Cashonrails API Basics
Before you begin!
You should create a free Cashonrails account that you can test the API against. We will provide you with test keys that you can use to make API calls.
The Cashonrails API gives you access to pretty much all the features you can use on our dashboard and lets you extend them for use in your application. It strives to be RESTful and is organized around the main resources you would be interacting with - with a few notable exceptions.
Postman API Collection
To help you get started quickly with our API, we’ve created a comprehensive Postman collection that includes all available endpoints, request examples, and sample responses.
Using the Collection
-
Access the Collection: Our official Postman collection is available here
-
Import to Postman: Click the “Run in Postman” button on the collection page or use the Postman app to import via URL
-
Configure Environment: Set up your environment variables including your API key and other authentication details
-
Explore and Test: Browse through the available requests organized by category (Payments, Transfers, etc.) and test them directly from Postman
The collection is regularly updated to reflect the latest API changes and includes detailed documentation for each endpoint.
Benefits
- Quickly understand available endpoints and required parameters
- Test API responses without writing code
- Use request examples as a reference for your implementation
- Explore advanced features through pre-built request examples
Request Authorization Header
To ensure the authenticity of API requests, all requests must include the Authorization header with a Bearer Token containing your live or test secret key.
Authorization: Bearer {{ secret_key }}Webhook Authorization Header
To ensure the authenticity of webhooks sent to your server, set the webhook key in your dashboard. This key will be sent as an Authorization header with a Bearer Token containing your webhook key.
Authorization: Bearer {{ webhook_key }}HTTP Methods
| Method | Description |
|---|---|
| POST | Used to create new resources |
| GET | Used to retrieve resources |
| PUT | Used to update existing resources |
| DELETE | Used to remove resources |
Sample Requests
We provide sample API calls next to each method using cURL. All you need to do is insert your specific parameters, and you can test the calls from the command line. See this tutorial on using cURL with APIs.
Requests and Responses
Both request body data and response data are formatted as JSON. Content type for responses will always be application/json. Generally, all responses will be in the following format:
Response Keys
| Key | Type | Description |
|---|---|---|
| success | Boolean | This lets you know if your request was successful or not. We recommend that you use this in combination with HTTP status codes to determine the result of an API call. |
| message | String | This is a summary of the response and its status. For instance when trying to retrieve a list of customers, message might read “Customers retrieved”. In the event of an error, the message key will contain a description of the error as with the authorization header situation above. This is the only key that is universal across requests. |
| data | Object | This contains the results of your request. It can either be an object, or an array depending on the request made. For instance, a request to retrieve a single customer will return a customer object in the data key, while the key would be an array of customers if a list is requested instead. |
HTTP Status Codes
Cashonrails uses conventional HTTP response codes to indicate the success or failure of API requests. Here’s what each code means in the context of Cashonrails operations:
Success Codes
| HTTP Status Code | Meaning | Cashonrails Context |
|---|---|---|
| 200 | OK | The request was successful. This is returned for most successful GET requests. |
| 201 | Created | The request was successful and a resource was created. This is returned for successful POST requests that create new resources like transactions or customers. |
| 202 | Accepted | The request has been accepted for processing. This is often returned when a payment is still being processed but has been queued successfully. |
| 204 | No Content | The request was successful but there is no content to return. This is typically returned for successful DELETE operations. |
Client Error Codes
| HTTP Status Code | Meaning | Cashonrails Context |
|---|---|---|
| 400 | Bad Request | The request was malformed or had invalid parameters. For example, when creating a transaction with an invalid amount or currency. |
| 401 | Unauthorized | No valid API key was provided or the key used is incorrect. Check that you’re using the correct secret key. |
| 403 | Forbidden | The API key doesn’t have permissions to perform the request. This can happen if you’re using a test key for a live endpoint or trying to access a feature your account tier doesn’t support. |
| 404 | Not Found | The requested resource doesn’t exist. For example, when trying to retrieve a transaction with an invalid ID. |
| 405 | Method Not Allowed | The HTTP method used is not valid for the endpoint. For example, trying to DELETE a transaction when only GET, POST, and PUT are allowed. |
| 409 | Conflict | The request conflicts with the current state. This might occur when trying to create a duplicate unique resource, such as a customer with an email that already exists. |
| 415 | Unsupported Media Type | The content type of the request is not supported. Ensure you’re sending JSON data with the correct content-type header. |
| 422 | Unprocessable Entity | The request data was valid but the server couldn’t process it. This often happens when a transaction is declined due to insufficient funds or fraud checks. |
| 429 | Too Many Requests | You’ve exceeded the API rate limits. Slow down your request rate and implement exponential backoff retry strategies. |
Server Error Codes
| HTTP Status Code | Meaning | Cashonrails Context |
|---|---|---|
| 500 | Internal Server Error | Something went wrong on Cashonrails’ end. Retry your request after a short delay and contact support if the issue persists. |
| 502 | Bad Gateway | Cashonrails is down or being upgraded. Try again later. |
| 503 | Service Unavailable | The Cashonrails servers are up, but overloaded with requests. Try again later. |
| 504 | Gateway Timeout | The Cashonrails servers didn’t respond in time. Try again later and check our status page for any ongoing issues. |
IP Whitelisting
IP whitelisting adds an extra layer of security by allowing only specified IP addresses to make API requests using your API keys.
To whitelist your IP addresses send an email from your registered email address to support@cashonrails.com
Sample email format:
Subject: IP Whitelisting Authorization Request
Message body:
Dear Cashonrails Admin,
We, **{business name}**, with Business ID **{business ID}**, hereby authorize the whitelisting of the following IP address(es) for our account:
192.168.1.1
192.168.1.2
Best regards,
[Your Full Name]
[Your Position]