The FastSpring API is a REST-based service designed to pass and retrieve information between your store and your application. All communication occurs over secure HTTPS protocols and returns data in a JSON response format.
API reference
Our API is organized around primary commerce resources using standard GET, POST, PUT, and DELETE HTTP methods. Select a technical group below to view its specific endpoints, request parameters, and response schemas.
Manage customer profiles, contact information, and account-level attributes.
Create and manage discount codes and promotional offers for your storefront.
Retrieve transaction history and update order-level tags or attributes.
Configure your product catalog, pricing models, and localized offers.
Automate upgrades, downgrades, pauses, and renewal logic.
Access and generate customer invoices and proforma documents.
Create and manage price quotes for B2B or custom sales cycles.
Process refunds and manage returned product access.
Create checkout sessions to pass pre-filled data to your checkout.
Create and manage checkout sessions with granular cart and customer control.
Query and manage historical event data processed by your store.
Generate subscription and revenue reports for business intelligence.
Rotate HMAC secret keys to verify the integrity and authenticity of webhook payloads.
Base URL
All requests to our service must be directed to the root production environment. Use the following endpoint for every resource listed in this reference.
All API requests must be sent to: https://api.fastspring.com
Authentication and security
To make authorized requests, you must authenticate each call using credentials generated in the FastSpring app. Encode your username and password using Base64 within your request headers.
Generate API credentials
- In the FastSpring app, navigate to Developer Tools > APIs > API Credentials.
- Select Create to automatically generate a new username and password.
- Store these credentials in a secure location immediately.
WARNING: FastSpring only displays your password during the initial creation session. If lost, you must reset your credentials and update any stored procedures relying on them to prevent failed requests.
Required headers
Every HTTPS request requires specific headers for identification and security. The API requires TLS 1.2 or later for all communication.
| Header | Requirement |
|---|---|
| Authorization | Use Basic Auth (Base64 encoded username:password). |
| User-Agent | Mandatory. Identify your integration to prevent request rejection. |
| Content-Type | Set to application/json for all requests. |
Technical standards
The FastSpring API utilizes standard protocols and data formats to ensure consistent behavior across all global regions. Use the sections below to review localized codes and formatting requirements.
Data specifications
Payloads must adhere to these formatting rules to ensure successful processing:
- Encoding: All data sent to or received from the API must be UTF-8 encoded.
- Numeric Values: Use 2-decimal point precision for all prices and discounts.
- Strings: String columns are limited to a maximum length of VARCHAR 255.
ISO standards
Use international standard codes when defining countries and languages in your request objects.
| Category | Standard | Format | Examples |
|---|---|---|---|
| Country | ISO 3166-2 | Uppercase | US, CA, GB, JP, AU |
| Language | ISO 639-1 | Lowercase | en, fr, de, es, zh |
Rate limits
To maintain high performance for all users, we limit requests to 250 calls per IP per minute.
- Requests that exceed this threshold return a
429 Too Many Requestserror. - Use batch requests to optimize high-volume operations and minimize rate limiting.
Observability and activity logs
The API Log provides a detailed record of every transaction processed by your account over the last 60 days. Use the log to monitor integration health and troubleshoot specific request failures.
In the FastSpring app, navigate to Developer Tools > APIs > Log to:
- View real-time HTTP status codes and API latency in seconds.
- Inspect full request/response headers and JSON bodies for any entry.
- Filter results by request date, status, HTTP method, or path.