Business Rules

  1. A username and password must be used to authenticate the API request.
  2. All requests must be sent over HTTPS.
  3. All requests use HTTPS digest authentication. For merchants the username is merchant-{merchant id}, example merchant-25. For PSPs the username is psp-{merchant id} - example psp-13, where 13 is the merchant Id that is present on the Scan to Pay Portal.
  4. The API username and password is available from the Scan to Pay Portal under the API tab - these credentials are the same as those used for sending requests on the Scan to Pay Secure MOTO and Face to Face API.
  5. Content-Type must be set to application/json.
  6. Merchants who already have HTTP, Email or SMS notifications won’t be able to use the query notification API.
  7. For refunds and payments using the same merchant reference and code, only the latest transaction status and details will be sent on the response.
  8. For querying a reversal the code and merchant reference used for the original purchase must be used.
  9. If the status of a transaction is not available a N/A status will be returned.
  10. Unless otherwise specified the field lengths for all the parameters are determined by the parameter types.