Retrieve a customer
GET /customers/{id} - Read one partner-scoped customer (identity) record by id.
0Gate is the primary public integration path for hosted payment, ramp, and swap experiences. Keep secret-key operations on your server and hand only browser-safe values to the widget.
Read a single customer (identity) record by its 0Bit id. This returns the full CRM-style record you created — contact fields and your metadata — scoped to your account. It is a standard identity read, not a privacy-minimized KYC view.
Endpoint
| Field | Value |
|---|---|
| Method | GET |
| Path | /v1/customers/{id} |
| Area | Customers |
| Operation id | getCustomer |
| Auth boundary | Secret key from your server. |
The {id} path parameter is a customer id returned by POST /v1/customers or GET /v1/customers. A customer that belongs to a different partner returns 404 — cross-tenant access is never 403, so there is no existence leak across accounts.
Use it for
Look up one customer to confirm its current contact fields, metadata, and kyc_status. If you only have your own reference, prefer GET /v1/customers?external_id=… instead of storing the 0Bit id everywhere.
Production rules
- Keep secret keys on your server. This endpoint requires an
sk_*key. - Wrap the path id in your code — the
{id}placeholder is a literal customer id at call time. - A soft-deleted customer reads as
404. Treat a404as "gone or never yours", not as a transient error to retry. - Treat
kyc_statusas an informational signal only — it is not partner-settable and isunverifiedat launch. - Treat examples and placeholder ids as fake data only.
Path parameters
| Field | Required | Type | Use it for |
|---|---|---|---|
id | Yes | string | The 0Bit customer id, for example 67a1f3b9e4b0c10001234567/the returned id. |
Response
Returns 200 with the customer object.
Customer object
| Field | Type | Use it for |
|---|---|---|
id | string | 0Bit id for this customer. |
object | string | Always customer. |
partner_id | string | The partner this record belongs to (your account). |
mode | test/live | Which key mode created the record. |
livemode | boolean | true for live-mode records, false for test. |
external_id | string | null | Your reference, or null when not set. |
email | string | Contact email. |
phone | string | null | E.164 phone, or null. |
first_name | string | null | Given name, or null. |
last_name | string | null | Family name, or null. |
country_code | string | null | ISO 3166-1 alpha-2 region, or null. |
kyc_status | string | unverified / processing / verified / rejected / expired. Informational, not partner-settable, and always unverified at launch. |
metadata | object | Your free-form key/value pairs. |
created_at | string | null | RFC 3339 creation time. |
updated_at | string | null | RFC 3339 last-modified time. |
Examples
curl https://gate-api.0bit.app/v1/customers/67a1f3b9e4b0c10001234567 \
-H "Authorization: Bearer sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"{
"id": "67a1f3b9e4b0c10001234567",
"object": "customer",
"partner_id": "ptnr_test_000000000001",
"mode": "test",
"livemode": false,
"external_id": "user_42",
"email": "jordan@example.com",
"phone": "+447700900000",
"first_name": "Jordan",
"last_name": "Doe",
"country_code": "GB",
"kyc_status": "unverified",
"metadata": { "plan": "pro" },
"created_at": "2026-01-01T00:00:00Z",
"updated_at": "2026-01-01T00:00:00Z"
}Errors
All errors use the unified envelope and carry an X-Request-Id response header. Branch on code/type/statusCode, not on the free-form message.
{
"type": "not_found",
"code": "not_found",
"message": "Customer 67a1f3b9e4b0c10001234567 not found",
"request_id": "req_test_000000000123",
"doc_url": null,
"statusCode": 404
}| Status | type | When it happens |
|---|---|---|
401 | unauthorized | Missing or invalid secret key. |
404 | not_found | No such customer, it belongs to another partner, or it has been soft-deleted. Cross-tenant access is 404, never 403. |
429 | rate_limited | Request throttled. Back off and retry. |
5xx | server_error | Transient server or upstream failure. Retry with bounded backoff. |
Public boundary
This reference covers partner-scoped endpoint behavior, authentication, idempotency, webhook verification, and support-safe records. Internal operations, administrative routes, and unsupported availability claims are outside the public API contract.