Coming Soon Early access is currently controlled while Klckstart prepares its first public rollout.
Join Waitlist Talk to Sales
Klckstart logo Klckstart
API Reference

Grouped endpoint guidance for the current Klckstart platform.

This version organizes the most useful implementation surfaces by workflow, with request examples in cURL, JavaScript, and PHP so developers can move faster.

Start with Auth Back to Docs
Grouped by workflowAuth, billing, analytics, and admin endpoints are separated so teams can scan faster.
Copy-ready snippetsEach endpoint block supports quick copy and language switching.
Approval-aware authExamples reflect the actual pending-to-active account gate used by the platform.
Auth

Registration, login, and session control

Keep registration and approval separate. A created account is not necessarily an activated account.

POST/api/login.php

Authenticate an approved user

Use this after a user has already been approved by admin. Pending accounts should receive a blocked response.

curl -X POST https://your-domain.com/api/login.php \
  -H "Content-Type: application/json" \
  -d '{
    "email": "team@example.com",
    "password": "your-password"
  }'
const response = await fetch('/api/login.php', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  credentials: 'same-origin',
  body: JSON.stringify({ email, password })
});

const payload = await response.json();
$payload = [
    'email' => $email,
    'password' => $password,
];

// submit JSON to /api/login.php

Success

{
  "ok": true,
  "message": "Login successful.",
  "status": "active",
  "redirect": "/dashboard.php"
}

Pending approval

{
  "ok": false,
  "message": "Your account is awaiting admin approval.",
  "status": "pending"
}
Billing

Plan and subscription endpoints

These endpoints shape how KlckPay surfaces modules, creates subscriptions, and queues lifecycle changes.

POST/api/billing/subscription_create.php

Create a subscription

Use after loading the plan catalog and collecting a valid payment method reference.

curl -X POST https://your-domain.com/api/billing/subscription_create.php \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "plan_id": 3,
    "payment_method_id": 18,
    "modules": ["klckpay", "klckanalytics"],
    "billing_cycle": "monthly"
  }'
await fetch('/api/billing/subscription_create.php', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  credentials: 'same-origin',
  body: JSON.stringify({
    plan_id: 3,
    payment_method_id: 18,
    modules: ['klckpay', 'klckanalytics'],
    billing_cycle: 'monthly'
  })
});
$payload = [
    'plan_id' => 3,
    'payment_method_id' => 18,
    'modules' => ['klckpay', 'klckanalytics'],
    'billing_cycle' => 'monthly',
];

// send JSON to /api/billing/subscription_create.php

Success

{
  "ok": true,
  "message": "Subscription created successfully.",
  "subscription_id": 42,
  "status": "active"
}

Queued review

{
  "ok": true,
  "message": "Change request queued.",
  "request_status": "pending_review"
}
Analytics + Shield

Event tracking and risk review

Analytics and shield surfaces should work together so real behavior and suspicious patterns stay visible.

POST/api/track_event.php

Track a product event

Use this for meaningful actions like pricing interest, onboarding movement, and billing flow steps.

curl -X POST https://your-domain.com/api/track_event.php \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{
    "event_name": "pricing_cta_clicked",
    "product": "klckpay",
    "page": "pricing"
  }'
await fetch('/api/track_event.php', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  credentials: 'same-origin',
  body: JSON.stringify({
    event_name: 'pricing_cta_clicked',
    product: 'klckpay',
    page: 'pricing'
  })
});
$payload = [
    'event_name' => 'pricing_cta_clicked',
    'product' => 'klckpay',
    'page' => 'pricing',
];

// send JSON to /api/track_event.php

Event success

{
  "ok": true,
  "message": "Event tracked.",
  "event_name": "pricing_cta_clicked"
}

Shield alert example

{
  "ok": true,
  "alerts": [
    {
      "severity": "high",
      "signal": "payment_mismatch",
      "status": "open"
    }
  ]
}
Admin

Approval and operational endpoints

These are admin-session surfaces only. Use them from controlled internal pages, not public client code.

POST/api/admin/update_user_status.php

Approve or block a user

Update account status when reviewing pending signups or taking corrective action on existing access.

curl -X POST https://your-domain.com/api/admin/update_user_status.php \
  -H "Content-Type: application/json" \
  -b admin-cookies.txt \
  -d '{
    "user_id": 128,
    "status": "active"
  }'
await fetch('/api/admin/update_user_status.php', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  credentials: 'same-origin',
  body: JSON.stringify({ user_id: 128, status: 'active' })
});
$payload = [
    'user_id' => 128,
    'status' => 'active',
];

// send JSON to /api/admin/update_user_status.php

Approval success

{
  "ok": true,
  "message": "User status updated.",
  "status": "active"
}

Permission failure

{
  "ok": false,
  "message": "Admin access required."
}