This guide outlines important concepts to consider when developing an integration with the Push Cash API.

Authentication

The API uses a persistent API key to authenticate requests. Provide the key using the Authorization header with the value Bearer YOUR_API_KEY. Requests that fail authentication return a 401 (Unauthorized) status code.

In order to test your API keys, you can make a request to the /keys/verify endpoint in either sandbox or production

curl -X POST -H 'Authorization: Bearer '$APIKEY https://sandbox.pushcash.com/keys/verify

If the API key is valid, the API will respond with a status code of 200 (OK) and the name of your organization

Idempotency

Idempotency is supported for safely retrying requests to the create-intent and create-user endpoints. If a duplicate request is made with the same value for X-Idempotency-Key as a previous request, the API will return a cached response.

Rate Limiting

The Push Cash API rate-limits requests to ensure stable and reliable service for all users. All rate limits are evaluated on a sliding 1 hour window. Requests subject to rate limiting will include the following response headers:

  • X-RateLimit-Limit: The maximum number of requests that can be made to the endpoint in a window.
  • X-RateLimit-Remaining: The number of requests remaining in the current window.
  • X-RateLimit-Reset: The time at which the current window will reset.

When a request exceeds the rate limit, the API will respond with a status code of 429 (Too Many Requests). Requests that are issued from your backend and authenticated with an API token are subject to the following rate limits:

  • Create: 100 requests
    • Creating new users, intents
  • Read: 1,000 requests
    • Getting or listing existing objects