The Voucherify Developer Hub

Welcome to the Voucherify developer hub. You'll find comprehensive guides and documentation to help you start working with Voucherify as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started

Security is one of the biggest concern in every aspect of our product. So, we've taken several measures to keep your data safe.

Security policy

To understand how we protect your data, visit our Security and Privacy Policy

1. Secure communication channels

Voucherify provides 2 modes of API interaction. The first one - private - enables you to access the all API endpoints with the use Application ID and Application Token. To find out more, go to Authentication.

The second - public - allows web or mobile clients to access only limited set of API endpoints using publishable keys e.g. (validate voucher) method. voucherify.js presents an example of such a use case.

2. API requests rate limit

To keep your vouchers and promotions safe from fraudulent customer behaviour, Voucherify limits the rate of public client requests coming from single IP address. The current limit can be found at Limits section.

When the limit is exceeded, Voucherify returns:

   "type": "error",
   "message": "XHR error happened.",
   "context": {  
      "readyState": 4,
      "responseText": "API calls limit exceeded.",
      "status": 429,
      "statusText": "Too Many Requests"

3. Domain whitelist for public channel

To increase security of public client operations, Voucherify will accept only requests with Origin header that match the domain(s) specified in Your website URL (screenshot below). Use the following pattern:

  • - This covers your subdomains and all paths within those subdomains. Note: this also covers
  • - This covers any instances of your site called without www and all paths within that domain.
  • * - This allows requests from any domain.

Updated 7 months ago


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.