REST API

Base URL: https://splitante.com/api/v1. JSON request and response bodies. Most storefronts only need the SDK; use this for server automation, back-office tools, or headless checkout.

Copy this page as a setup prompt for your coding assistant.

Authentication

Headers
Authorization: Bearer ante_pk_test_YOUR_PUBLISHABLE_KEY
X-Merchant-ID: ante_merch_YOUR_MERCHANT_ID    # optional; must match key if sent
Content-Type: application/json
KeyPrefixScopesWhere to use
Publishableante_pk_test_ / ante_pk_live_payments:read, payments:writeBrowser with cart signing, or server
Secretante_sk_test_ / ante_sk_live_payments, webhooks:write, merchants:readServer only. Requests with Origin header → 403.

Headless session create

Secret-key POST /sessions without a cart signature requires headless_api_enabledon your merchant after Ante's technical review (Plurel staff enable this in Support Console → Headless API). This path uses the secret API key (ante_sk_*) — not the signing secret. Browser storefronts use publishable keys instead. See Credentials.

Errors and request_id

Errors return JSON with error and request_id. Quote the request id in support mail. 429 responses include Retry-After (seconds).

Example
{
  "request_id": "791687e6-5099-4f04-8aae-686006109000",
  "error": "Invalid API key format"
}

POST /sessions

Create a group session. Publishable keys need a valid signature (see Cart signing).

Recommended session fields

Pass these on every createSession or Ante.createButton call when your storefront already knows the values. The API accepts sessions without them, but production integrations are smoother when you send organizer context up front.

FieldPass whenWhy
customer.nameYou know the shopper starting the groupPre-fills the organizer in group setup; avoids blank “Person 1” labels.
customer.emailYou have a logged-in or checkout emailSupport and correlation; required for POST /sessions/:id/remind to reach pending members.
customer.phoneYou already collect itOptional support contact — only send if you use it elsewhere.
success_urlHosted modal / SDK embedRedirects the organizer back to your store after the group is fully funded.
cancel_urlHosted modal / SDK embedRedirects the organizer after they close the modal or the group is cancelled (refunds run automatically).
cart.metadata.order_refAlways (your order or cart id)Echoes as order_ref on webhooks and GET /sessions — tie fulfillment to your system.

Guest payers (share links)

Do not collect payer email or address in your storefront before Ante opens. Friends who open /s/{shareId} pay through Stripe; Ante stores payer email from Stripe when provided (receipt / billing details). Your integration only needs to pass organizer customer at session create.

Privacy

If you pass customer.email or customer.phone, disclose that in your privacy policy and only send fields you already collect for checkout. See Go live and your obligations under Ante's privacy policy for participant data.

Request body
{
  "cart": {
    "total": 12500,
    "currency": "usd",
    "items": [{ "id": "sku_1", "name": "Ticket", "quantity": 2, "unit_price": 5000 }],
    "tax": 1000,
    "shipping": 1000,
    "fees": [{ "id": "cleaning", "label": "Cleaning fee", "amount": 500 }],
    "metadata": { "order_ref": "ORD-1042" }
  },
  "group_config": {
    "min_size": 2,
    "max_size": 6,
    "default_mode": "equal",
    "allowed_modes": ["equal", "itemized"],
    "expiry_hours": 48
  },
  "customer": { "email": "organizer@example.com", "name": "Alex" },
  "success_url": "https://your-store.com/success",
  "cancel_url": "https://your-store.com/cancel",
  "webhook_url": "https://your-store.com/webhooks/ante/ORD-1042"
}
200 response
{
  "request_id": "…",
  "session_id": "j57…",
  "session_url": "https://splitante.com/session/j57…?access=…",
  "status": "pending",
  "expires_at": "2025-06-26T12:00:00.000Z",
  "merchant_fee_rate": 0.0201,
  "consumer_fee_rate": 0.01,
  "group_access_token": "…"
}

GET /sessions

List SDK sessions for the authenticated merchant. Query: limit (max 100, default 25), cursor (milliseconds timestamp; pass next_cursor from the previous page).

200 response (abbreviated)
{
  "request_id": "…",
  "data": [
    {
      "session_id": "j57…",
      "status": "pending",
      "order_ref": "ORD-1042",
      "total_cents": 12000,
      "currency": "usd",
      "created_at": "2025-06-24T12:00:00.000Z",
      "expires_at": "2025-06-26T12:00:00.000Z"
    }
  ],
  "has_more": false,
  "next_cursor": null
}

GET /sessions/:sessionId

Single session with group members, amounts, and Stripe charge ids when paid.

200 response (abbreviated)
{
  "request_id": "…",
  "session_id": "j57…",
  "status": "pending",
  "expires_at": "2025-06-26T12:00:00.000Z",
  "order_ref": "ORD-1042",
  "group": {
    "id": "j57…",
    "size": 4,
    "mode": "equal",
    "paid_amount": 6000,
    "pending_amount": 6000,
    "members": [
      { "id": "…", "name": "Alex", "amount_cents": 3000, "status": "paid" }
    ]
  },
  "charges": ["pi_…"],
  "transfer": "tr_…"
}

POST /sessions/:sessionId/cancel

Cancel an open session. Refunds paid shares through Stripe, then emits group.cancelled.

POST /sessions/:sessionId/remind

Send email reminders to members with pending shares. Response includes reminded and skipped counts.

GET /merchants/me

Requires secret key (merchants:read). Returns fee rates, sandbox flag, Stripe connected, headless flag, and payout_currency (mode: checkout or preferred; preferred ISO code when set). Preferred mode triggers an FX fee when checkout differs — it does not change Connect transfer currency. See Currencies & payouts.

Webhooks CRUD

GET /webhooks, POST /webhooks (body: url, events), DELETE /webhooks/:id. POST returns one-time secret (whsec_…). Requires secret key.

HTTP status codes

CodeWhen
200Success
400Bad JSON, cart, or signature
401Missing or invalid API key
403Key/env mismatch, headless disabled, secret key from browser, IP blocked
404Unknown session
429Rate limit
503Upstream error; retry with backoff

Rate limits (per client IP)

RouteLimit
POST /sessions60/min
GET /sessions60/min
GET /sessions/:id120/min
POST …/cancel30/min
POST …/remind20/min
Auth120/min per IP; 40/min per key prefix

CORS

Browser calls with a publishable key get Access-Control-Allow-Origin echoing the request origin. Secret keys with an Origin header are rejected.

OpenAPI

openapi.yaml (paths and error schema). Generate clients from that file if needed.