Documentation

BankPay

  1. Home
  2. Docs
  3. BankPay
  4. API

API

Making a Request to an API Endpoint

Request

All API endpoints use bearer tokens for authentication and return JSON. A request has these headers at a minimum:

Accept: application/json
Content-Type: application/json
Authorization: Bearer {PUBLISHABLE_KEY | SECRET_KEY}

An example PATCH request with curl might look like:

curl https://bankpay.certegy.com/api/transaction-intents \
-X PATCH \
-H 'Accept: application/json' \
-H 'Authorization: Bearer secret_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H' \
-H 'Content-Type: application/json' \
-d '{ "action": "authorize" }'

Response

Responses always return a JSON body and the version of the api you’re using:

Content-Type: application/json
X-BankPay-Version: 2020-03-16

General Error Responses

Authentication failure response:

HTTP/1.1 401 Unauthenticated
{
"message": "Unauthenticated."
}

Entity not found response:

HTTP/1.1 404 Not Found
{
"message": "not_found"
}

Additional Notes

Currency amount

Currency amounts should be provided in a decimal representation, not as cents. (e.g. $9.99 should be “9.99”, not “999”). If the decimal point is omitted, the amount is considered to be in whole dollars. This supports a max of 9 digits.

Date and time

Date and time values are formatted according to ISO 8601 with zero UTC offset. E.g. January 30, 2020 at 9:57:08 PM would be represented as “2020-01-30T21:57:08Z”.

Rate Limiting

All publishable and secret key requests are throttled to prevent abuse and ensure stability. Publishable key requests are limited to 6000 per minute. Secret key requests are limited to 3000 per minute. Clients who send multiple requests in rapid succession may see error responses that show up as status code 429.

Api requests will return the following headers:

HeaderDescriptionCondition
X-RateLimit-LimitThe maximum number of requests you're permitted to make per minute.Every Request
X-RateLimit-RemainingThe number of requests remaining in the current rate limit window.Every Request
X-RateLimit-ResetThe timestamp at which the current rate limit window resets.When you've exceeded the maxim attempts for the given time window.

Publishable Key Test

Success

Request

GET /api/publishable/test
Authorization: Bearer {PUBLISHABLE_KEY}

Example curl request

curl https://bankpay.certegy.com/api/publishable/test \
-H 'Accept: application/json' \
-H 'Authorization: Bearer publishable_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H'

Response

HTTP/1.1 200 OK
{
"data": {
"created_at": "2020-01-27T15:16:10Z",
"has_production_access": true,
"has_universal_enrollment": false,
"id": "client_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H",
"merchant_id": "123456",
"name": "Merchant"
}
}

Example Errors

Invalid publishable key

Response

HTTP/1.1 401 Unauthenticated
{
"message": "Unauthenticated."
}

Secret Key Test

Success

Request

GET /api/secret/test
Authorization: Bearer {SECRET_KEY}

Example curl request

curl https://bankpay.certegy.com/api/secret/test \
-H 'Accept: application/json' \
-H 'Authorization: Bearer secret_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H'

Response

HTTP/1.1 200 OK
{
"data": {
"created_at": "2020-01-27T15:16:10Z",
"has_production_access": true,
"has_universal_enrollment": false,
"id": "client_Aa1ABb2BCc3CDd4DEe5EFf6FGg7GHh8H",
"merchant_id": "123456",
"name": "Merchant"
}
}

Example Errors

Invalid secret key

Response

HTTP/1.1 401 Unauthenticated
{
"message": "Unauthenticated."
}

Echo Test

Success

Request

GET /api/test/echo/{value}
Authorization: Bearer {PUBLISHABLE_KEY|SECRET_KEY}

Response

HTTP/1.1 200 OK
{
"data": {
"response_code": "Ok",
"echo": "{value}"
}
}

Example Errors

Invalid secret or publishable key

Response

HTTP/1.1 401 Unauthenticated
{
"message": "Unauthenticated."
}
Nothing entered for {value}

Response

HTTP/1.1 404 Not Found
{
"message": "not_found."
}

Articles

Back to Top

How can we help?