Mintcash
API reference

Authentication

Every request is authenticated with HTTP Basic Auth using your API key pair. Use test keys against the sandbox, live keys against production — never mix the two.

API key pair

Every merchant account ships with two key pairs:

EnvironmentPublic key prefixSecret key prefixHits
Testpk_test_…sk_test_…Sandbox
Livepk_live_…sk_live_…Production

The secret key is shown once at creation. If you lose it, your account manager can rotate it — but the old key stops working immediately.

Treat the secret key like a password

Never commit it to git, never log it, never paste it into a browser. If you suspect compromise, ask us to rotate immediately.

Sending requests

Use HTTP Basic Auth — <public_key>:<secret_key>, base64 encoded.

curl https://sandbox.mintcash.me/payments \
  -u "pk_test_xxx:sk_test_yyy" \
  -H "Content-Type: application/json" \
  -d '{ "amount": 4999, "currency": "USD", "externalId": "order_123" }'
const auth = Buffer.from(`${publicKey}:${secretKey}`).toString("base64");

await fetch("https://sandbox.mintcash.me/payments", {
  method: "POST",
  headers: {
    Authorization: `Basic ${auth}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    amount: 4999,
    currency: "USD",
    externalId: "order_123",
  }),
});
import httpx

r = httpx.post(
    "https://sandbox.mintcash.me/payments",
    auth=(public_key, secret_key),
    json={"amount": 4999, "currency": "USD", "externalId": "order_123"},
)

IP allow lists

Live keys can be locked to one or more source IPs. Requests from any other origin return 403 permission_denied with code: "ip_not_allowed". Sandbox keys default to "any IP" — switch this on before going live.

IP allow lists aren't enabled by default. To turn them on, contact your MintCash representative.

Common failures

HTTPCodeMeans
401unauthenticatedMissing, malformed, or revoked credentials
403permission_deniedInactive merchant, or IP not allowed

The full taxonomy is in Errors.

API reference

REST endpoints for payments, subscriptions, refunds, and API key management. Every endpoint is interactive — fill in your test key and send real requests from the page.

Payments

Create one-time charges and look them up by ID. Supports both hosted payment pages (HPP) and saved-card token flows.

On this page

API key pairSending requestsIP allow listsCommon failures