Skip to main content

API Reference

Conto publishes its REST API reference from the same OpenAPI source used by the in-app Swagger viewer. If you are onboarding a customer or integration partner, start with the interactive reference below and pair it with the authentication and operational guides in this page.

Primary References

Authentication

Use the credential type that matches the API surface you are calling: See /sdk/authentication for the full key matrix, expiration behavior, and scope model.

Base URLs

Common Integration Paths

Operational Expectations

  • POST /api/sdk/payments/request supports idempotencyKey for safe client retries.
  • SDK keys always expire automatically: default lifetime is 365 days and the maximum is 730 days.
  • Org API keys always expire too: expiresInDays defaults to 365 and is capped at 365.
  • Webhook endpoints must be public HTTPS URLs and should verify Conto signatures on every request.
  • Rate limits differ between SDK routes and dashboard routes; design clients to honor 429 and Retry-After.