Skip to content
SumUp Developer

API Reference

SumUp API reference and code samples.

SumUp’s REST API operates with JSON HTTP requests and responses. The request bodies are sent through resource-oriented URLs and use the standard HTTP response codes.

You can experiment and work on your integration in a sandbox that doesn't affect your regular data and doesn't process real transactions. To create a sandbox merchant account visit the dashboard. To use the sandbox when interacting with SumUp APIs create an API key and use it for authentication.

View YAML spec View JSON spec
Base URL
https://api.sumup.com

SDKs

The SumUp SDKs reduce the amount of work required to use our REST APIs. SumUp maintains SDKs for PHP, Node.js, Python, Java, Go, Rust, and .NET.

SDKs

Install SDK
 
# Select a client library to see installation instructions.
npm install --save @sumup/sdk
go get github.com/sumup/sumup-go
// Maven
<dependency>
  <groupId>com.sumup</groupId>
  <artifactId>sumup-sdk</artifactId>
  <version>0.0.6</version>
</dependency>


// Gradle
implementation "com.sumup:sumup-sdk:0.0.6"
dotnet add package SumUp
pip install sumup
# or
uv add sumup
composer require sumup/sumup-php
cargo add sumup

You can also explore our APIs in Postman using SumUp Developers public collection.

Authentication

The SumUp API uses API keys to authenticate requests. You can view, create, and manage your API keys in the Dashboard.

Test mode secret keys have the prefix sk_test_ and live mode secret keys have the prefix sk_live_. Alternatively, you can use restricted API keys for granular permissions.

Keep your API keys secret and safe. Do not share your API keys or expose them in a publicly accessible areas such as client-side code (browser or apps) or in the GitHub.

All API requests must be made over HTTPS and authenticated. Calls made over plain HTTP or calls without authentication will fail.

Authenticate
 
curl https://api.sumup.com/v0.1/checkouts \
  -H "Authorization: Bearer sup_sk_MvxmLOl0..."
import { SumUp } from '@sumup/sdk';


const sumup = new SumUp({ apiKey: 'sup_sk_MvxmLOl0...' });
package main


import (
  "github.com/sumup/sumup-go/client"
  sumup "github.com/sumup/sumup-go"
)


func main() {
  client := sumup.NewClient(client.WithAPIKey("sup_sk_MvxmLOl0..."))
}
SumUpClient client =
    SumUpClient.builder()
        .accessToken("sup_sk_MvxmLOl0...")
        .build();
using SumUp;


var client = new SumUpClient(new SumUpClientOptions
{
    AccessToken = "sup_sk_MvxmLOl0...",
});
from sumup import Sumup


client = SumUp(api_key="sup_sk_MvxmLOl0...")
$sumup = new \SumUp\SumUp("sup_sk_MvxmLOl0...");
use sumup::Client;


let client = Client::default().with_authorization("sup_sk_MvxmLOl0...");

Errors

Newer APIs use Problem Details (RFC 9457) for error responses.

Some APIs support both application/problem+json and application/json for backwards compatibility.

If you do not use our SDKs, send the header Accept: application/problem+json, application/json to ensure you receive the newer Problem Details error format.

StatusTypeWhen it is returned
200OKThe request finished successfully.
400Bad RequestThe payload is invalid, incomplete, or does not match the API contract.
401UnauthorizedAuthentication is missing or the provided API key is invalid.
402Request FailedThe request format is valid, but it could not be completed.
403ForbiddenThe authenticated key does not have permission for this operation.
404Not FoundThe requested endpoint or resource could not be located.
409ConflictThe request collides with the current resource state.
422Unprocessable EntityThe payload is syntactically valid, but semantic validation failed.
424External Dependency FailedA required upstream service failed, so the request could not finish.
429Too Many RequestsRate limits were exceeded. Retry with exponential backoff.
5XXServer ErrorsAn issue occurred on our side. These failures should be uncommon.

Problem schema

  • type string required format: uri

    A URI reference that identifies the problem type.

    Example: "https://developer.sumup.com/problem/not-found"
  • title string

    A short, human-readable summary of the problem type.

    Example: "Requested resource couldn't be found."
  • status integer

    The HTTP status code generated by the origin server for this occurrence of the problem.

    Example: 404
  • detail string

    A human-readable explanation specific to this occurrence of the problem.

    Example: "The requested resource doesn't exist or does not belong to you."
  • instance string format: uri

    A URI reference that identifies the specific occurrence of the problem.

Content-Type
application/problem+json
Example problem response
{
  "type": "https://developer.sumup.com/problem/not-found",
  "title": "Requested resource couldn't be found.",
  "status": 404,
  "detail": "The requested resource doesn't exist or does not belong to you.",
  "instance": null
}