REST API Reference
Traffic Exchange Script includes a versioned REST API at /api/v1/. This allows you (or your members) to interact with the platform programmatically — submitting sites, checking credit balances, managing ads, and more.
Authentication
All API endpoints (except public banner serving and offerwall postbacks) require authentication via Laravel Sanctum bearer tokens.
Generating an API Token
Members and admins generate API tokens from their account settings page. Tokens have configurable abilities:
| Ability | Description |
|---|---|
read |
Read-only access to the member’s own data |
read-write |
Read and write access |
admin |
Admin-scoped endpoints (admin accounts only) |
Tokens expire after 30 days by default.
Request Headers
Include the token in the Authorization header:
Authorization: Bearer {your-api-token}
Rate Limiting
| Endpoint Group | Limit |
|---|---|
| Public endpoints | Standard throttle |
| Authenticated member endpoints | throttle:api |
| Surf endpoints | throttle:api-surf |
| Admin endpoints | throttle:api-admin |
Public Endpoints
These endpoints do not require authentication.
Banner Serving
GET /api/v1/banners/serve
Returns a banner ad for display on third-party pages. Used for off-site banner rotators.
Banner Impression Tracking
POST /api/v1/banners/{banner}/impression
Records an impression for a specific banner ad.
Spotlight Impression Tracking
POST /api/v1/spotlight/{spotlightAd}/impression
Records an impression for a spotlight ad placement.
Offerwall Postbacks
GET /api/offerwalls/postback/{slug}
POST /api/offerwalls/postback/{slug}
Server-to-server postback endpoint for offerwall providers. The {slug} is the provider’s identifier (e.g. cpx_research, bitlabs).
Authentication Endpoints
Login
POST /api/v1/auth/login
Body:
{
"email": "member@example.com",
"password": "yourpassword"
}
Response: Returns an API token.
Register
POST /api/v1/auth/register
Two-Factor Authentication
POST /api/v1/auth/2fa/verify
Profile
GET /api/v1/auth/profile
PUT /api/v1/auth/profile
Logout
DELETE /api/v1/auth/logout # Revoke current token
DELETE /api/v1/auth/logout-all # Revoke all tokens
Sites
Manage a member’s submitted surf sites.
GET /api/v1/sites # List the member's sites
POST /api/v1/sites # Submit a new site
PUT /api/v1/sites/{id} # Update a site
DELETE /api/v1/sites/{id} # Delete a site
Credits
GET /api/v1/credits/balance # Credit balances by type
GET /api/v1/credits/transactions # Credit transaction history
POST /api/v1/credits/transfer # Transfer credits to another member
Surf
POST /api/v1/surf/start # Start a surf session
GET /api/v1/surf/stats # Member's surf statistics
Banner Ads
GET /api/v1/banners # List the member's banner campaigns
POST /api/v1/banners # Create a banner campaign
PUT /api/v1/banners/{id} # Update a banner campaign
DELETE /api/v1/banners/{id} # Delete a banner campaign
Text Ads
GET /api/v1/text-ads # List text ad campaigns
POST /api/v1/text-ads # Create a text ad campaign
PUT /api/v1/text-ads/{id} # Update a text ad campaign
DELETE /api/v1/text-ads/{id} # Delete a text ad campaign
PTC Ads
GET /api/v1/ptc-ads # List PTC campaigns
POST /api/v1/ptc-ads # Create a PTC campaign
Referrals
GET /api/v1/referrals # List the member's referrals
GET /api/v1/referrals/commissions # Commission history
GET /api/v1/referrals/stats # Referral statistics summary
Payments
GET /api/v1/payments # Payment history
POST /api/v1/payments/deposit # Initiate a deposit
Withdrawals
GET /api/v1/withdrawals # List withdrawal requests
POST /api/v1/withdrawals # Request a withdrawal
Contests
GET /api/v1/contests # List active contests
GET /api/v1/contests/{id}/leaderboard # Contest leaderboard
GET /api/v1/contests/{id}/my-entry # Member's contest entry
Messages
GET /api/v1/messages # List inbox messages
GET /api/v1/messages/{id} # Read a message
POST /api/v1/messages # Send a message
DELETE /api/v1/messages/{id} # Delete a message
Notifications
GET /api/v1/notifications # List notifications
PUT /api/v1/notifications/read # Mark selected as read
PUT /api/v1/notifications/read-all # Mark all as read
Stats
GET /api/v1/stats/member # Member's personal stats
GET /api/v1/stats/sites # Stats for all the member's sites
GET /api/v1/stats/sites/{id} # Stats for a specific site
Admin Endpoints
Requires an API token with admin ability from an admin account.
GET /api/v1/admin/dashboard # Admin dashboard stats
GET /api/v1/admin/members # List members
GET /api/v1/admin/members/{id} # Member details
POST /api/v1/admin/members # Create a member
PUT /api/v1/admin/members/{id} # Update a member
DELETE /api/v1/admin/members/{id} # Delete a member
POST /api/v1/admin/members/{id}/credits # Adjust credits
POST /api/v1/admin/members/{id}/suspend # Suspend a member
POST /api/v1/admin/members/{id}/ban # Ban a member
GET /api/v1/admin/sites/approval-queue # Sites pending approval
POST /api/v1/admin/sites/{id}/approve # Approve a site
POST /api/v1/admin/sites/{id}/reject # Reject a site
GET /api/v1/admin/withdrawals/queue # Withdrawal requests
POST /api/v1/admin/withdrawals/{id}/approve # Approve withdrawal
POST /api/v1/admin/withdrawals/{id}/reject # Reject withdrawal
GET /api/v1/admin/stats/system # System statistics
API Documentation (OpenAPI)
The script uses Scramble to auto-generate OpenAPI documentation from the source code. If enabled, you can access interactive API docs at:
https://yourdomain.com/docs/api
This provides a Swagger-style interface for exploring and testing all endpoints.
Screenshots
