KamioKash Logo
Contact Us!
KamioKash Logo
Contact UsGet a Demo
KamioKash API

Power Your Platform with KamioKash's Dynamic API

Integrate seamlessly with your existing systems, support real-time updates, and ensure secure connectivity—all through our flexible and powerful API.

HMAC Authentication

Enterprise-grade request signing

Real-time Webhooks

Instant event notifications

OpenAPI & SDKs

Auto-generated client libraries

Get started in ~5 minutes

From zero to your first API call in three simple steps

  1. 1

    Authenticate with HMAC

    Tamper-proof your requests with server-side key/secret. This protects replay and integrity.

  2. 2

    Create wallet & issue voucher

    Create customer wallets and issue digital vouchers programmatically. Set amounts, expiration dates, and custom metadata.

  3. 3

    Receive webhook events

    Get notified instantly when vouchers are redeemed, wallets are updated, or any other event occurs in your account.

Step 1: Authenticate with HMAC

import crypto from 'crypto';

const apiKey = process.env.KAMIOKASH_API_KEY;
const secret = process.env.KAMIOKASH_SECRET;

const timestamp = new Date().toISOString();
const body = JSON.stringify({ wallet_id: 'w_123' });
const signature = crypto
  .createHmac('sha256', secret)
  .update(body + ":" + timestamp)
  .digest('hex');

const headers = {
  'X-API-Key': apiKey,
  'X-Timestamp': timestamp,
  'X-Signature': signature,
};

Step 2: Create wallet & issue voucher

// Create a member
const member = await fetch('https://api.kamiokash.com/v1/member', {
  method: 'POST',
  headers,
  body: JSON.stringify({
    externalId: 'cust_abc123',
    firstName: 'Leo',
	lastName: "Kash",
  }),
}).then(res => res.json());

// Issue a voucher to the member
const voucher = await fetch('https://api.kamiokash.com/v1/orders/simple', {
  method: 'POST',
  headers,
  body: JSON.stringify({
	reference: "instant_1",
	date: "2026-01-27T09:23:06.658Z",
	owner: "cust_abc123",
	variantId: "VERY_COOL_GIFT_CARD_1",
	quantity: 1
  }),
}).then(res => res.json());

console.log(voucher);
// {
//   "id": "v_xyz789",
//   "date": "2026-01-27T09:23:06.659Z",
//   "owner": "cust_abc123",
//   "codes": [
//     {
//       "code": "SPEND_ME_NOW",
//       "codeRenderType": "text",
//       "isUsed": false,
//       "expiresAt": "2030-01-27T09:23:06.659Z"
//     }
//   ]
// }

Step 3: Receive webhook events

// Webhook endpoint handler (e.g., Next.js API route)
export async function POST(request) {
  const body = await request.text();
  const timestamp = request.headers.get('X-Timestamp');
  const signature = request.headers.get('X-Kamio-Signature');

  // Verify webhook signature
  const expectedSig = crypto
    .createHmac('sha256', process.env.KAMIOKASH_WEBHOOK_SECRET)
    .update(timestamp + body)
    .digest('hex');

  if (signature !== expectedSig) {
    return Response.json({ error: 'Invalid signature' }, { status: 401 });
  }

  const event = JSON.parse(body);
  
  switch (event.type) {
    case 'transaction.successful':
      await handleUpdatedWalletBalance(event.data);
      break;
    case 'order.successful':
      await handleOrderPushNotification(event.data);
      break;
  }

  return Response.json({ received: true });
}

API Capabilities

Everything you need to build powerful loyalty experiences

Resources

  • Members
    Manage customer profiles and preferences
  • Wallets
    Create and manage customer loyalty wallets
  • Orders
    Issue, redeem, and track digital vouchers
  • Transactions
    Record and query point transactions
  • Rewards
    Query Rewards catalogs
  • Campaigns
    Campaign Isolation by API Key for different campaign mechanics

Webhook Events

  • member.new
    Triggered when a new member is created
  • wallet.new
    Triggered when a new wallet is created for a member
  • transaction.successful
    Triggered when a new transaction is completed
  • order.successful
    Triggered when a order is created and voucehrs have been issued
  • voucher_code.used
    Triggered when a voucher is marked as used

Security & Compliance

Enterprise-grade security built into every layer

HMAC-SHA256 Authentication

Every API request is signed with your secret key, preventing tampering and replay attacks.

TLS 1.3 Encryption

All data in transit is protected with the latest TLS encryption standards.

Webhook Verification

Verify incoming webhooks with signature validation to ensure authenticity.

AES-256 at Rest

Sensitive data is encrypted at rest using AES-256 encryption in our SOC 2 compliant infrastructure.

Developer Resources

Everything you need to integrate quickly

API Documentation

Complete guides, tutorials, and API reference

Read the Docs

OpenAPI Specification

Download the spec to generate client libraries

OpenApi Docs
KamioKash API – Loyalty, Rewards & Messaging Infrastructure | KamioKash