Origin Round Partner API

Welcome to the Origin Round Partner API. This Server-to-Server (B2B) integration allows your backend to securely verify, consume, and monitor digital assets (licenses, subscriptions, and items) purchased on Origin Round.

Zero-Trust Rule: Never expose your API keys in a frontend client. All requests must originate from your secure server.

1. The 'Fast Start' Integration Logic

// 1. Send the user's Secret Code to the Origin Round Live /verify endpoint
const originResponse = await verifyAsset(userInputCode);

// 2. Evaluate the Master Switch
if (!originResponse.data.is_valid) {
    // STOP: The asset is expired, refunded, banned, or fake.
    return "Access Denied. Code is invalid or expired."; 
}

// 3. Handle First-Time vs. Returning Users
if (originResponse.data.already_in_use) {
    // SECURITY: This code is valid, but was consumed in the past.
    return "This code has already been claimed."; 
} else {
    // This is a brand new, untouched code! 
    return "Premium Unlocked! Access Granted.";
}

Integration Testing & Payloads

To ensure your integration is robust before going live, write automated tests against the Sandbox Environment. You do not need to mock HTTP requests or spin up fake databases.

const PROJECT_UUID = 'your_project_uuid_here';
const TEST_API_KEY = 'or_test_your_key_here';

const CODES = {
    FRESH:   'TFRES-HABKN-PKCPF-LGKHG-ELMPL',
    USED:    'TUSED-DABKN-PKCPF-LGKHG-ELMPL',
    EXPIRED: 'TEXPR-DABKN-PKCPF-LGKHG-ELMPL',
    BLOCKED: 'TBLOC-KABKN-PKCPF-LGKHG-ELMPL'
};

async function verifyUserAccess(testCode) {
    const response = await fetch(`https://api.originround.com/api/partners/${PROJECT_UUID}/test`, {
        method: 'POST',
        headers: {
            'Authorization': `Bearer ${TEST_API_KEY}`,
            'Content-Type': 'application/json'
        },
        body: JSON.stringify({ code: testCode })
    });
    return await response.json();
}