Skip to main content
Version: 3.0.0

Transaction API

The transaction API includes all operations necessary to process online payments.

Additionally included is the scheduler API and the options API.

Request format

Requests to the Transaction API are sent via HTTPS containing a JSON body.

  • The server accepts TLS version ≥ 1.2 connections.
  • Content-Type must be application/json
  • Authentication credentials are sent via BASIC Auth (see below)

If required by your merchant configuration:

  • The request must contain a valid signature within the X-Signature header (see below)
  • The request must contain a valid Date header, because this value is used for signature verification (refer to RFC 7231)
Headers Example
Content-Type: application/json; charset=utf-8
Date: Mon, 01 Jan 2018 11:01:36 GMT
Authorization: Basic YW55QXBpVXNlcjpteVBhc3N3b3Jk
X-Signature: DH7MfiGq5QYQusTzWMpWiJpnPz+o1pZbcf7HCiT1+jjc+7UrnmDSpVuHzrRrZ6UxJUYYnOHJfG91zm0VimWXHg==

Authentication

To authenticate API requests, the API username and password must be sent as BASIC Authentication in the Authorization header, as defined in RFC 7617. To achieve this, the username and password are first concatenated with a : (colon) separator, and the resulting string is then Base64 encoded. Here is an example of how this process works:

  1. Suppose the API username is anyApiUser and the password is myPassword.
  2. Concatenate the username and password with a : separator: anyApiUser:myPassword.
  3. Base64 encode the concatenated string: YW55QXBpVXNlcjpteVBhc3N3b3JkCg==.
  4. Finally, include the Authorization header in the API request with the Base64 encoded string, like so: Authorization: Basic YW55QXBpVXNlcjpteVBhc3N3b3Jk.
tip

Many programming frameworks will automatically handle the BASIC Authentication process for you once you provide the username and password to the appropriate request object.

Security Scheme Type:

http

HTTP Authorization Scheme:

basic

Last updated on