eSIMTrade Docs
api.esimtrade.com
Simpler, clearer reseller API docs.
Start with authentication, check wallet balance, read plans, and then move into orders and inventory. These docs are designed to help teams integrate faster with less scrolling and less guessing.
Authentication
How reseller credential pairs work, supported headers, and which auth modes are accepted by reseller routes.
Preferred credential model
New integrations should authenticate with a generated access-code and secret-key pair. These credentials are created in the reseller portal and can be rotated or revoked without changing the reseller account itself.
Routes using requireResellerAccess also accept a valid reseller session cookie when the request comes from an authenticated portal session.
| Header | Required | Purpose |
|---|---|---|
| x-access-code | Yes for pair auth | Identifies the API key record |
| x-secret-key | Yes for pair auth | Verifies the shared secret |
| x-api-key | Legacy only | Secret-only compatibility mode |
| Authorization: Bearer <secret> | Legacy only | Secret-only compatibility mode |
Plans request with pair auth
curl --location --request GET 'https://api.esimtrade.com/api/v1/portal/plans' \ --header 'x-access-code: YOUR_ACCESS_CODE' \ --header 'x-secret-key: YOUR_SECRET_KEY'
Rate limiting and access scope
Each API key has its own per-minute request limit. The active default in the portal UI starts at 120 requests per minute, but the exact value is stored per key and enforced in the server rate-limit bucket table.
All server-to-server reseller responses are scoped to the reseller behind the key. A key cannot read another reseller's orders, profile, balance, or eSIM inventory.
If an API key is revoked or expired, reseller routes return HTTP 401 Unauthorized.