The Sudo API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

You can use the Sudo sandbox environment which does not interact with live banking networks while integrating our APIs.

To set up a sandbox account, go to

API Base Url


Sudo API uses API keys to authenticate requests. You can view and manage your API keys from the Sudo Dashboard.


Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.


Sudo uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, a charge failed, etc.). Codes in the 5xx range indicate an error with Sudo's servers (these are rare).

200 - OKEverything worked as expected.
400 - Bad RequestThe request was unacceptable, often due to missing a required parameter.
401 - UnauthorizedNo valid API key provided.
402 - Request FailedThe parameters were valid but the request failed.
403 - ForbiddenThe API key doesn't have permissions to perform the request.
404 - Not FoundThe requested resource doesn't exist.
429 - Too Many RequestsToo many requests hit the API too quickly.
500, 502, 503, 504 - Server ErrorsSomething went wrong on Sudo's end. (These are rare.)


The Sudo API allows you to store useful additional structured information on an object. You can store multiple key-value pairs which will be available on the data object at anytime when retrieved. Sudo does not make use of any data you store in the metadata object.


Do not store any sensitive information (card details, passwords etc.) as metadata.


Sudo supports fetch of all top-level API resources like Customers, Accounts, Cards, Authorizations, Transactions, etc. These endpoints share a common structure, taking at least these two parameters: page and limit. By default page is set to 0 and limit 25. You can fetch a maximum of 100 records at once. The resulting response will always include a pagination object with the total records count, number of pages, the current page and limit set.

    "statusCode": 200,
    "message": "Cards fetched successfully.",
    "data": [
    "pagination": {
        "total": 1,
        "pages": 1,
        "page": "0",
        "limit": "25"