0Gate API
Server-side 0Gate session, capability, transaction, embed, webhook, quote, and entitled rail operations.
0Gate is the primary public integration path for hosted payment, ramp, and swap experiences. Partners create server-owned sessions, hand browser-safe values to the widget, verify webhook events, and reconcile final state from server records.
This page is the curated partner reference. It uses the OpenAPI contract as source material, but removes generated-tool noise and keeps the public boundary clear.
OpenAPI-backed, public-safe reference
The machine-readable OpenAPI 3.1 contract for 0Gate is available at /openapi/gate-v1.yaml. Use it for client generation and schema checks. Use these pages for production rules, lifecycle decisions, and support-safe implementation guidance.
Contract snapshot
| Item | Current shape |
|---|---|
| OpenAPI title | Gate API |
| OpenAPI version | 2026-05-25 |
| Published operations | 31 partner-facing operations |
| Published webhook events | 20 event contracts |
| Main production host | https://gate-api.0bit.app/v1 |
| Main sandbox host | https://gate-api-sandbox.0bit.app/v1 |
| Primary public path | Hosted 0Gate session and widget integration |
| Account-gated path | Locked quotes and server-to-server rail operations |
The API is product-scoped and partner-scoped. A credential only sees resources owned by the partner account and environment that issued it. Examples use fake ids, fake keys, fake domains, fake wallets, and fake users.
What this API covers
- Hosted session creation, retrieval, listing, and cancellation.
- Capability and eligibility reads before showing a flow.
- Indicative quote previews and account-gated locked quotes.
- Partner transaction reads for support and reconciliation.
- Customer records where the account is entitled to use the customer resource.
- Browser-safe embed bootstrap and approved co-branding controls.
- Webhook delivery diagnostics, replay, and test delivery.
- Account-gated pay-in and pay-out rail operations for approved partners.
Public boundary
This reference covers endpoint behavior, authentication, idempotency, webhook verification, request/response objects, status models, and support-safe record joins. It does not expose private operational credentials, payout-instruction details, treasury balances, internal route logic, reserve allocation, operational worker names, or unsupported availability claims.
Authentication map
| Credential or token | Where it belongs | Allowed use | Never use it for |
|---|---|---|---|
sk_test_* / sk_live_* | Your server | Session writes, protected reads, quote/rail writes, webhook tools, branding, customer records | Browser or mobile client code |
pk_test_* / pk_live_* | Browser/mobile where documented | Embed bootstrap only | Money movement, protected reads, customer data, rail operations |
client_secret | Browser-safe but session-scoped | Binds a hosted widget/bootstrap call to one server-created session | Long-term storage, cross-session reuse |
X-Embed-Token | Widget/runtime request header | Short-lived widget context after bootstrap | Partner-server authorization |
Gate-Signature secret | Your server | Raw-body webhook verification | Frontend code or logs |
Idempotency-Key | Your server-generated request header | Collapse duplicate writes into one logical operation | Reusing across unrelated user actions |
Server-owned state is the source of truth
Browser callbacks and redirect URLs are UX signals. Final state must come from webhook events, transaction reads, session reads, and your own durable records.
Operation map
| Area | Operation | Method and path | Auth boundary | Use it for |
|---|---|---|---|---|
| Sessions | listSessions | GET /gate_sessions | Secret key | Back-office session list and support lookup. |
| Sessions | createSession | POST /gate_sessions | Secret key + idempotency | Create a hosted flow and receive a one-time client_secret. |
| Sessions | retrieveSession | GET /gate_sessions/{id} | Secret key | Read current server session state without exposing client secret. |
| Sessions | cancelSession | POST /gate_sessions/{id}/cancel | Secret key | Stop an open session before completion. |
| Capabilities | listCountries | GET /capabilities/countries | Secret key | Discover supported country options for the account. |
| Capabilities | listCurrencies | GET /capabilities/currencies | Secret key | Discover fiat currency options. |
| Capabilities | listAssets | GET /capabilities/assets | Secret key | List crypto assets the account can surface. |
| Capabilities | getAsset | GET /capabilities/assets/{symbol} | Secret key | Inspect one asset and its supported networks. |
| Capabilities | listPaymentMethods | GET /capabilities/payment-methods | Secret key | Discover methods for pay-in/on-ramp flows. |
| Capabilities | listPayoutMethods | GET /capabilities/payout-methods | Secret key | Discover methods for pay-out/off-ramp flows. |
| Capabilities | checkEligibility | GET /capabilities/eligibility | Secret key | Check a region/user context before creating a session. |
| Quotes | previewQuotes | POST /quotes/preview | Secret key | Return indicative options before the user chooses a method. |
| Transactions | listTransactions | GET /transactions | Secret key | Cursor-style support and reconciliation list. |
| Transactions | retrieveTransaction | GET /transactions/{refid} | Secret key | Retrieve one partner transaction by support-safe reference. |
| Embed | createEmbedToken | POST /embed/bootstrap | Publishable key + optional client secret | Bootstrap the widget with browser-safe context. |
| Branding | getBranding | GET /branding | Secret key | Read approved widget brand settings. |
| Branding | updateBranding | PATCH /branding | Secret key | Update approved widget brand settings. |
| Webhooks | listPartnerWebhookDeliveries | GET /webhooks/deliveries | Secret key | Inspect delivery history for debugging. |
| Webhooks | replayWebhookDelivery | POST /webhooks/deliveries/{id}/replay | Secret key | Replay a delivery after fixing your endpoint. |
| Webhooks | sendTestWebhook | POST /webhooks/test | Secret key | Send a synthetic event to validate your receiver. |
| Customers | createCustomer | POST /customers | Secret key + idempotency | Create a partner-scoped customer record where enabled. |
| Customers | listCustomers | GET /customers | Secret key | List partner customer records where enabled. |
| Customers | getCustomer | GET /customers/{id} | Secret key | Retrieve one customer record where enabled. |
| Customers | updateCustomer | PATCH /customers/{id} | Secret key | Update allowed partner-owned customer fields. |
| Customers | deleteCustomer | DELETE /customers/{id} | Secret key | Delete a partner customer record where enabled. |
| Rails | lockQuote | POST /quotes | Secret key + rail entitlement | Lock a signed, one-time quote. |
| Rails | retrieveSignedQuote | GET /quotes/{id} | Secret key + rail entitlement | Inspect quote status without redeeming it. |
| Rails | createPayIn | POST /rails/pay_ins | Secret key + idempotency + rail entitlement | Redeem a signed quote into a pay-in. |
| Rails | retrievePayIn | GET /rails/pay_ins/{id} | Secret key + rail entitlement | Read one pay-in record. |
| Rails | createPayOut | POST /rails/pay_outs | Secret key + idempotency + rail entitlement | Redeem a signed quote into a pay-out. |
| Rails | retrievePayOut | GET /rails/pay_outs/{id} | Secret key + rail entitlement | Read one pay-out record. |
Hosted session lifecycle
Store the session id, your own order id, the idempotency key, the client_secret delivery time, webhook event ids, request ids, and final transaction reference. Do not rely on a redirect URL alone.
Start with capabilities
Capability endpoints stop you from hard-coding promises that can change by account, region, asset, payment method, payout method, and compliance state.
| Before showing | Read | Decision |
|---|---|---|
| Region selector | GET /capabilities/countries | Which countries can appear in your UI. |
| Fiat selector | GET /capabilities/currencies | Which currencies can be requested. |
| Asset selector | GET /capabilities/assets | Which symbols and networks can be offered. |
| Method picker | GET /capabilities/payment-methods / payout-methods | Which methods are available for the flow. |
| Preflight | GET /capabilities/eligibility | Whether the requested context is eligible before creating a session. |
If a capability disappears, your integration should hide or disable that option and show a retry-safe unavailable state. Do not convert a missing capability into an unsupported marketing claim.
Example: create a hosted session
curl -X POST https://gate-api-sandbox.0bit.app/v1/gate_sessions \
-H "Authorization: Bearer sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: 00000000-0000-4000-8000-000000000123" \
-d '{
"amount": "100.00",
"currency": "EUR",
"return_url": "https://partner.example/complete",
"cancel_url": "https://partner.example/cancel",
"flow": "on_ramp",
"target_token": "USDC",
"metadata": {
"order_id": "order_test_123"
}
}'const response = await fetch('https://gate-api-sandbox.0bit.app/v1/gate_sessions', {
method: 'POST',
headers: {
Authorization: `Bearer ${process.env.OBIT_SECRET_KEY}`,
'Content-Type': 'application/json',
'Idempotency-Key': crypto.randomUUID(),
},
body: JSON.stringify({
amount: '100.00',
currency: 'EUR',
return_url: 'https://partner.example/complete',
cancel_url: 'https://partner.example/cancel',
flow: 'on_ramp',
target_token: 'USDC',
metadata: { order_id: 'order_test_123' },
}),
});
const session = await response.json();import os
import uuid
import requests
response = requests.post(
"https://gate-api-sandbox.0bit.app/v1/gate_sessions",
headers={
"Authorization": f"Bearer {os.environ['OBIT_SECRET_KEY']}",
"Content-Type": "application/json",
"Idempotency-Key": str(uuid.uuid4()),
},
json={
"amount": "100.00",
"currency": "EUR",
"return_url": "https://partner.example/complete",
"cancel_url": "https://partner.example/cancel",
"flow": "on_ramp",
"target_token": "USDC",
"metadata": {"order_id": "order_test_123"},
},
)
session = response.json()The response includes a client_secret once. Hand it to the browser for widget bootstrap, but keep the session id and your own order id in your database.
Example: bootstrap the widget
const response = await fetch('https://gate-api-sandbox.0bit.app/v1/embed/bootstrap', {
method: 'POST',
headers: {
Authorization: `Bearer ${publishableKey}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
clientSecret: sessionClientSecret,
}),
});
const bootstrap = await response.json();Only publishable keys belong in browser code. If bootstrap fails, do not fall back to a secret key in the client. Return to your server and create or recover the session.
Object model
Status and reconciliation joins
| Record | Primary id | Join it with | Why it matters |
|---|---|---|---|
| Your order | Your order_id | Session metadata and your database | Keeps your business workflow independent of provider ids. |
| Gate session | gate_session.id | Webhooks, transaction records, widget bootstrap | Main hosted-flow record. |
| Transaction | transaction.refid or returned id | Session, webhook events, support logs | Support and reconciliation view of completed/failed movement. |
| Webhook event | event.id | Your dedupe table | Prevents double-processing at-least-once delivery. |
| Request | X-Request-Id | Logs and support tickets | Lets support investigate without exposing secrets or PII. |
| Idempotency key | Your generated UUID | The write request and your order | Lets retries collapse safely. |
Webhook event families
| Family | Events | Integration rule |
|---|---|---|
| Session lifecycle | gate_session.created, .processing, .completed, .failed, .cancelled, .expired | Persist state transitions and dedupe by event id. |
| Verification | kyc.required, gate_session.kyc_package_accepted | Show hosted verification states without storing raw verification payloads. |
| Rails | rail.pay_in.*, rail.pay_out.*, quote.consumed | Only for accounts with rail entitlement. Treat as server truth. |
| Webhook diagnostics | webhook.test | Use for endpoint validation only. |
| Customers | customer.created, .updated, .deleted | Only for accounts using customer records. |
Verify the raw body before parsing, reject stale timestamps, dedupe by event id, persist the state transition, and return 2xx only after durable handling.
Error and retry model
| Outcome | What to do |
|---|---|
400 validation error | Fix the request; do not retry the same body. |
401 auth error | Check key type, environment, and token placement. |
403 entitlement or permission error | Confirm account/product access; do not loop. |
404 missing scoped object | Treat as not found for this partner/environment; do not infer other accounts. |
409 state conflict | Retrieve current state and branch from it. |
429 rate limit | Back off with jitter and preserve request ids. |
5xx or network timeout | Retry with bounded backoff. Writes must use idempotency keys. |
Every production integration should log the HTTP status, machine-readable error code, request id, endpoint, environment, idempotency key for writes, and your own order id.
Production checklist
- Product access and environment are approved.
- Secret keys are server-only.
- Publishable keys are client-only and cannot call protected routes.
- Webhook receiver verifies raw-body signatures.
- Writes use
Idempotency-Key. - Browser callbacks are not treated as settlement truth.
- Capability checks drive UI availability.
- Customer endpoints are used only where enabled.
- Rail endpoints are used only where enabled.
- Logs include request ids and your own correlation ids.
- Support tooling can retrieve sessions, transactions, webhook deliveries, and relevant internal order state without secrets.
Related pages
Create a 0Gate session
Server-create the hosted flow.
Bootstrap embed token
Hand browser-safe context to the widget.
Preview quotes
Price an indicative flow before creating or locking.
List transactions
Reconcile support-visible transaction records.
Webhook deliveries
Inspect and replay webhook delivery attempts.
0Pools API
Use approved headless pool liquidity workflows.