localhost:4000).
Adapt the host and secret for staging / production.
All snippets assume
bash, curl, openssl, python3, and Node ≥ 20.0. Sandbox credentials
Ask us for a test partner; for local development you can use the seededacme
partner whose credentials are printed at the bottom of npm run db:seed.
A worked set looks like:
1. Provision a user from your backend
userId if you want to look the user up in our admin panel — it’s not
required by any subsequent call.
2. Mint a JWT for the user
Save this script asmint-jwt.mjs:
mint-jwt.mjs
3. Bootstrap the consumer session
4. Open the webview
In your native app, load:https://<your-host>/consumer#token=… — the CMS / consumer SPA
ships from the same origin as the API.)
The webview will call /me, render the catalog, and let the user claim and
redeem vouchers.
5. Receive the redemption webhook
When the user redeems a voucher, yourwebhookUrl receives a POST. See
Webhook payloads for the body shape and a verification
snippet.
6. Anonymise the user
For a deletion / GDPR-style request:HTTP 204. The user’s PII is cleared; their redemption history is
preserved. You can revive the row at any time with another POST /integrations/users.
Next steps
JWT auth
Required claims, JWKS rotation, library examples.
HMAC auth
Algorithm, rotation, signing snippets.
Webhook delivery
Retry schedule, idempotency, receiver checklist.
Errors reference
Every error code, what it means, what to do.