Vector Trading Public API

This page describes the public REST API for bundle owners. Use Swagger for the exact schema.

The API supports:

• listing your bots bundles
• searching users by name
• listing current and scheduled bundle access grants
• creating and revoking access grants
• reading short-lived checkout sessions

API keys are available to users with a premium or elite subscription in Profile -> API Keys.

API keys are intended for server-side integrations. Do not store or use them in browser JavaScript: public REST API requests do not rely on Vector Trading web sessions, cookies, or credentialed browser CORS.

Scopes:

• bundles: list your bots bundles
• users: search users by name
• grants: list, create, and revoke access grants

Use grants: write when your external billing system needs to grant or revoke bundle access.

Every request must include:

Authorization: Bearer vt_<apiKeyId>_<secret>

Base URL:

https://www.vector-trading.app/api/rest/v1

1. List bundles with GET /bundles.
2. Find a user with GET /users?displayName=....
3. Create a grant with POST /bundles/<bundleId>/grants.
4. Track active grants with GET /bundles/<bundleId>/grants.

curl -X GET "https://www.vector-trading.app/api/rest/v1/bundles" \
  -H "Authorization: Bearer $VECTOR_API_KEY"

curl -G "https://www.vector-trading.app/api/rest/v1/users" \
  -H "Authorization: Bearer $VECTOR_API_KEY" \
  --data-urlencode "displayName=alex" \
  --data-urlencode "limit=10"

displayName is a case-insensitive prefix search query with length 2-30. Use the returned userId for grant operations.

curl -X GET "https://www.vector-trading.app/api/rest/v1/bundles/<bundleId>/users" \
  -H "Authorization: Bearer $VECTOR_API_KEY"

Returns public user information with the current grant type, current grant period, and continuous access end (accessEndsAt or accessIsPermanent).

curl -X GET "https://www.vector-trading.app/api/rest/v1/bundles/<bundleId>/grants" \
  -H "Authorization: Bearer $VECTOR_API_KEY"

Returns current and future non-revoked grants: id, grantType, userId, sourceId, startsAt, endsAt, createdAt.

curl -X POST "https://www.vector-trading.app/api/rest/v1/bundles/<bundleId>/grants" \
  -H "Authorization: Bearer $VECTOR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "<userId>",
    "grantType": "paid_external",
    "endsAt": "2026-07-19T12:00:00.000Z",
    "sourceId": "stripe:invoice:in_123"
  }'

Allowed grantType values: owner_grant, paid_external, referral_reward, gift.

Use endsAt for temporary access. Vector Trading chooses the grant startsAt: it starts immediately or after the current continuous access chain. If endsAt is already covered by an active or scheduled chain, the covered grant is returned and no duplicate is created. If endsAt is omitted, access is permanent.

For paid_external, sourceId is required and should identify the paid invoice, payment, or webhook event. It must be a visible ASCII token matching [A-Za-z0-9][A-Za-z0-9._:-]{0,255}. If the same sourceId is reused for the same bundle, user, and grant type, the existing grant is returned.

Vector Trading does not process payments and does not store a recurring subscription state for your checkout. Treat Vector Trading as an access ledger:

1. When the first invoice is paid, create a paid_external grant with endsAt equal to the paid period end.
2. When a recurring renewal invoice is paid, call the same endpoint again with a new sourceId and the next period endsAt.
3. For a one-time lifetime purchase, create a paid_external grant with a unique sourceId and omit endsAt.
4. If a renewal payment fails, do not create a new grant. The current access expires naturally.
5. If the customer cancels at the period end, do not revoke the current grant. Just stop creating future grants.
6. For an immediate cancellation, refund, or chargeback, revoke the current or future grants through the revoke endpoint.

curl -X DELETE "https://www.vector-trading.app/api/rest/v1/bundles/<bundleId>/grants/<grantId>" \
  -H "Authorization: Bearer $VECTOR_API_KEY"

Warning: revocation sets revokedAt on the selected grant and all current or future grants for the same user in this bundle that start after it. Grants are not physically deleted.

Bundle owners can set a strict HTTPS paymentUrl in bundle payment settings. paymentUrl is available only together with the bundle informational price and currency. When a user confirms the platform disclaimer, Vector Trading creates a 15-minute checkout session and opens the owner URL with checkoutId appended to the query string. The owner checkout must read the session through the API before charging the user.

curl -X GET "https://www.vector-trading.app/api/rest/v1/checkout/<checkoutId>" \
  -H "Authorization: Bearer $VECTOR_API_KEY"

The API key must belong to the bundle owner and have grants: read.

The response includes checkoutId, bundleId, userId, displayName, the current bundle display terms (price, currency, and discount), and does not include trialPeriodDays. Show the displayName and payment amount to the user before charging them.

Common cases:

• 401: missing or invalid API key
• 403: the key does not have the required scope
• 404: bundle, user, grant, or checkout session was not found
• 400: invalid parameter or request body format
• 413: JSON request body is too large
• 415: request body is not application/json
• 500/503: server error with a generic public message and requestId