Making a Request to an API Endpoint
Request
All API endpoints use bearer tokens for authentication and return JSON.
A request has these headers at a minimum:
Accept: application/json
Content-Type: application/json
Authorization: Bearer {PUBLISHABLE_KEY | SECRET_KEY}
An example PATCH request with curl might look like:
curl https://bankpay.certegy.com/api/transaction-intents \
-X PATCH \
-H 'Accept: application/json' \
-H 'Authorization: Bearer secret_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H' \
-H 'Content-Type: application/json' \
-d '{ "action": "authorize" }'
Response
Responses always return a JSON body and the version of the api you’re using:
Content-Type: application/json
X-BankPay-Version: 2020-03-16
General Error Responses
Authentication failure response:
HTTP/1.1 401 Unauthenticated{
"message": "Unauthenticated."
}Entity not found response:
HTTP/1.1 404 Not Found{
"message": "not_found"
}Additional Notes
Currency amount
Currency amounts should be provided in a decimal representation, not as cents. (e.g. $9.99 should be "9.99", not "999"). If the decimal point is omitted, the amount is considered to be in whole dollars. This supports a max of 9 digits.
Date and time
Date and time values are formatted according to ISO 8601 with zero UTC offset. E.g. January 30, 2020 at 9:57:08 PM would be represented as "2020-01-30T21:57:08Z".
Rate Limiting
All publishable and secret key requests are throttled to prevent abuse and ensure stability. Publishable key requests are limited to 6000 per minute. Secret key requests are limited to 3000 per minute. Clients who send multiple requests in rapid succession may see error responses that show up as status code 429.
Api requests will return the following headers:
| Header | Description | Condition |
|---|---|---|
X-RateLimit-Limit |
The maximum number of requests you’re permitted to make per minute. | Every Request |
X-RateLimit-Remaining |
The number of requests remaining in the current rate limit window. | Every Request |
X-RateLimit-Reset |
The timestamp at which the current rate limit window resets. | When you’ve exceeded the maxim attempts for the given time window. |
Publishable Key Test
Success
Request
GET /api/publishable/test
Authorization: Bearer {PUBLISHABLE_KEY}
Example curl request
curl https://bankpay.certegy.com/api/publishable/test \
-H 'Accept: application/json' \
-H 'Authorization: Bearer publishable_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H'
Response
HTTP/1.1 200 OK{
"data": {
"chain_number": "123456",
"created_at": "2020-01-27T15:16:10Z",
"has_production_access": true,
"has_universal_enrollment": false,
"id": "client_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H",
"merchant_id": "123456",
"name": "Merchant"
}
}Example Errors
Invalid publishable key
Response
HTTP/1.1 401 Unauthenticated{
"message": "Unauthenticated."
}Secret Key Test
Success
Request
GET /api/secret/test
Authorization: Bearer {SECRET_KEY}
Example curl request
curl https://bankpay.certegy.com/api/secret/test \
-H 'Accept: application/json' \
-H 'Authorization: Bearer secret_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H'
Response
HTTP/1.1 200 OK{
"data": {
"chain_number": "123456",
"created_at": "2020-01-27T15:16:10Z",
"has_production_access": true,
"has_universal_enrollment": false,
"id": "client_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H",
"merchant_id": "123456",
"name": "Merchant"
}
}Example Errors
Invalid secret key
Response
HTTP/1.1 401 Unauthenticated{
"message": "Unauthenticated."
}Echo Test
Success
Request
GET /api/test/echo/{value}
Authorization: Bearer {PUBLISHABLE_KEY|SECRET_KEY}
Response
HTTP/1.1 200 OK{
"data": {
"response_code": "Ok",
"echo": "{value}"
}
}Example Errors
Invalid secret or publishable key
Response
HTTP/1.1 401 Unauthenticated{
"message": "Unauthenticated."
}Nothing entered for {value}
Response
HTTP/1.1 404 Not Found{
"message": "not_found."
}