We at Visa Payments Limited provide all our clients with our RESTful API service - it's easy to use, has predictable resource-oriented URLs, and demonstrates the use of HTTP response codes in order to indicate any API errors that may occur.
We use built-in HTTP features such as HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. Furthermore, we support cross-origin resource sharing, allowing you to interact securely with our API from client-side web applications. However we strongly advise that you NEVER expose your secret API key in any public website's client-side code.
The default file format returned by every API response is JSON - including errors, although our API libraries convert responses to appropriate language-specific objects.
We recommend that you
This API has support for multiple environments. Each environment has one or more base URIs defined.
Production
Production server.
Server |
Base URI |
default |
https://api.earthport.com/v1 |
auth |
https://api.earthport.com |
Sandbox
Sandbox is used for both sandbox testing and customer UAT.
Server |
Base URI |
default |
https://api-sandbox.earthport.com/v1 |
auth |
https://api-sandbox.earthport.com |
Customer Integration
Customer integration is used by existing clients who need to test new functionality before it is released on to sandbox and production.
Server |
Base URI |
default |
https://api-integration.earthport.com/v1 |
auth |
https://api-integration.earthport.com |
The default environment is sandbox and the default server is default.
This API uses the OAuth 2 Bearer token for authentication.
The bearer token is sent in the request like this:
Start a Project
API Overview
curl {BASEURI} -H 'Authorization: Bearer {OAUTH_TOKEN}'
GET / HTTP/1.1
Host: {HOST}
Authorization: Bearer {OAUTH_TOKEN}
Currently you will need to contact Visa Payments Limited ([email protected]), from there we can set you up by issuing you with a unique client_id and secret. In future, you will be able to register your details on this site and receive your client_id and secret once approved.
The Sandbox environment is a complete replica of the Visa Payments Limited production environment - it supports all of the same API endpoints. Applications must be tested against the Sandbox environment before being used in production.
Currently you will need to contact Visa Payments Limited ([email protected]), from there we can set you up by issuing you with a unique client_id and secret. In future, you will be able to register your details on this site and receive your client_id and secret once approved.
Warning - Real financial data should never be used in the Sandbox.
Please read the suggested Developer testing steps.
The API is only available over HTTPS - any requests made using HTTP will fail to connect.
Note: You will need to ensure you are using TLS v1.2 or higher.
| Environment |
Base URL |
|---|---|
| Sandbox | https://api-sandbox.earthport.com |
| Integration | https://api-integration.earthport.com |
| Production | https://api.earthport.com |
Once Visa Payments Limited has issued you with your client_id and client_secret you can then use these to authenticate. Authentication will return a token which has a time to live.
You will need to use this token in each subsequent API call to be authorized.
When we make backwards-incompatible changes to the API, we will release a new version. The current version is v1.
Visa Payments Limited considers the following changes to be backwards-compatible:
Your webhook listener should gracefully handle unfamiliar event types.
All requests and responses are JSON-formatted and UTF-8 encoded.
An 'Accept' header is required for all requests, for example:
Accept: application/json
A 'Content-Type' header must be given when sending data to the API (using POST and PUT endpoints), for example:
Content-Type: application/json
For both of these headers, you must give the standard JSON MIME type (application/json).
You will receive an error (HTTP status code=415) if you attempt to make a POST/PUT request without this MIME type.
Each response has HTTP headers that provide data on where your application is at for a given rate limit.
X-Rate-Limit-Limit: the rate limit ceiling for that given request
X-Rate-Limit-Remaining: the number of requests left for the 1 minute window
X-Rate-Limit-Reset: the remaining window before the rate limit resets
When the rate limit is applied the API will return a status code of "429 Too Many Requests". In which case you should wait 60 seconds before retrying.
By default, your application can perform API calls from any IP address. By configuring whitelisted IP addresses for your application, you can control the source IP addresses for the API calls made by your application. In this case Visa Payments Limited will reject any API calls made with your application credentials from any other IP address with a status code of "401 Unauthorized".
Warning - If you misconfigure whitelisted IP addresses, your application will be broken.
Please note:
The API supports idempotency for safely retrying requests without accidentally performing the same operation twice. This is useful when an API call is disrupted in transit and you do not receive a response. For example, if a request to create a payment fails due to a network connection error, you can retry the request with the same merchantTransactionID to guarantee that only a single payment is created.
Rather than using a separate idempotency key, we instead require a specific field per service to be unique.
Multiple POSTs where this field contains the same value won't result in multiple resources being created. In fact, an error will be returned indicating a duplicate value.
| Service | Idempotent field |
|---|---|
| Create User | merchantUserID |
| Add Beneficiary Bank Account | merchantBankID |
| Payout Request | merchantTransactionID |