zillo
Developer Platform
A REST API, signed webhooks, and an MCP server for Claude. Connect your kiosk, your CRM, your AI assistant — anything that needs to read or write to a Zillo store.
What's in the box
REST API
Read products, orders, customers, gift cards, tickets, bookings, vouchers, memberships. Create orders, redeem cards, manage webhooks. Scoped API keys keep the blast radius small.
Outbound webhooks
We POST signed JSON whenever orders complete, gift cards are redeemed, memberships activate. HMAC-SHA256 signing, automatic retries, full delivery log in your dashboard.
MCP server
Connect Zillo to any Model Context Protocol client — Claude, Cursor, Zed, Continue, Goose. Ask it to list recent orders, redeem a gift card, summarise this week's revenue. OAuth-scoped consent.
Real integrations
Sync orders to a CRM
Push every completed order into HubSpot, Salesforce, or Notion the moment Stripe confirms.
Kiosk redemption
Scan a QR at the door from your own iPad app. We mark the ticket redeemed and stamp the source.
Headless storefront
Build a custom checkout on your own domain and call our API for fulfilment.
AI assistants
Let any MCP-compatible AI client — Claude, Cursor, Zed — act on your store with scoped, revocable consent.
Native MCP
Model Context Protocol is the open standard for letting AI agents operate real software. Drop Zillo's MCP URL into any compatible client — Claude, Cursor, Zed, Continue, Goose — then ask it to list recent orders, redeem a gift card, or summarise this week's revenue.
MCP server URL
https://api.zillo.app/mcpOAuth 2.0 + PKCE. You pick scopes when the client prompts for consent; revoke any time from your dashboard.
Code
List products
curl -H "Authorization: Bearer zk_live_…" \
https://api.zillo.app/v1/productsRedeem a gift card
curl -X POST https://api.zillo.app/v1/gift_cards/{id}/redeem \
-H "Authorization: Bearer zk_live_…" \
-H "Content-Type: application/json" \
-d '{"amount_cents": 1500, "note": "Coffee — table 4"}'Verify a webhook signature (Node)
import { createHmac, timingSafeEqual } from "node:crypto";
function verify(header, body, secret) {
const parts = Object.fromEntries(
header.split(",").map((p) => {
const i = p.indexOf("=");
return [p.slice(0, i), p.slice(i + 1)];
}),
);
const expected = createHmac("sha256", secret)
.update(`${parts.t}.${body}`).digest("hex");
return timingSafeEqual(Buffer.from(expected), Buffer.from(parts.v1));
}Common questions
Scoped keys, request logging, GitHub secret-scanning, rate limits.
More in the authentication guide.
Do I need a paid plan to use the API?
No. Every Zillo store can mint API keys from the dashboard the moment it signs up. Use them as soon as you connect Stripe.
Is there a sandbox?
Yes. `zk_test_…` keys only operate against test-mode data, so you can integrate end-to-end without ever touching live customers or charges.
How do scopes work?
Each key carries a fixed list of resource:action pairs (e.g. orders:read, gift_cards:redeem). The dashboard scope picker lets you grant the minimum a key needs. The `*` super-scope is owner-only and confirm-by-typing.
Can I use OAuth instead of API keys?
Yes — the MCP server uses OAuth 2.0 with PKCE so any MCP client (Claude, Cursor, Zed, Continue, Goose) mints scoped, revocable tokens instead of long-lived keys. Same flow works for any third-party app you'd want to register.
What gets logged?
Every request gets a row in your dashboard's API logs page with method, path, status, latency, IP, country, and a request id. Request and response bodies are never persisted.
How do I get support?
Every response carries an X-Request-Id header — include it when you contact us via /help and we can join from your email straight to the exact request in your logs.