REST API Reference

Base URL

bash

https://api.slootly.dev/v1

Authentication

All API requests require an API key passed in the Authorization header.

bash

curl https://api.slootly.dev/v1/check \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -d '{"user_id": "123456789", "platform": "telegram"}'

POST /check

Check subscription status for a user on a platform.

Request Body

Field	Type	Required	Description
`user_id`	`string`	`Yes`	`Platform-specific user ID`
`platform`	`string`	`Yes`	`telegram \| discord \| whatsapp \| slack \| custom`

Response

json

{
  "active": true,
  "plan": "pro",
  "plan_id": "plan_abc123",
  "status": "active",
  "current_period_start": "2026-03-01T00:00:00Z",
  "current_period_end": "2026-04-01T00:00:00Z",
  "cancel_at_period_end": false,
  "trial_end": null,
  "subscriber_id": "sub_xyz789",
  "platforms": ["telegram", "discord"],
  "metadata": {},
  "token": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..."
}

The token field contains a signed JWT that can be verified offline using the public key from the JWKS endpoint. The SDK handles this automatically.

GET /plans

Fetch all active plans for the project.

bash

curl https://api.slootly.dev/v1/plans \
  -H "Authorization: Bearer sk_live_your_api_key"

Response

json

{
  "data": [
    {
      "id": "plan_abc123",
      "name": "Pro",
      "slug": "pro",
      "description": "Unlimited access to all features",
      "amount": 999,
      "currency": "usd",
      "interval": "month",
      "interval_count": 1,
      "trial_days": 7,
      "features": ["Unlimited queries", "Priority support", "API access"],
      "metadata": {}
    }
  ],
  "total": 1
}

POST /subscriptions/:subscriberId/cancel

Cancel a subscription. It remains active until the end of the current billing period.

bash

curl -X POST https://api.slootly.dev/v1/subscriptions/sub_xyz789/cancel \
  -H "Authorization: Bearer sk_live_your_api_key"

Response

json

{
  "ok": true,
  "cancel_at_period_end": true,
  "current_period_end": "2026-04-01T00:00:00Z"
}

GET /.well-known/jwks.json

Get the public keys for verifying JWT subscription tokens. The SDK fetches and caches these keys automatically.

bash

curl https://api.slootly.dev/v1/.well-known/jwks.json

Response

json

{
  "keys": [
    {
      "kty": "OKP",
      "crv": "Ed25519",
      "x": "base64url_encoded_public_key",
      "kid": "key_001",
      "use": "sig",
      "alg": "EdDSA"
    }
  ]
}

Error Responses

All error responses follow a consistent format:

json

{
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid.",
    "status": 401
  }
}

Error Codes

Status	Code	Description
`400`	`validation_error`	`Invalid request body or parameters`
`401`	`invalid_api_key`	`Missing or invalid API key`
`404`	`not_found`	`Resource not found`
`429`	`rate_limited`	`Too many requests`
`500`	`internal_error`	`Server error`

Rate Limits

Endpoint	Free	Pro	Enterprise
`POST /check`	`100 req/min`	`1000 req/min`	`Custom`
`GET /plans`	`60 req/min`	`300 req/min`	`Custom`
`POST /cancel`	`30 req/min`	`100 req/min`	`Custom`

Tip

The SDK caches subscription checks and uses JWT offline verification, so you rarely hit rate limits in normal operation. A bot with 10,000 active users typically makes fewer than 100 API calls per minute.