🔐 Authentification
Toutes les requêtes API nécessitent une authentification avec votre clé de licence ou clé administrateur.
License Key Authentification
For merchant endpoints (phone lookup, events, license verify):
Authorization: Bearer YOUR_LICENSE_KEY X-Country: MA
Admin Key Authentification
For admin endpoints (merchant management, manual blacklist):
X-Admin-Key: YOUR_ADMIN_KEY X-Country: MA
ℹ️ Note: All requests must include
X-Country: MA header. Currently, only Morocco (MA) is supported.
📱 Recherche de téléphone & Risk Scoring
POST
/v1/phone/lookup
Vérifiez le score de risque d’un numéro, les informations opérateur et le statut de liste noire.
En-têtes de requête
| Header | Value | Required |
|---|---|---|
Authorization | Bearer YOUR_LICENSE_KEY | Required |
X-Country | MA | Required |
Content-Type | application/json | Required |
Corps de la requête
| Parameter | Type | Description | Required |
|---|---|---|---|
phone | string | Phone number (+212661234567 or 0661234567) | Required |
include_timeline | boolean | Include last 5 events for this phone | Optional |
Exemple de requête
curl -X POST https://api.dpd.ma/v1/phone/lookup \
-H "Content-Type: application/json" \
-H "X-Country: MA" \
-H "Authorization: Bearer DPD-STARTER-TEST-002" \
-d '{
"phone": "+212661234567",
"include_timeline": true
}'Réponse
{
"ok": true,
"phone": "+212661234567",
"country": "MA",
"carrier": { "code": "IAM", "label": "Maroc Telecom" },
"risk_score": 8,
"is_blacklisted": false,
"blacklisted_reason": null,
"cache_ttl_seconds": 3600,
"timeline": [
{
"event_type": "DELIVERED",
"order_total": "299.50",
"currency": "MAD",
"region": "Casablanca",
"created_at": "2026-02-01T21:47:49.589Z"
}
]
}Interprétation du score de risque
| Score | Risk Level | Recommendation |
|---|---|---|
| 80-100 | ✅ Faible risque | Sûr pour continuer |
| 50-70 | ⚠️ Risque moyen | Vérifier avant de continuer |
| 10-40 | 🚫 Risque élevé | Procéder avec prudence ou rejeter |
📊 Soumettre des événements
POST
/v1/phone/lookup (with event_type)
Signalez les résultats des commandes pour améliorer la précision du score de risque.
Corps de la requête (Additional Fields)
| Parameter | Type | Description | Required |
|---|---|---|---|
event_type | string | DELIVERED, PAID_ONLINE, REFUSED_COD, CANCELLED, NO_ANSWER, FRAUD_CONFIRMED | Optional |
context.order_total | number | Order amount | Optional |
context.currency | string | Currency code (MAD) | Optional |
context.region | string | Delivery region | Optional |
context.note | string | Additional notes | Optional |
Exemple de requête
curl -X POST https://api.dpd.ma/v1/phone/lookup \
-H "Content-Type: application/json" \
-H "X-Country: MA" \
-H "Authorization: Bearer DPD-STARTER-TEST-002" \
-d '{
"phone": "+212661234567",
"event_type": "DELIVERED",
"context": {
"order_total": 299.50,
"currency": "MAD",
"region": "Casablanca"
}
}'
✅ Best Practice: Submit events for all orders to improve scoring accuracy and help the entire merchant community.
🔑 Vérification de licence
POST
/v1/license/verify
Vérifiez le statut de votre licence et les limites d’utilisation quotidiennes.
Corps de la requête
| Parameter | Type | Description | Required |
|---|---|---|---|
site_url | string | Your registered website URL | Required |
email | string | Your registered email | Required |
⚙️ Endpoints administrateur
ℹ️ Administrateur uniquement : Ces endpoints nécessitent
X-Admin-Key authentication.
❌ Codes d’erreur
| Error Code | HTTP Status | Description |
|---|---|---|
LICENSE_MISSING | 401 | Jeton Bearer Authorization manquant |
LICENSE_INVALID | 403 | Licence invalide ou inactive |
LICENSE_EXPIRED | 403 | Abonnement expiré, renouvellement requis |
COUNTRY_NOT_ALLOWED | 403 | X-Country header must be MA |
DAILY_LIMIT_REACHED | 429 | Limite quotidienne d’utilisation API dépassée |
INVALID_PAYLOAD | 400 | La validation du corps de requête a échoué |
ADMIN_UNAUTHORIZED | 401 | X-Admin-Key manquant ou invalide |