Skip to main content
POST

Authentication

This endpoint requires HMAC-SHA256 signature authentication. See Authentication guide for details.

Headers

X-Esim-Story-Access-Key
string
required
Your partner access key. Used for authentication.
X-Esim-Story-Signature
string
required
HMAC-SHA256 signature of the request. Generated using your secret key. See Authentication guide for signature generation details.
X-Esim-Story-Timestamp
string
required
Unix timestamp in seconds (UTC). Must be within the allowed time window of the current time.

Request Body

external_order_id
string
required
Your order identifier in your system. Must be unique.
products
array
required
Array of products to order. Each product must include: - option_id (string, required): The eSIM product option ID - qty (integer, required): Quantity of this product to order

Response

products
array
Array of products with their assigned topup IDs. Each product includes: - topup_id (string): The topup ID assigned to this product - option_id (string): The option ID that was ordered

Error Responses

400 Bad Request

Invalid request payload or JSON parsing error:
Common causes:
  • Malformed JSON in request body
  • Invalid JSON syntax
  • Missing or empty request body

401 Unauthorized

Authentication failed:
Common authentication errors:
  • Missing required authentication headers: One or more of X-Esim-Story-Access-Key, X-Esim-Story-Signature, or X-Esim-Story-Timestamp headers are missing
  • Invalid access key: The provided access key does not exist in the system
  • Invalid signature: The HMAC signature does not match the expected signature
  • Request timestamp is too old or invalid: The timestamp must be within the allowed time window of the current time
  • Missing secret key: The partner record is missing a secret key

422 Unprocessable Entity

Validation errors or business logic errors: Product not found: When an option_id in the products array does not exist in the system:
Missing required fields:
Duplicate external_order_id:
Invalid products array:
  • Empty products array
  • Missing option_id or qty in product objects
  • Invalid qty value (must be a positive integer)
eSIM API errors: When the external eSIM provider API returns an error:
API connection errors: When there’s a network error connecting to the eSIM provider:

500 Internal Server Error

Server error during order processing:
Common causes:
  • Database connection errors
  • Unexpected server errors
  • External service failures

Notes

  • The external_order_id must be unique.
  • Each product in the products array will be ordered qty times.
  • The response includes one topup_id per quantity ordered (e.g., if qty: 2, you’ll receive 2 entries with different topup_id values).
  • Orders are processed asynchronously. The response indicates successful order creation, but eSIM activation may take additional time.
  • You must configure a webhook URL to receive eSIM data. If no webhook URL is configured, you will not receive eSIM activation data.
  • In sandbox environment, orders use test data and do not result in actual eSIM purchases.

Example: Ordering Multiple Quantities

If you order a product with qty: 2, you’ll receive 2 separate entries in the response:

Webhooks

After successfully creating an order, eSIM data will be delivered to your configured webhook URL once the eSIM is ready. A webhook URL must be configured in your partner account to receive callbacks. Webhooks are sent via POST requests to your configured webhook URL. Your webhook endpoint should return a 200 OK status code to acknowledge successful receipt. One webhook is sent per order item. For example, if you order a product with qty: 2, you will receive 2 separate webhook requests (one for each quantity ordered).

Example Response

Last modified on February 4, 2026