API Reference
Conto publishes its REST API reference from the same OpenAPI source used by the in-app Swagger viewer. If you are onboarding a customer or integration partner, start with the interactive reference below and pair it with the authentication and operational guides in this page.Primary References
Authentication
Use the credential type that matches the API surface you are calling:
See /sdk/authentication for the full key matrix, expiration behavior, and
scope model.
Base URLs
Common Integration Paths
- Agent payment flow: Start with /sdk/payments for request, approval, execution, and status flows.
- Org provisioning and control-plane automation: Use /sdk/admin for agents, wallets, policies, and SDK key lifecycle management.
- External-wallet approval flows: Use /guides/external-approvals when Conto evaluates a payment but your infrastructure broadcasts the transaction.
- Service-to-service micropayments: Use /guides/x402-api-payments or /guides/mpp-session-payments for x402 and MPP flows.
Operational Expectations
POST /api/sdk/payments/requestsupportsidempotencyKeyfor safe client retries.- SDK keys always expire automatically: default lifetime is 365 days and the maximum is 730 days.
- Org API keys always expire too:
expiresInDaysdefaults to 365 and is capped at 365. - Webhook endpoints must be public HTTPS URLs and should verify Conto signatures on every request.
- Rate limits differ between SDK routes and dashboard routes; design clients to honor
429andRetry-After.