Base URL
Request & Response Format
Every request must setContent-Type: application/json when sending a body. Every response is also JSON. Successful responses always include "success": true; error responses always include an "error" field describing what went wrong.
Authentication
Tip Stack supports two authentication patterns depending on the endpoint group you are calling:| Pattern | Used for |
|---|---|
| Session cookie | User-facing endpoints: dashboard, analytics, payouts, profile |
| Bearer API key | SDK / third-party embed endpoints: /sdk/init, /sdk/tip, /sdk/events |
Rate Limiting
All endpoints are rate-limited to protect the platform. When you exceed the limit, the API returns429 Too Many Requests with a Retry-After header telling you how many seconds to wait before retrying.
OTP verification endpoints apply a stricter per-email limit of 5 failed attempts within a 15-minute window to prevent brute-force attacks.
HTTP Status Codes
| Code | Meaning |
|---|---|
200 OK | The request succeeded. |
400 Bad Request | The request body is missing required fields or contains invalid values. |
401 Unauthorized | No valid session or API key was provided. |
403 Forbidden | Your credentials are valid, but you lack permission for this resource or origin. |
404 Not Found | The requested resource does not exist. |
409 Conflict | The resource already exists (for example, duplicate email on registration). |
429 Too Many Requests | You have exceeded the rate limit. Check the Retry-After header. |
500 Server Error | An unexpected error occurred on the server. |
API Groups
Authentication
Register, log in, manage sessions, and authenticate via OTP or API key.
Payments
Create payment intents, manage recurring payments, and handle fiat on-ramps.
Tips
Read and record on-chain tips, stream live tip events, and send tip messages.
SDK
Initialize embedded tipping widgets and process tips from third-party origins.