Base URL
All API requests are made to the following base URL:API version
The current API version is 1.0.0. The version is embedded in the base URL path (/v1/).
Content type
All requests must send aContent-Type: application/json header. All responses are returned as application/json.
Authentication
Every endpoint requires thex-api-secret header. See the Authentication page for details on obtaining your secret and passing it correctly.
Requests without a valid
x-api-secret header return a 401 Unauthorized response.Available endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /trdp/order | Create a payment order |
POST | /trdp/verify | Verify payment status |
Response envelope
Every response — success or error — is wrapped in a consistent envelope:| Field | Type | Description |
|---|---|---|
status | string | "success" or "error" |
timestamp | string | ISO 8601 datetime of the response |
message | string | Human-readable summary |
data | object | Response payload; shape varies by endpoint |
Error responses
Error responses follow the same envelope structure. Anerror object is nested inside with a machine-readable code and description:
| Field | Type | Description |
|---|---|---|
error.code | string | Machine-readable error code |
error.message | string | Detailed error description |
Explore the API
Create a payment order
POST /trdp/order — initiate a new payment transaction.
Verify payment status
POST /trdp/verify — check the status of an existing order.
Authentication
How to authenticate every API request with your API secret.
Callback signature verification
Verify HMAC-SHA256 signatures on incoming webhook callbacks.