Developer API

API key management and webhook endpoint registration — build custom apps on any subscriber's data

https://api.xeboki.com/v1/developer/9 endpoints

Authentication

All requests require a valid API key with the appropriate scope. Create keys at account.xeboki.com/connected-apps.

Authorization: Bearer xbk_live_your_key_here

Endpoints

GET/v1/developer/api-keys

List API keys (prefix only, never full key)

admin
POST/v1/developer/api-keys

Create API key — full key returned ONCE

admin
DELETE/v1/developer/api-keys/{id}

Revoke an API key immediately

admin
GET/v1/developer/webhooks

List registered webhook endpoints

webhooks:manage
POST/v1/developer/webhooks

Register a new webhook endpoint (HTTPS only)

webhooks:manage
DELETE/v1/developer/webhooks/{id}

Remove a webhook endpoint

webhooks:manage
POST/v1/developer/webhooks/{id}/test

Send a test event to a webhook endpoint

webhooks:manage
GET/v1/developer/scopes

List all valid API key scopes

public
GET/v1/developer/events

List all subscribable webhook event types

public

Example Request

curl
curl https://api.xeboki.com/v1/developer/api-keys \
  -H "Authorization: Bearer xbk_live_your_key_here"
Response200 OK
{
  "data": [ ... ],
  "total": 42,
  "page": 1
}

Required Scopes

pos:read
pos:write
orders:read
orders:write
customers:read
customers:write
catalog:read
inventory:read
inventory:write
reports:read
webhooks:manage
Add scopes to your key →

Principle of least privilege

Grant only the scopes your integration actually needs. A read-only reporting integration should never have write scopes.