Guides

API Authentication

PAYARC generates a unique API Access Token for each Merchant and Agent/Partner account. Below are the steps to retrieve your token.

Suggest Edits

Steps to Retrieve API Access Token

For Merchants (using the PAYARC Dashboard):

  1. Log in to the PAYARC Dashboard with your credentials.
  2. Navigate to the "API" section in the left-hand navigation menu.
  3. Reveal your API Access Token by clicking "Reveal" to display the "Secret Key" (this is your Bearer Token).

For Agents and Partners (using PartnerHub):

  1. Log in to Partner Hub with your credentials.
  2. Go to the "API Keys" page by clicking the dropdown next to "My PayArc" in the left menu, then selecting "API Keys."
  3. Reveal your API Access Token by clicking "Reveal and Copy" to display the "Secret Key" (this is your Bearer Token).

❗️

Environment-Specific Tokens:

Make sure to use the correct token for the environment you are interacting with. For production requests, use the token generated from your production environment. For testing in sandbox, ensure you are using the token retrieved from the sandbox environment. Using a token from the wrong environment (e.g., production token for sandbox requests) could result in authentication failures.

🔒

Important Security Notes:

  1. Your API Access Token is a sensitive credential that provides access to your account. Keep it secure and never share it publicly.
  2. Do not expose your token in public places like GitHub, client-side code, or forums.
  3. Store your token in a secure environment to avoid unauthorized access.

Headers

Certain API calls require you to send data in a particular format as part of the API call.
By default, all API calls expect inputs in JSON format, however, you need to ping the server that you are sending a JSON-formatted payload. In order to do that, you must include the Accept => application/json HTTP header with every call.

Rate limiting

All REST API requests are designed to prevent abuse and ensure stability. The number of API calls that your application can make per day varies based on the type of request you are making.

The rate limit window is set to {{rate-limit-expires}} minutes per endpoint, and each access token is allowed {{rate-limit-attempts}} requests per window. Exceeding this limit will result in temporary restrictions on making further requests.

You can check the header attributes below to find the number of API calls you can make per minute:

X-RateLimit-Limit → 30
X-RateLimit-Remaining → 29

Pagination

By default, fetch requests return the first {{pagination-limit}} items. Use the limit query parameter to control the number of records returned in each response.

Limit:The ?limit= parameter can be applied to define how many records should be returned by the endpoint.

SandBox

PAYARC provides a sandbox testing environment, where merchants can perform business process tests without affecting production data. The sandbox environment's base URL is: https://testapi.payarc.net

Updated about 1 month ago