# Introduction

The Zotlo API allows you to manage subscriptions, payments, checkout links, and customer data programmatically.\
All endpoints follow a RESTful structure and return JSON responses.

This page provides the essential concepts you need before using any endpoint.

## **Environments**

Zotlo provides two environments:

<table><thead><tr><th width="213.29296875">Environment</th><th>Base URL</th></tr></thead><tbody><tr><td><strong>Live</strong></td><td><code>https://api.zotlo.com</code></td></tr></tbody></table>

Use Sandbox while building & testing your integration. Use Live only after your account is approved and activated.

## **Authentication**

Each API request must include your project’s credentials:

{% code overflow="wrap" %}

```js
AccessKey: YOUR_ACCESS_KEY
AccessSecret: YOUR_ACCESS_SECRET
ApplicationId: YOUR_APP_ID   (optional)
Language: en
```

{% endcode %}

* You can find these in **Dashboard → Developer Tools → API Keys**
* Never expose AccessKey or AccessSecret in client-side code
* ApplicationId is optional and used for analytics tagging

All API requests must be sent over HTTPS.

## **Request & Response Format**

* **Requests:** JSON payloads for POST/PUT, query parameters for GET
* **Responses:** All successes return **HTTP 200**
* Errors return **HTTP 400 or 500** with the following structure:

#### Error Response Format

{% code overflow="wrap" %}

```json
{
  "meta": {
    "requestId": "abc123",
    "httpStatus": 400,
    "errorMessage": "Subscriber profile not found.",
    "errorCode": 400009
  },
  "result": []
}
```

{% endcode %}

## Error Fields

<table><thead><tr><th width="193.19921875">Field</th><th>Description</th></tr></thead><tbody><tr><td>requestId</td><td>Unique ID for debugging</td></tr><tr><td>httpStatus</td><td><code>400</code> or <code>500</code> for errors</td></tr><tr><td>errorMessage</td><td>Human-readable message (in the Language header you send)</td></tr><tr><td>errorCode</td><td>Zotlo-specific error code (<code>400008</code>, <code>400009</code>, etc.).</td></tr><tr><td>result</td><td>Empty or error-specific content.</td></tr></tbody></table>

## **Rate Limits**

Zotlo API uses standard rate limiting to ensure platform stability.\
If the limit is exceeded, the API returns **HTTP 429 – Too Many Requests**.

Recommended: add retry logic with exponential backoff.

## **Sandbox vs Live Behavior**

* Sandbox simulates full subscription & payment flow
* No real charges occur
* Webhooks work normally for integration testing
* Live mode requires **Agreement approval + Business verification**