Paygate REST API enables you to process and manage payments using a variety of payment methods. The API accepts and returns JSON in the HTTP body and returns standard HTTP response codes. The API is built based on REST principles, ensuring that it is a well defined, easy to understand and predictable API.
Security
Paygate REST API is maximally secure while being easy to implement. API is not duplicating equivalent safety measures and not sending sensitive information when it’s not required. End-to-end safety on the transport level is guaranteed by the HTTPS-requirement, so there is no need to encrypt the data itself again.
Paygate REST API only supports TLS 1.2 (or higher). Connection is not possible when using a lower version. HTTPS mitigates packet sniffing and timing & replay attacks. Thanks to HTTPS, data exchanged is protected and guaranteed to be authentic. HTTPS implements hashed signatures, nonces and other tried and tested cryptographic safeties.
When using Paygate payment forms, all sensitive payment information is entered into our PCI DSS certified platform.
Authentication
Paygate REST API offers two ways of Authentication
HTTP Basic Authentication
Paygate REST API uses HTTP Basic Authentication as authentication method. Your merchantId serves as "username" and your API key as "password".
Both values will be shared with you during your merchant account creation. Your system sends HTTP requests with the authorization header that contains the word Basic followed by a space and a base64-encoded string username:password.
Request
curl --request POST \ --url https://test.computop-paygate.com/gateway/v1/payments \ --header 'authorization: Basic base64-encoded string username:password' \ --header 'content-type: application/json'
Parameters
| Parameter Name | Description |
|---|---|
username | Your Paygate merchant identifier (merchantId / MerchantID) |
password | Your Paygate REST API key. You will receive this value during onboarding process. |
OAuth 2
Paygate REST API supports the Client Credentials Flow, which involves an application exchanging its application credentials, such as client ID (your merchantId) and client secret (your API key), for an access token.
Tokens are requested towards Token URL: https://test.computop-paygate.com/auth/oauth/token using standardized framework: https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-the-client-credentials-flow
Sequence Diagram
Request
curl --request POST \ --url 'https://test.computop-paygate.com/auth/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data client_id=YOUR_merchantId \ --data client_secret=YOUR_API_key
Parameters
| Parameter Name | Description |
|---|---|
grant_type | Set this to "client_credentials". |
client_id | Your Paygate merchant identifier (merchantId / MerchantID) |
client_secret | Your Paygate REST API key. You will receive this value during onboarding process. |
Response
{
"access_token":"eyJz93a...k4laUWw",
"token_type":"Bearer",
"expires_in":3599
}
Calling REST API
To call Paygate REST API, your application must pass the retrieved access token as a Bearer token in the Authorization header of your HTTP request.
curl --request POST \ --url https://test.computop-paygate.com/gateway/v1/payments \ --header 'authorization: Bearer ACCESS_TOKEN' \ --header 'content-type: application/json'
Swagger
You can find our Open API specification here: https://app.swaggerhub.com/apis-docs/Computop/Paygate_REST_API/0.3#