The Orders API a REST-based API which is used in conjunction with our ExactJS payment library to allow you to design and host your own payment forms in a secure, PCI-compliant manner.

Fundamentally, you create an order on our servers (which you can update as often as you like until the customer has paid) and then the ExactJS library gathers the customer's payment data and pays for the order direct from the customer's browser.

Please read the ExactJS Payment Forms guide for more details.

The API is JSON-only and access is only permitted over HTTPS.

API Endpoints

Production

Sandbox

The Sandbox has all the functionality of the production site, except that any orders created are test orders, and when those orders are paid for by the customer, those payments are also test payments. No funds are ever transferred as a result of actions in Sandbox.

We recommend you use our Sandbox to familiarize yourself with our APIs and complete your integration, switching to the production site once you are certain that you have integrated correctly.

All requests to our APIs are over HTTPS. Insecure HTTP requests will be rejected.

Authentication

Authentication to our APIs is via BasicAuth, using your API key as the username, and without any password.

For example, let's say your API key is YOUR_API_KEY, then, for the purposes of the BasicAuth algorithm, the username is YOUR_API_KEY, and there is no password, resulting in the input string "YOUR_API_KEY:" (note the colon!)

This input string is then Base64 encoded and included in the Authorization header.

Authorization: Basic WU9VUl9BUElfS0VZOg