-Idempotency-Key header
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| X-Idempotency-Key | header | string | Yes | Required duplicate-prevention key. |
| amount | body | number | Yes | Positive amount. |
| bank_name | body | string | Yes | Bank/channel name. |
| bank_code | body | string | Yes | Bank/channel code. |
| account_number | body | string | Yes | Recipient account number. |
| account_name | body | string | Yes | Recipient account name. |
Settings
Read settings
Returns white-label settings, optionally filtered by categories.
GET /api/white-label/v1/settingsAuthentication
White-label HMAC authentication
Permissions
settings:read
| Name | Location | Type | Required | Description |
|---|---|---|---|---|
| x-white-label-key-id | header | string | Yes | White-label API key ID from the account keyring. |
| x-white-label-signature | header | string | Yes | HMAC signature generated by your backend. |
| x-white-label-timestamp | header | number string | Yes | Request timestamp in milliseconds. |
| x-white-label-nonce | header | string | Yes | Unique nonce for replay protection. |
| categories | query | string | string[] | No | Optional category filter. |