API reference

All services exposed by The Wallet Crew platform are accessible through the API and documented in this API reference.

Endpoints are grouped by categories. Each category maps to a functional area of the platform, such as pass operations, customer profile operations, or tenant administration.

OpenAPI specification

The Wallet Crew API definition follows the OpenAPI specification. The API reference is rendered from that OpenAPI definition and is the source of truth for endpoints, payloads, responses, scopes, and default throttling values.

How the API reference is organized

The API reference groups endpoints by tag. In The Wallet Crew docs, each tag is treated as an API category.

The category list can evolve over time as new features are added. The intent stays stable: one category equals one clear product capability.

API categories

The most common categories are listed below.

Passes

Endpoints used to create, read, update, and deactivate passes. This includes “Add to Wallet” related endpoints, and hosted views used in distribution flows.

Related guide: How to Create Passes via API in The Wallet Crew.

Customers

Endpoints used to create/update a customer profile, retrieve customer data, and (in some setups) authenticate customers for customer-scoped calls.

Webhooks

Endpoints used to register and manage webhook subscriptions, so external systems can receive real-time events from The Wallet Crew.

Related guide: Webhook.

Insights

Endpoints used to query usage data (logs, events, metrics). This API is typically used for reporting, monitoring, and analytics pipelines.

Related guide: Insights API.

Tenant and administration

Endpoints used to manage tenant configuration and access control, such as users, roles, permissions, secrets, and system-level operations. These endpoints are usually restricted to admin identities and/or scoped API keys.

Utilities and content

Supporting endpoints used across multiple features, such as barcode generation, public asset retrieval, cached content, or email verification. Availability depends on tenant configuration and enabled modules.

Authentication

The Wallet Crew APIs support two authentication methods:

OAuth 2.0 (Bearer token)

OAuth 2.0 is used for admin and user-based authentication flows. Calls use the standard HTTP header:

API key (X-API-KEY)

API keys are the simplest option for server-to-server calls (backend, integration middleware, scheduled jobs). Calls use the header:

API keys are generated from the admin console. See How to generate an API key.

For the in-doc version of the same guide, see API Key.

Tenant routing (tenantId in the URL)

All tenant-scoped endpoints include a tenantId path parameter. This is how requests are routed and isolated per tenant.

Typical pattern:

Example:

Throttling and rate limits

API throttling is configurable per endpoint and per tenant. This protects the platform from abuse and helps prevent noisy-neighbor effects in a multi-tenant environment.

Default throttling values are documented in the API definition itself (OpenAPI). When a tenant uses custom throttling settings, the effective limit can differ from the documented default.

Versioning and change policy

The Wallet Crew API does not use URL versioning (no /v1, /v2, …). The API is designed to remain stable over time.

When a breaking change is necessary, impacted brands are notified in advance. This notice includes the change scope, timeline, and mitigation steps.

FAQ