Mock sample for your project: NOWPayments API
Integrate with "NOWPayments API" from nowpayments.io in no time with Mockoon's ready to use mock sample
NOWPayments API
nowpayments.io
Version: 1.0.0
Start working with "NOWPayments API" right away by using this ready-to-use mock sample. API mocking can greatly speed up your application development by removing all the tedious tasks or issues: API key provisioning, account creation, unplanned downtime, etc.
It also helps reduce your dependency on third-party APIs and improves your integration tests' quality and reliability by accounting for random failures, slow response time, etc.
Description
NOWPayments is a non-custodial cryptocurrency payment processing platform. Accept payments in a wide range of cryptos and get them instantly converted into a coin of your choice and sent to your wallet. Keeping it simple – no excess.
Sandbox
Before production usage, you can test our API using the Sandbox. Details can be found here
Authentication
To use the NOWPayments API you should do the following:
Sign up at nowpayments.io
Specify your outcome wallet
Generate an API key
Standard e-commerce flow for NOWPayments API:
API - Check API availability with the "GET API status" method. If required, check the list of available payment currencies with the "GET available currencies" method.
UI - Ask a customer to select item/items for purchase to determine the total sum;
UI - Ask a customer to select payment currency
API - Get the minimum payment amount for the selected currency pair (payment currency to your Outcome Wallet currency) with the "GET Minimum payment amount" method;
API - Get the estimate of the total amount in crypto with "GET Estimated price" and check that it is larger than the minimum payment amount from step 4;
API - Call the "POST Create payment" method to create a payment and get the deposit address (in our example, the generated BTC wallet address is returned from this method);
UI - Ask a customer to send the payment to the generated deposit address (in our example, user has to send BTC coins);
UI - A customer sends coins, NOWPayments processes and exchanges them (if required), and settles the payment to your Outcome Wallet (in our example, to your ETH address);
API - You can get the payment status either via our IPN callbacks or manually, using "GET Payment Status" and display it to a customer so that they know when their payment has been processed.
API - you call the list of payments made to your account via the "GET List of payments" method. Additionally, you can see all of this information in your Account on NOWPayments website.
Alternative flow
API - Check API availability with the "GET API status" method. If required, check the list of available payment currencies with the "GET available currencies" method.
UI - Ask a customer to select item/items for purchase to determine the total sum;
UI - Ask a customer to select payment currency
API - Get the minimum payment amount for the selected currency pair (payment currency to your Outcome Wallet currency) with the "GET Minimum payment amount" method;
API - Get the estimate of the total amount in crypto with "GET Estimated price" and check that it is larger than the minimum payment amount from step 4;
API - Call the "POST Create Invoice method to create an invoice. Set "success_url" - parameter so that the user will be redirected to your website after successful payment.
UI - display the invoice url or redirect the user to the generated link.
NOWPayments - the customer completes the payment and is redirected back to your website (only if "success_url" parameter is configured correctly!).
API - You can get the payment status either via our IPN callbacks or manually, using "GET Payment Status" and display it to a customer so that they know when their payment has been processed.
API - you call the list of payments made to your account via the "GET List of payments" method. Additionally, you can see all of this information in your Account on NOWPayments website.
API Documentation
Instant Payments Notifications
IPN (Instant payment notifications, or callbacks) are used to notify you when transaction status is changed.
To use them, you should complete the following steps:
Generate and save the IPN Secret key in Store Settings tab at the Dashboard.
Insert your URL address where you want to get callbacks in createpayment request. The parameter name is ipn\callback\_url. You will receive payment updates (statuses) to this URL address.
You will receive all the parameters at the URL address you specified in (2) by POST request.
The POST request will contain the x-nowpayments-sig parameter in the header.
The body of the request is similiar to a get payment status response body.
Example:
{"paymentid":5077125051,"paymentstatus":"waiting","payaddress":"0xd1cDE08A07cD25adEbEd35c3867a59228C09B606","priceamount":170,"pricecurrency":"usd","payamount":155.38559757,"actuallypaid":0,"paycurrency":"mana","orderid":"2","orderdescription":"Apple Macbook Pro 2019 x 1","purchaseid":"6084744717","createdat":"2021-04-12T14:22:54.942Z","updatedat":"2021-04-12T14:23:06.244Z","outcomeamount":1131.7812095,"outcome_currency":"trx"}
Sort all the parameters from the POST request in alphabetical order.
Convert them to string using
JSON.stringify (params, Object.keys(params).sort()) or the same function.
Sign a string with an IPN-secret key with HMAC and sha-512 key
Compare the signed string from the previous step with the x-nowpayments-sig , which is stored in the header of the callback request.
If these strings are similar it is a success.
Otherwise, contact us on [email protected] to solve the problem.
Example of creating a signed string at Node.JS
const hmac = crypto.createHmac('sha512', notificationsKey);
hmac.update(JSON.stringify(params, Object.keys(params).sort()));
const signature = hmac.digest('hex');
Example of comparing signed strings in PHP
function checkipnrequestisvalid()
{
$error_msg = "Unknown error";
$auth_ok = false;
$request_data = null;
if (isset($SERVER['HTTPXNOWPAYMENTSSIG']) && !empty($SERVER['HTTPXNOWPAYMENTSSIG'])) {
$recivedhmac = $SERVER['HTTPXNOWPAYMENTS_SIG'];
$requestjson = fileget_contents('php://input');
$requestdata = jsondecode($request_json, true);
ksort($request_data);
$sortedrequestjson = jsonencode($requestdata);
if ($requestjson !== false && !empty($requestjson)) {
$hmac = hashhmac("sha512", $sortedrequestjson, trim($this->ipnsecret));
if ($hmac == $recived_hmac) {
$auth_ok = true;
} else {
$error_msg = 'HMAC signature does not match';
}
} else {
$error_msg = 'Error reading POST data';
}
} else {
$error_msg = 'No HMAC signature sent.';
}
}
Recurrent payment notifications
If an error is detected, the payment is flagged and will receive additional recurrent notifications (number of recurrent notifications can be changed in your Store Settings-> Instant Payment Notifications).
If an error is received again during processing of the payment, recurrent notifications will be initiated again.
Example: "Timeout" is set to 1 minute and "Number of recurrent notifications" is set to 3.
Once an error is detected, you will receive 3 notifications at 1 minute intervals.
Several payments for one order
If you want to create several payments for one Order you should do the following:
Create a payment for the full order amount.
Save "purchaseid" which will be in "createpayment" response
Create next payment or payments with this "purchaseid" in "createpayment" request.
Only works for partially_paid payments
It may be useful if you want to give your customers opportunity to pay a full order with several payments, for example, one part in BTC and one part in ETH. Also, if your customer accidentally paid you only part of a full amount, you can automatically ask them to make another payment.
Packages
Please find our out-of-the box packages for easy integration below:
JavaScript package
More coming soon!
Payments
Other APIs in the same category
OpenFinTech.io
OpenFinTech.io is an open database that comprises of standardized primary data for FinTech industry.
It contains such information as geolocation data (countries, cities, regions), organizations, currencies (national, digital, virtual, crypto), banks, digital exchangers, payment providers (PSP), payment methods, etc.
It is created for communication of cross-integrated micro-services on "one language". This is achieved through standardization of entity identifiers that are used to exchange information among different services.
UML
UML Domain Model diagram you can find here.
Persistence
Entities are updated not more than 1 time per day.
Terms and Conditions
This OpenFinTech.io is made available under the Open Database License.
Any rights in individual contents of the database are licensed under the Database Contents License.
Contacts
For any questions, please email - [email protected]
Or you can contact us at Gitter
Powered by Paymaxi
Get Started
If you use POSTMAN or similar program which can operate with swagger`s files - just download our spec and import it. Also you can try live API demo.
Overview
The OpenFinTech API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors.
API is based on JSON API standard. JSON is returned by all API responses, including errors, although our API libraries convert responses to appropriate language-specific objects.
JSON API requires use of the JSON API media type (application/vnd.api+json) for exchanging data.
Additional Request Headers
ACCEPT HEADER
Your requests should always include the header:
If argument height or width is missing API returns original image with real sizes.
Errors
API uses conventional HTTP response codes to indicate the success or failure of an API request. In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, etc.), and codes in the 5xx range indicate an error with OpenFinTech's servers (these are rare).
| Code | Description |
|------|-------------|
| 200 - OK | Everything worked as expected. |
| 400 - Bad Request | The request was unacceptable, often due to missing a required parameter. |
| 401 - Unauthorized | No valid API key provided. |
| 402 - Request Failed | The parameters were valid but the request failed. |
| 404 - Not Found | The requested resource doesn't exist. |
| 409 - Conflict | The request conflicts with another request (perhaps due to using the same idempotent key). |
| 429 - Too Many Requests | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests. |
| 500, 502, 503, 504 - Server Errors | Something went wrong on OpenFinTech's end. (These are rare.) |
Xero Assets API
Paylocity API
Overview
Paylocity Web Services API is an externally facing RESTful Internet protocol. The Paylocity API uses HTTP verbs and a RESTful endpoint structure. OAuth 2.0 is used as the API Authorization framework. Request and response payloads are formatted as JSON.
Paylocity supports v1 and v2 versions of its API endpoints. v1, while supported, won't be enhanced with additional functionality. For direct link to v1 documentation, please click here. For additional resources regarding v1/v2 differences and conversion path, please contact [email protected].
Setup
Paylocity will provide the secure client credentials and set up the scope (type of requests and allowed company numbers). You will receive the unique client id, secret, and Paylocity public key for the data encryption. The secret will expire in 365 days.
Paylocity will send you an e-mail 10 days prior to the expiration date for the current secret. If not renewed, the second e-mail notification will be sent 5 days prior to secret's expiration. Each email will contain the code necessary to renew the client secret.
You can obtain the new secret by calling API endpoint using your current not yet expired credentials and the code that was sent with the notification email. For details on API endpoint, please see Client Credentials section.
Both the current secret value and the new secret value will be recognized during the transition period. After the current secret expires, you must use the new secret.
If you were unable to renew the secret via API endpoint, you can still contact Service and they will email you new secret via secure email.
When validating the request, Paylocity API will honor the defaults and required fields set up for the company default New Hire Template as defined in Web Pay.
Authorization
Paylocity Web Services API uses OAuth2.0 Authentication with JSON Message Format.
All requests of the Paylocity Web Services API require a bearer token which can be obtained by authenticating the client with the Paylocity Web Services API via OAuth 2.0.
The client must request a bearer token from the authorization endpoint:
auth-server for production: https://api.paylocity.com/IdentityServer/connect/token
auth-server for testing: https://apisandbox.paylocity.com/IdentityServer/connect/token
Paylocity reserves the right to impose rate limits on the number of calls made to our APIs. Changes to API features/functionality may be made at anytime with or without prior notice.
Authorization Header
The request is expected to be in the form of a basic authentication request, with the "Authorization" header containing the client-id and client-secret. This means the standard base-64 encoded user:password, prefixed with "Basic" as the value for the Authorization header, where user is the client-id and password is the client-secret.
Content-Type Header
The "Content-Type" header is required to be "application/x-www-form-urlencoded".
Additional Values
The request must post the following form encoded values within the request body:
granttype = clientcredentials
scope = WebLinkAPI
Responses
Success will return HTTP 200 OK with JSON content:
{
"access_token": "xxx",
"expires_in": 3600,
"token_type": "Bearer"
}
Encryption
Paylocity uses a combination of RSA and AES cryptography. As part of the setup, each client is issued a public RSA key.
Paylocity recommends the encryption of the incoming requests as additional protection of the sensitive data. Clients can opt-out of the encryption during the initial setup process. Opt-out will allow Paylocity to process unencrypted requests.
The Paylocity Public Key has the following properties:
2048 bit key size
PKCS1 key format
PEM encoding
Properties
key (base 64 encoded): The AES symmetric key encrypted with the Paylocity Public Key. It is the key used to encrypt the content. Paylocity will decrypt the AES key using RSA decryption and use it to decrypt the content.
iv (base 64 encoded): The AES IV (Initialization Vector) used when encrypting the content.
content (base 64 encoded): The AES encrypted request. The key and iv provided in the secureContent request are used by Paylocity for decryption of the content.
We suggest using the following for the AES:
CBC cipher mode
PKCS7 padding
128 bit block size
256 bit key size
Encryption Flow
Generate the unencrypted JSON payload to POST/PUT
Encrypt this JSON payload using your own key and IV (NOT with the Paylocity public key)
RSA encrypt the key you used in step 2 with the Paylocity Public Key, then, base64 encode the result
Base64 encode the IV used to encrypt the JSON payload in step 2
Put together a "securecontent" JSON object:
{
'secureContent' : {
'key' : -- RSA-encrypted & base64 encoded key from step 3,
'iv' : -- base64 encoded iv from step 4
'content' -- content encrypted with your own key from step 2, base64 encoded
}
}
Sample Example
{
"secureContent": {
"key": "eS3aw6H/qzHMJ00gSi6gQ3xa08DPMazk8BFY96Pd99ODA==",
"iv": "NLyXMGq9svw0XO5aI9BzWw==",
"content": "gAEOiQltO1w+LzGUoIK8FiYbU42hug94EasSl7N+Q1w="
}
}
Sample C# Code
using Newtonsoft.Json;
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
public class SecuredContent
{
[JsonProperty("key")]
public string Key { get; set; }
[JsonProperty("iv")]
public string Iv { get; set; }
[JsonProperty("content")]
public string Content { get; set; }
}
public class EndUserSecureRequestExample
{
public string CreateSecuredRequest(FileInfo paylocityPublicKey, string unsecuredJsonRequest)
{
string publicKeyXml = File.ReadAllText(paylocityPublicKey.FullName, Encoding.UTF8);
SecuredContent secureContent = this.CreateSecuredContent(publicKeyXml, unsecuredJsonRequest);
string secureRequest = JsonConvert.SerializeObject(new { secureContent });
return secureRequest;
}
private SecuredContent CreateSecuredContent(string publicKeyXml, string request)
{
using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider())
{
aesCsp.Mode = CipherMode.CBC;
aesCsp.Padding = PaddingMode.PKCS7;
aesCsp.BlockSize = 128;
aesCsp.KeySize = 256;
using (ICryptoTransform crt = aesCsp.CreateEncryptor(aesCsp.Key, aesCsp.IV))
{
using (MemoryStream outputStream = new MemoryStream())
{
using (CryptoStream encryptStream = new CryptoStream(outputStream, crt, CryptoStreamMode.Write))
{
byte[] encodedRequest = Encoding.UTF8.GetBytes(request);
encryptStream.Write(encodedRequest, 0, encodedRequest.Length);
encryptStream.FlushFinalBlock();
byte[] encryptedRequest = outputStream.ToArray();
using (RSACryptoServiceProvider crp = new RSACryptoServiceProvider())
{
crp.FromXmlstring(publicKeyXml);
byte[] encryptedKey = crp.Encrypt(aesCsp.Key, false);
return new SecuredContent()
{
Key = Convert.ToBase64string(encryptedKey),
Iv = Convert.ToBase64string(aesCsp.IV),
Content = Convert.ToBase64string(encryptedRequest)
};
}
}
}
}
}
}
}
Support
Questions about using the Paylocity API? Please contact [email protected].
Deductions (v1)
Deductions API provides endpoints to retrieve, add, update and delete deductions for a company's employees. For schema details, click here.
OnBoarding (v1)
Onboarding API sends employee data into Paylocity Onboarding to help ensure an easy and accurate hiring process for subsequent completion into Web Pay. For schema details, click here.
Portfolio Optimizer
API General Information
Portfolio Optimizer is based on REST for easy integration, uses JSON for the exchange of data and uses the two most common HTTP verbs (GET, POST) to represent the actions.
Portfolio Optimizer is also as secured as a Web API could be:
256-bit HTTPS Encryption
No usage of cookies
No usage of personal data
API Headers
The following HTTP header(s) are required when calling Portfolio Optimizer endpoints:
Content-type: application/json
This header specifies that the data provided in input to the endpoint is in JSON format
The following HTTP header(s) are optional when calling Portfolio Optimizer endpoints:
X-API-Key:
This header enables authenticated users to provide their private API key in order to benefit from higher API limits
API Key
Portfolio Optimizer is free to use, but not free to run.
In order to obtain an API key and benefit from higher API limits, a small participation to Portfolio Optimizer running costs is required.
This participation takes the form of coffee(s), with one coffee = one month of usage.
Notes:
> * Please make sure not to expose your API key publicly!
API Limits
Portfolio Optimizer comes with fairly reasonable API limits.
For anonymous users:
The API requests are restricted to a subset of all the available endpoints and/or endpoints features
The API requests are limited to 1 request per second for all the anonymous users combined, with concurrent requests rejected
The API requests are limited to 1 second of execution time
The API requests are limited to 20 assets, 100 portfolios, 500 series data points and 5 factors
For authenticated users with an API key:
The API requests have access to all the available endpoints and endpoints features
The API requests are limited to 10000 requests per 24 hour per API key, with concurrent requests queued
The API requests are limited to 2.5 seconds of execution time
The API requests are limited to 100 assets, 500 portfolios, 2500 series data points and 25 factors
> Notes:
> * It is possible to further relax the API limits, or to disable the API limits alltogether; please contact the support for more details.
> * Information on the API rate limits are provided in response messages HTTP headers x-ratelimit-*:
> * x-ratelimit-limit-second, the limit on the number of API requests per second
> * x-ratelimit-remaining-second, the number of remaining API requests in the current second
> * x-ratelimit-limit-minute, the limit on the number of API requests per minute
> * ...
API Regions
Portfolio Optimizer servers are located in Western Europe.
> Notes:
> * It is possible to deploy Portfolio Optimizer in other geographical regions, for example to improve the API latency; please contact the support for more details.
API Response Codes
Standard HTTP response codes are used by Portfolio Optimizer to provide details on the status of API requests.
| HTTP Code | Description | Notes |
| --------- | ----------- | ----- |
| 200 | Request successfully processed | - |
| 400 | Request failed to be processed because of incorrect content | The response message body contains information on the incorrect content |
| 401 | Request failed to be processed because of invalid API key | - |
| 404 | Request failed to be processed because of non existing endpoint | The requested endpoint might exist, but needs to be accessed with another HTTP method (e.g., POST instead of GET) |
| 429 | Request failed to be processed because of API limits violated | The response message HTTP headers x-ratelimit-* contain information on the API limits |
| 500 | Request failed to be processed because of an internal error | Something went wrong on Portfolio Optimizer side, do not hesitate to report the issue |
| 502 | Request failed to be processed because of a temporary connectivity error | Something went wrong on Portfolio Optimizer side, please check the API status and do not hesitate to report the issue |
API Status
Portfolio Optimizer is monitored 24/7 by UptimeRobot.
Support
For any issue or question about Portfolio Optimizer, please do not hesitate to contact the support.
Branch Locator API
API v1.0.0
or
View Postman docs
Quickstart
Visit github to view the quickstart tutorial.
Tutorial for running the API in postman
Click on ""Run in Postman"" button
postman - tutorial - 1
---
A new page will open.
Click the ""Postman for windows"" to run postman as a desktop app.
Make sure you have already installed Postman.
postman - tutorial - 2
---
In chrome an alert might show up to set a default app for opening postman links. Click on ""Open Postman"".
postman - tutorial - 3
---
The OpenAPI specification will be imported in Postman as a new collection named ""Envoice api""
postman - tutorial - 4
---
When testing be sure to check and modify the environment variables to suit your api key and secret. The domain is set to envoice's endpoint so you don't really need to change that.
\*Eye button in top right corner
postman - tutorial - 5
postman - tutorial - 6
---
You don't need to change the values of the header parameters, because they will be replaced automatically when you send a request with real values from the environment configured in the previous step.
postman - tutorial - 7
---
Modify the example data to suit your needs and send a request.
postman - tutorial - 8
Webhooks
Webhooks allow you to build or set up Envoice Apps which subscribe to invoice activities.
When one of those events is triggered, we'll send a HTTP POST payload to the webhook's configured URL.
Webhooks can be used to update an external invoice data storage.
In order to use webhooks visit this link and add upto 10 webhook urls that will return status 200 in order to signal that the webhook is working.
All nonworking webhooks will be ignored after a certain period of time and several retry attempts.
If after several attempts the webhook starts to work, we will send you all activities, both past and present, in chronological order.
The payload of the webhook is in format:
Afterbanks API
