Katapult uses Oauth 2.0 to authenticate all requests to the API. During onboarding with Katapult, you will be provided an access token that can be used to access protected resources and initialize customers checking out or applying with the Katapult payment method. Once you receive your Oauth access token you’re all set to make requests to the Katapult API. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests.


The Katapult API is versioned for major backwards incompatible changes to the system. The API is currently on version 3.0.


To make the Katapult Integration as easy as possible, we support sandbox and live environments. The two environments have distinct Oauth keys and can be active simultaneously. Data is never shared across environments.

Sample Request

curl --location --request GET 'https://sandbox.katapult.com/api/v3/application/2398798' \

--header 'Content-Type: application/json' \
--header 'Authorization: Bearer 01234567-89ab-cdef-0123-456789abcdef'

Note: All integrations are assigned a dedicated Integrations Engineer and an Engagement Manager.