Skip to main content

Base URLs

The M2M Partner API is available in two environments:
EnvironmentBase URL
Sandboxhttps://api.sandbox.m2m.leapfinancial.com
Productionhttps://api.m2m.leapfinancial.com
Always use the sandbox environment for development and testing. Switch to production only when you’re ready to process real transactions.

Authentication

All API requests require authentication via the X-API-Key header: 
curl -X POST https://api.m2m.leapfinancial.com/partner/links \
  -H "X-API-Key: m2m_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"referenceId": "user_123"}'
X-API-Key
string
required
Your API key. Use m2m_test_* for sandbox, m2m_live_* for production.
Content-Type
string
required
Must be application/json for all POST/PUT requests.
See the Authentication guide for details on managing API keys.

Response format

All successful responses follow this structure: 
{
  "success": true,
  "data": {
    // Response data varies by endpoint
  }
}
success
boolean
required
Always true for successful responses.
data
object
required
The response payload. Structure varies by endpoint.

Error responses

When an error occurs, the response includes an error code and message: 
{
  "success": false,
  "error": {
    "code": "INVALID_REQUEST",
    "message": "The referenceId field is required"
  }
}
success
boolean
required
Always false for error responses.
error
object
required
Error details.

HTTP status codes

StatusDescription
200Success
201Created (for POST requests that create resources)
400Bad Request - Invalid parameters
401Unauthorized - Invalid or missing API key
403Forbidden - Valid key but insufficient permissions
404Not Found - Resource doesn’t exist
409Conflict - Resource already exists (e.g., active link for user)
429Too Many Requests - Rate limit exceeded
500Internal Server Error

Common error codes

CodeDescription
UNAUTHORIZEDMissing or invalid authentication
INVALID_API_KEYAPI key is invalid or revoked
PARTNER_SUSPENDEDPartner account is suspended
INVALID_REQUESTRequest validation failed
RESOURCE_NOT_FOUNDRequested resource doesn’t exist
ACTIVE_LINK_EXISTSUser already has an active link
LINK_EXPIREDMagic link has expired
REFERENCE_ID_MISMATCHReference ID doesn’t match

Rate limiting

The API enforces rate limits to ensure fair usage:
EndpointLimit
Create Link100 requests/minute
Other endpoints1000 requests/minute
When you exceed the rate limit, you’ll receive a 429 Too Many Requests response: 
{
  "success": false,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many requests. Please retry after 60 seconds."
  }
}
Implement exponential backoff in your integration to handle rate limiting gracefully.

Pagination

List endpoints support pagination using limit and offset parameters:
limit
integer
default:"20"
Maximum number of results to return. Range: 1-100.
offset
integer
default:"0"
Number of results to skip for pagination.
Paginated responses include metadata: 
{
  "success": true,
  "data": {
    "items": [...],
    "pagination": {
      "total": 150,
      "limit": 20,
      "offset": 0,
      "hasMore": true
    }
  }
}

Idempotency

For POST requests, you can include an Idempotency-Key header to ensure the request is processed only once: 
curl -X POST https://api.m2m.leapfinancial.com/partner/links \
  -H "X-API-Key: m2m_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: unique-request-id-12345" \
  -d '{"referenceId": "user_123"}'
If you retry a request with the same Idempotency-Key, you’ll receive the same response as the original request.

Available endpoints

Create Link

Generate a magic link for your user.