TinyPass Developer's Resources


Tinypass Configuration

API Endpoint: https://api.tinypass.com/

Sandbox Endpoint: http://sandbox.tinypass.com

TinyPass::$SANDBOX = true;
TinyPass::$AID = "your_sandbox_aid";
TinyPass::$PRIVATE_KEY = "your_sandbox_private_key";

TinyPass.SANDBOX = true;
TinyPass.AID = "your_sandbox_aid";
TinyPass.PRIVATE_KEY = "your_sandbox_private_key";

TinyPass.TP.SANDBOX = true;
TinyPass.TP.AID = "your_sandbox_aid";
TinyPass.TP.PRIVATE_KEY = "your_sandbox_private_key";

Tinypass.sandbox = true
Tinypass.aid = "your_sandbox_aid"
Tinypass.private_key = "your_sandbox_private_key"

Not using one of our libraries? Here's how to generate your own API signature:

  1. Build a standard HTTP request using the API endpoints listed in the documentation below. Append your chosen parameters to the string.
    "GET /r2/access?rid=[RID]&user_ref=[USER_REF]"
  2. Generate an HMAC SHA-256 signature using your private key as your key and the entire string created in step 1 as the message. The HMAC signature should be Base64/URL-safe encoded.
  3. Construct your header with your AID and signature.
    "Authorization: [AID]:[YOUR HMAC SHA-256 SIGNATURE]"

GET /r2/access


  • rid (string, required)
  • user_ref (string, required)

Using Client API:

$details = TinyPass::fetchAccessDetail(array("rid"=>$rid, "user_ref"=>$user_ref));

AccessDetails details = TinyPass.fetchAccessDetail(rid, userRef);

AccessDetails details = TinyPass.TP.FetchAccessDetail(rid, userRef);

detail = Tinypass.fetch_access_detail('my_rid', 'my_user_ref')

Response (AccessDetails):

  • id (public access ID)
  • aid (application ID)
  • rid (resource ID)
  • uid (Tinypass user ID)
  • amount (price paid for access)
  • currency (currency of the price)
  • created (date/time in seconds when access was granted)
  • expires (date/time in seconds when access expires)
  • user_ref (user reference or uid)
  • user_email (user's email address)
  • tags

GET /r2/access/search


  • rid (string, optional)
  • user_ref (string, optional)
  • email (string, optional)
  • tag (string, optional)
  • show_expired (boolean, optional)
  • page (integer, optional, default: 0)
  • pagesize (integer, optional, default 100, max: 1000)

Client API:

$params = array();
$params["rid"] =  "some_rid";
$params["user_ref"] = "username";
$params["tag"] = "music";
$result = TinyPass::fetchAccessDetails($params, 0, 200);

HashMap<String,Object> params = new HashMap<String,Object>();
params.put("rid", "some_rid");
params.put("user_ref", "username");
params.put("tag", "music");
PagedList<AccessDetails> result = TinyPass.fetchAccessDetails(params, 0, 200);

var parameters = new Dictionary<string,object>();
parameters.Add("rid", "some_rid");
parameters.Add("user_ref", "username");
parameters.Add("tag", "music");
PagedList<AccessDetails> result = TinyPass.TP.FetchAccessDetails(parameters, 0, 200);

details = Tinypass.fetch_access_details(user_ref: 'my_user_ref', rid: 'rid', tag: 'music')

POST /r2/access/grant


  • rid (string, required)
  • email (string, required) The email address identifying the user who is granted access
  • user_ref (string, optional but recommended) A unique string you can use to identify a user (email address is fine)
  • expiration (integer, optional) Absolute date/time in seconds when access expires
  • message (string, optional) Custom message included in the notification email sent to grant access recipients
  • suppress_email (boolean, optional, default:false) When true, no notification email is sent to the recipient

Note that a resource (rid) must exist to have access granted to it. Thus, a resource must have been created by a purchase or in the dashboard before this method can be used to grant access to it.

TinyPass::grantAccess(array("rid"=>$rid, "user_ref"=>$user_ref, "email"=>$email));

TinyPass.grantAccess(rid, userRef, email);

TinyPass.TP.GrantAccess(rid, userRef, email);

Tinypass.grant_access({"rid"=>rid, "user_ref"=>user_ref, "email"=>email})

POST /r2/access/revoke


  • rid (string, required)
  • user_ref (string, required)
  • refund (boolean, optional, default: false)

TinyPass::revokeAccess(array("rid"=>$rid, "user_ref"=>$user_ref));

TinyPass.revokeAccess(rid, userRef);

TinyPass.TP.RevokeAccess(rid, userRef);

Tinypass.revoke_access(rid: rid, user_ref: user_ref)

GET /r2/subscription/search


  • rid (string, optional)
  • user_ref (string, optional)




Tinypass.fetch_subscription_details({user_ref: 'my_user_ref', rid: 'my_rid'})

POST /r2/subscription/cancel


  • rid (string, required)
  • user_ref (string, required)




Tinypass.cancel_subscription({user_ref: 'my_user_ref', rid: 'my_rid'})

GET /r2/downloads/url

Generate a download URL based on a RID


  • rid (string, required)
  • lifetime (integer, optional) - the lifetime in seconds this link will be valid for
  • expiration (integer, optional) - the end time in Unix time of the link

Note: You must provide either lifetime or expiration




Tinypass.generate_download_url({rid: rid, lifetime: 30})

GET /r2/download/

Get download details


  • rid (string, required) - rid associated with this download

Response JSON contains:

  • id
  • description
  • title
  • rid
  • image
  • price - string format of amount and currency
  • modified_date - seconds since 1970
  • created_date - seconds since 1970
  • published_date - seconds since 1970

GET /r2/user/{uid}

Get user details for specific user


  • uid (string, required)

Response JSON contains:

  • uid
  • email
  • first_name
  • last_name

Response Codes

200 - Success
400 - A required parameter is missing
401 - Authorization failed
402 - Request failed due to unsupported method (i.e. GET not allowed) or application error
404 - Requested item not found
500 - Server error