OwnPay exposes a full-featured HTTP/JSON API that lets you initiate payment intents, query transactions, issue refunds, manage customer profiles, rotate API keys, and inspect webhook delivery logs — all from any language or platform without any proprietary SDK. Every brand operates on its own isolated subdomain, so your API traffic never touches another brand’s data.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/own-pay/OwnPay-Documentation/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
The API is served from your brand’s own custom domain, configured in Admin → System → Domains:{your_brand_domain} with the domain you configured (e.g. pay.yourbrand.com). Every brand gets a completely isolated API endpoint.
Authentication
All endpoints (exceptGET /health) require a Bearer API key in the Authorization header:
| Scope | Access level |
|---|---|
read | Query transactions, customers, refunds, delivery logs |
write | Create payments, issue refunds, create customers |
admin | Key management (must be combined with write) |
Key management endpoints (
GET /api-keys, POST /api-keys, DELETE /api-keys/{id}) require both the write and admin scopes, plus the X-Super-Admin-Email request header.Response Format
All responses are JSON. Successful responses wrap the result in adata envelope:
error string, an optional errors array with per-field details, and a request_id for support correlation:
HTTP Status Codes
| Code | Meaning |
|---|---|
200 | OK — request succeeded |
201 | Created — resource was created |
400 | Bad request or business rule violation |
401 | Missing or invalid API key |
403 | Insufficient scope or permission |
404 | Resource not found (or belongs to another brand) |
409 | Conflict (e.g. duplicate email on customer create) |
422 | Validation failure — check the errors array |
500 | Internal server error |
503 | System degraded — retry with exponential back-off |
Endpoints
Health Check
Returns system status including database connectivity, active gateway count, paired mobile devices, and the running version. No authentication required.
"healthy" (HTTP 200) or "degraded" (HTTP 503).Currently running OwnPay version string.
Database connection state —
"connected" or "error".Mobile device pairing info.
Number of active payment gateways configured for the brand.
Total number of customer profiles in the brand.
ISO 8601 server timestamp at the time of the request.
Payments
Initiate a Payment Intent
Positive numeric string with exactly 2 decimal places. Example:
"500.00".ISO 4217 currency code supported by your brand. Example:
"BDT", "USD".Webhook URL for
payment.completed callbacks. Must be a valid HTTP or HTTPS URI.Where to send the customer after a successful payment.
Where to send the customer if they cancel during checkout.
Customer email address for identity mapping and masked display.
Customer full name. Maximum 150 characters.
Customer phone number. Maximum 30 characters.
Your internal order or invoice identifier. Example:
"INV-10029". Stored and returned on the transaction for reconciliation.Route this payment to a specific gateway by its slug. Example:
"bkash-merchant". Omit to let OwnPay auto-select.Arbitrary key-value map for your own data. Stored on the transaction and returned as-is.
UUID of the created payment intent. Use this to poll status via
GET /payments/{payment_id}.Short-lived session token embedded in the checkout URL.
Fully-formed URL to redirect your customer to. The URL uses your brand’s custom domain.
Always
"created" on a fresh intent.Retrieve Payment Details
UUID of the payment intent returned by
POST /payments.Internal transaction integer ID.
null if the payment has not completed.OwnPay transaction reference (e.g.
"OP-481029304"). null if not completed.Gateway’s own transaction identifier.
null if not completed.Transaction amount as a decimal string.
ISO 4217 currency code.
Gateway fee deducted from the transaction.
Transaction status:
completed, pending, failed, cancelled, or processing.Gateway slug that processed the payment.
Payment method used (e.g.
"app", "card", "ussd").Your internal order/invoice ID passed at payment creation.
ISO 8601 timestamp when the payment intent was created.
ISO 8601 timestamp when the payment was completed.
null if not completed.Customer identity snapshot.
Transactions
List Transactions
Page number. Defaults to
1.Records per page. Maximum
100, default 25.Filter by status:
completed, pending, failed, cancelled, or processing.Filter by gateway slug (e.g.
"bkash", "nagad").Start date boundary in
YYYY-MM-DD format.End date boundary in
YYYY-MM-DD format.Retrieve a Transaction
OP-481029304) or by the gateway’s own transaction ID. OwnPay IDs are matched first.
OwnPay transaction reference (
OP-XXXXXXX) or gateway transaction ID.Refunds
List Refunds
Page number, default
1.Max
100, default 25.Filter:
completed, pending, or failed.Filter by OwnPay or gateway transaction reference.
Filter by internal transaction integer ID.
Start date boundary (
YYYY-MM-DD).End date boundary (
YYYY-MM-DD).Request a Refund
OwnPay transaction reference (
OP-12345) or gateway transaction ID. Exactly one of trx_id or transaction_id must be provided.Alternative identifier: the internal integer transaction ID.
Partial refund amount as a decimal string. Omit to issue a full refund for the entire remaining balance.
Human-readable reason for the refund. Stored on the refund record.
Internal refund integer ID.
Refund UUID.
Internal ID of the parent transaction.
OwnPay transaction reference.
Gateway transaction ID.
Refunded amount as a decimal string.
Reason provided at refund creation.
Refund status:
completed, pending, or failed.ISO 8601 timestamp when the refund was processed by the gateway.
ISO 8601 timestamp when the refund record was created.
Retrieve a Refund
OwnPay transaction reference or gateway transaction ID.
Customers
Customer PII (name, email, phone) is stored AES-256-GCM encrypted at rest. Decryption happens only on explicit single-record retrieval — the list endpoint returns masked values for safe display.List Customers
email_masked, phone_masked). Full values require a dedicated lookup via GET /customers/{identifier}.
Page number, default
1.Records per page, default
25.Create a Customer
id and uuid — full PII is not echoed back.
Customer full display name.
Customer email address. Must be unique per brand. Returns
409 on duplicate.Customer phone number.
Retrieve a Customer
@ it is resolved via email hash; otherwise via phone number hash.
URL-encoded email address (e.g.
customer%40example.com) or phone number.API Keys
List API Keys
Generate an API Key
Friendly label for the key to help identify its purpose (e.g.
"POS-System-Integration").Array of scopes to grant. Valid combinations:
["read"], ["read","write"], or ["read","write","admin"].Revoke an API Key
401 Unauthorized.
Integer ID of the API key to revoke (see
id from the list response).Webhooks
Dispatch a Test Webhook
payment.completed payload to your configured brand callback URL. Useful for verifying that your endpoint is reachable and returns a 2xx status.
HTTP status code returned by your webhook endpoint.
Round-trip time in milliseconds from OwnPay’s server to your endpoint.
Webhook Delivery Log
Internal delivery attempt ID.
ID of the transaction that triggered the delivery.
Event type — currently always
"payment.completed".Webhook URL the payload was delivered to.
JSON string of the payload that was sent.
HTTP status code returned by your endpoint.
First portion of the response body from your endpoint.
Number of delivery attempts made so far.
Delivery status:
"success" or "failed".ISO 8601 timestamp of the first delivery attempt.
Webhook Events
OwnPay POSTs a JSON payload to yourcallback_url when a payment is completed. Your endpoint must return an HTTP 2xx status within 10 seconds. Failed deliveries are retried automatically — check the delivery log for retry history.
payment.completed Payload
Quick Reference
| Endpoint | Method | Required Scope |
|---|---|---|
GET /health | System health | None |
POST /payments | Initiate payment intent | write |
GET /payments/{id} | Payment details | read |
GET /transactions | List transactions | read |
GET /transactions/{id} | Single transaction | read |
GET /refunds | List refunds | read |
POST /refunds | Request a refund | write |
GET /refunds/{id} | Single refund | read |
GET /customers | List customers | read |
POST /customers | Create customer | write |
GET /customers/{id} | Customer details | read |
GET /api-keys | List API keys | write + admin |
POST /api-keys | Generate API key | write + admin |
DELETE /api-keys/{id} | Revoke API key | write + admin |
POST /webhooks/tests | Test webhook delivery | write |
GET /webhooks/deliveries | Delivery log | read |