StorraDocs
← Storra.xyzDashboard →
Docs/Developer API/API Examples

API Examples

Copy-paste request/response examples for the most common Storra API operations.

Working code samples for common operations across the Headless and Checkout APIs.

List packages

curl -H "Authorization: Bearer pk_live_..." \
  https://your-store.storra.xyz/api/headless/packages

Response:

[
  {
    "id": "pkg_abc123",
    "name": "VIP Rank",
    "price_cents": 999,
    "price": "$9.99",
    "currency": "USD",
    "image_url": "https://...",
    "category_id": "cat_ranks",
    "sale_active": false,
    ...
  }
]

Create a basket

curl -X POST -u "your-project-id:sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "email": "buyer@example.com",
    "username": "BuyerMC",
    "complete_url": "https://your-storefront.com/thank-you",
    "cancel_url": "https://your-storefront.com/cart"
  }' \
  https://your-store.storra.xyz/api/checkout/baskets

Add an item

curl -X POST -u "your-project-id:sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{ "package_id": "pkg_abc123", "quantity": 1 }' \
  https://your-store.storra.xyz/api/checkout/baskets/<ident>/items

Apply a coupon

curl -X POST -u "your-project-id:sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{ "code": "SUMMER25" }' \
  https://your-store.storra.xyz/api/checkout/baskets/<ident>/coupon

Initiate Stripe payment

curl -X POST -u "your-project-id:sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{ "gateway": "stripe" }' \
  https://your-store.storra.xyz/api/checkout/baskets/<ident>/initiate

Response includes a redirect_url — send the customer there to complete payment.

Verify a webhook signature (Node.js)

import crypto from "crypto";

app.post("/storra-webhook", (req, res) => {
  const signature = req.headers["x-storra-signature"];
  const expected = crypto
    .createHmac("sha256", process.env.STORRA_WEBHOOK_SECRET)
    .update(req.rawBody)
    .digest("hex");

  if (!crypto.timingSafeEqual(
    Buffer.from(expected, "hex"),
    Buffer.from(signature, "hex"),
  )) {
    return res.status(401).send("invalid signature");
  }

  const event = JSON.parse(req.rawBody);
  console.log("Received:", event.type, event.payload);
  res.sendStatus(200);
});
Was this page helpful?Suggest an edit →
← Previous

Outbound Webhooks

Updated recently