These APIs are designed to be leveraged by integrating partners and merchants to fulfill a variety of non-consumer UX integration use-cases. If you are a new partner that is interested in establishing a partnership and building technical integration with the Thanx platform, please reach out to

For partners who already have API access, each API credential is configured with an agreed upon scope — granting access to a subset of the API endpoints available. Each partnership API endpoint has a section describing the required scopes. The GET /scopes endpoint can be used to list the scopes your API credentials have access to.


All integrations should be developed against the sandbox Thanx API environment. Before production API credentials are issued, integrations should be certified with the Thanx team.

Relevant API hosts:

  • Sandbox -
  • Production -


Once your integration has been built and developed against the sandbox environment, please reach out to go through a lightweight but mandatory certification process. For basic integration use-cases, certification is quick and normally takes no more than a few days depending on the scope of integration. This process is mainly designed to ensure the integration is working as intended without risking any negative impact on live customers (merchant or consumer).

Each net new integration use-case should be re-certified as new use-cases will very likely require different scoping.

Launching new merchants on certified integration use-cases does not require re-certification.


Upon gaining access to the Thanx APIs, integration partners will be issued the following:

  • Client ID - used in the required Authorization header
  • Access Token - used in the required X-ClientId header

These credentials grant access to all merchants that have explicitly opted into the specified integration. All merchants accessible to these credentials can be listed in GET /merchants.


AuthorizationBearer {access_token}This value should be set to provided access token
X-ClientId{client_id}This value should be set to the provided client ID
Accept-Versionv4.0This value must be specified in API calls. This denotes the current API version that is in use. Any other value specified will cause undefined behavior and may risk API access revokation.
Content-Typeapplication/jsonThis value specifies the request body format. Only JSON is supported at this time.
User-Agent{partner}/1.0.0This value should be set to something that indicates the name of the partner. This is useful for debugging purposes.

Global Rate Limits

Integration partners should not exceed a rate of 5 requests per second and 2,000 requests per 15 minutes. These default rate limits are hard-limits and APIs will return 429 Too Many Requests once these limits are crossed.

Rate-limited API requests can and should be retried. One such strategy to handle this is through an exponential backoff strategy.

Should your specific integration use-case require higher API throughput, please reach out to to request an increase to these default values.