Requests

This page provides information on how to make requests to the API, including base URLs, versioning, required headers, and error handling.

Base Urls

Sandbox

The Sandbox environment is provided for testing. Transaction responses are simulated and do not leave the platform for processing. No billing related items occur within this environment.

Sandbox url:

Production

The Production environment should be used for all LIVE transactional processing.

Production url:

Versioning

The platform's semi-RESTful API is fully backwards compatible and versioning is not necessary. Changes and feature updates are sent out via the platform prior to release.

Current version: 1.5.1

Headers

The following headers should be included with your requests:

Authorization

Calls to the API must include an Authorization header with the request. Either a JWT (JSON Web Token) or an API Key can be used as the value of this header, like so:

Authorization: Bearer { JWTToken }

Authorization: { API Key }

API Keys

API keys are used to authenticate your requests to the API. You can create and manage your API keys in the control panel. API keys are tied to a user account.

Their are two types of API keys:

Public API keys (ex: pub_***) - used for making requests to the API from the client side (ex. Tokenizer and Cart Sessions)
Private API keys (ex: api_***) - used for making requests to the API from the server side (ex. Transaction Processing)

DANGER

Private API keys should never be exposed to the public. Please do not include them in client side code, emails or support ticket request.

DANGER

Use of Public API keys to make requests to the API from the server side will result in an unauthorzed response.

Content-Type

Content-Type should typically be set to application/json, unless you need to send your request body in a different format. All API responses will be in JSON format.

Errors

The API uses standard HTTP status codes to indicate the success or failure of a request. In the event of an error, the response will include a JSON object with the following properties:

Example:

json

{
  "status": "failed",
  "msg": "bad request error: invalid Postal Code"
}

Unauthorized

If you receive an unauthorized response, there are a few things you can check:

Missing Authorization header see Authorization
API key does not exist or has been deleted
Correct API key (public "pub_" vs private "api_")
Correct account Parnter vs Merchant
Correct environment (sandbox vs production)

Corelation ID

Every header response will include a correlation-id (x-correlation-id) which can be used to help identify and troubleshoot issues with the API. If you are experiencing issues, please include this ID in any support requests.

Requests ​

Base Urls ​

Versioning ​

Headers ​

Authorization ​

API Keys ​

Content-Type ​

Errors ​

Unauthorized ​

Corelation ID ​