API Reference

Introduction

This reference section provides you with a complete and in-depth description of the Open Payment Platform API.

Hosts

Security / Authentication

All requests must be sent over SSL

All requests are authenticated against an Authorization Bearer header with an access token. All the other data parameters are sent as body parameters, see Authentication Parameters for more information.

Versioning

The API version is indicated in the request URL e.g. /v1/payments indicates version 1.

All changes made to the API are backwards compatible, hence any major features that are released, that would otherwise break existing implementations, will be released using a new version.

Encoding

Our system expects data to be sent encoded in UTF-8. Using this Content-Type header can help:

application/x-www-form-urlencoded; charset=UTF-8

HTTP Status Codes

For each request you send to our API the HTTP status code of the response will already tell you the basic result.

  • 200 - successful request

  • 307 - temporary redirect

  • 400 - bad request. This might either point to e.g. invalid parameters or values sent. It's also returned if the payment failed e.g. because the acquirer declined.

  • 401 - invalid authorization header provided

  • 403 - invalid access token provided

  • 404 - requested resource or endpoint is not found. I.e. endpoint/url doesn't exist. This can also be caused by typos like POST /v1/payments instead of payments or wrong IDs like GET /v1/payments/{id} where no payment with {id} exists.

For payments you'll want more fine grained information to find out why a payment failed. You're getting this information in the result codes.

Testing

It is important to note that we have two test modes available to cause requests to be sent to our connector simulator or to the connector's own test platform, as required:

  • testMode=EXTERNAL causes test transactions to be forwarded to the processor's test system for 'end-to-end' testing

  • testMode=INTERNAL causes transactions to be sent to our simulators, which is useful when switching to the live endpoint for connectivity testing.

If no testMode parameter is sent, testMode=INTERNAL is the default behaviour

Basic Payment

Authentication

To make REST API calls, include the access token in the Authorization header with the Bearer authentication scheme.

Card Account

The card data structure holds all information regarding a credit or debit card account.

Card On File

Following are all the parameters needed for sending card on file transactions.

Virtual Account

The virtual account data structure is used to send account-based payments.

Customer

The customer data structure holds information about the customer/shopper such as their name, identification documents and contact details. The customer fields serve mixed purposes: On the one hand they are just for you to store information on your customers, but on the other hand they are also used and sometimes required for risk management and payment providers that require ID/mandate information. These use cases are noted in the parameters' descriptions.

Shipping customer

The shipping customer has the same fields than the billing customer, just as part of the shipping entity. That way you can ship to an entirely different customer.

Billing Address

The billing address holds the address of the customer. Information sent in the billing address data structure can optionally be used for risk checks such as AVS for card processing.

Shipping Address

The shipping address holds the location and recipient of ordered goods. This can be used for risk processing or logistics.

Merchant

The merchant data structure holds information about you, the merchant (acceptor). These fields can be used to override the information that is shown on the cardholder statement. It can also be used for payment facilitators.

Cart

The cart data structure holds product information about the shopping cart such as the product's ID, name, quantity and price. The cart items are counted up by changing the index-number [n], starting with 0. Example: cart.items[0].name=First Cart Item

Tokenization and Registration

As described in the Tokenization Guide there are two ways to store a customer's data on the syste. Either directly POST to the registration endpoint or add the following parameter to a payment:

Recurring

As described in the Recurring Payments Guide, all you have to do for sending recurring transactions is to flag the transaction with the following parameter:

Custom Parameters

Custom parameters are unspecified fields that can be used to send custom data. The data sent in these fields are echoed back in the response.

Asynchronous payments

Asynchronous payment methods like 3D secure, online transfer or virtual wallets have additional steps in their workflow. The response to your initial payment request will be pending and contain a redirect URL to the receiver system that the shopper should be forwarded to.

The response parameters:

Webhook Notifications

When you register a webhook, you'll receive notifications on the registered Url. These notifications are basically standard responses (wrapped in the "payload") of different types.

In addition to standard response parameters, these notifications specific are available:

Reporting

The following parameters are used when calling the reporting endpoints.

Risk

The following parameters are additional parameters available for risk checks e.g. using the ReD Shield.

Payment Response Parameters

PreviousRequirements Before Going-LiveNextResult Codes

Last updated