Create an order using public product slugs, public IDs, and customer-facing fields. Send a caller-generated attemptKey for retry-safe order creation: generate a fresh value per logical checkout/order attempt, then reuse the same value only when retrying that same request after a timeout or lost response. Repeats…
Create an order using public product slugs, public IDs, and customer-facing fields. Send a caller-generated attemptKey for retry-safe order creation: generate a fresh value per logical checkout/order attempt, then reuse the same value only when retrying that same request after a timeout or lost response. Repeats with the same key can return the existing order/invoice for the previous attempt within the duplicate-prevention window (currently one hour). Authenticated API callers normally omit clientData; the server uses the stored account profile. Use the write:orders scope for least-privilege API keys; broader write:billing, write:services, and write:all keys remain compatible. transfer:domains is for outgoing transfer/EPP-code actions and is not sufficient by itself to place a transfer-in order. Use clientData only to override or provide missing account/profile fields. Use item-level registrantContact when a domain should be registered to a different person or organisation than the account owner. For regular fixed-cycle VPS orders, first call GET /api/v2/products/vps and send one of its data[].slug values as items[].productSlug; do not use this endpoint for pay-as-you-go Cloud VPS creation. PAYG Cloud VPS deployment uses POST /api/v2/vps/payg/deployments. For shared hosting orders, first call GET /api/v2/products/shared-hosting, send one of its data[].slug values as items[].productSlug, and set items[].primaryDomain to the domain the hosting account should use. For domain registration, first call GET /api/v2/products/domains/{tld} and GET /api/v2/domains/availability?name=example.se; copy required item-level values such as acceptedTerms, eppCode, premium, requiresRegistrarFeeAcceptance, nameservers, or copyExistingDns into the order item. If the caller's stored profile is missing a registry-required field, either update PATCH /api/v2/me before ordering or include a partial clientData override. Payable orders return an invoice reference and may include a checkout URL. Payment preferences are checkout hints for the invoice created by the order. Use card, swish, bankgiro, sepa, or invoice when no specific payment flow should start. Account credit is applied after invoice creation through the invoice credit action.
write:orders
Use Authorization: Bearer <token> for API keys. Dashboard sessions may also use hostup_session.
Accept Example Content-Type Example items array clientData object Optional for authenticated API-key/session orders. Use only to override or provide missing profile fields returned by availability/validation requirements. Required for unauthenticated signup orders.
paymentMethod string · enum
· Example: card Canonical checkout preference for the invoice created by the order. Use `card` for card-backed hosted checkout flows, `swish` for Swish, `bankgiro` for Swedish SEK invoice payment, `sepa` for EUR SEPA bank transfer, or `invoice` to create the invoice without starting a specific payment flow. Provider names are not public v2 method values. Account credit is applied after invoice creation through the invoice credit action.
card swish bankgiro sepa invoice attemptKey string
· Example: order_attempt_01hxa3b4c5d6e7f8g9h0j1k2m3 Optional caller-generated idempotency key for retry-safe order creation. Generate a fresh value for each logical order/checkout attempt and reuse that exact value only when retrying the same request after a timeout or lost response. If the previous attempt created an order, repeats with the same key within the duplicate-prevention window (currently one hour) return that existing order/invoice instead of creating another order. Do not reuse a key for a different cart.
No response body
id string
· Example: ord_01hxa3b4c5d6e7f8g9h0j1k2m3 number string
· Example: O-HXA3B4C5 status string · enum
· Example: pending pending active completed cancelled failed type string · enum
· Example: new new renew upgrade transfer invoiceId stringnull
· Example: inv_01hxa3b4c5d6e7f8g9h0j1k2m3 checkoutUrl stringnull
· Example: https://cloud.hostup.se/billing?invoice=202600001 Compatibility alias used by older clients. New integrations should read `invoice.paymentUrl` when `invoice` is present.
client object client.id stringnull
· Example: null client.firstName stringnull
· Example: Anna client.lastName stringnull
· Example: Svensson client.companyName stringnull
· Example: null billing object billing.amount number required
· Example: 199 billing.currencyCode string required
· Example: SEK billing.billingCycle stringnull · enum required
· Example: annually Canonical billing cycle. VPS services with `isPayg: true` still report `monthly` for summary display; use `isPayg` to distinguish PAYG Cloud VPS from fixed-cycle VPS.
monthly quarterly semiannually annually biennially triennially free billing.isPayg boolean required
· Example: false For VPS service/order billing, true means pay-as-you-go Cloud VPS and false means fixed-cycle/prepaid VPS. Non-VPS resources normally return false.
billing.periodYears integernull
· Example: 1 invoice object | null invoice.id string required
· Example: inv_01hxa3b4c5d6e7f8g9h0j1k2m3 invoice.number stringnull required
· Example: 202600001 invoice.amount number required
· Example: 159 invoice.currencyCode string required
· Example: SEK invoice.dueAt stringnull required
· Example: 2026-05-11T23:59:59.000Z invoice.status string · enum required
· Example: unpaid paid unpaid partially_paid draft cancelled refunded invoice.paymentUrl stringnull required
· Example: /billing?invoice=202600001 invoice.totals object required invoice.dates object required paymentStatus object paymentStatus.status string · enum
· Example: unpaid paid unpaid credit_note pending unknown paymentStatus.reason stringnull
· Example: Invoice is unpaid. actions object actions.canRetry object actions.canRetry.allowed boolean required
· Example: true actions.canRetry.reason stringnull required
· Example: null actions.canRetry.code stringnull
· Example: pending_order Machine-readable reason code when an action is blocked.
actions.canCancel object actions.canCancel.allowed boolean required
· Example: true actions.canCancel.reason stringnull required
· Example: null actions.canCancel.code stringnull
· Example: pending_order Machine-readable reason code when an action is blocked.
domains array<object> hosting array<object> addons array<object> upgrades array<object> invoiceLookupPending boolean
· Example: false createdAt stringnull contractAcceptedAt stringnull
· Example: null notes stringnull
· Example: null referenceNumber stringnull
· Example: null type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object https://cloud.hostup.se/api/v2/orders curl -X POST "https://cloud.hostup.se/api/v2/orders" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
"paymentMethod": "bankgiro",
"items": [
{
"type": "domain",
"action": "register",
"domainName": "example.se",
"years": 1,
"acceptedTerms": [
"se_registration_terms"
]
}
]
}'{
"id": "ord_01hxa3b4c5d6e7f8g9h0j1k2m3",
"number": "2096179503",
"status": "pending",
"type": "new",
"invoiceId": "inv_01hxa3b4c5d6e7f8g9h0j1k2m3",
"checkoutUrl": "https://cloud.hostup.se/billing?invoice=202600001",
"client": {
"id": "client_01hxa3b4c5d6e7f8g9h0j1k2m3",
"email": null,
"firstName": "Example",
"lastName": "Customer",
"companyName": "Example Company"
},
"billing": {
"amount": 98.75,
"currencyCode": "SEK",
"billingCycle": null,
"isPayg": false
},
"invoice": {
"id": "inv_01hxa3b4c5d6e7f8g9h0j1k2m3",
"number": "202600001",
"amount": 98.75,
"currencyCode": "SEK",
"dueAt": "2026-05-11T23:59:59.000Z",
"status": "unpaid",
"paymentUrl": "/billing?invoice=202600001",
"totals": {
"currencyCode": "SEK",
"total": 98.75,
"amountPaid": 0,
"outstanding": 98.75
},
"dates": {
"dueAt": "2026-05-11T23:59:59.000Z"
}
},
"paymentStatus": {
"status": "unpaid",
"reason": "Invoice has not been paid yet."
},
"actions": {
"canRetry": {
"allowed": false,
"reason": "The order invoice must be paid before retrying."
},
"canCancel": {
"allowed": true,
"reason": null
}
},
"domains": [
{
"name": "example.com",
"tld": "se",
"amount": 79,
"currencyCode": "SEK"
}
],
"hosting": [
{
"name": "Example Web Hosting",
"amount": 150,
"currencyCode": "SEK"
}
],
"addons": [],
"upgrades": [],
"invoiceLookupPending": false,
"createdAt": "2026-04-27T12:00:00.000Z",
"contractAcceptedAt": null,
"notes": null,
"referenceNumber": null,
"pendingManualProcessing": false,
"enableAffiliateTracking": true
}{
"paymentMethod": "bankgiro",
"items": [
{
"type": "domain",
"action": "register",
"domainName": "example.se",
"years": 1,
"acceptedTerms": [
"se_registration_terms"
]
}
]
}