API Reference

One HTTP integration under /api/v2: mobile top-ups, gift cards, keys, Steam wallet and gifts, Telegram Stars & Premium, manual fulfillment, balance and billing.

Base URLhttps://api.fzr.cards/api/v2
AuthenticationX-API-Key: YOUR_API_KEY

Keep keys secret. Every request runs as your reseller account.

The same key may be sent as Authorization: Bearer YOUR_API_KEY (optional alternative to X-API-Key).

Recipes
Open the API Cookbook — ready-to-copy snippets in curl, Node.js, Python and Go for placing the first order, handling webhooks, migrating from other platforms and more.
Official SDKs

Python: pip install fazercards GitHub

Node.js / TypeScript: npm install fazercards GitHub

Official MIT clients: they set the X-Api-Key and Idempotency-Key headers and verify webhook signatures for you. Any other language can call the REST API directly.

OpenAPI (Swagger) — full schema

This page summarizes common flows. Field-level truth is the filtered public spec (same paths as production).

Quick start

Create an API key in the reseller hub (Profile). Call /me with the key:

bash
curl -s "https://api.fzr.cards/api/v2/me" \
  -H "X-API-Key: YOUR_API_KEY"

Response:

json
{
  "ok": true,
  "login": "partner1",
  "email": "you@example.com",
  "plan": "gold",
  "planExpiresAt": "2026-06-01T00:00:00.000Z",
  "planAutoRenew": true,
  "subscriptionActive": true,
  "summary": {
    "totalSpent": "1234.5678",
    "totalOrders": 42
  },
  "createdAt": "2025-01-10T12:00:00.000Z",
  "lastActiveAt": "2026-05-03T08:00:00.000Z"
}

Conventions

Successful JSON responses include "ok": true. Errors use "ok": false plus "error" (and sometimes "code"). Catalog payloads mix snake_case field names from providers (e.g. category_id, price_usd) with camelCase on account/subscription (planExpiresAt). Pagination: /orders and /transactions use page & limit; /topups and /giftcards use cursor meta. Product access depends on your plan and enabled services — disabled routes return 403. Public order ids look like ord-123 (not ord_123). Transaction ids look like tx123. Idempotency: every order-creation endpoint — POST /giftcards/order, /topups/order, /gamekeys/order, /steam-gifts/order, /steam-topup/order and /manual-services/order — accepts an optional Idempotency-Key header (any unique string, e.g. a UUID, up to 255 chars). Retrying the same request with the same key returns the original order instead of charging or fulfilling again; omit the header for the previous behavior. See the Idempotency-Key recipe in the API Cookbook.

Typical error body

json
{
  "ok": false,
  "error": "message for humans",
  "code": "optional_machine_code"
}

Endpoint groups

Account

Profile and wallet: GET /me, GET /balance, GET /transactions and GET /transactions/:transactionId (tx + digits).

GET/me

Profile: login, email, plan, planExpiresAt, planAutoRenew, subscriptionActive, summary totals, timestamps.

Request

curl -s "https://api.fzr.cards/api/v2/me" \
  -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "login": "partner1",
  "email": "you@example.com",
  "plan": "gold",
  "planExpiresAt": "2026-06-01T00:00:00.000Z",
  "planAutoRenew": true,
  "subscriptionActive": true,
  "summary": {
    "totalSpent": "1234.5678",
    "totalOrders": 42
  },
  "createdAt": "2025-01-10T12:00:00.000Z",
  "lastActiveAt": "2026-05-03T08:00:00.000Z"
}
GET/balance

Wallet balance as a decimal string in USD.

Request

curl -s "https://api.fzr.cards/api/v2/balance" \
  -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "balance": "100.0000",
  "currency": "USD"
}
GET/transactions

Paginated ledger (credit/debit rows with tx… ids).

Request

curl -s "https://api.fzr.cards/api/v2/transactions?page=1&limit=20" \
  -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "items": [
    {
      "id": "tx1001",
      "type": "debit",
      "status": "completed",
      "amount": "-5.0000",
      "balanceBefore": "105.0000",
      "balanceAfter": "100.0000",
      "note": "Order ord-9001",
      "createdAt": "2026-05-02T10:00:00.000Z"
    }
  ],
  "total": 1,
  "page": 1,
  "limit": 20
}
GET/transactions/:transactionId

Single transaction by id from the list.

Request

curl -s "https://api.fzr.cards/api/v2/transactions/tx1001" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "transaction": {
    "id": "tx1001",
    "type": "debit",
    "status": "completed",
    "amount": "-5.0000",
    "balanceBefore": "105.0000",
    "balanceAfter": "100.0000",
    "note": "Order ord-9001",
    "createdAt": "2026-05-02T10:00:00.000Z"
  }
}

Balance top-up (crypto)

GET /payments/methods lists method codes and USD limits. POST /payments/create starts an invoice (method + amount in USD). Poll GET /payments/:paymentId; for binancepay use POST …/verify with binanceOrderId after the payer finishes in the app.

GET/payments/methods

Enabled crypto methods: code, label, minAmountUsd, maxAmountUsd.

Request

curl -s "https://api.fzr.cards/api/v2/payments/methods" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "items": [
    {
      "code": "trc20",
      "label": "USDT TRC20",
      "minAmountUsd": 10,
      "maxAmountUsd": 50000
    }
  ]
}
POST/payments/create

Create invoice: method (e.g. trc20, bep20, ton, aptos, binancepay) and amount (USD number). Returns payment instructions and tx id.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/payments/create" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"method":"trc20","amount":100}'

Response

{
  "ok": true,
  "payment": {
    "id": "tx2001",
    "network": "TRC20",
    "amount": "100.0000",
    "uniqueAmount": null,
    "address": "TExample…",
    "memo": null,
    "binanceId": null,
    "displayName": null,
    "status": "pending",
    "verifyAttempts": 0,
    "expiresAt": "2026-05-03T12:00:00.000Z",
    "completedAt": null,
    "cancelledAt": null,
    "createdAt": "2026-05-03T10:00:00.000Z"
  }
}
GET/payments/:paymentId

Payment status by id from create response.

Request

curl -s "https://api.fzr.cards/api/v2/payments/tx2001" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "payment": {
    "id": "tx2001",
    "network": "TRC20",
    "amount": "100.0000",
    "uniqueAmount": null,
    "address": "TExample…",
    "memo": null,
    "binanceId": null,
    "displayName": null,
    "status": "pending",
    "verifyAttempts": 0,
    "expiresAt": "2026-05-03T12:00:00.000Z",
    "completedAt": null,
    "cancelledAt": null,
    "createdAt": "2026-05-03T10:00:00.000Z"
  }
}
POST/payments/:paymentId/verify

Binance Pay only: submit binanceOrderId after payment; limited attempts.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/payments/tx2001/verify" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"binanceOrderId":"BP_ORDER_REF"}'

Response

{
  "ok": true,
  "payment": {
    "id": "tx2001",
    "network": "BINANCEPAY",
    "amount": "100.0000",
    "uniqueAmount": null,
    "address": "",
    "memo": null,
    "binanceId": null,
    "displayName": null,
    "status": "completed",
    "verifyAttempts": 1,
    "expiresAt": "2026-05-03T12:00:00.000Z",
    "completedAt": "2026-05-03T11:30:00.000Z",
    "cancelledAt": null,
    "createdAt": "2026-05-03T10:00:00.000Z"
  },
  "verifySuccess": true,
  "message": "OK"
}

Subscription

GET /subscription and GET /subscription/plans. When inactive, GET /subscription/activation-quote?plan=… then POST /subscription/activate-from-balance. PATCH /subscription/auto-renew and PATCH /subscription/plan manage renewal and tier.

GET/subscription

Current plan, expiry, auto-renew, active flag, currency.

Request

curl -s "https://api.fzr.cards/api/v2/subscription" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "plan": "gold",
  "planExpiresAt": "2026-06-01T00:00:00.000Z",
  "planAutoRenew": true,
  "subscriptionActive": true,
  "currency": "USD"
}
GET/subscription/plans

List bronze/silver/gold with priceUsd per 30 days.

Request

curl -s "https://api.fzr.cards/api/v2/subscription/plans" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "currency": "USD",
  "plans": [
    { "plan": "bronze", "priceUsd": "29.0000" },
    { "plan": "silver", "priceUsd": "49.0000" },
    { "plan": "gold", "priceUsd": "99.0000" }
  ]
}
GET/subscription/activation-quote

Quote before first activation: listPriceUsd, chargedAmountUsd, firstPurchase. Optional promo_code on quote and activate when allowed.

Request

curl -s "https://api.fzr.cards/api/v2/subscription/activation-quote?plan=gold" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "plan": "gold",
  "listPriceUsd": "99.0000",
  "chargedAmountUsd": "89.1000",
  "firstPurchase": true,
  "currency": "USD"
}
POST/subscription/activate-from-balance

Charge USD balance and start 30 days (plan required). Top up wallet first via payments.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/subscription/activate-from-balance" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"plan":"gold"}'

Response

{
  "ok": true,
  "plan": "gold",
  "planExpiresAt": "2026-06-01T00:00:00.000Z",
  "planAutoRenew": true,
  "subscriptionActive": true,
  "currency": "USD"
}
PATCH/subscription/auto-renew

JSON body: planAutoRenew — boolean (true or false).

Request

curl -s -X PATCH "https://api.fzr.cards/api/v2/subscription/auto-renew" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"planAutoRenew":false}'

Response

{
  "ok": true,
  "plan": "gold",
  "planExpiresAt": "2026-06-01T00:00:00.000Z",
  "planAutoRenew": true,
  "subscriptionActive": true,
  "currency": "USD"
}
PATCH/subscription/plan

JSON body: plan — bronze, silver, or gold. Upgrade/downgrade rules are in OpenAPI.

Request

curl -s -X PATCH "https://api.fzr.cards/api/v2/subscription/plan" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"plan":"silver"}'

Response

{
  "ok": true,
  "plan": "gold",
  "planExpiresAt": "2026-06-01T00:00:00.000Z",
  "planAutoRenew": true,
  "subscriptionActive": true,
  "currency": "USD"
}

Orders

GET /orders lists your orders (page, limit). GET /orders/:orderId returns one order; id matches ord-[digits].

GET/orders

Paginated list of your orders.

Request

curl -s "https://api.fzr.cards/api/v2/orders?page=1&limit=20" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "items": [
    {
      "id": "ord-9001",
      "kind": "gift_card",
      "status": "completed",
      "created_at": "2026-05-02T10:00:00.000Z"
    }
  ],
  "total": 1,
  "page": 1,
  "limit": 20
}
GET/orders/:orderId

Full order JSON by public id; shape varies by kind/status.

Request

curl -s "https://api.fzr.cards/api/v2/orders/ord-9001" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "order": {
    "id": "ord-9001",
    "kind": "gift_card",
    "status": "completed",
    "payload": {}
  }
}

Game top-ups

List categories with GET /topups, load offers and buyer fields with GET /topups/offers?category_id=…, place POST /topups/order with category_id, offer_id, and fields.

GET/topups

Top-up categories with category_id and optional include_ui for covers.

Request

curl -s "https://api.fzr.cards/api/v2/topups?limit=50" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "topup",
  "items": [
    {
      "category_id": "cat_pubgm_1",
      "name": "PUBG Mobile",
      "note": ""
    }
  ],
  "meta": {
    "total": 120,
    "limit": 50,
    "next_cursor": null,
    "has_more": false
  }
}
GET/topups/offers

Offers and dynamic fields for one category_id.

Request

curl -s "https://api.fzr.cards/api/v2/topups/offers?category_id=cat_pubgm_1" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "topup",
  "category_id": "cat_pubgm_1",
  "name": "PUBG Mobile",
  "offers": [
    { "offer_id": "offer_60uc", "name": "60 UC", "price_usd": "0.9900" }
  ],
  "fields": [
    {
      "key": "player_id",
      "label": "Player ID",
      "type": "text"
    }
  ]
}
POST/topups/order

Required: category_id, offer_id, fields object matching field keys from offers.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/topups/order" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{"category_id":"cat_pubgm_1","offer_id":"offer_60uc","fields":{"player_id":"123456789"}}'

Response

{
  "ok": true,
  "order": {
    "id": "ord-9002",
    "kind": "topup",
    "status": "processing"
  }
}
GET/topups/validate-id

Games that support Player ID validation, with the fields to send (e.g. PUBG Mobile, Free Fire). The list is dynamic — use a returned category_id with POST /topups/validate-id.

Request

curl -s "https://api.fzr.cards/api/v2/topups/validate-id" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "topup",
  "items": [
    {
      "category_id": "pubg_mobile",
      "name": "PUBG Mobile",
      "fields": [
        { "key": "player_id", "label": "Player ID", "type": "text" }
      ]
    }
  ]
}
POST/topups/validate-id

Validate a Player ID before ordering. Body: category_id (from the list above) and fields matching that game's keys. Returns valid, player_name and, when the game provides it, region.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/topups/validate-id" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"category_id":"pubg_mobile","fields":{"player_id":"123456789"}}'

Response

{
  "ok": true,
  "category_id": "pubg_mobile",
  "valid": true,
  "player_name": "PlayerNick"
}

Gift cards

GET /giftcards → GET /giftcards/cards?category_id=… → POST /giftcards/order with category_id, card_id, quantity.

GET/giftcards

Gift card categories; cursor pagination like topups.

Request

curl -s "https://api.fzr.cards/api/v2/giftcards?limit=50" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "gift_card",
  "items": [
    { "category_id": "gc_steam_1", "name": "Steam USD" }
  ],
  "meta": {
    "total": 40,
    "limit": 50,
    "next_cursor": null,
    "has_more": false
  }
}
GET/giftcards/cards

Offers in a category; each offer has card_id, price_usd, stock, quantity limits.

Request

curl -s "https://api.fzr.cards/api/v2/giftcards/cards?category_id=gc_steam_1" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "gift_card",
  "category_id": "gc_steam_1",
  "name": "Steam USD",
  "offers": [
    {
      "card_id": "card_10usd",
      "name": "Steam — $10",
      "price_usd": "10.5000",
      "stock": 100,
      "min_order_quantity": 1,
      "max_order_quantity": 10
    }
  ]
}
POST/giftcards/order

category_id, card_id from cards list, quantity 1–100.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/giftcards/order" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{"category_id":"gc_steam_1","card_id":"card_10usd","quantity":1}'

Response

{
  "ok": true,
  "order": {
    "id": "ord-9001",
    "kind": "gift_card",
    "status": "processing"
  }
}

Game keys

GET /gamekeys → GET /gamekeys/keys?game_id=… → optional GET /gamekeys/region-restriction?game_id=… → POST /gamekeys/order with game_id, key_id and quantity. Response field GameName is capitalized historically.

GET/gamekeys

Sellable key categories with game_id, region, platform, region_restriction flag.

Request

curl -s "https://api.fzr.cards/api/v2/gamekeys?limit=50" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "game_key",
  "items": [
    {
      "name": "Example Game",
      "game_id": "gk_example_1",
      "region": "GLOBAL",
      "platform": "steam",
      "region_restriction": false
    }
  ],
  "meta": {
    "total": 500,
    "limit": 50,
    "next_cursor": "opaque…",
    "has_more": true
  }
}
GET/gamekeys/keys

SKU list for one game_id (keys[].key_id, prices, stock).

Request

curl -s "https://api.fzr.cards/api/v2/gamekeys/keys?game_id=gk_example_1" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "game_key",
  "game_id": "gk_example_1",
  "GameName": "Example Game",
  "region": "GLOBAL",
  "platform": "steam",
  "region_restriction": false,
  "keys": [
    {
      "key_id": "key_sku_1",
      "name": "Standard edition",
      "price_usd": "19.9900",
      "stock": 5,
      "min_order_quantity": 1,
      "max_order_quantity": 5
    }
  ]
}
GET/gamekeys/region-restriction

If region_restriction is true, country availability for that game_id.

Request

curl -s "https://api.fzr.cards/api/v2/gamekeys/region-restriction?game_id=gk_example_1" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "game_key",
  "game_id": "gk_example_1",
  "region_type": "CIS",
  "has_availability": true,
  "available": [{ "code": "RU", "name": "Russia" }],
  "unavailable": [{ "code": "US", "name": "United States" }]
}
POST/gamekeys/order

game_id from the catalog plus key_id from the keys list for that game_id, and quantity within min/max stock.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/gamekeys/order" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{"game_id":"gk_example_1","key_id":"key_sku_1","quantity":1}'

Response

{
  "ok": true,
  "order": {
    "id": "ord-9001",
    "kind": "gift_card",
    "status": "processing"
  }
}

Steam

Wallet: GET /steam-topup/rates, POST /steam-topup/check-login (body steamLogin), POST /steam-topup/order. Gifts: GET /steam-gifts/games, GET /steam-gifts/games/:appid, POST /steam-gifts/order with invite_url, sub_id, app_id, region.

GET/steam-topup/rates

USD base rates for Steam wallet (RUB, UAH, KZT per 1 USD) and updated_at.

Request

curl -s "https://api.fzr.cards/api/v2/steam-topup/rates" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "base": "USD",
  "rates": { "USD": 1, "RUB": 92.5, "UAH": 41.2, "KZT": 520 },
  "updated_at": "2026-05-03T00:00:00.000Z"
}
GET/steam-topup/public-rates

Same payload as rates, read-only, no API key — for server-side storefronts (same cache as billing).

Request

curl -s "https://api.fzr.cards/api/v2/steam-topup/public-rates"

Response

{
  "ok": true,
  "base": "USD",
  "rates": { "USD": 1, "RUB": 92.5, "UAH": 41.2, "KZT": 520 },
  "updated_at": "2026-05-03T00:00:00.000Z"
}
POST/steam-topup/check-login

JSON body: steamLogin (Steam username). Response includes can_refill (boolean).

Request

curl -s -X POST "https://api.fzr.cards/api/v2/steam-topup/check-login" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"steamLogin":"partner_steam_login"}'

Response

{
  "ok": true,
  "can_refill": true
}
POST/steam-topup/order

steamLogin, currency (USD, RUB, UAH, KZT), amount as number or string; 201/200 returns order wrapper.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/steam-topup/order" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{"steamLogin":"partner_steam_login","currency":"USD","amount":5}'

Response

{
  "ok": true,
  "order": {
    "id": "ord-9001",
    "kind": "gift_card",
    "status": "processing"
  }
}
GET/steam-gifts/games

Heavy catalog — optional limit; rate limits apply (see OpenAPI).

Request

curl -s "https://api.fzr.cards/api/v2/steam-gifts/games?limit=100" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "games": [{ "name": "Counter-Strike 2", "appid": 730 }],
  "meta": { "total": 12000, "returned": 100, "truncated": true }
}
GET/steam-gifts/games/:appid

Offers with sub_id and per-region price strings for an appid.

Request

curl -s "https://api.fzr.cards/api/v2/steam-gifts/games/730" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "appid": 730,
  "offers": [
    {
      "sub_id": 54029,
      "name": "Counter-Strike 2",
      "regions": [{ "region": "CIS", "price": "0.0000" }]
    }
  ]
}
POST/steam-gifts/order

invite_url, sub_id, app_id, region from catalog.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/steam-gifts/order" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{"invite_url":"https://s.team/p/xxx/yyy","sub_id":54029,"app_id":730,"region":"CIS"}'

Response

{
  "ok": true,
  "order": {
    "id": "ord-9001",
    "kind": "gift_card",
    "status": "processing"
  }
}

Telegram

GET /telegram/stars and GET /telegram/premium for quotes. Purchases: POST /telegram/stars/buy (telegram_username, quantity) and POST /telegram/premium/buy (telegram_username, months: 3, 6, or 12).

GET/telegram/stars

price_per_star, min/max quantity, quote timestamp.

Request

curl -s "https://api.fzr.cards/api/v2/telegram/stars" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "telegram_stars",
  "price_per_star": "0.0150000",
  "min_amount": 50,
  "max_amount": 10000,
  "rates_updated_at": "2026-05-03T00:00:00.000Z"
}
GET/telegram/premium

plans[] with months 3, 6, or 12 and price_usd each.

Request

curl -s "https://api.fzr.cards/api/v2/telegram/premium" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "kind": "telegram_premium",
  "plans": [
    { "months": 3, "price_usd": "12.0000" },
    { "months": 6, "price_usd": "22.0000" },
    { "months": 12, "price_usd": "40.0000" }
  ],
  "rates_updated_at": "2026-05-03T00:00:00.000Z"
}
POST/telegram/stars/buy

telegram_username, quantity (50–10000).

Request

curl -s -X POST "https://api.fzr.cards/api/v2/telegram/stars/buy" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"telegram_username":"@durov","quantity":100}'

Response

{
  "ok": true,
  "order": {
    "id": "ord-9001",
    "kind": "gift_card",
    "status": "processing"
  }
}
POST/telegram/premium/buy

telegram_username, months (3, 6, or 12).

Request

curl -s -X POST "https://api.fzr.cards/api/v2/telegram/premium/buy" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"telegram_username":"@durov","months":12}'

Response

{
  "ok": true,
  "order": {
    "id": "ord-9001",
    "kind": "gift_card",
    "status": "processing"
  }
}

Manual services

Operator-fulfilled SKUs: GET /manual-services, GET /manual-services/:id/offers, POST /manual-services/order. Chat: GET/POST /manual-services/orders/:orderId/chat (POST is multipart for images — see OpenAPI).

GET/manual-services

Categories exposed to your key (id becomes manualServiceId in offers path).

Request

curl -s "https://api.fzr.cards/api/v2/manual-services" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "items": [
    {
      "id": "ms_cat_1",
      "name": "Custom service",
      "kind": "manual_transfer",
      "chat": false,
      "info": ""
    }
  ]
}
GET/manual-services/:manualServiceId/offers

Items (offers) with id, price_usd, delivery_minutes; optional replenishment fields.

Request

curl -s "https://api.fzr.cards/api/v2/manual-services/ms_cat_1/offers" \
    -H "X-API-Key: YOUR_API_KEY"

Response

{
  "ok": true,
  "manual_service_id": "ms_cat_1",
  "category": { "id": "ms_cat_1", "name": "Custom service", "kind": "manual_transfer", "chat": false },
  "items": [
    {
      "id": "ms_offer_1",
      "name": "Express",
      "price_usd": "25.0000",
      "delivery_minutes": 60
    }
  ],
  "info": ""
}
POST/manual-services/order

manual_service_id and product_id from lists; optional fields map for replenishment.

Request

curl -s -X POST "https://api.fzr.cards/api/v2/manual-services/order" \
    -H "X-API-Key: YOUR_API_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{"manual_service_id":"ms_cat_1","product_id":"ms_offer_1"}'

Response

{
  "ok": true,
  "order_id": "ord-9003",
  "kind": "manual_transfer",
  "status": "created",
  "category_id": "ms_cat_1",
  "category_name": "Custom service",
  "product_id": "ms_offer_1",
  "product_name": "Express",
  "price_usd": "25.0000",
  "deadline_at": null,
  "chat_required": false,
  "chat_status": "not_required"
}

Website helpers (no API key)

Marketing and signup helpers on the same host prefix. Example: GET /website/subscription-prices returns public USD list prices. Signup, OTP, password reset, and referral routes are documented in OpenAPI for site integration — not required for reseller catalog automation.

GET/website/subscription-prices

Public marketing prices object — no authentication.

Request

curl -s "https://api.fzr.cards/api/v2/website/subscription-prices"

Response

{
  "ok": true,
  "prices": { "bronze": 29, "silver": 49, "gold": 99 }
}

Outbound webhooks

Order status notifications to your HTTPS endpoint are configured in the reseller hub — not via a public /me/webhook API. Payload format, signature header, and verification examples: dedicated page below.

Webhooks guide

Rate limits

Limits are applied per operation category (catalog read, order create, order status, account, payment) so that polling order status never blocks placing new orders, and vice versa. Each category has its own sliding-window counter keyed by your API key (or by source IP when no key is present yet, e.g. on login). When you exceed a category limit, only that category returns HTTP 429 — the rest of the API stays available.

CategoryRoutesLimit
Catalog readGET /catalog, /catalog-categories, /prices, /skus120 / min
Create orderPOST /order, /topup, /gift-cards, /game-keys, /steam-gifts/order60 / min
Order statusGET /order/{id}, /orders/{id} (polling)120 / min
Account readGET /me, /balance, /subscription, /transactions30 / min
Payment writePOST /payments (создание / верификация)15 / min
Otheranything not matched above120 / min
LoginPOST /partner/login10 / 15 min

All counters are keyed by your API key when present, or by source IP for unauthenticated calls (login). Login attempts use a separate 15-minute window and only count by IP.

When you receive HTTP 429, the response carries Retry-After in seconds. Treat it as a hint, not a fixed sleep — the recommended pattern is:

  • Sleep for at least Retry-After seconds before retrying.
  • Add a small random jitter (±15 %) so multiple workers do not re-align into the next limit window together.
  • If you systematically hit 429, queue or throttle outbound calls on your side rather than retrying tighter. Catalog data should be cached locally (5–15 min TTL) instead of refetched per order.
Copy-pasteable retry loop in the API Cookbook

HTTP status codes

Common responses (see OpenAPI for the full list per route).

CodeMeaning
400Validation or business rule; body explains the problem.
401Missing or invalid API key.
403Account blocked or product/API not enabled for this key.
404Unknown resource id or unsupported route.
409Conflict (e.g. duplicate or invalid state).
429Too many requests — slow down or back off.
5xxUpstream or internal error — retry with care; check status page or support.

Get started

Open a free trial and get an API key from the hub.