REST API
Base URL: https://splitante.com/api/v1. JSON request and response bodies. Most storefronts only need the SDK; use this for server automation, back-office tools, or headless checkout.
Copy this page as a setup prompt for your coding assistant.
Authentication
Authorization: Bearer ante_pk_test_YOUR_PUBLISHABLE_KEY X-Merchant-ID: ante_merch_YOUR_MERCHANT_ID # optional; must match key if sent Content-Type: application/json
| Key | Prefix | Scopes | Where to use |
|---|---|---|---|
| Publishable | ante_pk_test_ / ante_pk_live_ | payments:read, payments:write | Browser with cart signing, or server |
| Secret | ante_sk_test_ / ante_sk_live_ | payments, webhooks:write, merchants:read | Server only. Requests with Origin header → 403. |
Headless session create
Secret-key POST /sessions without a cart signature requires headless_api_enabledon your merchant after Ante's technical review (Plurel staff enable this in Support Console → Headless API). This path uses the secret API key (ante_sk_*) — not the signing secret. Browser storefronts use publishable keys instead. See Credentials.
Errors and request_id
Errors return JSON with error and request_id. Quote the request id in support mail. 429 responses include Retry-After (seconds).
{
"request_id": "791687e6-5099-4f04-8aae-686006109000",
"error": "Invalid API key format"
}POST /sessions
Create a group session. Publishable keys need a valid signature (see Cart signing).
Recommended session fields
Pass these on every createSession or Ante.createButton call when your storefront already knows the values. The API accepts sessions without them, but production integrations are smoother when you send organizer context up front.
| Field | Pass when | Why |
|---|---|---|
customer.name | You know the shopper starting the group | Pre-fills the organizer in group setup; avoids blank “Person 1” labels. |
customer.email | You have a logged-in or checkout email | Support and correlation; required for POST /sessions/:id/remind to reach pending members. |
customer.phone | You already collect it | Optional support contact — only send if you use it elsewhere. |
success_url | Hosted modal / SDK embed | Redirects the organizer back to your store after the group is fully funded. |
cancel_url | Hosted modal / SDK embed | Redirects the organizer after they close the modal or the group is cancelled (refunds run automatically). |
cart.metadata.order_ref | Always (your order or cart id) | Echoes as order_ref on webhooks and GET /sessions — tie fulfillment to your system. |
Guest payers (share links)
Do not collect payer email or address in your storefront before Ante opens. Friends who open /s/{shareId} pay through Stripe; Ante stores payer email from Stripe when provided (receipt / billing details). Your integration only needs to pass organizer customer at session create.
Privacy
If you pass customer.email or customer.phone, disclose that in your privacy policy and only send fields you already collect for checkout. See Go live and your obligations under Ante's privacy policy for participant data.
{
"cart": {
"total": 12500,
"currency": "usd",
"items": [{ "id": "sku_1", "name": "Ticket", "quantity": 2, "unit_price": 5000 }],
"tax": 1000,
"shipping": 1000,
"fees": [{ "id": "cleaning", "label": "Cleaning fee", "amount": 500 }],
"metadata": { "order_ref": "ORD-1042" }
},
"group_config": {
"min_size": 2,
"max_size": 6,
"default_mode": "equal",
"allowed_modes": ["equal", "itemized"],
"expiry_hours": 48
},
"customer": { "email": "organizer@example.com", "name": "Alex" },
"success_url": "https://your-store.com/success",
"cancel_url": "https://your-store.com/cancel",
"webhook_url": "https://your-store.com/webhooks/ante/ORD-1042"
}{
"request_id": "…",
"session_id": "j57…",
"session_url": "https://splitante.com/session/j57…?access=…",
"status": "pending",
"expires_at": "2025-06-26T12:00:00.000Z",
"merchant_fee_rate": 0.0201,
"consumer_fee_rate": 0.01,
"group_access_token": "…"
}GET /sessions
List SDK sessions for the authenticated merchant. Query: limit (max 100, default 25), cursor (milliseconds timestamp; pass next_cursor from the previous page).
{
"request_id": "…",
"data": [
{
"session_id": "j57…",
"status": "pending",
"order_ref": "ORD-1042",
"total_cents": 12000,
"currency": "usd",
"created_at": "2025-06-24T12:00:00.000Z",
"expires_at": "2025-06-26T12:00:00.000Z"
}
],
"has_more": false,
"next_cursor": null
}GET /sessions/:sessionId
Single session with group members, amounts, and Stripe charge ids when paid.
{
"request_id": "…",
"session_id": "j57…",
"status": "pending",
"expires_at": "2025-06-26T12:00:00.000Z",
"order_ref": "ORD-1042",
"group": {
"id": "j57…",
"size": 4,
"mode": "equal",
"paid_amount": 6000,
"pending_amount": 6000,
"members": [
{ "id": "…", "name": "Alex", "amount_cents": 3000, "status": "paid" }
]
},
"charges": ["pi_…"],
"transfer": "tr_…"
}POST /sessions/:sessionId/cancel
Cancel an open session. Refunds paid shares through Stripe, then emits group.cancelled.
POST /sessions/:sessionId/remind
Send email reminders to members with pending shares. Response includes reminded and skipped counts.
GET /merchants/me
Requires secret key (merchants:read). Returns fee rates, sandbox flag, Stripe connected, headless flag, and payout_currency (mode: checkout or preferred; preferred ISO code when set). Preferred mode triggers an FX fee when checkout differs — it does not change Connect transfer currency. See Currencies & payouts.
Webhooks CRUD
GET /webhooks, POST /webhooks (body: url, events), DELETE /webhooks/:id. POST returns one-time secret (whsec_…). Requires secret key.
HTTP status codes
| Code | When |
|---|---|
| 200 | Success |
| 400 | Bad JSON, cart, or signature |
| 401 | Missing or invalid API key |
| 403 | Key/env mismatch, headless disabled, secret key from browser, IP blocked |
| 404 | Unknown session |
| 429 | Rate limit |
| 503 | Upstream error; retry with backoff |
Rate limits (per client IP)
| Route | Limit |
|---|---|
| POST /sessions | 60/min |
| GET /sessions | 60/min |
| GET /sessions/:id | 120/min |
| POST …/cancel | 30/min |
| POST …/remind | 20/min |
| Auth | 120/min per IP; 40/min per key prefix |
CORS
Browser calls with a publishable key get Access-Control-Allow-Origin echoing the request origin. Secret keys with an Origin header are rejected.
OpenAPI
openapi.yaml (paths and error schema). Generate clients from that file if needed.