Automate your account with the VASTROX API and webhooks

Back to Knowledgebase
Getting Started 2 min read 4 views Updated Jul 2026

Everything you can do in the dashboard, you can do from code. The VASTROX API is a clean, token-authenticated REST API — perfect for automation, internal tools, or reselling.

Get a key

Create a personal access token under Account → API Keys. Choose a scope:

  • Read-only — view your account, services, invoices, orders and tickets.
  • Read & write — everything above, plus open/reply to tickets and power VPS servers.

Send the token as a Bearer header:

Authorization: Bearer <your-key>

Every response uses one envelope: { "ok": true, "data": ... } on success, { "ok": false, "error": { "code", "message" } } on failure. All data is scoped to your token — you only ever see your own account.

Example

# List your services
curl -H "Authorization: Bearer <your-key>" \
     https://vastrox.com/api/v1/services

The full endpoint list, rate limits and error codes live on our Developers page.

Webhooks — don't poll, get pushed

Instead of asking "is it paid yet?" on a loop, register an HTTPS endpoint under Account → API Keys and we'll push events to you the moment they happen: invoice.paid, service.created, service.activated, service.suspended, service.terminated.

Every delivery is a signed JSON POST. Verify the signature so you know it's really us:

$valid = hash_equals(
    'sha256=' . hash_hmac('sha256', $rawBody, $yourSecret),
    $_SERVER['HTTP_X_VASTROX_SIGNATURE']
);

Respond with any 2xx within 10 seconds. Failed deliveries retry with backoff, and an endpoint that keeps failing is paused automatically so a dead URL never becomes a problem.

Was this guide helpful? Our engineers are here 24/7 if you get stuck.