Authorization

To use the gateway APIs you will need an API Token, which can be requested to support or navigating on your gateway account to Users > Details > Api Token.

With that token, you’ll be able to access our API. You should send your key in every request to our API, in order to authenticate and identify yourself. For every request, you should pass the Authorization HTTP Header containing your token, prefixed by “Bearer “ string. Example below:

curl -H 'Authorization: Bearer YOUR_API_TOKEN' https://gateway-api.paycertify.com/api/transactions

An authentication error message would return a message like the following:

{
    "error": {
        "status": 401,
        "message": {
            "base": [
                "Not authenticated"
            ]
        }
    }
}

Please note that the error messages use the same structure of an error node, with then a message node, and subsequently either base being a general error, unrelated to any field submitted, fatal being a system error, or a field name, for example, amount when the request message contains any errors under that field. All messages also contain an HTTP status following W3C recommendations, e.g. an unauthenticated request will return HTTP status 401.

We include the HTTP status on the JSON message, as well as on the headers of all JSON error responses.

Rate limiting

Please note that API requests are rate-limited for security purposes. By default, you are not allowed to submit more than 60 requests per minute. X-RateLimit-Limit and X-RateLimit-Remaining headers are always present on the API responses so you can better manage your requests and put together a timing strategy. If that limit is exceeded, the server will return HTTP Status 429 and data will not be submitted to the processor. Our recommendation is using an exponential backoff strategy to make sure you do not over exceed the limits as this may result in permanent blacklisting.

{
    "error": {
        "status": 429,
        "message": {
            "base": [
                "Too Many Attempts."
            ]
        }
    }
}