New to the API? Read Authentication next. Every request requires an API key, and payment requests require a signature on top of that.
Base URLs
Every request you make goes to one of two base URLs depending on your stage of development. The two environments are completely separate: separate keys, separate accounts, separate transaction history.Versioning
All endpoints are available under the/api/v1/ path prefix. For example:
- We will never remove or make breaking changes to a version without at least 6 months advance notice.
- New fields may be added to responses at any time. Your code should ignore fields it does not recognise.
- When a new version is released, the previous version continues to work until its end-of-life date is announced.
- Version deprecation notices are published in the Changelog and emailed to all active API key holders.
“Breaking change” means removing a field, renaming a field, changing a field’s data type, or changing the meaning of an existing error code. Adding new optional fields or new error codes is not considered a breaking change.
Request Format
All request and response bodies use JSON (application/json) unless you are uploading files, in which case use multipart/form-data.
Standard Request Headers
Every request must include the headers marked as required. The optional headers are strongly recommended for production use.Response Format
Standard Response Headers
Every response from the API includes these headers. Check them, especially the quota headers, when building production-grade integrations.Success Response Envelope
All successful responses wrap the returned data in a consistent envelope. Thedata field contains the resource or result you requested.
Always
true for successful responses. If this field is false, the response is an error. Check the code field.A two-character code.
"00" means success. Non-zero codes indicate specific outcomes. See the Error Reference for the full list.A human-readable summary of what happened. Do not parse this string in code. Use
responseCode for programmatic checks.The payload. Its structure depends on the endpoint. Each endpoint in this reference documents the fields inside
data.Error Response Format (RFC 7807)
When something goes wrong, the API returns an error in the RFC 7807 Problem Details format. It’s an industry standard. If you’ve worked with other modern APIs, you may recognise it.A URI that uniquely identifies this error type. You can open it in a browser for documentation on the specific error.
A short, human-readable summary of the error type. Stable, does not change between occurrences of the same error.
The HTTP status code for this error. Matches the actual HTTP response status.
A human-readable explanation specific to this occurrence of the error. May include amounts, account numbers, or field names to help you diagnose the issue.
The endpoint path where the error occurred.
The correlation ID for this specific request. Include this when contacting support. It is the fastest way to find your request in our logs.
A machine-readable error code. Use this in your code to handle specific errors programmatically. See the full error code list.
Pagination
Endpoints that return lists accept two query parameters to control paging:
The response envelope includes a
pagination object inside data:
Total number of items across all pages.
Total number of pages given the current
pageSize.page by 1 and repeat the request with the same pageSize.
Timestamps and Timezone
All timestamps in request and response bodies use ISO 8601 format and are expressed in WAT (West Africa Time, UTC+1).+01:00 offset. If you pass a UTC timestamp (with Z or +00:00), the API will accept it and convert it internally, but the response timestamps will always be returned in WAT.
