API
API reference document
This document describes the technical requirements of the API. Each request and response is documented to highlight the possible fields, their purpose and valid values.
The API will maintain backwards compatability by avoiding the removal of existing fields. It should be assumed that new fields may be added to the requests and responses in the future to support new functionality. Client implementations should take this into account when integrating.
Every attempt will be made to make changes non breaking and optional to adopt, but where breaking changes are required, there will be prior communication.
Using the API
The API is split into functional sections:
- User Interface - API calls related to using the secure hosted UI.
- Card Payment - API calls for directly actioning card payments.
- History - API calls for querying historic transaction data for reporting purposes.
Authentication
All API calls are authenticated using the X-MERCHANT-DIGEST digest header. The digest is a parameter that ensures the source and integrity of the request/response, ensuring that the message has not been tampered with since the digest was calculated. The digest is present for all messages sent to and from the API.
The digest is calculated using a password and the request body, see Digest Calculation.
The password is alphanumeric and will be provided to each merchant. The password must never be transmitted in any of the request or response messages and must be stored securely within the merchant’s platform.