API Reference

This document outlines the planned API architecture for StyxPay's backend services.

Note: This is a planned architecture. The frontend currently uses demo/mock data.

Overview

The StyxPay API provides programmatic access to user accounts, transactions, cards, and authorization policies.

Base URL: https://api.styxpay.app/v1

Authentication: Bearer tokens (JWT)

Format: JSON

Authentication

POST /auth/signup

Create a new user account.

Request:

{
  "email": "[email protected]",
  "password": "securePassword123",
  "name": "John Doe"
}

Response (201):

POST /auth/login

Authenticate and receive access token.

Request:

Response (200):

User Accounts

GET /users/me

Get current user profile.

Headers:

Response (200):

GET /users/me/balance

Get account balances.

Response (200):

Transactions

GET /transactions

List user transactions.

Query Parameters:

  • limit (number) - Results per page (default: 20, max: 100)

  • offset (number) - Pagination offset

  • status (string) - Filter by status: pending, completed, failed

  • type (string) - Filter by type: deposit, withdrawal, payment

  • startDate (ISO 8601) - Filter from date

  • endDate (ISO 8601) - Filter to date

Example:

Response (200):

GET /transactions/:id

Get transaction details.

Response (200):

Virtual Cards

GET /cards

List user's cards.

Response (200):

POST /cards

Create a new virtual card.

Request:

Response (201):

PUT /cards/:id

Update card settings.

Request:

Response (200):

DELETE /cards/:id

Deactivate a card.

Response (200):

Authorization Policies

GET /policies

Get authorization policies for cards.

Response (200):

POST /policies

Create authorization policy.

Request:

Response (201):

Analytics

GET /analytics/spending

Get spending analytics.

Query Parameters:

  • period - day, week, month, year

  • startDate (ISO 8601)

  • endDate (ISO 8601)

Response (200):

Webhooks

POST /webhooks

Register a webhook endpoint.

Request:

Response (201):

Webhook Payload Example

Error Responses

All errors follow this format:

Error Codes

  • invalid_request - Invalid parameters (400)

  • unauthorized - Missing or invalid token (401)

  • forbidden - Insufficient permissions (403)

  • not_found - Resource not found (404)

  • rate_limit_exceeded - Too many requests (429)

  • internal_error - Server error (500)

Rate Limiting

  • Default: 100 requests per minute per user

  • Burst: 20 requests per second

Rate limit headers:

SDKs

JavaScript/TypeScript

Python

Related Documentation

Last Updated: January 2026

PreviousComponents GuideNextOperations

Last updated