# Duro ## Docs - [Dashboard overview (MRR, recovery, churn)](https://docs.useduro.com/api-reference/analytics/dashboard-overview-mrr-recovery-churn.md) - [Failure breakdown](https://docs.useduro.com/api-reference/analytics/failure-breakdown.md) - [Authentication](https://docs.useduro.com/api-reference/authentication.md): Secret keys, OAuth2 client credentials, and customer identity tokens. - [Create a checkout session](https://docs.useduro.com/api-reference/checkout/create-a-checkout-session.md) - [Retrieve a checkout session](https://docs.useduro.com/api-reference/checkout/retrieve-a-checkout-session.md) - [Hydrate a checkout session](https://docs.useduro.com/api-reference/customer-checkout/hydrate-a-checkout-session.md) - [Pay a checkout session](https://docs.useduro.com/api-reference/customer-checkout/pay-a-checkout-session.md) - [Poll session status](https://docs.useduro.com/api-reference/customer-checkout/poll-session-status.md) - [Current identity + saved methods](https://docs.useduro.com/api-reference/customer-identity/current-identity-+-saved-methods.md) - [List saved payment methods](https://docs.useduro.com/api-reference/customer-identity/list-saved-payment-methods.md) - [Request a WhatsApp OTP](https://docs.useduro.com/api-reference/customer-identity/request-a-whatsapp-otp.md) - [Verify the OTP, get a token](https://docs.useduro.com/api-reference/customer-identity/verify-the-otp-get-a-token.md) - [List subscriptions across merchants](https://docs.useduro.com/api-reference/customer-portal/list-subscriptions-across-merchants.md) - [Blacklist a customer](https://docs.useduro.com/api-reference/customers/blacklist-a-customer.md) - [Create a customer](https://docs.useduro.com/api-reference/customers/create-a-customer.md) - [List a customer's subscriptions](https://docs.useduro.com/api-reference/customers/list-a-customers-subscriptions.md) - [List a customer's transactions](https://docs.useduro.com/api-reference/customers/list-a-customers-transactions.md) - [List customers](https://docs.useduro.com/api-reference/customers/list-customers.md) - [Remove a customer from the blacklist](https://docs.useduro.com/api-reference/customers/remove-a-customer-from-the-blacklist.md) - [Retrieve a customer](https://docs.useduro.com/api-reference/customers/retrieve-a-customer.md) - [Retrieve a customer by merchantRef](https://docs.useduro.com/api-reference/customers/retrieve-a-customer-by-merchantref.md) - [Update a customer](https://docs.useduro.com/api-reference/customers/update-a-customer.md) - [Errors](https://docs.useduro.com/api-reference/errors.md): A consistent error envelope and the status codes you'll actually see. - [List events](https://docs.useduro.com/api-reference/events/list-events.md) - [Retrieve an event](https://docs.useduro.com/api-reference/events/retrieve-an-event.md) - [Idempotency](https://docs.useduro.com/api-reference/idempotency.md): Make any mutation safe to retry — exactly once, even across timeouts. - [Introduction](https://docs.useduro.com/api-reference/introduction.md): Base URLs, authentication, and the conventions every endpoint shares. - [List invoices](https://docs.useduro.com/api-reference/invoices/list-invoices.md) - [Refund a paid invoice](https://docs.useduro.com/api-reference/invoices/refund-a-paid-invoice.md) - [Retrieve an invoice with attempts](https://docs.useduro.com/api-reference/invoices/retrieve-an-invoice-with-attempts.md) - [Test & Live Modes](https://docs.useduro.com/api-reference/modes.md): Two physically separate worlds. The key prefix is the switch. - [Exchange client credentials for a token](https://docs.useduro.com/api-reference/oauth/exchange-client-credentials-for-a-token.md) - [Pagination](https://docs.useduro.com/api-reference/pagination.md): Keyset cursors — page 500 costs the same as page 1. - [Create a payment link](https://docs.useduro.com/api-reference/payment-links/create-a-payment-link.md) - [List payment links](https://docs.useduro.com/api-reference/payment-links/list-payment-links.md) - [Retrieve a payment link](https://docs.useduro.com/api-reference/payment-links/retrieve-a-payment-link.md) - [Update a payment link](https://docs.useduro.com/api-reference/payment-links/update-a-payment-link.md) - [Permissions](https://docs.useduro.com/api-reference/permissions.md): What each credential is allowed to do — key scopes and dashboard roles. - [Archive a plan](https://docs.useduro.com/api-reference/plans/archive-a-plan.md) - [Create a plan](https://docs.useduro.com/api-reference/plans/create-a-plan.md) - [List plans](https://docs.useduro.com/api-reference/plans/list-plans.md) - [Retrieve a plan](https://docs.useduro.com/api-reference/plans/retrieve-a-plan.md) - [Update a plan](https://docs.useduro.com/api-reference/plans/update-a-plan.md) - [Create a promo code](https://docs.useduro.com/api-reference/promo-codes/create-a-promo-code.md) - [List promo codes](https://docs.useduro.com/api-reference/promo-codes/list-promo-codes.md) - [Retrieve a promo code](https://docs.useduro.com/api-reference/promo-codes/retrieve-a-promo-code.md) - [Update a promo code](https://docs.useduro.com/api-reference/promo-codes/update-a-promo-code.md) - [Recovery summary](https://docs.useduro.com/api-reference/recovery/recovery-summary.md) - [Retry a failing invoice now](https://docs.useduro.com/api-reference/recovery/retry-a-failing-invoice-now.md) - [Get recovery settings](https://docs.useduro.com/api-reference/settings/get-recovery-settings.md) - [Update recovery settings](https://docs.useduro.com/api-reference/settings/update-recovery-settings.md) - [Cancel a subscription](https://docs.useduro.com/api-reference/subscriptions/cancel-a-subscription.md) - [Change plan (with proration)](https://docs.useduro.com/api-reference/subscriptions/change-plan-with-proration.md) - [Create a subscription](https://docs.useduro.com/api-reference/subscriptions/create-a-subscription.md) - [List subscriptions](https://docs.useduro.com/api-reference/subscriptions/list-subscriptions.md) - [Pause a subscription](https://docs.useduro.com/api-reference/subscriptions/pause-a-subscription.md) - [Resume a subscription](https://docs.useduro.com/api-reference/subscriptions/resume-a-subscription.md) - [Retrieve a subscription](https://docs.useduro.com/api-reference/subscriptions/retrieve-a-subscription.md) - [List transactions](https://docs.useduro.com/api-reference/transactions/list-transactions.md) - [Retrieve a transaction](https://docs.useduro.com/api-reference/transactions/retrieve-a-transaction.md) - [Webhook Events](https://docs.useduro.com/api-reference/webhook-events.md): The full event catalog, the delivery envelope, and how to verify a signature. - [Data Model](https://docs.useduro.com/architecture/data-model.md): Three Postgres schemas, two Prisma clients, and an entity map you can hold in your head. - [Multi-Tenancy & Caching](https://docs.useduro.com/architecture/multi-tenancy.md): Lazy per-mode clients, connection pooling, and version-bump cache invalidation that never needs to SCAN. - [Architecture](https://docs.useduro.com/architecture/overview.md): Three services, a worker that turns the crank, fifteen shared packages, and a data plane partitioned by mode. The whole system at altitude. - [Request Lifecycle](https://docs.useduro.com/architecture/request-lifecycle.md): Four authentication modes, tenant scoping, idempotency — how a raw request becomes a safe, scoped operation. - [Recovery & Dunning](https://docs.useduro.com/billing/dunning.md): The subsystem Duro is built around. Classify the failure, choose an action, retry on the right rail at the right time — and count every naira back. - [How Dunning Runs](https://docs.useduro.com/billing/payday-and-rails.md): The mechanics behind the strategy — how a failed charge actually becomes a scheduled, executed, re-decided retry across both modes. - [Proration](https://docs.useduro.com/billing/proration.md): Fair math for mid-cycle plan changes — charge for the upgrade you used, credit the downgrade you didn't. - [The Renewal Engine](https://docs.useduro.com/billing/renewal-engine.md): The loop that turns the crank: scan for due subscriptions, charge, advance — or hand the failure to recovery. The algorithm, step by step. - [Subscription Lifecycle](https://docs.useduro.com/billing/subscription-lifecycle.md): Nine states, an explicit transition table, and a guard that makes illegal transitions impossible. - [Customer Portal](https://docs.useduro.com/identity/customer-portal.md): One WhatsApp login, every subscription across every merchant — with ownership enforced and queries batched. - [Universal Identity](https://docs.useduro.com/identity/universal-identity.md): One phone, verified over WhatsApp, that owns a payment wallet reusable across every Duro merchant. The second big bet, in detail. - [Duro](https://docs.useduro.com/introduction.md): Recovery-first subscription billing for Africa. The money you almost lost, brought back automatically — on rails that actually exist where your customers live. - [How Duro Scores](https://docs.useduro.com/judging.md): The five judged dimensions, each weighted, mapped to exactly where Duro earns it in the system. - [Hosted Checkout](https://docs.useduro.com/payments/checkout.md): A branded, tokenised checkout you redirect to — session in, subscription out, no card data on your servers. - [Inline SDK](https://docs.useduro.com/payments/inline-sdk.md): A drop-in payment popup with one extra superpower — the customer's saved card lives on their phone, reusable across every Duro merchant. - [Appearance Builder](https://docs.useduro.com/platform/appearance.md): A draft/publish design system that themes every customer surface from one token set — checkout, popup, portal, pay page, email. - [Emails & Templates](https://docs.useduro.com/platform/emails.md): A shared template engine with per-tenant overrides, rendered and enqueued from the lifecycle the customer actually lives. - [Queues & Workers](https://docs.useduro.com/platform/queues-and-workers.md): Five BullMQ queues, four repeatable scanners, one consistent scan/process pattern — the asynchronous backbone. - [Quick Start](https://docs.useduro.com/quick-start.md): From zero to a recurring subscription with automatic recovery in five requests. - [Security Model](https://docs.useduro.com/security/security-model.md): Tenant isolation, RBAC, secret handling, and the real findings from an adversarial audit pass — with fixes. - [SSRF & Egress](https://docs.useduro.com/security/ssrf-and-egress.md): Why merchant-controlled URLs are dangerous, and exactly how Duro neutralises them. - [The Thesis](https://docs.useduro.com/the-thesis.md): Why recovery-first billing is a different product, not a feature — and why Nigeria is where it matters most. - [Webhooks](https://docs.useduro.com/webhooks/delivery.md): Event-sourced, signed, retried, and SSRF-guarded delivery — driven off the same events table the dashboard reads. ## OpenAPI Specs - [openapi](https://docs.useduro.com/openapi.json)