Get Customer Portal

Generate customer portal URLs programmatically for server-side integrations. This API endpoint creates customer portal URLs without requiring prior user authentication, automatically handling user creation and management.

Server-Side Only: This endpoint is designed for server-side use with API keys. For client-side integrations, use the Client Mode Customer Portal.

Overview

The Get Customer Portal API allows you to:

Generate portal URLs programmatically - Create customer portal links on your server
Automatic user management - Users are created automatically if they don’t exist
No prior authentication required - Users don’t need to be logged in beforehand
Custom metadata support - Attach user metadata for webhook events
Direct integration - Perfect for server-side applications and backend services

API Reference

Endpoint


POST https://onlineapp.pro/api/v1/paywall/{paywallId}/get-customer-portal

Authentication

Include your API key in the request header:


x-api-key: your-secret-api-key

Step 1: Get Your API Key

API Key Location

Step 2: Find Your Paywall ID

Get your paywall ID from the paywall settings page URL:

Paywall ID location

Step 3: Make API Request

Send a POST request with the user’s email and optional metadata:

Request Parameters

URL Parameters

Parameter	Type	Required	Description
paywallId	string	Yes	Your paywall identifier

Request Body

Field	Type	Required	Description
email	string	Yes	User’s email address
userMeta	object	No	Custom metadata linked to user and returned in webhook events

Example Request Body


{
  "email": "user@example.com",
  "userMeta": {
    "my-user-uuid": "pojfoih27938y50ujtb4ip1n2b",
    "utm_source": "facebook",
    "signup_date": "2024-01-15",
    "user_type": "premium"
  }
}

Implementation Examples

JavaScript/Node.js


const paywallId = '123';
const apiKey = 'your-secret-api-key';
 
const response = await fetch(`https://onlineapp.pro/api/v1/paywall/${paywallId}/get-customer-portal`, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'x-api-key': apiKey
  },
  body: JSON.stringify({
    email: 'user@example.com',
    userMeta: {
      "my-user-uuid": "pojfoih27938y50ujtb4ip1n2b",
      "utm_source": "facebook"
    }
  })
});
 
const data = await response.json();
 
if (response.ok) {
  // Redirect user to customer portal
  window.location.href = data.url;
} else {
  console.error('Error:', data);
}

Python


import requests
import json
 
paywall_id = '123'
api_key = 'your-secret-api-key'
 
url = f'https://onlineapp.pro/api/v1/paywall/{paywall_id}/get-customer-portal'
headers = {
    'Content-Type': 'application/json',
    'x-api-key': api_key
}
data = {
    'email': 'user@example.com',
    'userMeta': {
        'my-user-uuid': 'pojfoih27938y50ujtb4ip1n2b',
        'utm_source': 'facebook'
    }
}
 
response = requests.post(url, headers=headers, json=data)
 
if response.status_code == 200:
    result = response.json()
    portal_url = result['url']
    print(f'Customer portal URL: {portal_url}')
else:
    print(f'Error: {response.status_code} - {response.text}')

PHP


<?php
$paywallId = '123';
$apiKey = 'your-secret-api-key';
 
$url = "https://onlineapp.pro/api/v1/paywall/{$paywallId}/get-customer-portal";
 
$data = [
    'email' => 'user@example.com',
    'userMeta' => [
        'my-user-uuid' => 'pojfoih27938y50ujtb4ip1n2b',
        'utm_source' => 'facebook'
    ]
];
 
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'x-api-key: ' . $apiKey
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
 
if ($httpCode === 200) {
    $result = json_decode($response, true);
    $portalUrl = $result['url'];
    header("Location: {$portalUrl}");
} else {
    echo "Error: {$httpCode} - {$response}";
}
?>

cURL


curl -X POST https://onlineapp.pro/api/v1/paywall/123/get-customer-portal \
  -H "Content-Type: application/json" \
  -H "x-api-key: your-secret-api-key" \
  -d '{
    "email": "user@example.com",
    "userMeta": {
      "my-user-uuid": "pojfoih27938y50ujtb4ip1n2b",
      "utm_source": "facebook"
    }
  }'

Response Format

Success Response


{
  "url": "https://checkout.stripe.com/c/pay/cs_test_..."
}

Error Responses

Status Code	Error Type	Description
400	Bad Request	Missing parameters or invalid email format
401	Unauthorized	Invalid or missing API key
409	Conflict	Active purchase exists
500	Internal Server Error	Server-side error occurred

Process Flow

The API follows this process:

Validate parameters - Check email format and required fields
Verify API key - Authenticate the request
Find or create user - Automatically create user if doesn’t exist
Link to paywall - Associate user with the specified paywall
Create customer portal - Generate secure portal URL
Return URL - Provide portal link for user redirection

User Redirection

After receiving the portal URL, redirect the user:

Same Window Redirect


window.location.href = data.url;

New Window/Tab


window.open(data.url, '_blank');

Server-Side Redirect


header("Location: {$portalUrl}");

Security Guidelines

API Key Security

Store securely - Never expose API keys in client-side code
Environment variables - Use secure environment variable storage
Rotate regularly - Update API keys periodically
Restrict access - Limit API key access to necessary personnel

Request Security

Use HTTPS - Always use encrypted connections
Validate inputs - Check email formats and required fields
Rate limiting - Implement request rate limiting
Error handling - Don’t expose sensitive information in errors

Example Secure Implementation


// Server-side only - never expose API key to client
const generateCustomerPortal = async (email, userMeta) => {
  try {
    // Validate email format
    if (!isValidEmail(email)) {
      throw new Error('Invalid email format');
    }
 
    const response = await fetch(
      `https://onlineapp.pro/api/v1/paywall/${process.env.PAYWALL_ID}/get-customer-portal`,
      {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          'x-api-key': process.env.API_KEY // From secure environment
        },
        body: JSON.stringify({ email, userMeta })
      }
    );
 
    if (!response.ok) {
      throw new Error(`API error: ${response.status}`);
    }
 
    return await response.json();
  } catch (error) {
    console.error('Customer portal generation failed:', error);
    throw error;
  }
};

Use Cases

Allow users to manage subscriptions from within your app:


// In user dashboard
app.post('/manage-subscription', async (req, res) => {
  const portalData = await generateCustomerPortal(
    req.user.email,
    {
      user_id: req.user.id,
      account_type: req.user.accountType
    }
  );
 
  res.json({ portalUrl: portalData.url });
});

Troubleshooting

401 Unauthorized Error

Common causes:

Invalid API key
API key not included in header
API key expired or revoked

Solutions:

Verify API key is correct
Check header format: x-api-key: your-api-key
Generate new API key if needed

400 Bad Request Error

Common causes:

Missing email parameter
Invalid email format
Invalid paywall ID

Solutions:

Ensure email is provided and valid
Verify paywall ID is correct
Check request body format

Next Steps

After implementing customer portal generation:

Handle Webhooks Get Prices API