Authorization

To use the gateway APIs you will need an API Token, which can be requested to support or navigating on your gateway account to Users > Details > Api Token.

With that token, you’ll be able to access our API. You should send your key in every request to our API, in order to authenticate and identify yourself. For every request, you should pass the Authorization HTTP Header containing your token, prefixed by “Bearer “ string. Example below:

curl -H 'Authorization: Bearer YOUR_API_TOKEN' https://gateway-api.paycertify.com/api/transactions

An authentication error message would return a message like the following:

{
    "error": {
        "status": 401,
        "message": {
            "base": [
                "Not authenticated"
            ]
        }
    }
}

Please note that the error messages that use the same structure of an error node will display a message node. The message displayed will result when the incorrect syntax is used in the desired field. A base error is a general error that cannot be related to any field submitted The fatal node is a system error that will occur when the incorrect format is entered into a field, such as when letters are used in the amount field. This will result in a system error. All messages also contain an HTTP status follow W3C recommendations, e.g. an unauthenticated request will issue an HTTP status 401.

We include the HTTP status on the JSON message, as well as on the headers of all JSON error responses.

Rate limiting

Please note that API requests are rate-limited for security purposes. By default, you are not allowed to submit more than 60 requests per minute. X-RateLimit-Limit and X-RateLimit-Remaining headers are always present on the API responses so you can better manage your requests and put together a timing strategy. If that limit is exceeded, the server will return HTTP Status 429 and data will not be submitted to the processor. Our recommendation is using an exponential backoff strategy to make sure you do not over exceed the limits as this may result in permanent blacklisting.

{
    "error": {
        "status": 429,
        "message": {
            "base": [
                "Too Many Attempts."
            ]
        }
    }
}