Documentation
The NumeroPay API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
You can use the NumeroPay API in test mode, which does not affect your live data or interact with the banking networks. The API KEY_ID you use to authenticate the request determines whether the request is live mode or test mode.
To enable test mode, prefix the KEY_ID with sandbox.KEY_ID and for KEY_SECRET use KEY_ID.
Assuming your Live Secrets are:
: du7UghNhhhMTnYwqrEYp
: 10LuRTaAefHwMCMdKgoF
Then your Test Secrets will be:
: sandbox.du7UghNhhhMTnYwqrEYp
: du7UghNhhhMTnYwqrEYp
You can acces the api from any applicatiuon to create Payment Transactions and get updates for created transaction.
1https://api.numeropay.comNumeroPay API uses Bearer authentication (also called token authentication) as HTTP authentication scheme.
Token passed for authentication is a JWT token. For Merchant integration, the JWT token is signed using Merchant’s secrets (not user’s secrets).
To obtain the merchant secrets, please look into Merhcant Panel > Settings > Your Mercahnt Account > API Secrets. These secrets are generated on a Merchant level.
1GET /transaction/<<Your transaction Id>>
2Host: api.numeropay.com
3Authorization: Bearer <<your token here>>To generate the JWT token, you need to follow the following steps:
KEY_ID and KEY_SECRET from Merchant panel.JSON1{
2 "scopes": [
3 "YOUR",
4 "SCOPES"
5 ],
6 "iat": 1602501211,
7 "exp": 1602502411,
8 "iss": "merchant.numeropay",
9 "sub": "MERCHANT ID"
10 }KEY_ID
JSON1{
2 "alg": "HS256",
3 "type": "JWT",
4 "keyid": "KEY_ID"
5 }JAVASCRIPT1const SignaturePayload = base64UrlEncode(header) + "." + base64UrlEncode(payload);
2HMACSHA256(SignaturePayload, KEY_SECRET);See example JWT token.
Below is a table for fileds used int JWT tokens explained in detail.
| Field | Description |
|---|---|
scopes | Permission SCOPES where this token can be used. |
iat | When the token is issues. This can be different to when it can be used (nbf). |
exp | When the token is expired. after this time, the token will be invalidated. |
iss | Issuer of the token. In case of merchants, use |
sub | Subject of the token. To whome this token represents. In case the JWT token represents a Merchant’s integration, this will have |
| Field | Description |
|---|---|
alg | Static. Always set to HS256 |
type | Static. Always set to JWT |
keyid | Your KEY_ID from your merchant credentials |
NumeroPay API request should always accompany the Authorization header. For POST requests, the data has to be passed as a JSON object with content type set to application/json.
BASH1curl --location --request POST 'https://api.numeropay.com/transaction' \
2 --header 'accept: application/json, text/plain, */*' \
3 --header 'content-type: application/json;charset=UTF-8' \
4 --header 'Authorization: Bearer <<YOUR JWT TOKEN>>' \
5 --data-raw '{"amount":100,"busin ... nsaction"}'The Response for the above request return a transaction object in reponse wrapper.
JSON1{
2 "data": {
3 "id": "5CD0RGCKJ",
4 "merchant": "17c69865-7edd-4d05-bc70-65a1b85b9322",
5 "businessName": "Infinity Group",
6 "channel": 1,
7 "amount": 100,
8 "currency": "aud",
9 "description": "sample transaction",
10 "structure": {},
11 "state": 0,
12 "createdOn": "2020-10-14T02:31:23.328Z",
13 "updatedOn": "2020-10-14T02:31:23.328Z",
14 "ipAddress": "120.19.86.103"
15 },
16 "success": true
17}All the success API calls follow a standard response format. A success response consits of two properties explained below:
| Property | Description |
|---|---|
data | Any JSON compatibe data type. |
success | Boolean. Always true in case the request processed correctly. |
success: true is returned.In case of errors, Error Response is returned with any of the error mentioned in API Response Errors and sucess always set to false.
JSON1{
2 "success": false,
3 "error": {
4 "code": 403,
5 "message": "Action not allowed",
6 "name": "FORBIDDEN"
7 }
8}In case of an error response, the flowing is the list of errors which will return as response.
| Error Name | Code | Message and Description |
|---|---|---|
| SYSTEM_ERROR | 500 | Some error in our systems. nothing relating to your request. |
| USER_EXIST | 406 | Message: User with email <<EMAIL>> already exists |
| MERCHANT_EXIST | 406 | Message: Merchant with ABN/ACN <<ABN/ACN>> already exists |
| BAD_REQUEST | 400 | Your request has some invalid or incomplete input. Message:The request could not be understood by the server due to malformed syntax. |
| NOT_IMPLEMENTED | 501 | Your are trying to make a request to an invalid. Message:The server does not recognize the request method and is not capable of supporting it for any resource |
| UNKNOWN_USER | 404 | Message: |
| NOT_FOUND | 404 | Message: |
| FORBIDDEN | 403 | You are trying to perform an action which you are not allowed to do. E.g. Getting details of a transaction id which is owned by some other merchant.Message: Action not allowed |
Payments API will allow you to access manage transactions in your merchant account in NumeroPay. You can create new transaction and get updated state of the transaction.
All Payment Api calls are made on /transaction resource. Below is the list of awailable api calls on transaction resource:
TRANSACTION IDTo create new transaction, you need to call POST /transaction with JSON body with your transaction details.
Properties of the JSON Request Body are explined below:
| Property Name | Type | Description |
|---|---|---|
| amount | Number | (Required) Amount of the Transaction. Always greater than 0 and upto precision of 2 decimal places. |
| currency | String | (Required) Three-letter ISO currency code, in lowercase. One of Currency code from CURRENCIES |
| description | String | Transaction’s description. This is also displayed to the payer when making the payment. |
| merchant | String | (Required) Merchant Id of the Merchant requesting to create this transaction. |
| businessName | String | (Required) Business Name of the merchant for this transaction. This Business name shoul be from the list of Business names of the Merchant. This is also displayed to the payer when making the payment. |
When successful, this call returns the generated transaction object (See Payment Schema).
To get a paginated and filtered list of your transaction you need to call GET /transaction. The transactions in this api call is limmited top the mertchant mentioned in the JWT token.
For pagintation, below is the list of query paramerters:
| Parameter | Type |
|---|---|
| limit | Number Default to 25. Cannot be 0 or less than 0. |
| from | Number Unix timestamp. Default to current time. |
For filters, below is the list of query paramerters:
| Parameter | Type |
|---|---|
| status | String JSON stringified Array of statuses or Single Status as string |
| business_name | String JSON stringified Array of valid business named or Single business name as string |
When successful, this call returns an array of transaction object (See Payment Schema) paginated and filterd based on query parameters.
To get an existing transaction object, you need to call GET /transaction/<<TRANSACTION ID>>.
When successful, this call returns the transaction object (See Payment Schema) for the passed Transaction ID.