Skip to main content

API Overview

The ZendFi API is a REST API that accepts JSON request bodies and returns JSON responses. All endpoints are versioned under /api/v1/.

Base URL

Both test and live modes share the same base URL. The API key in your Authorization header determines which Solana network is used.

Request Format

All requests must include:

Authentication

Protected endpoints require a valid API key as a Bearer token:
See Authentication for details on key formats and management.

Idempotency

For write operations (POST, PUT, PATCH), include an Idempotency-Key header to make retries safe.
  • The key is scoped per merchant and endpoint.
  • Repeating the same key with the same request payload returns the original response.
  • Reusing the same key with a different payload returns 409 conflict.
  • If an identical request with the same key is still processing, the API can return 409 in-flight conflict (idempotency_in_flight).
  • Stored idempotency records expire after 24 hours.
The SDK generates idempotency keys automatically when idempotencyEnabled is true (the default). The CLI also sends idempotency keys for write requests and supports explicit keys on core payment/intent commands.

Error Format

All errors follow a consistent structure:

HTTP Status Codes

Common Error Codes

Rate Limits

Requests are rate-limited per merchant account: Rate limit information is included in response headers:
When the limit is exceeded, the API returns 429 with a JSON body indicating when to retry.

Pagination

List endpoints support pagination via query parameters:

Correlation IDs

Every API request is assigned a unique correlation ID, available in the response headers:
Include this ID when contacting support to help trace issues quickly.

Mode Header

Every response includes a header indicating which mode processed the request:
This helps verify that your application is hitting the expected network (devnet or mainnet).

Supported Currencies and Tokens

Sub-Account Programmable Controls

ZendFi sub-accounts now include programmable controls for policy enforcement, execution gating, reactive triggers, and balance automation.