Introduction
Get started with Mynt Platform
Customer onboarding
Onboarding overview
Card management
Tokenization and digital wallet
Sensitive card information
3DS - authentication of online payments
Strong customer authentication (SCA)
Spend control
Address verification service
Click to Pay
Account
External invoices
Payments
Card transactions
P2P transactions
L3 Data
Response codes
Communication
Customer communication strategy
White label
Web & mobile
System emails
Resources
Trust center

Get started with Mynt Platform

The Mynt Partner API enables businesses to integrate comprehensive financial management capabilities directly into their applications through embedded card and expense management solutions.

Our resource-based JSON API follows RESTful standards, making it straightforward to implement while maintaining the security and compliance required for financial operations.

API structure

The Mynt Partner API is organized around core business entities:

  • Company: The parent entity that contains all other resources. Note: Only one company (identified by businessId + externalId) is allowed per partner.
  • Person: Individual users, typically employees
  • Card: Payment instruments associated with specific persons
  • Account: The financial container linked to a company
  • Transaction: Financial events including purchases, deposits, and withdrawals

Authentication

Each request requires an API token in the request headers:

partner-api-token: YOUR_API_TOKEN

Tokens are environment-specific and provided by Mynt when your partnership begins.

Environments

Mynt provides two environments:

  1. Development: For integration testing without affecting production data
  2. Production: For live operations with additional security measures
Environment Table
Environment API Root Logged in View (WebApp)
Production partner-api.mynt.se https://app.mynt.com
Development partner-api.dev.mynt.se https://app.dev.mynt.com

IP whitelisting

Production environment requests are accepted only from pre-approved IP addresses. Please provide your outbound IP addresses to the Mynt development team before production deployment.

Email domain allowlisting

For testing email notifications, provide your company email domains to be added to our allowlist (e.g., @yourcompany.com).

Content types

All API endpoints accept and return application/json content type only.

API versioning and compatibility

The API may receive non-breaking changes without version updates, including:

  • New fields added to JSON objects
  • New optional request parameters
  • Removal of optional parameters

Your client implementation should:

  • Ignore unknown fields in responses
  • Handle missing optional fields gracefully
  • Not depend on the order of fields in responses

Creation/Replayability

The API is designed to support replayability when creating resources in order to avoid duplicates.

For example, when ordering a card and there is a timeout (for whatever reason) such that the client never receives a response, the client has no way of knowing whether the message was lost before or after a card was created. In such a case it is still safe for the client to send the same request multiple times until a successful response is returned without the risk of ordering multiple cards.

This is handled by the use of external id and the client is required to always create a unique id before attempting to create a resource. Should the request fail it is safe to retry the request as long as the external id remains unchanged.

Status Code Table
Status Code Description Response Body
201 Created The resource was successfully created The created resource
200 OK Upon a retry, the resource already existed The created resource
409 Conflict A resource with the provided external id already exists but differs in other properties

Testing considerations

The development environment sends actual emails and SMS messages to facilitate realistic testing. Only use phone numbers and email addresses you personally control during development.

Resource lifecycle management

When resources are deleted via the API, they may be retained in Mynt's systems for compliance and anti-money laundering (AML) requirements, though they will no longer be accessible through the API.

Overview
On this page