# API Reference

Resolve provides two APIs for integration:

- **[Merchant API](/merchant-api/openapi)** — Direct merchant integrations for customers, invoices, payouts, and more.
- **[Partners API](/partners-api/openapi)** — Platform and marketplace integrations for managing sub-merchants.


## Getting Started

Resolve offers both server-side and client-side integrations. This documentation covers the server-side APIs. Refer to our [e-commerce plugin guides](https://docs.resolvepay.com/docs/) for details on client-side checkout solutions.

There is a sandbox API available for testing, which leverages the same data store as your sandbox dashboard. Testing on sandbox won't affect your live data or create money movements.

| Environment | Base URL |
|  --- | --- |
| Production | `https://app.resolvepay.com/api/` |
| Sandbox | `https://app-sandbox.resolvepay.com/api/` |


## Authentication

Before using the API, [reach out](https://resolvepay.com/contact-sales) and get your Resolve account created. This account enables access to the credentials that are necessary for API access.

Resolve supports two authentication methods for the Merchant API and Partners API:

1. [HTTP Basic Auth](https://en.wikipedia.org/wiki/Basic_access_authentication), where the username is your merchant ID and the password is your secret API key.
2. [OAuth 2.0 Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4), using an OAuth access key created in Merchant Dashboard to mint a bearer token.


Authentication method availability depends on your merchant configuration in `Settings > Integrations > Direct API`.
Basic Auth requests require Basic Auth to be enabled. OAuth requests require OAuth to be enabled.

Basic Auth example:


```bash
curl https://app.resolvepay.com/api/customers \
  -u <merchant_id>:<secret_key>
```

OAuth bearer token example:


```bash
curl https://app.resolvepay.com/api/customers \
  -H "Authorization: Bearer <access_token>"
```

For setup and usage guides, see:

- [Direct API Access and Authentication](/guides/direct-api-access-and-authentication)
- [Mint an Access Token with an OAuth Access Key](/guides/mint-an-access-token)


## Pagination

All top-level API resources have support for bulk fetches via "list" API methods. These list API methods share a common structure, taking at least two parameters: `limit` and `page`.

- `count` - represents total amount of records, satisfying the request query.
- `page` - a multiplier value, which gets applied to the `limit` and shows what position records are being returned from. For example, if `limit = 20` and `page = 5`, then maximum `20` records will be returned from position `5 * 20 = 100`.
- `limit` - maximum amount of records, which can be returned.
- `results` - array of records being returned. If no records satisfy request condition, the array will be empty.


## Rate Limits

To ensure platform reliability and fair use, Resolve implements rate limits for the REST API.

Resolve APIs use the Sliding Window algorithm to monitor and control request rates with a **100 requests/minute** limit. The API will return a `429 Too Many Requests` status if the amount of requests exceeds rate limits.

All responses from Resolve APIs will include the following headers:

- `X-Ratelimit-Limit`: The maximum amount of requests permitted within a 60-second period.
- `X-Ratelimit-Remaining`: The remaining requests within the current period.
- `X-Ratelimit-Reset`: A UNIX timestamp indicating when the rate limit period will reset.


### Best Practices

- Use caching when necessary for data that is routinely requested by your application.
- Utilize the `X-Ratelimit-Limit` and `X-Ratelimit-Remaining` response headers in your application to avoid surpassing rate limits.
- Your application should avoid making additional API requests if your requests return with a `429` status code.