Merchant API
Connect your business systems to MaxaFi — sync customers, transactions, products, and more.
https://www.maxafi.com/api/merchant/v1
Authentication
Every request requires an API key in the X-Api-Key header. Keys start with mk_ followed by 48 hex characters.
# Example request curl -H "X-Api-Key: mk_a1b2c3d4e5f6..." \ https://www.maxafi.com/api/merchant/v1/customers
To get an API key, ask your MaxaFi admin or use the AI agent:
"Create a sandbox API key for my account with read access to transactions and customers"
Environments
| Environment | Use For | Data |
|---|---|---|
sandbox | Testing & development | Safe to experiment |
production | Live integrations | Real merchant data |
Start with sandbox. Switch to production once tested.
Rate Limits
| Limit | Default | Max |
|---|---|---|
| Per minute | 60 | 1,000 |
| Per day | 10,000 | 100,000 |
Every response includes rate limit headers:
X-RateLimit-Limit: 60 X-RateLimit-Remaining: 47
Exceeding limits returns HTTP 429 with a Retry-After header.
Response Format
Success
{
"success": true,
"data": { ... },
"meta": {
"response_time_ms": 42,
"api_version": "v1"
}
}
Error
{
"success": false,
"error": "Customer not found"
}
Pagination
| Param | Default | Description |
|---|---|---|
| page | 1 | Page number (1-based) |
| limit | 25 | Records per page (max 100) |
| sort | varies | Sort field name |
| order | DESC | ASC or DESC |
Paginated responses include:
"pagination": { "page": 1, "limit": 25, "total": 142, "pages": 6 }
Idempotency
Prevent duplicate operations on POST/PUT by passing an X-Idempotency-Key header:
curl -X POST \ -H "X-Api-Key: mk_..." \ -H "X-Idempotency-Key: order-12345" \ -H "Content-Type: application/json" \ -d '{"business_name": "Acme Corp"}' \ https://www.maxafi.com/api/merchant/v1/customers
Same key twice = second request returns original result, no duplicate created.
Customers
List customers with search and filtering.
| Param | Type | Description |
|---|---|---|
| search | string | Search name, email, MID, or DBA |
| status | string | Filter by status |
| state | string | 2-letter state code |
| page | int | Page number |
| limit | int | Records per page (max 100) |
curl -H "X-Api-Key: mk_..." \ "https://www.maxafi.com/api/merchant/v1/customers?search=coffee&state=NY"
Get a single customer. Sensitive fields are automatically masked.
{
"data": {
"id": 456,
"business_name": "Main Street Coffee",
"email": "owner@mainst.coffee",
"ssn": "***-**-5678",
"bank_account": "****9012",
"routing_number": "****4567"
}
}
Create a customer. Data goes through staging → validation → promotion to live database.
| Field | Type | Description | |
|---|---|---|---|
| business_name | string | REQUIRED | Legal business name |
| string | REQUIRED | Email (validated, duplicate-checked) | |
| contact_first | string | optional | First name |
| contact_last | string | optional | Last name |
| phone | string | optional | Phone number |
| address | string | optional | Street address |
| city | string | optional | City |
| state | string | optional | 2-letter state code |
| zip | string | optional | ZIP code (5 or 9 digits) |
Success (201):
{
"data": { "staging_id": 1001, "status": "promoted", "promoted_id": 456 },
"message": "Customer created successfully"
}
Validation error (422):
{
"error": "Validation failed",
"detail": "[{\"field\":\"email\",\"error\":\"Invalid email format\"}]"
}
Update an existing customer. Partial updates supported — send only the fields you want to change.
Transactions
List transactions with date range and amount filters.
| Param | Type | Description |
|---|---|---|
| date_from | datetime | Start date (ISO format) |
| date_to | datetime | End date (ISO format) |
| status | string | completed, pending, refunded, etc. |
| amount_min | decimal | Minimum amount |
| amount_max | decimal | Maximum amount |
curl -H "X-Api-Key: mk_..." \ "https://www.maxafi.com/api/merchant/v1/transactions?date_from=2026-01-01&status=completed"
Get a single transaction. Card numbers masked to last 4 digits.
Products
List products with search and stock filters.
| Param | Type | Description |
|---|---|---|
| search | string | Search by name or SKU |
| category | string | Filter by category |
| in_stock | boolean | true = in stock only |
Create a product via staging pipeline.
| Field | Type | Description | |
|---|---|---|---|
| name | string | REQUIRED | Product name |
| sku | string | optional | SKU (used for upsert matching) |
| price | decimal | REQUIRED | Price |
| stock_qty | int | optional | Stock quantity |
Webhooks
Receive inbound webhooks from Shopify, QuickBooks, Square, or custom platforms. Data is automatically field-mapped and staged.
Webhook signatures are verified per platform:
- Shopify:
X-Shopify-Hmac-SHA256 - Square:
X-Square-Hmac-SHA256 - QuickBooks:
Intuit-Signature - Custom:
X-Webhook-Signature
Integrations
List all configured integrations with status and last sync info.
Create a new integration. Returns webhook URL and secret for your platform.
| Field | Type | Description | |
|---|---|---|---|
| platform | string | REQUIRED | shopify, quickbooks, square, woocommerce, stripe, custom |
| integration_name | string | REQUIRED | Human-readable label |
| sync_direction | string | optional | inbound, outbound, bidirectional |
| sync_frequency | string | optional | realtime, hourly, daily, manual |
Trigger a manual sync. Pass integration_id in the body.
List all supported platforms with capabilities.
View field mapping templates. Optionally filter by entity_type (customer, transaction, product).
Staging Pipeline
All POST/PUT data goes through staging before reaching the live database. Review, retry, or reject records.
List staged records. Filter by status (pending, valid, invalid, promoted, rejected) and entity_type.
Manage a staged record: {"action": "retry"} to re-validate, or {"action": "reject"} to discard.
Audit Log
View your API call history with timing, status codes, and errors.
| Param | Type | Description |
|---|---|---|
| endpoint | string | Filter by path |
| method | string | GET, POST, PUT, DELETE |
| errors_only | boolean | Show only 400+ responses |
| date_from | datetime | Start date |
| date_to | datetime | End date |
Usage & Rate Limits
Current rate limit status, 7-day usage trends, endpoint breakdown, and anomaly alerts.
Permission Scopes
Each API key has specific permissions. Requests outside your scope return 403 Forbidden.
read:transactionswrite:transactionsread:customerswrite:customersread:productswrite:productswrite:webhooksmanage:integrationsread:auditread:usageread:stagingData Masking
Sensitive data is always protected. This is built into the API and cannot be overridden.
| Field | Masking | Example Output |
|---|---|---|
| SSN / Social Security | ***-**-{last 4} | ***-**-5678 |
| Bank Account | ****{last 4} | ****9012 |
| Routing Number | ****{last 4} | ****4567 |
| Card Number | ****-****-****-{last 4} | ****-****-****-3456 |
| CVV | Hidden | (not returned) |
| Passwords / Secrets | Hidden | (not returned) |
Shopify Integration
Connect with the AI agent — just say:
"I want to connect my Shopify store to sync customers and orders"
Or set up manually:
- Create integration via
POST /integrationswithplatform: "shopify" - Copy the returned webhook URL and secret
- In Shopify Admin → Settings → Notifications → Webhooks
- Add webhooks for:
orders/create,orders/paid,customers/create,customers/update - Paste MaxaFi URL, select JSON format
QuickBooks Integration
"Connect my QuickBooks to sync invoices and customers"
- Create integration with
platform: "quickbooks" - Go to developer.intuit.com
- Select your app → Webhooks
- Add the MaxaFi webhook URL
- Select entities: Customer, Invoice, Payment
Square Integration
"Connect my Square POS to sync payments and customers"
- Create integration with
platform: "square" - Go to developer.squareup.com
- Your app → Webhooks → Add subscription
- Select events:
payment.completed,customer.created - Copy the signature key into your MaxaFi integration config
Field Mapping
External platform data is automatically translated. Example: Shopify → MaxaFi customer mapping:
| Shopify Field | MaxaFi Field | Transform |
|---|---|---|
customer.first_name | ContactFirst | — |
customer.last_name | ContactLast | — |
customer.email | lowercase | |
customer.phone | Phone | normalize |
customer.default_address.company | BusName | — |
customer.default_address.province_code | State | uppercase |
order.total_price | amount | to_decimal |
payment.amount_money.amount | amount | cents → dollars |
View all mappings: GET /integrations/field-maps?platform=shopify
HTTP Status Codes
| Code | Meaning | Action |
|---|---|---|
200 | Success | Request completed |
201 | Created | Record created via staging |
202 | Accepted | Data staged for review |
400 | Bad Request | Check parameters |
401 | Unauthorized | Invalid or missing API key |
403 | Forbidden | Missing permission or IP blocked |
404 | Not Found | Resource doesn't exist |
422 | Validation Failed | Check the detail field |
429 | Rate Limited | Wait for Retry-After seconds |
500 | Server Error | Contact support |
Quick Start
1. Get your API key
# In the AI chat, say: "Create a sandbox API key with read access to transactions and customers" # Save the key: mk_abc123...
2. List recent transactions
curl -H "X-Api-Key: mk_abc123..." \ "https://www.maxafi.com/api/merchant/v1/transactions?limit=10"
3. Create a customer
curl -X POST \ -H "X-Api-Key: mk_abc123..." \ -H "Content-Type: application/json" \ -d '{"business_name":"Main Street Coffee","email":"hello@mainst.coffee","state":"NY"}' \ https://www.maxafi.com/api/merchant/v1/customers
4. Connect Shopify
# In the AI chat: "Connect my Shopify store to sync orders and customers" # The agent creates the integration and walks you through setup.
5. Check usage
curl -H "X-Api-Key: mk_abc123..." \ "https://www.maxafi.com/api/merchant/v1/usage"