GamexBulk Shop Public API Documentation

GamexBulk - Official Game Store & Top-Up Services
Base URL: https://cdn.milliepin.az/api/v1 Support: @tlh13
v1
API key not verified Use GET /getMe to verify and auto-load your webhook secret.

Introduction

Integrate voucher and top-up products into your own system using GamexBulk.Shop public JSON API. This page includes live playground blocks so resellers can verify their API key, test requests, inspect raw request bodies, and validate webhook signatures directly from the browser.

REST + JSON Live Playground Idempotent Orders Signed Webhooks Top-up Validation USD
Base URL: https://cdn.milliepin.az/api/v1
Catalog flow Use /games, /categories, and /products to build your browsing and purchase flow.
Safe order creation Use X-Idempotency-Key for retries and optionally send callback_url plus callback_mode.
Webhook modes legacy sends final updates only. events sends signed status-change webhooks.

Base URL & Versioning

All endpoints below are relative to https://cdn.milliepin.az/api/v1.

Version v1 is stable. Future breaking versions should use a separate prefix.

Authentication

Authenticated endpoints require your personal API key in the request header below:

X-API-KEY: YOUR_API_KEY
Security note: Keep your API key on your backend only. Do not expose it inside public frontend code or mobile app bundles.

Idempotency

For order creation, send X-Idempotency-Key with a unique UUID. Reusing the same key with the same payload safely returns the same order instead of creating duplicates. 

X-Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000

Get Account Details

Retrieve reseller profile data, balance, currency, and personal webhook_secret.

GET https://cdn.milliepin.az/api/v1/getMe
Auth: X-API-KEY 200 
curl -s "https://cdn.milliepin.az/api/v1/getMe" \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "Accept: application/json"
{
  "success": true,
  "data": {
    "user_id": 579365494,
    "username": "reseller_pro",
    "balance": "1250.5000",
    "webhook_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "currency": "USD"
  }
}
Request
No request yet.
Response
Response will appear here.

Games

List available games that can be used to group or filter top-up products.

GET https://cdn.milliepin.az/api/v1/games
Public 200 
curl -s "https://cdn.milliepin.az/api/v1/games" -H "Accept: application/json"
{
  "success": true,
  "data": [
    {
      "id": 1,
      "name": "PUBG Mobile"
    },
    {
      "id": 2,
      "name": "Mobile Legends"
    }
  ]
}
Request
No request yet.
Response
Response will appear here.

Categories

List product categories. You may optionally filter by game_id.

GET https://cdn.milliepin.az/api/v1/categories?game_id=1
Public 200
QueryTypeRequiredDescription
game_id integer NO Filter categories for a specific game. 
curl -s "https://cdn.milliepin.az/api/v1/categories?game_id=1" -H "Accept: application/json"
{
  "success": true,
  "data": [
    {
      "id": 10,
      "name": "UC Packages",
      "game_id": 1
    }
  ]
}
Request
No request yet.
Response
Response will appear here.

Products

List active products. Supports filters such as type, game, category, and IDs.

GET https://cdn.milliepin.az/api/v1/products
Public 200
QueryTypeRequiredDescription
typestringNOvoucher or topup
gamestringNOSearch by game name
categorystringNOSearch by category name
game_idintegerNOFilter by game ID
category_idintegerNOFilter by category ID
pageintegerNOPage number
per_pageintegerNOMaximum 100
curl -s "https://cdn.milliepin.az/api/v1/products?type=voucher&per_page=10" \
  -H "Accept: application/json"
{
  "success": true,
  "data": [
    {
      "id": 55,
      "name": "Steam Wallet 10 USD",
      "game_id": 0,
      "game": "",
      "category_id": 3,
      "category": "Gift Cards",
      "type": "VOUCHER",
      "price": "9.9900",
      "stock_status": "FINITE",
      "stock_count": 120,
      "fields": []
    }
  ],
  "meta": {
    "total": 1,
    "per_page": 10,
    "current_page": 1,
    "last_page": 1
  }
}
Request
No request yet.
Response
Response will appear here.

Validate Player

Validate the target player before creating a top-up order. This endpoint is only relevant for products that require player input.

POST https://cdn.milliepin.az/api/v1/validate-player
Auth: X-API-KEY 200
FieldTypeRequiredDescription
product_idintegerYESActive top-up product ID
player_idstringYESPlayer or user identifier
server_idstringNOServer/zone/region value when needed
input_2...input_8stringNOExtra mapped input fields for advanced products
curl -s "https://cdn.milliepin.az/api/v1/validate-player" \
  -X POST \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "product_id": 91,
    "player_id": "5123456789",
    "server_id": "2001"
  }'
{
  "success": true,
  "data": {
    "nickname": "PlayerOne",
    "nickname_verified": true,
    "validation_optional": false
  }
}
Request
No request yet.
Response
Response will appear here.

Create Order

Create a voucher or top-up order. For top-up products, validate the player first when required. Use X-Idempotency-Key to avoid duplicates on retries.

POST https://cdn.milliepin.az/api/v1/order
Auth: X-API-KEY 200
FieldTypeRequiredDescription
product_idintegerYESTarget product ID
qtyintegerNOVoucher quantity. Top-up orders must use 1.
player_idstringTOPUPRequired for top-up products
server_idstringNOOptional second field for supported games
input_2...input_8stringNOAdditional mapped inputs
callback_urlstringNOHTTPS webhook endpoint
callback_modestringNOlegacy (default) or events

Headers

X-API-KEY: YOUR_API_KEY
X-Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000

Voucher order example

{
  "product_id": 55,
  "qty": 2,
  "callback_url": "https://yourdomain.com/webhooks/gamexbulkshop",
  "callback_mode": "legacy"
}

Top-up order example

{
  "product_id": 91,
  "qty": 1,
  "player_id": "5123456789",
  "server_id": "2001",
  "callback_url": "https://yourdomain.com/webhooks/gamexbulkshop",
  "callback_mode": "events"
}

Response

{
  "success": true,
  "data": {
    "order_id": 8821,
    "status": "PENDING"
  }
}
Tip: Leave callback_mode as legacy for old integrations. Use events only if your webhook consumer is ready for PENDING, PROCESSING, COMPLETED, and FAILED status updates.
Request
No request yet.
Response
Response will appear here.

Get Order Status

Fetch a single order by ID.

GET https://cdn.milliepin.az/api/v1/order/{id}
Auth: X-API-KEY 200 
curl -s "https://cdn.milliepin.az/api/v1/order/8821" \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "Accept: application/json"
{
  "success": true,
  "data": {
    "order_id": 8821,
    "client_order_id": "7b8f0a64-4f7e-4a2f-9a0a-7b1f0a3bfa11",
    "status": "COMPLETED",
    "price": "19.9800",
    "created_at": "2026-01-30T13:05:04+00:00"
  }
}
Request
No request yet.
Response
Response will appear here.

List Orders

Retrieve your recent order list.

GET https://cdn.milliepin.az/api/v1/orders
Auth: X-API-KEY 200 
{
  "success": true,
  "data": [
    {
      "order_id": 8821,
      "client_order_id": "7b8f0a64-4f7e-4a2f-9a0a-7b1f0a3bfa11",
      "status": "COMPLETED",
      "price": "19.9800",
      "created_at": "2026-01-30T13:05:04+00:00"
    }
  ]
}
Request
No request yet.
Response
Response will appear here.

Webhooks

If you send a valid callback_url while creating an order, webhook behavior depends on callback_mode.

ModeBehavior
legacy Backward-compatible mode. Only one final reseller webhook is sent when the order reaches COMPLETED or CANCELED.
events Status-change mode. Signed webhooks are sent for public lifecycle changes such as PENDING, PROCESSING, COMPLETED, and FAILED.
  • Voucher orders may finalize very quickly.
  • Top-up orders may remain in PROCESSING before completion.
  • Event mode is best for automation flows that should react before final completion.
  • When an order is later completed or canceled from the admin panel, the same saved callback_url is used for the final webhook.
  • Your webhook endpoint should answer with 2xx quickly and tolerate duplicate deliveries.

Signature Verification

Signed webhook requests include an HMAC header generated using your personal webhook_secret from /getMe.

HeaderDescription
X-GAMEX-SignatureHMAC SHA-256 of the raw request body in format sha256=...
X-GAMEX-EventPresent for event-mode webhooks. Current value: order.status_changed
Content-Typeapplication/json
$secret = 'YOUR_WEBHOOK_SECRET';
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_GAMEX_SIGNATURE'] ?? '';

$computed = 'sha256=' . hash_hmac('sha256', $payload, $secret);

if (!hash_equals($computed, $signature)) {
    http_response_code(401);
    exit('Invalid signature');
}

http_response_code(204);
Signature Tester Client-side
Computed Signature
No calculation yet.
Verification Result
Result will appear here.

Payload Examples

Legacy final webhook example

{
  "event_id": "47c8c6ba-16a5-4089-9f62-7ae1e51d4c0f",
  "order_id": 8821,
  "client_order_id": "7b8f0a64-4f7e-4a2f-9a0a-7b1f0a3bfa11",
  "status": "COMPLETED",
  "product_name": "Steam Wallet 10 USD",
  "qty": 2,
  "player_id": null,
  "price": "19.9800",
  "currency": "USD",
  "delivery": ["CODE_1", "CODE_2"],
  "timestamp": "2026-01-30T13:05:10+00:00"
}

Events mode webhook example

{
  "event": "order.status_changed",
  "callback_mode": "events",
  "order_id": 8821,
  "client_order_id": "7b8f0a64-4f7e-4a2f-9a0a-7b1f0a3bfa11",
  "product_id": 91,
  "product_name": "PUBG Mobile 60 UC",
  "product_type": "TOPUP",
  "game_id": 1,
  "game_name": "PUBG Mobile",
  "player_id": "5123456789",
  "player_name": "PlayerOne",
  "server_id": "2001",
  "qty": 1,
  "price": "0.8800",
  "status": "PROCESSING",
  "message": "Order is currently being processed.",
  "timestamp": "2026-03-30T02:00:00+00:00"
}

Order Status Lifecycle

StatusDescriptionWhere used
PENDING Order created and waiting for provisioning. Event mode public webhook
PROCESSING Provisioning started but not finalized yet. Order responses and event mode webhooks
COMPLETED Order delivered successfully. All modes
CANCELED Internal final failure state used by legacy/final flows. Legacy final callbacks and order views
FAILED Public failure name used by event mode webhook payloads. Treat it as a terminal canceled/failed order. Events mode public webhook

Error Codes

Use error.code for programmatic handling.

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "player_id is required."
  }
}
VALIDATION_ERROR Input, quantity, product, or field validation failed.
INSUFFICIENT_FUNDS Wallet balance is too low for the requested order.
VALIDATION_REQUIRED Top-up character validation must be completed before ordering.
IDEMPOTENCY_CONFLICT The same idempotency key was reused with a different payload.
SECURITY_ERROR Callback URL is invalid, unsafe, or rejected by SSRF protection.
SERVICE_ERROR External validation or provisioning service is temporarily unavailable.

Changelog

2026-05-14 Final events webhooks are now dispatched when orders are completed or canceled after creation, including admin/manual status changes. Legacy webhook payload documentation was aligned with the stable payload shape.
2026-03-30 Added callback_mode documentation, event-style webhook coverage, signed status-change payload examples, and dynamic project branding from admin settings.