Skip to main content
The Duro public API is a JSON-over-HTTPS REST API. Every endpoint in this reference has an interactive playground — set your key once and fire a real request from the page.

Production Base URL

https://api.useduro.com

Authentication

A secret key in the Authorization: Bearer … header on every request. See Authentication.

Base URLs

EnvironmentBase URLKey prefix
Production (live)https://api.useduro.comsk_live_…
Sandbox (test)https://sandbox.useduro.comsk_test_…
Live and sandbox are separate hosts backed by physically separate database schemas — use the base URL that matches your key. A sk_test_ key only works against sandbox.useduro.com and can never read or bill live data, so the sandbox is safe to experiment in. See Modes.

Authentication

Every request must include your key as a bearer token:
curl https://api.useduro.com/v1/plans \
  -H "Authorization: Bearer sk_test_•••••••••••••••••"
Keys are minted in the dashboard under Developers → API keys and are hashed at rest — Duro shows a key once, at creation. Full details, plus OAuth and customer identity tokens, are in Authentication.

Conventions

Everything in this API follows the same rules:

Money in minor units

Amounts are integer kobo. 500000 = ₦5,000.00. Currency is a sibling field, default NGN.

Prefixed IDs

plan_…, cus_…, sub_…, inv_… — the prefix tells you the type at a glance.

Cursor pagination

Keyset cursors, newest first. Page 500 costs the same as page 1. See Pagination.

Idempotent writes

Send an Idempotency-Key to make any mutation safe to retry. See Idempotency.

Two API surfaces

  • Merchant API (/v1) — server-to-server, authenticated with a secret key or OAuth token. Plans, customers, subscriptions, invoices, recovery, checkout sessions, analytics. (Webhook endpoints are configured in the dashboard; here you only receive deliveries — see the Webhooks tab.)
  • Customer API — browser- and SDK-facing endpoints for hosted checkout (/checkout), WhatsApp identity (/identity), and the cross-merchant portal (/portal).