API Reference

SSLOP provides a RESTful JSON API for creating and managing virtual credit cards for AI agent purchases. All endpoints return JSON responses.

Overview

The API is designed for programmatic use by AI agents. Each call creates a scoped virtual card with enforced spending limits and optional merchant category restrictions.

Sandbox mode: Use https://sandbox.lithic.com for testing. Production uses https://api.lithic.com.

Authentication

All API endpoints require Bearer token authentication. Include your API key in the Authorization header:

Authorization: Bearer sslop_live_your_api_key

Base URL

https://api.sslop.com

Create a Virtual Card

POST /v1/cards

Creates a new virtual card with spending limits. Returns PAN, CVV, and expiry for immediate use.

Request Body

Parameter	Type	Required	Default	Description
`purpose`	string	No	`"agent_purchase"`	Memo describing the card's purpose
`limit_cents`	integer	No	`5000`	Maximum spend amount in cents
`duration`	string	No	`"TRANSACTION"`	`TRANSACTION` (single-use) or `FOREVER`
`allowed_mccs`	array	No	`[]`	Merchant category codes to allow

Example Request

              # Create a $15 coffee card

              curl -X POST https://api.sslop.com/v1/cards \

                -H "Authorization: Bearer sslop_live_..." \

                -H "Content-Type: application/json" \

                -d '{"purpose": "coffee", "limit_cents": 1500}'

Response (201)

              {

                "card_token": "c04ad435-fc1f-...",

                "pan": "4111111632552876",

                "cvv": "528",

                "exp_month": "05",

                "exp_year": "2031",

                "spend_limit": 1500,

                "spend_limit_duration": "TRANSACTION",

                "state": "OPEN",

                "created": "2026-05-03T20:40:56Z"

              }

List Cards

GET /v1/cards

Returns a list of all cards for the account (limited to 50 most recent).

Response (200)

              {

                "cards": [

                  {

                    "card_token": "c04ad435-...",

                    "last_four": "2876",

                    "state": "CLOSED",

                    "memo": "coffee",

                    "spend_limit": 1500,

                    "created": "2026-05-03T20:40:56Z"

                  }

                ]

              }

Close a Card

PATCH /v1/cards/:token

Closes a card immediately. No further transactions can be made on it.

Response (200)

              {

                "card_token": "c04ad435-...",

                "state": "CLOSED"

              }

Webhook Receiver

POST /v1/webhooks/lithic

Configure this URL as your Lithic webhook endpoint. Receives all card and transaction events.

Event Types

Event	Description
`authorization.created`	Card was authorized for a charge
`transaction.created`	Transaction settled
`card.transaction`	Card was used
`card.updated`	Card state changed

Dashboard Stats

GET /v1/dashboard/stats

Returns aggregated statistics for the dashboard UI.

Response (200)

              {

                "total_cards": 42,

                "open_cards": 5,

                "closed_cards": 37,

                "total_spend_limit": "210.00",

                "recent_cards_24h": 3,

                "recent_cards": [...],

                "timestamp": "2026-05-03T21:00:00Z"

              }