Xe Launchpad API

The Xe Launchpad API lets you embed subscription billing into any product — iOS, Android, React Native, web, or server-to-server. Manage customers, serve plan data, initiate Stripe-hosted checkout, and query subscription status from anywhere.

REST & JSON

Standard HTTP verbs, JSON bodies, predictable status codes.

Multi-platform

Use from any language or runtime — mobile, web, or server.

Scoped API keys

Grant only launchpad:* scopes. Managed at account.xeboki.com.

Base URL

https://api.xeboki.com/v1/launchpad

All endpoints are relative to this base URL. HTTPS only.

Authentication

Every request must include your API key in the Authorization header with launchpad:* scopes. Create keys at account.xeboki.com/connected-apps.

Your API key is a secret.

Never embed it in client-side code or commit it to version control. For mobile apps, proxy requests through your own backend, or use short-lived customer JWTs for customer-facing calls.

Required header (all requests)

Parameter	Type	Description
`Authorization`required	`string`	Bearer xbk_live_your_key_here

curl https://api.xeboki.com/v1/launchpad/plans \
  -H "Authorization: Bearer xbk_live_your_key_here"

Plans

Plans define your pricing tiers. Fetch them to display pricing pages or populate a plan selection UI in your app. Plans are managed in your Launchpad dashboard.

GEThttps://api.xeboki.com/v1/launchpad/plans

List plans

Returns all active plans for your workspace, ordered by sort order.

Query parameters

Parameter	Type	Description
`include_inactive`	`boolean`	Set true to include inactive plans. Default: false.

curl "https://api.xeboki.com/v1/launchpad/plans" \
  -H "Authorization: Bearer xbk_live_..."

Response 200

{
  "plans": [
    {
      "id": 1,
      "name": "Starter",
      "slug": "starter",
      "price_monthly_cents": 2900,
      "price_annual_cents": 29000,
      "trial_days": 14,
      "features": ["Up to 5 users", "10 GB storage", "Email support"],
      "quota": { "users": 5, "storage_gb": 10 },
      "is_active": true,
      "sort_order": 0
    }
  ]
}

GEThttps://api.xeboki.com/v1/launchpad/plans/{plan_id}

Get plan

Retrieve a single plan by its numeric ID.

Path parameters

Parameter	Type	Description
`plan_id`required	`integer`	The plan ID.

curl "https://api.xeboki.com/v1/launchpad/plans/1" \
  -H "Authorization: Bearer xbk_live_..."

Customers

Customers are end-users who subscribe to your plans. Emails are scoped to your workspace.

POSThttps://api.xeboki.com/v1/launchpad/customers/register

Register customer

Create a new customer. Returns a JWT for subsequent customer-authenticated calls.

Request body

Parameter	Type	Description
`email`required	`string`	Customer email. Must be unique within your workspace.
`password`required	`string`	At least 8 characters.
`full_name`	`string`	Display name.

curl -X POST "https://api.xeboki.com/v1/launchpad/customers/register" \
  -H "Authorization: Bearer xbk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"email":"jane@example.com","password":"s3cur3pass","full_name":"Jane Smith"}'

Response 201

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "customer": {
    "id": 42, "email": "jane@example.com",
    "full_name": "Jane Smith", "is_active": true,
    "created_at": "2026-03-30T09:30:00Z"
  }
}

POSThttps://api.xeboki.com/v1/launchpad/customers/login

Login customer

Authenticate an existing customer and get a JWT.

Request body

Parameter	Type	Description
`email`required	`string`	Customer email.
`password`required	`string`	Customer password.

curl -X POST "https://api.xeboki.com/v1/launchpad/customers/login" \
  -H "Authorization: Bearer xbk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"email":"jane@example.com","password":"s3cur3pass"}'

Response 200

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "customer": { "id": 42, "email": "jane@example.com", "full_name": "Jane Smith" }
}

GEThttps://api.xeboki.com/v1/launchpad/customers/me

Get current customer

Returns the authenticated customer's profile and active subscription. Requires both workspace key and customer JWT.

curl "https://api.xeboki.com/v1/launchpad/customers/me" \
  -H "Authorization: Bearer xbk_live_..." \
  -H "X-Customer-Token: eyJhbGci..."

Response 200

{
  "customer": { "id": 42, "email": "jane@example.com", "full_name": "Jane Smith" },
  "subscription": {
    "id": 99, "status": "active", "billing_interval": "month",
    "amount_cents": 2900, "current_period_end": "2026-04-30T10:00:00Z",
    "plan_name": "Starter", "features": ["Up to 5 users", "10 GB storage"],
    "quota": { "users": 5, "storage_gb": 10 }
  }
}

GEThttps://api.xeboki.com/v1/launchpad/customers/{customer_id}

Get customer by ID

Server-side lookup by ID. Use from your backend to verify subscription status.

curl "https://api.xeboki.com/v1/launchpad/customers/42" \
  -H "Authorization: Bearer xbk_live_..."

Subscriptions

The check status endpoint is the primary call your product makes to gate features. Poll it on app launch or cache with a short TTL.

GEThttps://api.xeboki.com/v1/launchpad/subscriptions/{customer_id}

Check subscription status

Returns whether the customer has an active subscription, their plan, features, quota, and renewal date. Returns { active: false } if no active subscription — never throws 404.

curl "https://api.xeboki.com/v1/launchpad/subscriptions/42" \
  -H "Authorization: Bearer xbk_live_..."

Response 200

// Active
{ "active": true, "status": "active",
  "plan": { "id": 1, "name": "Starter", "slug": "starter" },
  "features": ["Up to 5 users", "10 GB storage"],
  "quota": { "users": 5, "storage_gb": 10 },
  "renews_at": "2026-04-30T10:00:00Z", "billing_interval": "month", "amount_cents": 2900 }

// No subscription
{ "active": false, "plan": null, "features": [], "quota": {}, "renews_at": null }

DELETEhttps://api.xeboki.com/v1/launchpad/subscriptions/{customer_id}

Cancel subscription

Cancel a subscription. Defaults to cancel at period end.

Request body

Parameter	Type	Description
`immediately`	`boolean`	true = cancel now. false (default) = cancel at period end.

curl -X DELETE "https://api.xeboki.com/v1/launchpad/subscriptions/42" \
  -H "Authorization: Bearer xbk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"immediately": false}'

Checkout

Stripe-hosted checkout. Redirect your customer to a Stripe URL where they enter payment details. On success, a webhook fires and the subscription is activated automatically.

Flow: Register/login customer → fetch plan → call Create session with customer JWT → redirect to checkout_url → Stripe handles payment → subscription.created webhook fires → activate access.

GEThttps://api.xeboki.com/v1/launchpad/checkout/{plan_id}

Get checkout info

Returns plan details formatted for displaying a checkout screen.

curl "https://api.xeboki.com/v1/launchpad/checkout/1" \
  -H "Authorization: Bearer xbk_live_..."

POSThttps://api.xeboki.com/v1/launchpad/checkout/{plan_id}/session

Create checkout session

Creates a Stripe checkout session. Redirect the customer to checkout_url.

Request body

Parameter	Type	Description
`customer_token`required	`string`	JWT from login/register. Identifies which customer is subscribing.
`billing_interval`	`string`	"month" \| "year". Default: "month".
`success_url`required	`string`	Redirect after successful payment.
`cancel_url`required	`string`	Redirect if customer cancels.

curl -X POST "https://api.xeboki.com/v1/launchpad/checkout/1/session" \
  -H "Authorization: Bearer xbk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "customer_token": "eyJhbGci...",
    "billing_interval": "month",
    "success_url": "https://yourapp.com/welcome",
    "cancel_url":  "https://yourapp.com/pricing"
  }'

Response 200

{
  "checkout_url": "https://checkout.stripe.com/c/pay/cs_live_...",
  "expires_at": "2026-03-30T10:30:00Z"
}

Webhooks

Configure a webhook URL in your Launchpad dashboard to receive real-time event notifications. Each delivery is signed with HMAC-SHA256 — always verify the signature before processing.

Event types

subscription.createdA new subscription was activated

subscription.updatedPlan or billing interval changed

subscription.canceledSubscription was canceled

subscription.renewedSubscription auto-renewed

invoice.paidInvoice payment succeeded

invoice.failedInvoice payment failed

customer.createdNew customer registered

Signature verification

Verify X-Xeboki-Signature on every incoming webhook.

# Xeboki sends:
# POST https://yourserver.com/webhooks
# X-Xeboki-Signature: sha256=<hmac-hex>
# X-Xeboki-Event: subscription.created
# Content-Type: application/json

{
  "id": "evt_abc123",
  "event": "subscription.created",
  "created_at": "2026-03-30T10:00:00Z",
  "data": { "subscription_id": 99, "plan": "Starter", "status": "active" }
}

Error codes

All errors return JSON with a detail field.

Status	Meaning	Common cause
`400`	Bad Request	Missing required field, invalid value
`401`	Unauthorized	Missing or invalid API key
`403`	Forbidden	Key lacks required scope (launchpad:*)
`404`	Not Found	Resource ID does not exist in your workspace
`409`	Conflict	Customer email already registered
`422`	Unprocessable	Stripe validation failed (card declined, etc.)
`429`	Rate Limited	Too many requests — back off and retry
`502`	Bad Gateway	Upstream service temporarily unavailable

Error response shape

{ "detail": "Scope 'launchpad:customers:read' not granted on this key." }

← All products Get API key