Base URL
All API requests should be made to:- Production:
https://dhmad.tn/api/v1 - Sandbox (for testing):
https://sandbox.dhmad.tn/api/v1— usesk_sandbox_keys; see Sandbox
Authentication
All requests require authentication using an API key. You can use either:- Bearer Token:
Authorization: Bearer sk_live_your_api_key_here - X-API-Key Header:
X-API-Key: sk_live_your_api_key_here
Interactive API Explorer
We provide an interactive API Explorer (Swagger UI) in the Developer Portal where you can:- Browse all available endpoints
- View request/response schemas
- Test API calls directly from your browser
- See example requests and responses (including Quick Escrow with Proof on
POST /v1/escrows) - Authenticate with your API key
Access the API Explorer from your Developer Dashboard after logging in. Click “Authorize” to add your API key and start testing endpoints.
Available Endpoints
Account & Authentication
GET /me- Get API key information — verify your API key and get developer account detailsGET /balance- Get user balance — available, pending, and escrow balances
Escrows
- Overview — Introduction to escrows, modes (standard, quick, instant), Quick Escrow with Proof, statuses, and lifecycle
POST /escrows- Create a new escrowGET /escrows- List escrows (with pagination and filters)GET /escrows/:id- Get escrow detailsGET /escrows/:id/proof- Get escrow proof — viewable proof URLs for Quick Escrow with ProofGET /escrows/:id/contract- Get contract — retrieve contract details and PDFPUT /escrows/:id- Update escrow — update a pending escrowPOST /escrows/:id/deliver- Deliver escrow — seller marks as deliveredPOST /escrows/:id/reject-delivery- Reject delivery — buyer returns escrow to paidPOST /escrows/:id/cancel- Cancel escrow — cancel a pending escrow
Checkout Sessions
Checkout Sessions let you redirect users to dhmad.tn to perform critical escrow actions (sign contract, accept & pay, complete, dispute, cancellation). See the Checkout Sessions Guide for a full integration walkthrough.- Overview — How checkout sessions work, security, and supported actions
POST /escrows/:id/sessions- Create checkout session — create a session and get a redirect URLGET /sessions/:sessionId- Get checkout session — verify session status after redirect
Identity Verifications
Verify users through DHMAD before they have a dhmad.tn account. DHMAD emails the user a Didit KYC link (the URL is never returned to your API). When they later register with the same email, KYC links automatically. See the KYC for marketplaces guide.- Overview — Pre-account KYC flow, sandbox behavior, and constraints
POST /identity-verifications- Create verification — start KYC and send invite emailGET /identity-verifications/:id- Get verification — poll statusGET /identity-verifications?email=- List by email
OAuth 2.0
OAuth endpoints for Single Sign-On (SSO) integration. See the OAuth Setup Guide for implementation details.GET /api/oauth/authorize- Authorization endpoint — redirect users to authenticatePOST /api/oauth/token- Token endpoint — exchange authorization code for tokensGET /api/oauth/userinfo- UserInfo endpoint — get authenticated user profile
Webhooks (Developer Portal Authentication)
These endpoints use developer JWT authentication (not API key). Manage them via the Developer Dashboard or the Developer Portal API. See the Webhooks Guide for event payloads and signature verification.POST /api/developer/webhooks- Create webhookGET /api/developer/webhooks- List webhooksGET /api/developer/webhooks/:id- Get webhookPUT /api/developer/webhooks/:id- Update webhookPOST /api/developer/webhooks/:id/regenerate-secret- Regenerate secretDELETE /api/developer/webhooks/:id- Delete webhook
Response Format
All successful responses follow this format:Status Codes
200- Success201- Created400- Bad Request401- Unauthorized403- Forbidden404- Not Found429- Too Many Requests500- Internal Server Error
Rate Limiting
- Default: 100 requests per minute per IP address
- Header: Rate limit information is included in response headers
- Exceeding: Returns
429 Too Many Requests
The default rate limit applies per IP address. Custom per-key rate limits can be configured when creating or updating an API key in the dashboard.
Pagination
List endpoints support pagination:Escrow Modes
When creating an escrow, setmode to choose the transaction flow:
| Mode | Use case | Contract | Completion |
|---|---|---|---|
standard | Services, freelance work | Yes | Buyer confirms after delivery |
quick | Products between two users | No | Buyer confirms after delivery |
instant | In-app digital goods (you are seller) | No | Auto-completes on deliver |
Escrow Statuses
pending
Escrow created, waiting for payment
paid
Payment received, waiting for delivery
delivered
Service delivered, waiting for completion
completed
Transaction completed successfully
cancelled
Escrow was cancelled
All timestamps are in ISO 8601 format (UTC). Example:
2024-01-15T10:30:00Z