Useful links

Read more about Monetizr Public API in the documentation page.
You will need to create a Monetizr account to retrieve your unique access token.



The API is an unauthenticated public API - no username or password is required. Only an access token is required. You can use Monetizr's public test token or create your own. The API does not expose any data that can be potentially harmful or can be considered as personal data.


To authenticate with the API you need an access token with unauthenticated access scope. Include the token in a request header to access the API. You can use the public access token 4D2E54389EB489966658DDD83E2D1 for testing purposes.

Authorization : Bearer < access-token >

Accessing the API endpoints

You can access the API endpoints using cURL, Postman, or any HTTP client. Request example using cURL:

curl --request GET \
  --url \
  --header 'accept: application/json' \
  --header 'authorization: Bearer <access-token>'


Public access key: 0EC739B6CA9AC49961216F280FB8BE7MHASGGYWER

Available offer tags:

  • short_sleeve_test_1
  • short_sleeve_test_2
  • short_sleeve_test_3
  • short_sleeve_test_4

Testing payments

Name on card: At least two random words
Expiry date: Any date in the future
Security code: Any three digits.
Card number: Any of the following numbers:

* Visa:                           4242424242424242
* Mastercard:               5555555555554444
* American Express:    378282246310005
* Discover:                   6011111111111117
* Diners Club:               30569309025904
* JCB:                            3530111333300000

For testing failed transactions:

  • Use credit card number 4000000000000002 to generate a card declined message.
  • Use credit card number 4242424242424241 to generate an incorrect number message.
  • Use credit card number 4000000000000259 to simulate a disputed transaction.
  • Use an invalid expiry month, for example 13, to generate an invalid expiry month message.
  • Use an expiry year in the past to generate an invalid expiry year message.
  • Use a two-digit security code number to generate an invalid security code message.

Rate limits

The API lets your app make an unlimited amount of requests in infrequent bursts over time. Every request to the API takes at least 0.5 seconds to run. After a request is completed the total elapsed time is calculated and subtracted from the bucket.

To avoid timeout errors consider these app design practices:

  • Stagger API requests in a queue and do other processing tasks while waiting for the next queued job to run;
  • Include code that catches the error object. If you ignore these errors and keep trying to make requests then your app won't be able to gracefully recover;
  • Your code should stop making additional API requests until enough time has passed to retry. The recommended backoff time is 1000 ms;
  • Optimize your code to only get the data that your app requires;
  • Use caching for data that your app uses often;
  • Regulate the rate of your requests for smoother distribution.