Everything you can do in the dashboard, you can do from code. The VASTROX API is a clean, token-authenticated REST API — perfect for automation, internal tools, or reselling.
Get a key
Create a personal access token under Account → API Keys. Choose a scope:
- Read-only — view your account, services, invoices, orders and tickets.
- Read & write — everything above, plus open/reply to tickets and power VPS servers.
Send the token as a Bearer header:
Authorization: Bearer <your-key>
Every response uses one envelope: { "ok": true, "data": ... } on success, { "ok": false, "error": { "code", "message" } } on failure. All data is scoped to your token — you only ever see your own account.
Example
# List your services
curl -H "Authorization: Bearer <your-key>" \
https://vastrox.com/api/v1/services
The full endpoint list, rate limits and error codes live on our Developers page.
Webhooks — don't poll, get pushed
Instead of asking "is it paid yet?" on a loop, register an HTTPS endpoint under Account → API Keys and we'll push events to you the moment they happen: invoice.paid, service.created, service.activated, service.suspended, service.terminated.
Every delivery is a signed JSON POST. Verify the signature so you know it's really us:
$valid = hash_equals(
'sha256=' . hash_hmac('sha256', $rawBody, $yourSecret),
$_SERVER['HTTP_X_VASTROX_SIGNATURE']
);
Respond with any 2xx within 10 seconds. Failed deliveries retry with backoff, and an endpoint that keeps failing is paused automatically so a dead URL never becomes a problem.