Note: REST API /v1 implementation. The implementation is supported for existing merchants only.
Please integrate REST API /v2
REST API enables you to process and manage payments using a variety of payment methods. The API accepts and returns JSON in the HTTP body and returns standard HTTP response codes. The API is built based on REST principles, ensuring that it is a well defined, easy to understand and predictable API.
Introduction
Depending on the platform on which your MerchantID is located and configured, it is possible to process payments via our productive
using URL
or to use our dedicated test system.
will be happy to enable these functions for you when necessary.
In contrast to the productive environment, the test system can be accessed via its own test URL https://test.computop-paygate.com/.
The test system is a dedicated environment with its own server infrastructure. This means that payments are processed outside the productive
environment on a separate platform.
Merchants can thus ensure that payments are processed on a dedicated IT instance for testing purposes.
Security
REST API is maximally secure while being easy to implement. API is not duplicating equivalent safety measures and not sending sensitive information when it’s not required. End-to-end safety on the transport level is guaranteed by the HTTPS-requirement, so there is no need to encrypt the data itself again.
REST API only supports TLS 1.2 (or higher). Connection is not possible when using a lower version. HTTPS mitigates packet sniffing and timing & replay attacks. Thanks to HTTPS, data exchanged is protected and guaranteed to be authentic. HTTPS implements hashed signatures, nonces and other tried and tested cryptographic safeties.
When using payment forms, all sensitive payment information is entered into our PCI DSS certified platform.
Authentication
REST API offers two ways of Authentication.
HTTP Basic Authentication
REST API uses HTTP Basic Authentication as authentication method. Your merchantId serves as "username" and your API key as "password".
Both values will be shared with you during your merchant account creation. Your system sends HTTP requests with the authorization header that contains the word Basic followed by a space and a base64-encoded string username:password.
Request
curl --request POST \ --url https://test.computop-paygate.com/api/v1/payments \ --header 'authorization: Basic base64-encoded string username:password' \ --header 'content-type: application/json' |
Parameters
| Parameter Name | Description |
|---|---|
username | Your |
password | Your |
OAuth 2
REST API supports the Client Credentials Flow, which involves an application exchanging its application credentials, such as client ID (your merchantId) and client secret (your API key), for an access token.
Tokens are requested towards Token URL: https://www.computop-paygate.com/authorization/oauth/token using standardized framework: https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-the-client-credentials-flow
Sequence Diagram
|
Request
curl --request POST \ --url 'https://www.computop-paygate.com/authorization/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data client_id=YOUR_merchantId \ --data client_secret=YOUR_API_key |
Parameters
| Parameter Name | Description |
|---|---|
grant_type | Set this to "client_credentials" |
client_id | Your |
client_secret | Your |
Response
{
"access_token":"eyJz93a...k4laUWw",
"token_type":"Bearer",
"expires_in":3599
} |
Calling REST API
To call REST API, your application must pass the retrieved access token as a Bearer token in the Authorization header of your HTTP request.
curl --request POST \ --url https://test.computop-paygate.com/api/v1/payments \ --header 'authorization: Bearer ACCESS_TOKEN' \ --header 'content-type: application/json' |
Open API specification
You can find our Open API specification here: https://app.swaggerhub.com/apis-docs/Computop/Paygate_REST_API