Overview

The API is organized into the following modules:

• Cards - Manage virtual cards, card policies, and transactions
  • Managed Cards (create, list, update status)
  • Card Policies (create, list, update)
  • Card Transactions (list, filter)
• Banking - Connect and manage bank accounts
  • Bank Connections (connect, disconnect, sync)
  • Bank Accounts (list, get details)
  • Bank Transactions (list, filter)
• Team - Manage teams and memberships
  • Teams (create, list, update, delete)
  • Team Members (list, invite, remove)
  • Team Invitations (create, accept, revoke)
  • Team Subscription (view status)
• Billing - Handle subscriptions and payments
  • Subscription Plans (list available plans)
  • Subscriptions (create, cancel, resume)
  • Customer Portal (manage billing)

Authentication

All API endpoints require authentication using a session token. The token should be included in the Authorization header:

Authorization: Bearer <session_token>

Common Parameters

Most endpoints require a teamId parameter to scope the operation to a specific team. Users can only access resources belonging to teams they are members of.

Error Handling

All endpoints return standard error responses:

{
  code: "UNAUTHORIZED" | "NOT_FOUND" | "CONFLICT" | "INTERNAL_SERVER_ERROR"
  message: string
}

Rate Limiting

API requests are rate-limited based on the client IP address and authentication token. The current limits are:

• Authenticated requests: 1000 requests per minute
• Unauthenticated requests: 60 requests per minute

Rate limit headers are included in all responses:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1619123456