Versioning
All endpoints are prefixed with /v2. The version is part of the URL path, not a request header.
GET https://api.conduit.financial/v2/customers
Content-Type: application/json), except file uploads which use multipart/form-data.
All responses return JSON.
- Dates are ISO 8601 strings in UTC (e.g.,
2026-01-15T09:30:00.000Z).
- Nullable fields are explicitly
null in the response — they are never omitted.
- Empty collections are returned as
[], never null.
IDs
Resources use prefixed IDs (e.g., cus_abc123, app_xyz789). The prefix identifies the resource type:
| Prefix | Resource |
|---|
app | Application |
cus | Customer |
doc | Document |
org | Organization |
usr | User |
wep | Webhook endpoint |
wdl | Webhook delivery |
wda | Webhook delivery attempt |
| Parameter | Default | Max | Description |
|---|
page | 1 | — | Page number (1-indexed) |
limit | 20 | 100 | Items per page |
Filtering and sorting are not yet available on list endpoints. These will be added in a future release.
Errors
Error responses follow a consistent structure:
{
"statusCode": 400,
"message": "Validation failed",
"errors": [
{ "path": ["email"], "message": "Invalid email" }
]
}
errors array is present on 400 responses and contains field-level validation details. Other error statuses return statusCode and message only.
| Status | Meaning |
|---|
400 | Validation error — check the errors array |
401 | Unauthorized — missing or invalid API key |
403 | Forbidden — insufficient permissions |
404 | Resource not found |
409 | Conflict — duplicate resource |
429 | Rate limited — respect the Retry-After header |
500 | Internal server error — retry with backoff |
Idempotency
POST requests support idempotency via the idempotency-key header. Sending the same key within 5 minutes returns the cached response instead of creating a duplicate resource.
curl -X POST https://api.conduit.financial/v2/applications \
-H "x-api-key: YOUR_API_KEY" \
-H "idempotency-key: unique-request-id" \
-H "Content-Type: application/json" \
-d '{ ... }'
onboard-{customer-external-id}).