API Reference
The Increase API is organized around REST. It has predictable resource-oriented URLs, accepts and returns JSON-encoded payloads, and uses standard HTTP response codes, authentication, and verbs.
While we're continually adding new features to the API, we're committed to doing so in a way that doesn't break existing integrations. You can read more in our versioning and backwards compatibility guide.
Authorization and Testing
The API accepts Bearer Authentication. When you sign up for an Increase account, we make you a pair of API keys: one for production and one for our sandbox environment in which no real money moves. You can create and revoke API keys from the dashboard and should securely store them using a secret management system.
Production API requests should be to https://api.increase.com
and sandbox requests should be to https://sandbox.increase.com
. We'll put these into environment variables to make our code examples easier to follow.
In the sandbox :
INCREASE_URL="https://sandbox.increase.com"
INCREASE_API_KEY="<secret>"
In production (you'll need to retrieve your API key from the dashboard):
INCREASE_URL="https://api.increase.com"
INCREASE_API_KEY="<secret>"
You can then make an API request like this using cURL:
curl --url "${INCREASE_URL}" \
-H "Authorization: Bearer ${INCREASE_API_KEY}"
OpenAPI
This reference also exists in OpenAPI 3 format. This spec is in beta and subject to change. If you find it useful, or have feedback, let us know!
OAuth
If you're interested in building an application that connects to other Increase users' data, you can build an OAuth application. Learn more about this in our OAuth guide.
Requests and Responses
When making a POST
request to the API, use a Content-Type
of application/json
and specify parameters via JSON in the request body:
curl -X "POST" \
--url "${INCREASE_URL}/accounts" \
-H "Authorization: Bearer ${INCREASE_API_KEY}" \
-H 'Content-Type: application/json' \
-d $'{
"name": "New Account!"
}'
When making a GET
request to the API, you should specify parameters in the query string of the URL. Join nested parameters, such as timestamp-based filters, with a .
– for example, created_at.before
:
curl \
--url "${INCREASE_URL}/transactions?created_at.before=2022-01-15T06:34:23Z&created_at.after=2022-01-08T06:34:16Z" \
-H "Authorization: Bearer ${INCREASE_API_KEY}"
All responses from the API will have a Content-Type
of application/json
.
Object Lists
List endpoints return a wrapper object with the data and a cursor. The API will return the next page of results if you submit the next_cursor
as a query parameter with the name cursor
. Any filter parameters passed to the original list request must be included if next_cursor
is specified. The maximum (and default) page size is 100 objects. You can adjust it using the limit
parameter.
{
"data": [],
"next_cursor": "RWFzdGVyIGVnZw=="
}
Errors
The API uses standard HTTP response codes to indicate the success or failure of requests. Codes in the 2xx range indicate success; codes in the 4xx and 5xx range indicate errors. Error objects conform to RFC 7807 and can be distinguished by their type
attribute.
{
"detail": "There's an insufficient balance in the account.",
"status": "400",
"title": "The action you specified can't be performed on the object in its current state.",
"type": "invalid_operation_error"
}
Idempotency
The API supports idempotency for safely retrying requests without accidentally performing the same operation twice. This is useful when an API call is disrupted in transit and you do not receive a response. For example, if a request to create an ACH Transfer does not respond due to a network connection error, you can retry the request with the same idempotency key to guarantee that no more than one transfer is created.
To perform an idempotent request, provide an additional, unique Idempotency-Key
request header per intended request. We recommend using a V4 UUID. Reusing the key in subsequent requests will return the same response code and body as the original request along with an additional HTTP header (Idempotent-Replayed: true
). This applies to both success and error responses. In situations where your request results in a validation error, you'll need to update your request and retry with a new idempotency key.
Idempotency keys will persist in the API for at least 1 hour. If an original request is still being processed when an idempotency key is reused, the API will return a 409 Conflict error. Subsequent requests must be identical to the original request or the API will return a 422 Unprocessable Entity error. We discourage setting an idempotency key on GET
and DELETE
requests as these requests are inherently idempotent.
curl -X "POST" \
--url "${INCREASE_URL}/accounts" \
-H "Authorization: Bearer ${INCREASE_API_KEY}" \
-H 'Idempotency-Key: RANDOM_UUID' \
-H 'Content-Type: application/json' \
-d $'{
"name": "New Account!"
}'