REST API

Do you have an online marketplace or a retail website? Do you want to empower your customers with safe and convenient payments? Integrate with GunTab through our API.

Overview

The GunTab API is a RESTful JSON API. That means it is designed to:

• follow standard RESTful conventions
• accept JSON-formatted request payloads
• return JSON-formatted response payloads

This guide covers the following topics:

• Authentication
• Errors
• Invoices (also known as "payment requests")
• Users

Authentication

API authentication is token-based.

API tokens can only be generated by users who have verified their email.

After your email has been verified, create a token from your GunTab account. Your token secret should be used in your "Authorization" header with a "Token" type, like this:

Authorization: Token 55555555-5555-5555-5555-555555555555

API token types

By default, API tokens are "test" type. This means they will return dummy responses without actually taking any action. These dummy responses are formatted exactly like live responses. Please use these test API tokens for all development and testing pursposes. For real production purposes, please generate a "live" API token.

Errors

All errors have the same format:

{
  "errors": [
    "Your authentication token is invalid."
  ]
}

Invoices

You can use the API to create and read Invoices. These are also known as "payment requests". An Invoice is how a seller initiates a GunTab transaction to get paid. If a buyer accepts an Invoice, GunTab will help the buyer select a local FFL and make payment.

Create Invoice

Create a new Invoice. Give the buyer_email if you want GunTab to send an email to the buyer, or leave it empty and send the response_url to the buyer your own way. Maximum per seller of 20 per hour and 100 per 24 hour period, unless you request an exception. (Marketplace users are not limited, only the sellers they represent.)

Endpoint

POST https://api.guntab.com/v1/invoices

Parameters

Deprecation notice: amount_cents has been replaced by merchandise_amount_cents. (Deprecated keys will be automatically converted until June, 2025.)
• buyer_email (String) - Optional
  The buyer's email address. Provide this if you want GunTab to send an email to the buyer with the response_url. Leave this empty if you do not know the buyer's email address or want to send the response_url to the buyer your own way.
• buyer_notification_method (String) - Optional
  The method by which GunTab will notify the buyer of this invoice. This is useful if you want to notify the buyer by link, but want to provide buyer_email for pre-populating the buyer's contact info at checkout. Defaults to email if you provide buyer_email, defaults to link if you do not. Choose from:
  • email - GunTab will email a clickable link to the buyer
  • link - GunTab will generate a shareable link you can provide to the buyer
Deprecation notice: checkout_uuid has been replaced by seller_email. (checkout_uuid values will be ignored.)
• manual_sales_tax_amount_cents (Integer) - Optional
  The sales tax paid by the buyer, in cents. If not given, GunTab will calculate it automatically and assume zero if possible.
• marketplace_buyer_fee_amount_cents (Integer) - Optional
  The marketplace fees paid by the buyer, in cents. Defaults to automatic calculation.
• marketplace_seller_fee_amount_cents (Integer) - Optional
  The marketplace fees paid by the seller, in cents. Defaults to automatic calculation.
• merchandise_amount_cents (Integer) - Required
  The total agreed sale price for the merchandise, in cents (excluding shipping amount and sales tax). No minimum. No maximum, however amounts over $10,000 must be paid by wire transfer.
• payment_method_convenience_fee_paid_by (String) - Optional
  The side responsible for paying any payment method convenience fee that may apply. If not given, GunTab will use the value from your Account > Checkout preferences if set. Defaults to buyer. Choose from:
  • buyer
  • seller
• receiving_address (JSON object) - Optional
  The shipping address of the buyer. If you do not provide this for a non-regulated transaction, we will ask the buyer during checkout. (The equivalent field for a regulated transaction is `receiving_ffl_license_number`.), The object elements are:
• line1 (String) - Required
  The street number and name.
• line2 (String) - Optional
  The unit number, etc.
• city (String) - Required
  The city name.
• state_code (String) - Required
  The 2-character US state code.
• zip (String) - Required
  The 5-character ZIP code.
• receiving_ffl_license_number (String) - Optional
  The license number of the buyer's FFL, in the standard format "X-XX-XXX-XX-XX-XXXXX". If you do not provide this for a regulated transaction, we will ask the buyer during checkout.
• redirect_url (String) - Optional
  The URL you want buyers to be redirected to after completing the GunTab checkout flow. This is usually a thank-you page in your shopping cart or ecommerce store software. Must be a complete URL, including 'https'.
Deprecation notice: sales_tax_amount_cents has been re-named manual_sales_tax_amount_cents. (Deprecated keys will be automatically converted until June, 2025.)
• seller_email (String) - Ignored for sellers; Required for marketplaces
  The seller's verified email address. You are creating this Invoice on behalf of this seller. If no account is associated with this email, an error will be returned.
• seller_order_id (String) - Optional
  The order ID you want to be associated with this Invoice and the resulting transaction. This is usually generated by your shopping cart or ecommerce store software. This will be included in GunTab webhook payloads so you can easily find the order. Maximum of 100 characters.
Deprecation notice: seller_redirect_url has been re-named redirect_url. (Deprecated values will be automatically converted until May, 2025.)
• service_fee_paid_by (String) - Optional
  The side responsible for paying the GunTab service fee. If not given, GunTab will use the value from your Account > Checkout preferences if set. Defaults to seller. Choose from:
  • buyer
  • seller
  • split
• shipping_amount_cents (Integer) - Required
  The cost of the shipping to the buyer, in cents. No minimum. Maximum of 40000. Zero indicates that shipping is free to the buyer.
• listings (JSON array containing JSON objects) - Required
  • amount_cents (Integer) - Optional
    The price per unit for this merchandise, in cents.
  • description (String) - Required unless url given
    A complete, detailed description of this merchandise. Minimum of 50 characters. Maximum of 10000 characters. This is unnecessary if you provide a 'url' to a webpage that includes a description.
  • external_id (String) - Optional
    The unique listing ID generated by your ecommerce system or the marketplace you use.
  • listing_type_id (String) - Optional
    A code that describes this merchandise category. We use this to provide type-specific guidance to the buyer and seller. If you do not provide it, we will ask the buyer to set it. Choose from:
    • ammunition_and_flammables - Ammunition, primers, or powder
    • antique_gun - Antique gun (fixed ammo design in manufacture before 1899)
    • aow - Any other weapon (AOW)
    • curio_relic - Curio or relic (manufactured 50+ years ago)
    • handgun - Handgun (pistol or revolver)
    • handgun_frame - Handgun lower receiver/frame
    • long_gun - Long gun (rifle or shotgun)
    • long_gun_receiver - Long gun lower receiver/frame
    • machine_gun - Machine gun
    • magazine - Magazines
    • other_non_regulated - Other merchandise (non-regulated uppers, parts, accessories, etc.)
    • short_barreled_long_gun - Short-barreled rifle (SBR) or shotgun (SBS)
    • suppressor - Silencer/Suppressor
  Deprecation notice: ammunition_flammables, handgun_ammunition, and long_gun_ammunition have all been replaced by ammunition_and_flammables. (Deprecated values will be automatically converted until May, 2025.)
  Have any feedback about listing_type_id options? We would love to hear it. Please email us at support@guntab.com with your thoughts/suggestions.
  • quantity (Integer) - Optional
    The number of units being purchased. Defaults to 1.
  • serial_number (String) - Optional
    The merchandise serial number. Most often provided when the merchandise is an antique or collectible where the serial number influences the value of the item.
  • title (String) - Required
    A descriptive title for this merchandise, like what would appear at the top of a webpage.
  • url (String) - Required unless description given
    A URL for a webpage with a complete, detailed description of this merchandise. Must be a complete URL, including 'https'.

Response

After creating an Invoice with a buyer_email value, you can ask the buyer to check their email for a payment request from GunTab.

After creating an Invoice without a buyer_email value, you should redirect the buyer to the response_url that appears in the response payload.

{
  "counterparty_email": "buyer@example.com",
  "manual_sales_tax_amount_cents": "6375",
  "merchandise_amount_cents": "75000",
  "payment_method_convenience_fee_paid_by": "buyer",
  "seller_order_id": "555555",
  "redirect_url": "https://www.example.com/thanks-for-ordering",
  "service_fee_paid_by": "seller",
  "shipping_amount_cents": "3500",
  "type": "Invoice",
  "workflow_state": "pending_counterparty_response",
  "listings": [
    {
      "listing_type_id": "handgun",
      "quantity": 1,
      "title": "Glock 19x Gen 5 9mm",
      "url": "https://www.gunbroker.com/item/769824133"
    }
  ]
}

{
  "amount_cents": 75000,
  "buyer_email": "buyer@example.com",
  "created_at": "2025-05-01T05:47:42.630Z",
  "id": "dcd87b84-eaa7-4c22-b929-fca45e52dfa6",
  "live": false,
  "manual_sales_tax_amount_cents": 6375,
  "marketplace_buyer_fee_amount_cents": 0,
  "marketplace_seller_fee_amount_cents": 0,
  "merchandise_amount_cents": 75000,
  "object": "Invoice",
  "payment_method_convenience_fee_amount_cents": null,
  "payment_method_convenience_fee_paid_by": "buyer",
  "receiving_address": null,
  "receiving_ffl_license_number": null,
  "redirect_url": "https://www.example.com/thanks-for-ordering",
  "response": null,
  "response_at": null,
  "response_url": "https://www.guntab.com/purchases/dcd87b84-eaa7-4c22-b929-fca45e52dfa6/counterparty_responses/new",
  "sales_tax_amount_cents": 6375,
  "seller_email": "seller@example.com",
  "seller_order_id": "555555",
  "service_fee_amount_cents": null,
  "service_fee_paid_by": "seller",
  "shipping_amount_cents": 3500,
  "status": "pending_counterparty_response",
  "listings": [
    {
      "amount_cents": null,
      "description": null,
      "listing_type_id": "handgun",
      "external_id": null,
      "quantity": 1,
      "serial_number": null,
      "title": "Glock 19x Gen 5 9mm",
      "url": "https://www.gunbroker.com/item/769824133"
    }
  ]
}

Read Invoice

Get the details of an existing Invoice, including the response_url that can be shared with the buyer for checkout, and the tracking_code for the outbound_shipment after it becomes available.

Endpoint

GET https://api.guntab.com/v1/invoices/:id

Response

When using a "test" API token, this endpoint will return dummy data. The live key in the response indicates if you are using a live API token.

{}

{
  "amount_cents": 75000,
  "buyer_email": "buyer@example.com",
  "created_at": "2025-05-01T05:47:42.630Z",
  "id": "dcd87b84-eaa7-4c22-b929-fca45e52dfa6",
  "live": false,
  "manual_sales_tax_amount_cents": 6375,
  "marketplace_buyer_fee_amount_cents": 0,
  "marketplace_seller_fee_amount_cents": 0,
  "merchandise_amount_cents": 75000,
  "object": "Invoice",
  "outbound_shipment": {
    "status": "in_transit",
    "tracking_code": "1Z879E930346834440"
  },
  "payment_method_convenience_fee_amount_cents": null,
  "payment_method_convenience_fee_paid_by": "buyer",
  "receiving_address": null,
  "receiving_ffl_license_number": null,
  "redirect_url": "https://www.example.com/thanks-for-ordering",
  "response": null,
  "response_at": null,
  "response_url": "https://www.guntab.com/purchases/dcd87b84-eaa7-4c22-b929-fca45e52dfa6/counterparty_responses/new",
  "sales_tax_amount_cents": 6375,
  "seller_email": "seller@example.com",
  "seller_order_id": "555555",
  "service_fee_amount_cents": null,
  "service_fee_paid_by": "seller",
  "shipping_amount_cents": 3500,
  "status": "pending_outbound_shipment_delivery",
  "listings": [
    {
      "amount_cents": null,
      "description": null,
      "listing_type_id": "handgun",
      "external_id": null,
      "quantity": 1,
      "serial_number": null,
      "title": "Glock 19x Gen 5 9mm",
      "url": "https://www.gunbroker.com/item/769824133"
    }
  ]
}

Users

You can use the API to get information about a user based on their email. The intent is to help you determine if a user has a GunTab account, and whether it is in good standing.

Read User

Get the details of an existing User by providing a URL-encoded email address. If no User is associated with the email, an error will be returned.

Endpoint

GET https://api.guntab.com/v1/users/EMAIL
(where EMAIL represents a URL-encoded email address)

Response

Either 200 for success or 422 for failure.

{}

{
  "active": true,
  "email": "seller@example.com",
  "live": false,
  "object": "User",
  "payment_method_convenience_fee_paid_by_default": "buyer",
  "payment_method_convenience_fee_percent": 3.0,
  "service_fee_paid_by_default": "seller",
  "service_fee_percent": 2.9
}

FFL verifications

You can use the API to call an FFL and provide your verification code. This is useful for marketplaces and other services that want assurance their users' FFL claims are authentic.

Call FFL to provide verification code

Trigger an automated phone call to phone number the FFL has on file with the BATF, to provide your verification code. If the FFL does not answer, we will leave a voicemail. After this, you should ask the FFL to input your verification code so you can confirm it matches.

Endpoint

POST https://api.guntab.com/v1/ffls/X-XX-XXX-XX--XXXXX/claim_verification_code_calls
(where X's represent the FFL license number)

Parameters

• claim_verification_code (String) - Optional
  Your alphanumeric verification code for this FFL. We recommend using codes of 4-6 digits. Minimum of 1 character. Maximum of 10 characters. If not given, GunTab will generate a 5-digit code automatically.

Response

Either 201 for success or 422 for failure.

{
  "verification_code": "55555"
}

{
  "claim_verification_code": "55555",
  "firearm_license_id": "c4c52d23-544d-40e8-9d9f-8a01cd8cdc6a",
  "firearm_license_number": "X-XX-XXX-XX--XXXXX",
  "live": false
}

Webhooks

You can use the API to create, read, and delete Webhooks. GunTab will send transaction updates to each of your Webhooks, for each of your transactions. You can use these updates to keep your own systems updated, especially your inventory and accounting systems.

Create Webhook

Create a new Webhook. GunTab will begin sending transaction updates immediately.

Endpoint

POST https://api.guntab.com/v1/webhooks

Parameters

• url (String) - Required
  The full URL of the endpoint you want GunTab to POST update payloads to.

Response

{
  "url": "https://www.example.com/guntab_webhooks"
}

{
  "created_at": "2025-05-01T05:47:42.659Z",
  "id": "28bf37f8-ff6a-4760-80ec-4ac0ceb4ff7f",
  "live": false,
  "signing_secret_key": "ssk_57c14957863cb5da23836c9f19ee0476",
  "url": "https://www.example.com/guntab_webhooks",
  "warning": "THIS API ENDPOINT IS DEPRECATED"
}

Read Webhook

Get the details of an existing Webhook.

Endpoint

GET https://api.guntab.com/v1/webhooks/:id

Response

When using a "test" API token, this endpoint will return dummy data. The live key in the response indicates if you are using a live API token.

{}

{
  "created_at": "2025-05-01T05:47:42.659Z",
  "id": "28bf37f8-ff6a-4760-80ec-4ac0ceb4ff7f",
  "live": false,
  "signing_secret_key": "ssk_57c14957863cb5da23836c9f19ee0476",
  "url": "https://www.example.com/guntab_webhooks",
  "warning": "THIS API ENDPOINT IS DEPRECATED"
}

Delete Webhook

Delete an existing Webhook.

Endpoint

DELETE https://api.guntab.com/v1/webhooks/:id

Response

When using a "test" API token, this endpoint will have no effect. Returns a status of 200 when successful, without any JSON payload.

{}

{}

Support

Need help or have a question? Please see our Help Center, or you can contact support.