Loyalty Exchange API
Brand-scoped, header-authenticated. Every request needs an x-api-key header
(created per brand). Missing or invalid keys return 401.
Authentication
curl https://qiibee-loyalty-api.josboxoffice.com/api/admin/tokens \ -H "x-api-key: qb_your_sandbox_key"
Endpoints
GET
/api/admin/tokensList the brand's loyalty tokens (type, onramp/offramp, issued/burned).
GET
/api/admin/tokens/:idFetch one token's economics — onramp, offramp, total issued and burned.
POST
/api/admin/codesMint an earning code (
token_id, code, points); redeeming it issues points to a user.GET
/api/admin/transactionsList the brand's exchange transactions (status, amounts, rate, USD value).
POST
/api/admin/transactions{type:"exchange", user_auth_id, brandA_token_id, amount, brandB_token_id} → 202 accepted (async saga); 400 if not whitelisted / over USD limit / insufficient.GET
/api/admin/transactions/:idFetch one transaction's status (requested → completed/failed).
GET
/api/admin/token-exchange-whitelistOne-way exchange partnerships: from→to token, derived rate, min/max USD.
POST
/api/admin/reward-typesPublish a reward catalog entry (
token_id, sku, title, cost_points, provider).GET
/api/admin/reward-typesThe brand's reward catalog.
POST
/api/admin/transactions {type:"points_to_rewards"}Burn points → issue a reward voucher.
202 accepted; 400 on insufficient/unknown.GET
/api/admin/rewardsIssued rewards (voucher +
issued/used status).PUT
/api/admin/rewards/:idMark a reward used (one-time;
409 if already used).GET
/api/admin/walletsCustodial wallet addresses per user (keys never exposed).
GET
/api/admin/chain/txnsOn-chain transactions: kind (mint/burn/transfer/mint_nft),
tx_hash, pending/confirmed status, block.POST
/api/admin/nft-typesPublish an NFT design (
points_token_id, name, cost_points).GET
/api/admin/nft-typesThe brand's NFT catalog.
POST
/api/admin/transactions {type:"points_to_nft_exchange"}Burn points → mint a real ERC-721 to the user's wallet.
202/400.GET
/api/admin/nftsMinted NFTs (on-chain token id, owner, status,
tx_hash).POST
/api/admin/transactions {type:"points_to_crypto"}Burn points → buy crypto via the ramp (
points_token_id, asset, amount). 202/400 (KYC/limit).GET
/api/admin/crypto/purchasesCrypto purchases: asset, points, usd, amount, rate, tx_ref, status.
POST
/api/admin/webhooksRegister a webhook (
url, events); returns a signing secret once. Deliveries are HMAC-signed (x-qb-signature).GET
/api/admin/webhooksList the brand's webhook subscriptions.
GET
/api/admin/users/:external_idFetch a brand-scoped user by their
user_auth_id.Health
GET
/api/healthLiveness + DB status (no auth).