API Request

Authorization (required)

Authenticates the caller and selects the API environment. We must know who is calling and which environment to use. Live tokens execute in production; test tokens run in sandbox. 
curl --request GET \
  --url https://api.monime.io/v1/payments \
  --header 'Authorization: Bearer <token>'

Content-Type (required)

This must be set to application/json for endpoint that requires payload unless otherwise stated. 
curl --request POST \
  --url https://api.monime.io/v1/payment-codes \
  --header 'Content-Type: application/json'

Monime-Space-Id(required)

This is the tenancy parameter that tells Monime on whose behalf the request should be processed. Set to the Space ID. 
curl --request GET \
  --url https://api.monime.io/v1/payments \
  --header 'Monime-Space-Id: spc-1234567890'

Monime-Version

Pins behavior to a release name + ’.’ + version date (e.g., caph.2025-06-20).
This locks your integration to a predictable schema and behavior. Updates within a release are backward-compatible; breaking changes only arrive in a new release—so you decide when to upgrade. 
curl --request GET \
  --url https://api.monime.io/v1/payments \
  --header 'Monime-Version: caph.2025-06-20'

Idempotency-Key

A unique key per resource creation that makes it safe to retry. Prevents duplicates when networks flake or clients time out. 
curl --request POST \
  --url https://api.monime.io/v1/payment-codes \
  --header 'Idempotency-Key': 461d61c9-e7d0-4fc4-904a-565aefa1f4a6'

API Response

Monime returns a small set of diagnostic headers so you can trace requests, see performance, and understand caching and throttling behavior.

Monime-Request-Id

A unique ID for this request attempt. Capture it in logs and include it in support tickets for end-to-end tracing.

Monime-Request-Checksum

A deterministic checksum of the request signature (method + path + body) primarily used for idempotency conflict detection.

Monime-Request-Timestamp

The UTC (ISO-8601) time your request hit Monime, useful for log correlation and clock-skew checks.

Monime-Request-Duration

Approximate server-side processing time, excluding network latency—handy for SLO tracking and regression spotting.

Monime-Cache

The cache that served the response. The value is the cache name; for example, irc means idempotent request cache (a replayed result from a prior successful call). This helps explain when a response was satisfied from cache versus recomputed.

Monime-Rate-Limit

Identifies the rate limit that was triggered. Appears only on HTTP 429 responses and is typically paired with Retry-After: <seconds> indicating when to retry.

Webhook Request

Monime-Signature

Cryptographic signature with timestamp. Lets you verify that the request really came from Monime, t hat the body wasn’t tampered with, and that it’s fresh (replay-safe).