Straddle API
Introduction
Built on REST principles, the Straddle API uses intuitive, resource-oriented URLs and communicates via JSON-encoded request bodies and responses. We employ standard HTTP methods, authentication, and status codes to ensure consistency and predictability.
Environments
Straddle provides two separate environments to support your development workflow: the Sandbox environment for testing and development, and the Production environment for live transactions.
Environment | Base URL | Purpose |
---|---|---|
Sandbox | https://sandbox.straddle.io |
Testing and development |
Production | https://production.straddle.io |
Live transactions |
Warning: Always ensure you're using the correct environment and API keys. Using Sandbox credentials in Production will cause requests to fail and negatively impact the user experience.
Authentication
Straddle uses Bearer Token authentication via JWT API keys. Include your secret API key in the Authorization
header of every request:
curl https://sandbox.straddle.io/v1/customers \
-H "Authorization: Bearer YOUR_SECRET_API_KEY"
Generate an API Key
Generate an API key from the Straddle Dashboard:
- Log in to your Straddle Dashboard.
- Navigate to Developers > API Keys.
- Click Create API Key to generate a new key.
Warning: Your secret API key grants full access to your Straddle account. Keep it secure and never share it publicly or include it in client-side code.
Sandbox and Production Environments
Straddle provides separate API keys for sandbox and production environments:
- Sandbox API Keys: Use these keys for development and testing.
- Production API Keys: Use these keys in production when you're ready to accept real transactions.
Tip: Always test your integration thoroughly using sandbox API keys before switching to production keys.
Keep your API keys secure
Follow these guidelines to keep your API keys secure:
- Keep Secret Keys Confidential: Do not share your secret keys in emails, chat messages, or public repositories.
- Use Environment Variables: Store keys securely using environment variables or a secrets management system.
- Rotate Keys Regularly: Periodically rotate your API keys to reduce risk.
- Monitor Usage: Regularly review your API logs in the Dashboard for any suspicious activity.
With authentication and environments configured, you can start making requests to Straddle's API. Keep reading to learn more.
Response Structure
The Straddle API provides responses with consistent structure to ensure readability and ease of integration. All API responses follow these conventions to ensure consistency and ease of integration across different client applications.
- Field Naming
- Use
snake_case
for all field names - Use descriptive full words, except common acronyms (e.g.,
dob
,SSN
)
- Use
- Resource IDs
- All IDs are UUIDs for cross-system uniqueness and compatibility
- Response Type (
response_type
)"object"
: Single resource response"array"
: List of resources, typically paginated"error"
: Error response with details inerror
field
- Primary Data (
data
)- Contains main response payload
- Holds resource(s) for
"object"
and"array"
types - For
"error"
type, error details go inerror
field
- Meta Information (
meta
)- Standard fields:
api_request_id
: Unique request identifierapi_request_timestamp
: ISO 8601 request time (e.g.,"2023-11-07T05:31:56Z"
)
- Pagination fields (for
"array"
responses):page_number
: Current pagepage_size
: Items per pagetotal_items
: Total available itemssort_order
:"asc"
or"desc"
sort_by
: Sort field name
- Standard fields:
Examples
Single-Object Response
{
"meta": {
"api_request_id": "3a2b1c4d-0e6f-4a88-9876-123456abcdef",
"api_request_timestamp": "2023-11-07T05:31:56Z"
},
"response_type": "object",
"data": {
"id": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d",
"name": "John Doe",
"email": "[email protected]",
"dob": "1990-01-01",
"address": {
"street": "123 Main St",
"city": "Springfield",
"state": "IL",
"postal_code": "62701"
}
}
}
Paginated List Response
{
"meta": {
"api_request_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
"api_request_timestamp": "2023-11-07T05:31:56Z",
"page_number": 2,
"page_size": 50,
"total_items": 500,
"sort_order": "asc",
"sort_by": "name"
},
"response_type": "array",
"data": [
{
"id": "c1b1b1b1-1b1b-1b1b-1b1b-1b1b1b1b1b1b",
"name": "John Doe",
"email": "[email protected]"
},
{
"id": "a9b1b1b1-1b1b-1b1b-1b1b-1b1b1b1b1b1b",
"name": "Steven Martin",
"email": "[email protected]"
}
]
}
Error Response
{
"meta": {
"api_request_id": "f1b1b1b1-1b1b-1b1b-1b1b-1b1b1b1b1b1b"
},
"response_type": "error",
"error": {
"status": 400,
"type": "/field_validation",
"title": "Invalid Input Data",
"detail": "The request contains invalid field values.",
"items": [
{
"reference": "customer.email",
"detail": "Email address must be unique."
}
]
}
}
Best Practices for Handling Responses
- Check the
response_type
: Determine how to parse the response based on theresponse_type
field. - Handle Pagination: Use pagination metadata to navigate through paginated data effectively.
- Implement Robust Error Handling: Examine the
error
object in error responses to understand and address issues. - Log
api_request_id
: Record theapi_request_id
for each request to assist with troubleshooting and support. - Access Data via
data
Property: Retrieve the main payload from thedata
property for successful responses. - Synchronize Timestamps: Use
api_request_timestamp
for event logging and synchronization. - Consistent Parsing Logic: Apply a consistent parsing strategy across all responses for reliability.
- Avoid Sensitive Data in Logs: When logging responses, ensure that sensitive information is excluded to maintain security.
By adhering to these practices, you can build a robust integration with the Straddle API that gracefully handles various response scenarios.
Metadata
Metadata allows you to attach custom key-value pairs to Straddle objects like customers
, charges
, and payouts
. Use metadata to store additional information important to your business that isn't captured by Straddle's standard fields.
Important: Do not confuse the
metadata
field with themeta
object. Themeta
object contains system-level information about the API request, whilemetadata
is for custom data you provide.
Adding Metadata
You can add metadata when creating or updating objects through the Straddle API. Here's how:
Adding Metadata When Creating a Customer
Include a metadata
object in your request:
{
"name": "John Doe",
"type": "individual",
"email": "[email protected]",
"address": {
"address1": "123 Main St",
"address2": null,
"type": "residential",
"city": "Springfield",
"state": "IL",
"zip": "62701"
},
"phone": "+1234567890",
"external_id": "CUS-123",
"device": {
"ip_address": "192.168.1.1"
},
"metadata": {
"order_id": "6735",
"customer_group": "premium"
}
}
Tips
- Use Consistent Keys: Establish and follow a consistent naming convention for your metadata keys.
- Keep It Simple: Store simple key-value pairs. For complex data, store a reference ID in metadata and keep the full data in your own database.
- Avoid Sensitive Data: Do not store sensitive information like credit card numbers or social security numbers in metadata.
Limitations
- Metadata keys and values must be 40 characters or fewer.
- You can have up to 20 key-value pairs in the
metadata
object.
Embedded Accounts
Platforms building on Embed can make API calls on behalf of their embedded accounts, allowing you to perform actions for your users seamlessly. To issue requests as an embedded account, include the Straddle-Account-Id
header with the embedded account's ID (prefixed with acct_
) in each request. You can make API calls for your embedded accounts in two ways:
- Server-side: Use the
Straddle-Account-Id
header with the embedded account ID in each request. - Client-side: Pass the
Straddle-Account-Id
as an argument when initializing the Straddle client library.
Note: To ensure optimal performance and reliability, Straddle enforces rate limits on API endpoints. These limits apply collectively to all requests made by your platform, including those made on behalf of embedded accounts.
Server-side Requests Using the Straddle-Account-Id
Header
When making server-side API calls, include the Straddle-Account-Id
header with the embedded account's ID to execute requests on their behalf.
Example: Creating a Charge
The following example demonstrates how to create a charge using your platform's secret API key and your user's account ID.
curl --request POST \
--url https://api.straddle.io/v1/charges \
--header 'Authorization: Bearer <your-secret-api-key>' \
--header 'Content-Type: application/json' \
--header 'Straddle-Account-Id: <uuid>' \
--data '{
"paykey": "<string>",
"description": "<string>",
"amount": 123,
"currency": "<string>",
"payment_date": "2023-12-25",
"consent_type": "internet",
"device": {
"ip_address": "<string>"
},
"external_id": "<string>",
"config": {
"balance_check": "required"
},
"metadata": {}
}'
Client-side Requests
To make client-side API calls on behalf of an embedded account, pass the embedded account ID when initializing the Straddle client. This feature is coming soon.
Warning: Exercise caution when making client-side requests as an embedded account. Ensure you are not exposing sensitive information or providing unnecessary permissions to the client.
Errors
Straddle uses standard HTTP status codes to indicate the success or failure of API requests. Understanding these codes and how to handle errors will help you build robust and user-friendly applications.
Here is a summary of the HTTP status and error codes that Straddle may return:
Status Code | Type | Description |
---|---|---|
200 | OK | The request was successful, and the response contains the expected data. |
400 | Bad Request | The request was invalid, often due to missing or incorrect parameters. |
401 | Unauthorized | No valid API key was provided with the request. |
403 | Forbidden | The API key doesn't have the necessary permissions to perform the request. |
404 | Not Found | The requested resource does not exist. |
409 | Conflict | The request conflicts with another request (e.g., using the same idempotency key). |
422 | Unprocessable Entity | The request was well-formed but could not be processed due to semantic errors. |
429 | Too Many Requests | Too many requests have been made in a short period of time. Implement exponential backoff and retry later. |
500, 502, 503, 504 | Server Errors | Server errors—something went wrong on Straddle's end. These errors are rare. |
Error Type | Description |
---|---|
invalid_request_error |
Occurs when the request has invalid parameters, such as missing required fields or invalid values. |
validation_error |
Occurs when the request data fails Straddle's validation checks, like providing an invalid address or unsupported payment method. |
authentication_error |
Occurs when the provided API key is invalid or lacks the necessary permissions for the requested action. |
api_error |
Covers any other type of problem, such as temporary issues with Straddle's servers. These errors are rare. |
When an error occurs, Straddle returns an HTTP response with the appropriate status code and a JSON body containing an error
object with details about the error.
Error Response Structure
When an error occurs, Straddle returns an HTTP response with the appropriate status code and a JSON body containing an error
object with details about the error.
The error
object includes the following attributes:
Attribute | Type | Description |
---|---|---|
status |
integer | The HTTP status code returned. |
type |
string | A string identifying the type of error. Possible values are api_error , invalid_request_error , validation_error , or authentication_error . |
title |
string | A short description of the error type. |
detail |
string | A detailed message about the error. |
items |
array | (Optional) An array of objects providing more specific details about individual errors. |
items[].reference |
string | An identifier related to the error, such as a field name or error code. |
items[].detail |
string | A detailed description of the specific error. |
Example Error Response
Here's an example of a validation error response:
{
"meta": {
"api_request_id": "3a2b1c4d-0e6f-4a88-9876-123456abcdef",
"api_request_timestamp": "2023-11-07T05:31:56Z"
},
"response_type": "error",
"error": {
"status": 400,
"type": "validation_error",
"title": "Invalid Input Data",
"detail": "The request contains invalid field values.",
"items": [
{
"reference": "customer.email",
"detail": "Email address must be unique."
}
]
}
}
- The error type is
validation_error
, indicating issues with the input data. - The
items
array provides specific details about which field caused the error.
Sandbox environment