The Digistore24 API allows external applications to access your Digistore24 account. This site is the technical documentation of the API and only interesting for software and application developers.

The Digistore24 API

Via the Digistore24 API, your applications, data – e.g. a list of products and orders – can be read out. Depending on the access authority, data can be changed as well – e.g. orders can be cancelled. The access is possible via the API key of the user of your applications via HTTP.

API key

You need an API key to get access to the Digistore24 API. To generate an API key, please proceed as follows:

The API key will be displayed. It is a long combination of letters and numbers as for example:

123-iKWIrTsUTbCyRFuotOdV8yO2xnfMI5b3rZhDCUAG

For every API key, you can select one of the following API permissions:

  • readonly = read access: There cannot be made any changes in your account with the key. However, information can be retrieved, as for example sales or details of a specific order.

  • writable = full access: Changes in your account are possible, as for example cancelling an order. Information can be retrieved, like with the read access.

  • developer = developer key: With this key, your app can generate an API key for your users. A read or full access is not possible with this key. You can publish the developer key in the source code of your app.

PHP class

We have prepared a PHP class and several examples for you - click here to download.

You can find all functions you can call up via the Digistore24 API in the API reference.

The PHP class is compatible with future versions of the Digistore24 API. I.e. even if the Digistore24 API will expand, you can still use your current version of the PHP class.

Javascript API

We also provide a Javascript API connector - download it here.

Even this connector works with all functions of the API reference.

caution

API keys which are being used with the Javascript API can be reviewed easily. Please use only developer keys with the Javascript API.

HTTP call

If you use the PHP class mentioned above, you can skip this section.

In order to use the API without PHP class, please carry out HTTP calls to the following URL:

https://www.digistore24.com/api/call/FUNCTION

Please replace FUNCTION: function name – cf. API reference

You can transfer function arguments as GET or POST parameters.

Set http headers

Set these http headers for secure authentication:

  • X-DS-API-KEY: Your Digistore24 API key
  • Accept:
    • application/json ⇒ json response (default)
    • text/plain ⇒ plain text response
    • text/xml ⇒ xml response
    • application/php ⇒ response as php serialized array

Example of a function call

The following function call shall be carried out:

  • resendPurchaseConfirmationMail( 'X26QE8GN' )

Then the URL can be:

https://www.digistore24.com/api/call/resendPurchaseConfirmationMail?purchase_id=X26QE8GN

The server answers with a text document with the following exemplary content:

{
   "api_version": "1.234",
   "current_time": "2014-03-14 17:30:08",
   "result": "success",
   "data": {
     "modified": "Y",
     "note": "The confirmation mail has been sent."
   }
 }

Here, the answer is a data set in the JSON format.

If succeeded, you will get an object with the following fields:

  • api_version – the (server-side) version of the Digistore24 API, e.g. 1.234
  • result – „success“
  • data – data object that has given back the called function

If unsuccessful, you will get an object with the following fields:

  • api_version – the (server-side) version of the Digistore24 API, e.g. 1.234
  • result – „error“
  • message – the error message
  • code – an error code

Numbered or named parameter

If you transfer the function arguments as POST or GET parameter, you can choose:

  • You transfer the parameter with numbered names: arg1, arg2, arg3 etc. This is helpful if you are developing a generic adapter for the API, as for example the PHP class mentioned above.
  • Otherwise you can use the named names from the API reference, e.g. purchase_id, transaction_id etc. This Dies improves the readability of your source code.

Arrays as parameter

Some functions (like createBuyUrl()) expect arrays as function arguments.

Example: You want to transfer the following array:

buyer = array(
    name => Udo,
    email => uw@ds24mail.com
 )

You transfer the data of the array as follows:

…&buyer[name]=Udo&buyer[email]=uw@ds24mail.com

or with numbered parameters

…&arg1[name]=Udo&arg1[email]=uw@ds24mail.com

General parameter

Besides the accepted parameters arg1/arg2/… the following parameters can always be transfered:

  • language: 'de' or 'en' – language for the messages of the API. Default is the language of the Digistore24 account to which the API key belongs.
  • operator: string – name of a responsible person for the changes that are made in Digistore24 by the API call. This will only be used for the protocol, so that you can reproduce which user of your app has cancelled an order, for instance.

Further development of the API

We will advance the API in the near future but we will keep the downward compatibility.

We will undertake the following changes unheralded:

  • We will add new functions to the API.
  • Existing functions will get additional function arguments that are optional (so that your software can run with it).
  • There can be changes in the original terms of texts and error messages. E.g. the plain text descriptions for the order status can change (i.e. the return value of billing_status_msg) – the internal descriptions (the value of billing_status) will not change, at the most it will be complemented by new values.
  • The answers of the server will get additional data fields (which your app can ignore).
  • The API version will change.

Please design you app in a way that is compatible with these changes and no changes in the source code has to be made. Otherwise it might happen that you app will not run properly.

Following things will not change:

  • The names of the functions and the existing function arguments
  • The API URL as well as the whole mechanism of the API access