REST API Reference
The API uses HTTP verbs and a RESTful structure; OAuth 2.0 used as the API authorization framework; Requests and responses are JSON formatted.
API Operations
The REST APIs are available in two environments; Demo and Live. Demo environment is for testing; then switching to live environment for production processing.
The following base URIs address the two environments:
- Demo base URI: https://demoapi.domain.com
- Live base URI: https://api.domain.com
A complete REST operation is formed by combining an HTTP method with the full URI to the resource you are addressing. To create a complete request, combine the operation with the appropriate HTTP headers and any required JSON payload.
API Grant Types
Available API grant_type are:
- program_credentials: grant access token when supplying valid program_id, user_name, and password supplied by the integration support team.
- user_credentials: grant access token when supplying valid primary verified user_email or user_mobile or active user account number with password; also the system can grant access using user facebook id and token (for users that enable login with facebook feature).
- pos_credentials: grant access token when supplying valid pos_id and key, which get generated when activating a pos.
- pos_user_credential: grant access token when supplying valid pos_user_id and key, which get generated when activating a pos.
- limited_program_credentials: grant access token when supplying valid program_id, user_name, and password supplied by the integration support team used for accessing public program setup with no access to sensitive data.
A complete REST operation is formed by combining an HTTP method with the full URI to the resource you are addressing. To create a complete request, combine the operation with the appropriate HTTP headers and any required JSON payload.
API Scope
API scope is the access privileges allowed based on the grant type and program access privileges settings.
- program: for program integrations, which allow access to all users and accounts information belonging to the program.
- user: for end users which allow access to the client profile and active accounts, also can be used for mobile applications.
- pos: for payment pos and devices and which only have access to the pos active accounts and to the services catalog.
- pos user : for payment pos users and devices and which only have access to the pos users active accounts and to the services catalog.
API Methods
- POST = Create
- PUT = Update
- GET = Return
- DELETE = Delete
API Namespace Summary
Here are the available REST API namespace:
| Name | Description | Endpoint |
| oauth | obtain access token using OAuth2.0 | service/oauth/ |
| user | activate, lookup, and update user status and information | service/v1/user/ |
| account | activate, lookup, and update account status and information | service/v1/account/ |
| program | To get the program setting for merchant | service/v1/program/ |
| pos | activate, add users, authenticate, and get status and information | service/v1/pos/ |
| transaction | process, reverse and lookup transaction status and information | service/v1/transaction/ |
| catalog | Get catalog information | service/v1/catalog/ |
| order | process, reverse, validate, and get order information | service/v1/order/ |
| group | activate, lookup, and update group status and information | service/v1/group/ |
| message | lookup, and update message status | service/v1/message/ |
| report | report inquiry | service/v1/report/ |
Headers
With each API call, you will need to set request headers, including an OAuth 2.0 access token.
| Field Name | Field Type | Regular Expression | Sample | Field Status | |||
| POST | PUT | GET | DELETE | ||||
| header | |||||||
| lang | String | ^[a-zA-Z]{1,2}(-[a-zA-Z]{1,2})?$ | EN, en, en-ca | R | R | R | R |
| source_id | String | ^[a-zA-Z0-9]{1,100} | 2Feb2015000001 | R | R | R | R |
| time_zone | String | ^((?:UTC [+|-](?:2[0-3]|[01][0-9]):[0-5][0-9])){1,10}$ | UTC -06:00, UTC +02:30 | R | R | R | R |
| device_id | String | ^[a-zA-Z0-9\s-]{1,50}$ | ^[a-zA-Z0-9-_]{1,50}$ | O | O | O | O |
| show_sensitive_data | String | ^[0-1]{1,1}$ | 1, 0 | O | O | O | O |
| show_custom_field | String | ^[0-1]{1,1}$ | 1, 0 | O | O | O | O |
Example header:
url : https://demoapi.domain.com/oauth/token
" Authorization : bearer [Token]"
" Content-Type : application/json"
" source_id : 123M"
" time_zone : UTC +03:00 "
" lang : en"
Request Validation
The following Parameter validate send with body parameters at POST And PUT Methods, if true the result returned without processing.
Business Definitions
Business definitions for the objects and terms used in the service are located in the Definitions.
Process Flow
Different operational flow using the API can be used detailed in the Process Flow section.
HATEOAS Links
The following filters can be used for paging and filtering results on GET calls that return multiple results.
| Element | Description |
| href | URL of the related HATEOAS link you can use for subsequent calls. |
| Rel | Link relation that describes how this link relates to the previous call. Examples include self (get details of the current call), or a related call such as cancel or reverse. |
| method | The HTTP method required for the related call; such as POST, PUT |