Does Sesamy have an API?

Yes. Sesamy provides a full versioned REST API (/v2/...) covering subscriptions, paywalls, billing, analytics, entitlements, and identity, plus a typed JavaScript SDK for browser and Node. Every portal action has an equivalent endpoint. Authenticated with Bearer tokens, rate-limited by tier, with versioned base paths so breaking changes ship behind a new prefix.

Which authentication flows does Sesamy support?

Fully hosted login built on Auth0. Passwordless email codes, SMS verification, and social login with Google, Apple, and Vipps out of the box. Any OpenID Connect (OIDC) or OAuth2 provider plugs in via standard flows, including SAML for enterprise IdPs. JWT access tokens with standard claims, refresh-token rotation, and revocation APIs.

How do Sesamy webhooks work?

Webhooks fire on subscription and billing lifecycle events: subscription.created, payment.failed, entitlement.changed, cancellation.requested, invoice.paid, and more. Signed with HMAC, retried with exponential backoff on non-2xx responses, delivered at-least-once with idempotency keys so consumers can dedupe safely. Schema and full event list documented at developers.sesamy.com.

Does Sesamy lock me into Stripe?

No. Sesamy uses Stripe Connect architecture: your own Stripe account, not ours. Same principle for Vipps. If you leave Sesamy, your payment-processor relationships stay intact and your data exports in standard formats via a dedicated endpoint. The platform is ergonomic to integrate and ergonomic to exit.

How does the JavaScript SDK relate to the REST API?

The JavaScript SDK (browser and Node) wraps the same REST API your backend would call directly. Typed client, automatic token refresh, prebuilt UI components for paywalls, checkout, login, and subscriber portals. Anything the SDK exposes is reachable via `/v2/...` endpoints, so frontend and backend can share the same contract.

How long does a technical migration take?

2-4 weeks from signed contract to first paying subscriber, including historical data backfill and payment token portability (Vipps account takeover, Stripe PAN import, Klarna continuity). 80+ publishers have migrated from legacy subscription and print systems with zero downtime. Full process, including source-system specifics, lives on the migration page.

Developer Platform

Developer platform

Sesamy provides a full REST API, a JavaScript SDK, webhooks, and prebuilt UI components, with developer documentation at developers.sesamy.com. Your developers set it up. Your commercial team runs it.

Explore the docs Book a technical demo

Developer experience

What your technical team gets to work with.

Five surfaces your CTO will evaluate before signing. Every capability here has a documented endpoint, a typed SDK method, or a webhook event. No black boxes, no "trust us".

Full REST API
Every action the Sesamy portal exposes is reachable through a documented REST endpoint: create and cancel subscriptions, mutate paywall rules, pull analytics, manage identity. Authenticated with Bearer tokens, rate-limited by tier, versioned (`/v2/...`) so breaking changes ship behind a new base path. Build bespoke workflows, sync internal systems, or extend the platform without waiting on a roadmap.
JavaScript SDK + prebuilt components
A typed JavaScript SDK for browser and Node. Prebuilt UI components for paywalls, checkout, login, and subscriber portals that drop into any CMS or React app. Ship the prebuilt components on day one, drop down to the REST API when a flow needs customisation. Everything the SDK does is also reachable directly through the versioned REST API.
Webhooks and event streams
Real-time webhooks fire on every lifecycle event: `subscription.created`, `payment.failed`, `entitlement.changed`, `cancellation.requested`, `invoice.paid`, and more. Signed with HMAC, retried with exponential backoff on non-2xx responses, delivered at-least-once with idempotency keys. Build automations, sync CRMs, trigger internal workflows. No polling, no batch jobs, no reconciliation windows.
Authentication and identity
Fully hosted login built on Auth0. Passwordless email codes, SMS verification, and social login with Google, Apple, and Vipps out of the box. Any OpenID Connect (OIDC) / OAuth2 provider plugs in, including SAML for enterprise IdPs. JWTs with standard claims, refresh-token rotation, revocation APIs, and a rules engine for custom authorisation. One subscriber identity across digital, print, and B2B, with token-based access and scope-bound entitlements.
No vendor lock-in
Stripe Connect architecture means your customer owns their Stripe account, not Sesamy. Same for Vipps. Full data export at any time via a dedicated export endpoint covering subscribers, entitlements, billing history, and event log, in standard formats. No long-term contracts. If you leave, you take everything with you. The platform is ergonomic to integrate and ergonomic to exit.

Prebuilt integrations

Plug into the stack publishers already run.

Logos here ship as native integrations — wired up in the portal, no glue code. Anything not listed integrates via the REST API, JavaScript SDK, or webhooks.

HubSpot
Mailchimp
Rule
Mailmojo
Kilkaya
Google Analytics
Webhooks
WordPress
Labrador CMS

See every integration

Integration architecture

Integrates with the tools publishers already use.

Seven categories, concrete vendor and protocol names. If you run it, we probably already speak to it via a prebuilt integration or the REST API.

Payments

Card and Nordic-native methods natively supported. Invoice flow runs through Billogram. OCR/KID and Bankgiro references reconcile on the same ledger as card and Vipps.

Stripe
Vipps
Swish
Klarna
Billogram
OCR/KID
Bankgiro

Distribution

Helthjem (Norway) and DI (Sweden) ship as native printer integrations. Beyond those, Sesamy speaks any custom FTP, REST API, or upload flow your existing distributor expects, and the print files are accessible directly in the portal if your team prefers to hand them to the printer themselves.

Helthjem (Norway)
DI (Sweden)
Custom FTP
Custom REST API
Custom upload flow
Manual download from portal

Authentication

Hosted login built on Auth0. Passwordless codes + SMS + social login (Google, Apple, Vipps) out of the box. OpenID Connect (OIDC) / OAuth2 for any standards-compliant IdP, SAML for enterprise IdPs, JWT access tokens with refresh-token rotation.

Auth0
OpenID Connect (OIDC)
OAuth2
SAML
JWT (signed, rotating refresh tokens)

Compliance

EU OSS registration handling and cross-border VAT rates built into invoicing. Premade filing reports for finance teams.

EU OSS
Cross-border VAT
GDPR data-export endpoint

Marketing and CRM

Prebuilt integrations sync subscriber audiences and lifecycle events into the marketing stack. Anything not listed here integrates via webhook + REST API.

HubSpot
Mailchimp
Rule
Mailmojo
Kilkaya

CMS and publishing

Drop-in plugins for the two CMS platforms publishers actually run. Other CMSes integrate via the JavaScript SDK + REST API.

WordPress plugin
Labrador CMS integration

Data

Every integration surface is webhook- or REST-accessible. Historical exports land as JSON or CSV; event streams deliver at-least-once with idempotency keys. The escape hatch for everything not on this list — and the substrate every native integration above is built on top of.

REST API (/v2/...)
Webhooks
Full-export endpoint
JavaScript SDK (browser + Node)

Migration for developers

Migration is a process, not a promise.

80+ publishers have migrated from legacy subscription and print systems with zero downtime. A dedicated data team handles every import. Payment token portability (Vipps account takeover, Stripe PAN import, Klarna continuity) keeps existing subscribers paying without interruption.

Every migration runs through a data-validation phase before anything goes live. Overview PDFs, raw data access, discrepancy flagging. Our recommendation for multi-brand publishers: migrate one publication at a time, let it settle, then proceed.

Read the full migration story

Documentation

The docs are at developers.sesamy.com.

Full API reference, SDK guides, integration tutorials, webhook payload schemas, error tables. Everything a technical team needs to evaluate, implement, and maintain the integration, without a sales call in between.

/api/v2API referenceEvery endpoint, every payload.
/sdk/jsJavaScript SDKTyped client + prebuilt UI components.
/eventsWebhooksSigned, retried, at-least-once.
/authAuthenticationOIDC / OAuth2 / SAML / JWT flows.
/migrationMigrationSource-system specifics and runbooks.

Open the docs

REST API · Create a checkout

api2.sesamy.com

POST https://api2.sesamy.com/checkouts
Authorization: Bearer eyJhbGciOiJSUzI1NiIs…
Content-Type: application/json

{
  "items": [
    { "sku": "premium-monthly", "purchaseOptionId": "monthly" }
  ],
  "language": "en",
  "redirectUrl": "https://example.com/success",
  "email": "[email protected]",
  "attribution": {
    "source": "PAYWALL",
    "sourceId": "paywall123"
  }
}

→ 200 OK
{
  "id": "checkout123",
  "checkoutUrl": "https://checkout.sesamy.com/checkouts/checkout123",
  "status": "PENDING",
  "type": "RECURRING",
  "currency": "SEK",
  "price": 99
}

Common questions

What technical evaluators ask first.

Does Sesamy have an API?: Yes. Sesamy provides a full versioned REST API (/v2/...) covering subscriptions, paywalls, billing, analytics, entitlements, and identity, plus a typed JavaScript SDK for browser and Node. Every portal action has an equivalent endpoint. Authenticated with Bearer tokens, rate-limited by tier, with versioned base paths so breaking changes ship behind a new prefix.
Which authentication flows does Sesamy support?: Fully hosted login built on Auth0. Passwordless email codes, SMS verification, and social login with Google, Apple, and Vipps out of the box. Any OpenID Connect (OIDC) or OAuth2 provider plugs in via standard flows, including SAML for enterprise IdPs. JWT access tokens with standard claims, refresh-token rotation, and revocation APIs.
How do Sesamy webhooks work?: Webhooks fire on subscription and billing lifecycle events: subscription.created, payment.failed, entitlement.changed, cancellation.requested, invoice.paid, and more. Signed with HMAC, retried with exponential backoff on non-2xx responses, delivered at-least-once with idempotency keys so consumers can dedupe safely. Schema and full event list documented at developers.sesamy.com.
Does Sesamy lock me into Stripe?: No. Sesamy uses Stripe Connect architecture: your own Stripe account, not ours. Same principle for Vipps. If you leave Sesamy, your payment-processor relationships stay intact and your data exports in standard formats via a dedicated endpoint. The platform is ergonomic to integrate and ergonomic to exit.
How does the JavaScript SDK relate to the REST API?: The JavaScript SDK (browser and Node) wraps the same REST API your backend would call directly. Typed client, automatic token refresh, prebuilt UI components for paywalls, checkout, login, and subscriber portals. Anything the SDK exposes is reachable via `/v2/...` endpoints, so frontend and backend can share the same contract.
How long does a technical migration take?: 2-4 weeks from signed contract to first paying subscriber, including historical data backfill and payment token portability (Vipps account takeover, Stripe PAN import, Klarna continuity). 80+ publishers have migrated from legacy subscription and print systems with zero downtime. Full process, including source-system specifics, lives on the migration page.

More technical depth lives in the docs. Browse developers.sesamy.com or book a technical demo

Want to see the API in action?

A 30-minute technical demo with a Sesamy engineer. Bring your integration questions, stack diagrams, and migration concerns; leave with working curl examples.

Book a technical demo Or explore the docs

>