API Core Standards

This article describes the core standards that apply to all Xplor Pay APIs. It covers data formats, HTTP methods, and security requirements for making secure and consistent API requests.

Supported Data Format

All of our RESTful API endpoints support JSON (JavaScript Object Notation) for both request and response data.

HTTP Methods

Each API endpoint supports one or more standard HTTP methods, depending on its purpose.

• GET: Retrieve data or information

• POST: Create new resources or submit data

• PUT: Update existing resources completely

• DELETE: Remove resources

Security Requirements

All Xplor Pay APIs enforce strict security controls to protect payment and merchant data.

Transport Layer Security (TLS)

All API endpoints require HTTPS with TLS 1.2 or higher.

• Requests using earlier TLS versions are blocked by the firewall.

• Ensure your client, SDK, or browser supports TLS 1.2 or later.

Authentication

Xplor Pay APIs use two types of authentication: Access Key and API Key. The authentication type varies by API product. Always use the correct header for the API you are calling.

Access Key

Used for:

• Merchant Onboarding

• Reporting

• Disputes

Include the AccessKey header in every request. Requests without a valid key are rejected.

API Key

Used for:

• Payments

Include the API Key in the request header. Requests without a valid key are rejected.