The FastSpring API is a REST-based service designed to pass and retrieve information between your store and your application. All communication occurs over secure HTTPS protocols and returns data in a JSON response format.

API reference

Our API is organized around primary commerce resources using standard GET, POST, PUT, and DELETE HTTP methods. Select a technical group below to view its specific endpoints, request parameters, and response schemas.

Accounts

Manage customer profiles, contact information, and account-level attributes.

Coupons

Create and manage discount codes and promotional offers for your storefront.

Orders

Retrieve transaction history and update order-level tags or attributes.

Products

Configure your product catalog, pricing models, and localized offers.

Subscriptions

Automate upgrades, downgrades, pauses, and renewal logic.

Invoices

Access and generate customer invoices and proforma documents.

Quotes

Create and manage price quotes for B2B or custom sales cycles.

Returns

Process refunds and manage returned product access.

Sessions

Create checkout sessions to pass pre-filled data to your storefront.

Events

Query and manage historical event data processed by your store.

Data

Generate subscription and revenue reports for business intelligence.

Webhooks

Configure real-time HTTP callbacks for event-driven automation.

Base URL

All requests to our service must be directed to the root production environment. Use the following endpoint for every resource listed in this reference.

Base URL

All API requests must be sent to: https://api.fastspring.com

Authentication and security

To make authorized requests, you must authenticate each call using credentials generated in the FastSpring app. Encode your username and password using Base64 within your request headers.

Generate API credentials

In the FastSpring app, navigate to Developer Tools > APIs > API Credentials.
Select Create to automatically generate a new username and password.
Store these credentials in a secure location immediately.

WARNING: FastSpring only displays your password during the initial creation session. If lost, you must reset your credentials and update any stored procedures relying on them to prevent failed requests.

Required headers

Every HTTPS request requires specific headers for identification and security. The API requires TLS 1.2 or later for all communication.

Header	Requirement
Authorization	Use Basic Auth (Base64 encoded username:password).
User-Agent	Mandatory. Identify your integration to prevent request rejection.
Content-Type	Set to `application/json` for all requests.

Technical standards

The FastSpring API utilizes standard protocols and data formats to ensure consistent behavior across all global regions. Use the sections below to review localized codes and formatting requirements.

Data specifications

Payloads must adhere to these formatting rules to ensure successful processing:

Encoding: All data sent to or received from the API must be UTF-8 encoded.
Numeric Values: Use 2-decimal point precision for all prices and discounts.
Strings: String columns are limited to a maximum length of VARCHAR 255.

ISO standards

Use international standard codes when defining countries and languages in your request objects.

Category	Standard	Format	Examples
Country	ISO 3166-2	Uppercase	`US`, `CA`, `GB`, `JP`, `AU`
Language	ISO 639-1	Lowercase	`en`, `fr`, `de`, `es`, `zh`

Rate limits

To maintain high performance for all users, we limit requests to 250 calls per IP per minute.

Requests that exceed this threshold return a 429 Too Many Requests error.
Use batch requests to optimize high-volume operations and minimize rate limiting.

Observability and activity logs

The API Log provides a detailed record of every transaction processed by your account over the last 60 days. Use the log to monitor integration health and troubleshoot specific request failures.

Monitor real-time activity

In the FastSpring app, navigate to Developer Tools > APIs > Log to:

View real-time HTTP status codes and API latency in seconds.
Inspect full request/response headers and JSON bodies for any entry.
Filter results by request date, status, HTTP method, or path.