AgoraPay REST API
The AgoraPay platform exposes a number of REST API endpoints to manage most aspects of your marketplace:
- Pay-In endpoints - to make payment requests for your customers
- Payment account endpoints - to manage your marketplace accounts
- Pay-Out endpoint - to request payout to your vendors
- Transfer endpoint - to transfer funds between your accounts
- Operations endpoint - to retrieve information about previous payments
The API is protected by an authentication mechanism you will have to implement unless you use the AgoraPay SDK which abstracts the authentication management. Available in several languages, the AgoraPay SDK will reduce the development efforts.
The REST API implements a specific security mechanism to guarantee that every API request is properly authenticated and cannot be replayed or fraudulently reused. This section describes how to request an authentication pair that must be used in each REST call.
Getting the authentication pair
Before making HTTP requests to AgoraPay API endpoints, you must obtain a valid authentication token using your TOKEN_USER and TOKEN_PASSWORD credentials as an HTTP Basic authentication request against the TOKEN_URL endpoint.
Here is an example of token request (please replace with your own credentials for the request to work):
Each authentication token request returns a JSON object where you will find an authentication token pair (access_token, id_token) that must be used for every subsequent REST API request.
1 2 3 4 5 6 7
As the authentication pair expires one hour after its creation, the expires_in attribute of the JSON response indicates whether the pair needs to be refreshed or not. Please avoid creating new pairs for every REST API call as it would be quite inefficient. In case you request a new pair while your current pair is still valid, the token end-point will return the same pair.
Using an invalid pair on the HTTP REST API will raise an authentication error.
Using the authentication pair
Once you have a valid authentication pair, you must pass the access_token as an Authorization header and the id_token as a header parameter.
Here is an example of REST API request with the authentication pair:
1 2 3 4 5
Submit a payment
Submit additional payment details
Submit an order/get payment methods
Capture a transaction/order
Cancel a transaction/order
Get all the order details
Adjust the amount of the payment/change the payment split
Submit an order/get an authentication code
Refund a transaction/order
Payment account API
Get account details
Get account list
Credit an account
Schedule a payout
Set Account Floor Limit
Set Account IBAN
Fund an account
Create Payment Account
Ask for a payout
Ask for a transfer between two accounts
Get operations matching a set of criteria