Skip to main content
The DHMAD API is a RESTful API that provides secure escrow services. All endpoints use JSON for request and response bodies.

Base URL

All API requests should be made to:
  • Production: https://dhmad.tn/api/v1
  • Sandbox (for testing): https://sandbox.dhmad.tn/api/v1 — use sk_sandbox_ keys; see Sandbox

Authentication

All requests require authentication using an API key. You can use either:
  • Bearer Token: Authorization: Bearer sk_live_your_api_key_here
  • X-API-Key Header: X-API-Key: sk_live_your_api_key_here
See the Authentication guide for more details.
Most API operations require your developer account to be associated with a user account (e.g., checking balance, listing escrows, getting escrow details). The GET /me endpoint works without association. Creating escrows with sellerEmail also does not require association. You can associate your account in the developer dashboard.

Interactive API Explorer

We provide an interactive API Explorer (Swagger UI) in the Developer Portal where you can:
  • Browse all available endpoints
  • View request/response schemas
  • Test API calls directly from your browser
  • See example requests and responses (including Quick Escrow with Proof on POST /v1/escrows)
  • Authenticate with your API key
Access the API Explorer from your Developer Dashboard after logging in. Click “Authorize” to add your API key and start testing endpoints.

Available Endpoints

Account & Authentication

Escrows

Checkout Sessions

Checkout Sessions let you redirect users to dhmad.tn to perform critical escrow actions (sign contract, accept & pay, complete, dispute, cancellation). See the Checkout Sessions Guide for a full integration walkthrough.
  • Overview — How checkout sessions work, security, and supported actions
  • POST /escrows/:id/sessions - Create checkout session — create a session and get a redirect URL
  • GET /sessions/:sessionId - Get checkout session — verify session status after redirect

Identity Verifications

Verify users through DHMAD before they have a dhmad.tn account. DHMAD emails the user a Didit KYC link (the URL is never returned to your API). When they later register with the same email, KYC links automatically. See the KYC for marketplaces guide.
If you pass redirect_url, it must be in your allowed redirect URLs (Developer Dashboard → Settings). On sandbox, verifications auto-approve without Didit or email — production behavior differs.

OAuth 2.0

OAuth endpoints for Single Sign-On (SSO) integration. See the OAuth Setup Guide for implementation details.

Webhooks (Developer Portal Authentication)

These endpoints use developer JWT authentication (not API key). Manage them via the Developer Dashboard or the Developer Portal API. See the Webhooks Guide for event payloads and signature verification.

Response Format

All successful responses follow this format:
{
  "data": { ... }
}
Or for specific endpoints:
{
  "message": "Success message",
  "escrow": { ... },
  "url": "...",
  "trackingId": "..."
}
Error responses:
{
  "error": "Error type",
  "message": "Human-readable error description"
}

Status Codes

  • 200 - Success
  • 201 - Created
  • 400 - Bad Request
  • 401 - Unauthorized
  • 403 - Forbidden
  • 404 - Not Found
  • 429 - Too Many Requests
  • 500 - Internal Server Error

Rate Limiting

  • Default: 100 requests per minute per IP address
  • Header: Rate limit information is included in response headers
  • Exceeding: Returns 429 Too Many Requests
The default rate limit applies per IP address. Custom per-key rate limits can be configured when creating or updating an API key in the dashboard.

Pagination

List endpoints support pagination:
GET /escrows?page=1&limit=20
Response includes pagination metadata:
{
  "escrows": [ ... ],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 100,
    "pages": 5
  }
}

Escrow Modes

When creating an escrow, set mode to choose the transaction flow:
ModeUse caseContractCompletion
standardServices, freelance workYesBuyer confirms after delivery
quickProducts between two usersNoBuyer confirms after delivery
instantIn-app digital goods (you are seller)NoAuto-completes on deliver
See Escrow Modes for full details, required fields, and checkout actions per mode.

Escrow Statuses

pending

Escrow created, waiting for payment

paid

Payment received, waiting for delivery

delivered

Service delivered, waiting for completion

completed

Transaction completed successfully

cancelled

Escrow was cancelled

All timestamps are in ISO 8601 format (UTC). Example: 2024-01-15T10:30:00Z