This guide outlines important concepts to consider when developing an integration with the Push Cash API.

Authentication

The API uses a persistent API key to authenticate requests. Provide the key using the Authorization header with the value Bearer YOUR_API_KEY. Requests that fail authentication return a 401 (Unauthorized) status code. In order to test your API keys, you can make a request to the /keys/verify endpoint in either sandbox or production 
curl -X POST -H "Authorization: Bearer $APIKEY" https://sandbox.pushcash.com/keys/verify
If the API key is valid, the API will respond with a status code of 200 (OK) and the name of your organization

Idempotency

Idempotency is supported for retrying POST requests. If a duplicate request is made with the same value for X-Idempotency-Key as a previous request, the API will return a cached response.

Rate Limiting

The Push Cash API rate-limits requests to ensure stable and reliable service for all users. All rate limits are evaluated on a sliding 1 hour window. Requests subject to rate limiting will include the following response headers:
  • X-RateLimit-Limit: The maximum number of requests that can be made to the endpoint in a window.
  • X-RateLimit-Remaining: The number of requests remaining in the current window.
  • X-RateLimit-Reset: The time at which the current window will reset.
When a request exceeds the rate limit, the API will respond with a status code of 429 (Too Many Requests). Requests that are issued from your backend and authenticated with an API token are subject to the following rate limits:
  • Create: 100 requests
    • Creating new users, intents
  • Read: 1,000 requests
    • Getting or listing existing objects