Skip to main content
You can use the 1Password Partnership API to manage the provisioning and deprovisioning of third-party partner billing accounts for your customers. The API supports partner billing accounts for 1Password individual and family accounts. The Partnership API doesn’t support 1Password team or business accounts.
To work with the 1Password Partnership API in another tool, download the API specification file: 1password-partnership-api.yml.

Prerequisites

Before you can use the API to integrate with our partner billing service, you’ll need to register as a 1Password partner. Registered partners are granted access to bearer tokens to authorize requests to the API billing servers. To learn more about our partnership opportunities, visit the 1Password Partner Program website or contact the 1Password Partnerships team. If you’re not a partner, reach out to your Customer Success Manager or the 1Password Sales team.

Information about the API

The 1Password Partnership API is a REST-style API that follows the OpenAPI 3.0 specifications. All communication between clients and servers is over HTTPS. You can use your preferred programming language and tools for testing and implementing the Partnership API. This reference uses curl on the command line to demonstrate example requests. You can replace the values in any request with your own to receive information about your customers’ billing accounts.

Request methods

You can use the following standard HTTP methods to make requests to the Partnership API:
  • POST: Create a third-party billing account for a customer through the partner billing service.
  • GET: Get details about a customer’s billing account.
  • DELETE: Delete a customer’s third-party billing account from the partner billing service.
  • PATCH: Update the date and time a customer’s billing account is scheduled be removed from the partner billing service.
Batch requests are not supported.

Servers

There are two billing servers partners can use to work with the 1Password Partnership API that provide the base URLs of the API endpoints:
  • Test server (https://billing.b5test.eu): Use the test server URL as the base for all requests in the test environment. You can provision and deprovision test partner billing accounts for all domains from the test server: b5test.com, b5test.ca, and b5test.eu.
  • Production server (https://billing.1password.com): Use the production server URL as the base for all requests in the production environment. You can provision and deprovision partner billing accounts for all domains from the production server: 1password.com, 1password.ca, and 1password.eu.

Endpoints

Each request to the API starts with the base URL of the server environment you want to work with (test or production), followed by the path (api/v1/partners/account). Path parameters, indicated with curly braces ({}), are required where defined. For example:
Structure of an API endpoint
<base_URL>/<path>/{parameters}
Replace the base_URL and \{parameters} placeholders with the server environment you’re using and any path parameters specified for the request. The path is the same for all requests.
Example API endpoint without a path parameter
https://billing.b5test.eu/api/v1/partners/accounts
Example API endpoint with a path parameter
https://billing.1password.com/api/v1/partners/accounts/4266474b-6385-56d4-7b75-648096593064

Authorization

When you register with the 1Password Partner Program, the Partnership team will provide you with bearer tokens you’ll need to authorize your calls to the Partnership API. You’ll receive separate tokens to use with the test and production environments. Make sure to use the token that has been authorized for the environment you’re working in. If you’re a partner and need a new bearer token, contact the 1Password Partnerships team. If you’re not a partner, reach out to your Customer Success Manager or the 1Password Sales team and let them know you need a new bearer token.

Request headers

Requests to the Partnership API use three types of headers:
  • Authorization: Each GET, POST, DELETE, and PATCH request to the Partnership API must be authorized with a bearer token.
  • Content-Type: Each POST and PATCH request requires a header to indicate the media (MIME) type of the request body.
  • Accept: Each GET, POST, and PATCH request to the Partnership API should include an accept header to indicate what kind of response the client can accept from the server.
All data is sent and received as JSON, so make sure to specify that in the headers. 
Authorization: Bearer YOUR_BEARER_TOKEN
Content-type: application/json
Accept: application/json
If you’re a partner and need a new bearer token, contact the 1Password Partnerships team. If you’re not a partner, reach out to your Customer Success Manager or the 1Password Sales team and let them know you need a new bearer token.

Request bodies

Request bodies (also called request payloads) contain the JSON-formatted data clients send to create (POST) or update (PATCH) resources on the servers. A request body consists of an object that may include one or more of the following fields, as indicated:
  • The unique identifier (UID) for the customer’s billing account. The UID is supplied by the partner. It can be up to 200 characters long with any combination of alphanumeric characters (A-Z, a-z, 0-9), hyphens (-), and periods/dots (.) .
  • The 1Password account type. Options are individual (I) or family (F). Team and business accounts aren’t supported.
  • The domain the customer can use for their new or existing 1Password account. For the test server, options are: b5test.com, b5test.ca, or b5test.eu. For the production server, options are: 1password.com, 1password.ca, or 1password.eu.
  • The date and time the customer’s billing account is scheduled to be removed. The date cannot be in the past. Format the date, time, and optional timezone in the ISO 8601 standard.
GET and DELETE calls don’t contain request bodies.

Activation tokens

Activation tokens are used to provision customers to third-party billing by linking 1Password accounts to partner billing accounts. Make a POST call to the Partnership API to create a new partner billing account for a customer and generate their unique activation token. Append the token returned in the POST response to a 1Password partnership redemption link to create the customer’s partner billing link. Then provide the customer with their link. The link will direct the customer to a promotional page where they’ll be instructed to create a new 1Password account or sign in to an existing one. The billing for the customer’s 1Password account will then be linked to their partner billing account. To create a partner billing link for a customer, adjust the 1Password partnership redemption link (https://start.[1password_domain]/partnership/redeem) to use the desired 1Password domain. Then append a query string with the required parameters for the account type and the activation token. You can also include an optional language parameter.
Structure of a partner billing link for a 1Password account
https://start.[1password_domain]/partnership/redeem?t={account_type}&c={activation_token}&l={language_code}
PlaceholderValuesRequired
[1password_domain]Possible values are 1password.com, 1password.ca, or 1password.eu.Yes
\{account_type}Possible values are individual or family.Yes
\{activation_token}The value of the token returned in the POST response. For example: 4266474b-6385-56d4-7b75-648096593064.Yes
\{language_code}Optional language code values are en, de, es, fr, it, ja, ko, nl, pt-BR, ru, zh-Hans, or zh-Hant.No
Replace the placeholders for the 1Password domain and the parameters with the appropriate values. For example:
Example partner billing link for an individual account on 1Password.eu with an optional language parameter
https://start.1password.eu/partnership/redeem?t=individual&c=4266474b-6385-56d4-7b75-648096593064&l=de
Example partner billing link for a family account on 1Password.com with an optional language parameter
https://start.1password.com/partnership/redeem?t=family&c=4266474b-6385-56d4-7b75-648096593064&l=en
If you’re not sure which link(s) you need to create, contact the 1Password Partnerships team for help.
For customers with existing 1Password accounts, partner billing links will only work if their 1Password account type and domain are the same as the ones specified in the POST request.Customers can contact 1Password Support if they need help to change their existing account type or region.

Language code parameters

Language codes are an optional parameter that can be added to a partner billing link to take the customer to the appropriate landing page for that language. Customers will be directed to the default landing page (English) if no language parameter is included.The following language codes can be used with the language parameter:
LanguageCode
Englishen
Deutschde
Españoles
Françaisfr
Italianoit
日本語ja
LanguageCode
한국어ko
Nederlandsnl
Portuguêspt-BR
Русскийru
简体中文zh-Hans
繁體中文zh-Hant

Create a billing account

POST <base_URL>/api/v1/partners/accounts
A POST call creates a new third-party billing account for a customer through the partner billing service and returns the activation token you’ll use to create a partner billing link for the customer to complete provisioning.

Path parameters

No path parameters.

Request

Use the endpoint URL with your bearer token and the required request headers. Include an object as a request body that contains:
  • The customer’s account UID.
  • The eligible 1Password account type.
  • The domain the customer can use for their new or existing 1Password account.
  • (Optional) The date and time you want to remove the customer’s account from the partner billing service. This value cannot be in the past. You can also update this field with a PATCH request.
curl --request POST \
    --url https://billing.1password.com/api/v1/partners/accounts \
    --header 'Authorization: Bearer YOUR_BEARER_TOKEN' \
    --header 'Content-Type: application/json' \
    --header 'Accept: application/json' \
    --data '{
        "customer_account_uid": "4266474b-6385-56d4-7b75-648096593064",
        "account_type": "F",
        "domain": "1password.com",
        "ends_at": "2024-08-31T13:00:00-05:00"
    }'

Success response

A 201 response returns an Account object containing the unique activation token that’s used to link the customer’s 1Password account with their partner billing account. 
{
	"customer_account_uid": "4266474b-6385-56d4-7b75-648096593064",
	"account_type": "F",
	"activation_token": "PNS-D5A75BT2",
	"domain": "1password.com",
	"status": "entitled",
	"deployed_members": 0,
	"created_at": "2023-08-24T04:19:44Z",
	"updated_at": "2023-09-15T15:58:22Z",
	"ends_at": "2024-08-31T18:00:00Z"
}

Error responses

{
  "code": 400,
  "error": "bad_request",
  "description": "Account type B is not supported."
}

{
  "code": 403,
  "error": "forbidden",
  "description": "Invalid auth token."
}

{
  "code": 404,
  "error": "not_found",
  "description": "Domain not found."
}

{
  "code": 500,
  "error": "internal_server_error",
  "description": "Internal server error"
}

Get billing account information

GET <base_URL>/api/v1/partners/accounts/{customer_account_uid}
A GET call retrieves information about a customer’s billing account. Make sure to include the customer’s account UID as a path parameter.

Path Parameters

ParameterTypeDescription
customer_account_uid

Required

stringThe unique ID of the customer’s billing account.

Request

Use the endpoint URL with your bearer token and the required request headers to request a customer’s billing account information. The GET request doesn’t include a body, so the Content-type header isn’t used. 
curl --request GET \
    --url https://billing.1password.com/api/v1/partners/accounts/{customer_account_uid} \
    --header 'Authorization: Bearer YOUR_BEARER_TOKEN' \
    --header 'Accept: application/json'

Success response

A 200 response returns an Account object that provides information about the customer’s third-party billing account. 
{
	"customer_account_uid": "4266474b-6385-56d4-7b75-648096593064",
	"account_type": "F",
	"activation_token": "PNS-D5A75BT2",
	"domain": "1password.com",
	"status": "provisioned",
	"deployed_members": 1,
	"created_at": "2023-08-24T04:19:44Z",
	"updated_at": "2023-09-15T15:58:22Z",
	"ends_at": "2024-08-31T18:00:00Z"
}

Error responses

{
  "code": 403,
  "error": "forbidden",
  "description": "Invalid auth token."
}

{
  "code": 404,
  "error": "not_found",
  "description": "Failed to find the requested account."
}

{
  "code": 410,
  "error": "gone",
  "description": "The requested account is gone."
}

{
  "code": 500,
  "error": "internal_server_error",
  "description": "Internal server error"
}

Delete a billing account

DELETE <base_URL>/api/v1/partners/accounts/{customer_account_uid}
A DELETE call removes a customer’s third-party billing account from the partner billing service. Make sure to include the customer’s account UID as a path parameter.

Path Parameters

ParameterTypeDescription
customer_account_uid

Required

stringThe unique ID of the customer billing account to remove.

Request

Use the endpoint URL with your bearer token for the required request header to remove a customer’s billing account. The DELETE request and subsequent response don’t include a body, so the Content-type and Accept headers aren’t used. 
curl --request DELETE \
    --url https://billing.1password.com/api/v1/partners/accounts/{customer_account_uid} \
    --header 'Authorization: Bearer YOUR_BEARER_TOKEN' \

Success response

A 204 response is returned on successful deactivation and removal of a customer billing account. A GET request will no longer return account information for the customer account UID because the billing account has been deleted.

Error responses

{
  "code": 403,
  "error": "forbidden",
  "description": "Invalid auth token."
}

{
  "code": 404,
  "error": "not_found",
  "description": "Failed to find the requested account."
}

{
  "code": 500,
  "error": "internal_server_error",
  "description": "Internal server error"
}

Update a billing account end date

PATCH <base_URL>/api/v1/partners/accounts/{customer_account_uid}
A PATCH call lets you add, edit, or remove the end date for a customer’s billing account. Make sure to include the customer’s account UID as a path parameter.

Path Parameters

ParameterTypeDescription
customer_account_uid

Required

stringThe unique ID of the customer’s billing account.

Request

Use the endpoint URL with your bearer token and the required request headers. Include an object as a request body that contains the ends_at field. To add or update the date and time a customer’s billing account is scheduled to be removed from the partnership billing service, include a new date and time as the ends_at value, in the format defined by RFC 3339. To remove the end date and time from a customer’s billing account, use an empty string ("") or null as the value. 
curl --request PATCH \
    --url https://billing.1password.com/api/v1/partners/accounts/{customer_account_uid} \
    --header 'Authorization: Bearer YOUR_BEARER_TOKEN' \
    --header 'Accept: application/json' \
    --data '{
        "ends_at": "2024-08-31T13:00:00-05:00"
    }'

Success response

A 200 response returns an Account object that provides information about the customer’s third-party billing account, including the end date that has been added, edited, or removed from the billing account. 
{
	"customer_account_uid": "4266474b-6385-56d4-7b75-648096593064",
	"account_type": "F",
	"activation_token": "PNS-D5A75BT2",
	"domain": "1password.com",
	"status": "provisioned",
	"deployed_members": 1,
	"created_at": "2023-08-24T04:19:44Z",
	"updated_at": "2023-09-15T15:58:22Z",
	"ends_at": "2024-08-31T18:00:00Z"
}

Error responses

{
  "code": 403,
  "error": "forbidden",
  "description": "Invalid auth token."
}

{
  "code": 404,
  "error": "not_found",
  "description": "Failed to find the requested account."
}

{
  "code": 410,
  "error": "gone",
  "description": "The requested account is gone."
}

{
  "code": 500,
  "error": "internal_server_error",
  "description": "Internal server error"
}