Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors.
We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients.
We support cross-origin resource sharing, allowing you to interact securely with our API from a client-side web application (though you should never expose your secret API key in any public website's client-side code).
To make the API as explorable as possible, accounts have test mode and live mode API keys.
There is no "switch" for changing between modes, just use the appropriate key to perform a live or test transaction.
Requests made with test mode credentials never hit the banking networks and incur no cost.
Authenticate your account when using the API by including your secret API key in the request. Your API keys carry many privileges, so be sure to keep them secret!
Do not share your secret API keys in publicly accessible areas such Git Hub, client-side code, and so forth.
Authentication to the API is performed via HTTP Basic Auth.
Provide your API key as the basic auth username value. If you need to authenticate via bearer auth (e.g., for a cross-origin request), use flag to pass basic auth credentials (adding a colon after your API key prevents c URL from asking for a password).
A sample test API key is included in all the examples on this page, so you can test any example right away.
To test requests using your account, replace the sample API key with your actual API key.