Back to zillo.app

Quickstart

Mint a key, fetch your products, register a webhook. About 5 minutes end-to-end.

1. Create an API key

Open dashboard.zillo.app → Developers → API keys, click Create key, pick scopes, and copy the plaintext exactly once (we don't store it).

  • zk_test_… keys operate against test-mode data only.
  • zk_live_… keys operate against live data.
  • Keep keys server-side — they are full credentials.

2. Fetch your products

curl -H "Authorization: Bearer zk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  https://api.zillo.app/v1/products

Returns a paginated list envelope: { object: "list", data: [...], has_more, url }.

3. Create a customer

curl -X POST https://api.zillo.app/v1/customers \
  -H "Authorization: Bearer zk_test_xxx" \
  -H "Content-Type: application/json" \
  -d '{ "email": "alice@example.com", "name": "Alice Example" }'

4. Register a webhook

Webhooks fire when orders complete, gift cards are issued/redeemed, memberships activate, etc. Each delivery carries a Zillo-Signature header you can verify with HMAC-SHA256.

curl -X POST https://api.zillo.app/v1/webhooks \
  -H "Authorization: Bearer zk_test_xxx" \
  -H "Content-Type: application/json" \
  -d '{ "url": "https://your-app.example.com/webhooks/zillo", "events": ["*"] }'

Copy the signing_secretfrom the response — it's only shown once. See Verifying signatures for the verification snippet.