A single API endpoint is provided for all customers for all API functions. Customers must identify themselves in each request using a unique ApiKey, and sign the message using a security token and SHA2-512 hash.
All calls use HTTPS on the standard port 443. TLS v1.2 must be used, in line with PCI-DSS requirements.
Earlier versions of TLS, and SSL of any version, are not supported.
The [commandname] is the name of the service being requested, such as authorisation or capture. For URLs are provided in each command detail section below.