Mock sample for your project: Ntropy Transaction API

Integrate with "Ntropy Transaction API" from in no time with Mockoon's ready to use mock sample

Ntropy Transaction API

Version: 1.0.0

Use this API in your project

Integrate third-party APIs faster by using "Ntropy Transaction API" ready-to-use mock sample. Mocking this API will allow you to start working in no time. No more accounts to create, API keys to provision, accesses to configure, unplanned downtime, just work.
Improve your integration tests by mocking third-party APIs and cover more edge cases: slow response time, random failures, etc.


Ntropy Transaction API for transaction classification & management
Contact Support:
Name: API Support
Email: [email protected]

Other APIs in the same category

BIN Lookup API
BIN lookup API, the free api service from to lookup card information using it's BIN. the service maintains updated database based on the comunity and other third party services to make sure all BINs in the database are accurate and up to date.

Big Red Cloud API
Welcome to the Big Red Cloud API
This API enables programmatic access to Big Red Cloud data.
We have used Swagger to auto generate the API documentation on this page, and it also enables direct interaction with the API in this page.
To get started, you will require an API Key - check out our guide at for information on how to get one.
Use the 'Enter API Key' button below to enter your API key and start interacting with your Big Red Cloud data right on this page.
The API key will be stored in your browsers local storage for convenience, but you will be able to delete it at any time if you wish.
For additional information on the API, check out our support article at

Frankie Financial API

This API allows developers to integrate the Frankie Financial Compliance Utility into their applications. The API allows:
Checking name, address, date of birth against national databases
Validating Australian driver's licences, passports, medicare, visas and other Australian national ID documents
Validating Australian electricity bills
Validating NZ driver's licences
Validating Chinese bank cards and national ID card
Validating International passports and national ID documents
PEP, Sanctions, Watchlist and adverse media checking
Australian visa checks
Fraud list and fraud background checks
ID validation and selfie check comparisons.
Industry specific services
Comparing Australian electricity retailers for a better deal.
KYB specific services
Query organisation ownership
Perform KYC & AML checks on shareholders, beneficial owners and office bearers.
Query credit score and credit reports
International company searches
International company profiles
The full version of this documentation along with supplemental articles can be found here:
The traditional Swagger view of this documentation can be found here:
Sandbox base URL is:
We do have an old sandbox at but this has been retired.
All calls are the same as production, only with canned data.
Full Swagger definition, along with test data for playing in the sandbox can be obtained once initial commercial discussions have commenced.
Production and optional UAT access will be opened up only to those with a signed commercial contract.
Contact us at [email protected] to speak with a sales rep about issuing a Customer ID and Sandbox api key.

Ntropy Transaction API
Ntropy Transaction API for transaction classification & management
Contact Support:
Name: API Support
Email: [email protected]


Open, scableable, transparent payroll API.

bunq API

UPDATE: We have released a beta version of the new bunq API documentation.
NOTICE: We have updated the sandbox base url to Please update your applications accordingly. Check here: for more info.
PSD2 NOTICE: The second Payment Services Directive (PSD2) may affect your current or planned usage of our public API, as some of the API services are now subject to a permit. Please be aware that using our public API without the required PSD2 permit is at your own risk and take notice of our updated API Terms and Conditions on for more information.
Welcome to bunq!
The bunq API is organised around REST. JSON will be returned in almost all responses from the API, including errors but excluding binary (image) files.
Please configure your implementation to send its API requests to
There is a version of the Android app that connects to the bunq Sandbox environment. To create accounts for the Sandbox app, please follow the steps in the Android Emulator section.
Getting started
Before you start sending API requests, you need to get an API key and activate it. API activation happens when you install the API key and link your IP address and device to it (create an API context). The steps below will guide you through what you need to do to start sending custom API requests.
Here is an overview of what you can use to get started with the bunq API:
Create an API key. You can do it either in our developer portal or in the bunq app (Profile → Security & Settings → Developers → API keys). If you want to test our sandbox first, our bunq Developer is the best place to start.
Register a device. A device can be a phone (private), computer or a server (public). You can register a new device by using the POST /installation and POST /device-server calls. This will activate your API key. You only need to do this once.
Open a session. Sessions are temporary and expire after the auto-logout time set for the user account. It can be changed by the account owner in the bunq app.
Make your first call!
Developments in the financial sector, changing regulatory regimes and new feature requests require us to be flexible. This means we can iterate quickly to improve the API and related tooling. Therefore, we have chosen not to attach any version numbers to the changes just yet.
We will inform you in a timely manner of any important changes we make before they are deployed on You can also subscribe to our API newsletter to make sure you don't miss any important updates.
What is OAuth?
OAuth 2.0 is a protocol that will let your app connect to bunq users in a safe and easy way. Please be aware that if you will gain access to the account information of other bunq users or initiate a payment for them, you may require a PSD2 permit.
Get started with OAuth for bunq
To initiate authorization into the bunq user accounts, you need to create an OAuth Client and register at least 1 redirect URL for it.
You can have 1 OAuth Client at a time. Reuse your OAuth credentials for every authorization request.
The list of steps below will help you to get started:
Register an OAuth Client by creating an app in bunq Developer.
Add one or more Redirect URLs.
Get your client_id and secret from your app information tab in bunq Developer.
Redirect your users to the OAuth authorization request URL.
If the user accepts the authorization request, they will be redirected to the previously specified redirect_uri with an authorization code parameter.
Use the token endpoint to exchange the authorization code for an access_token.
Use the access_token as a normal API Key. Open a session or use our SDKs to get started.
You can set up an OAuth Client and add redirect URLs to it using the dedicated endpoints too. Follow the flow below to do it programmatically.
ℹ️ As a PSD2 user, you cannot log in to the bunq app. You need to follow the flow below to register an OAuth Client for your application.
What can my apps do with OAuth?
We decided to launch OAuth with a default permission that allows you to perform the following actions:
read and create Monetary Accounts;
read Payments & Transactions;
create Payments between Monetary Accounts of the same user;
create Draft-Payments (the user will need to approve the payment using the bunq app);
assign a Monetary account to a Card;
read, create and manage Cards;
read and create Request-Inquiries
read Request-Responses.
As a PSD2-licensed developer, you are limited to the permission scopes of your role.
Authorization request
Your web or mobile app should redirect users to the following URL:
The following parameters should be passed:
response_type - bunq supports the authorization code grant, provide code as parameter (required)
client_id - your Client ID, get it from the bunq app (required)
redirect_uri - the URL you wish the user to be redirected after the authorization, make sure you register the Redirect URL in the bunq app (required)
state - a unique string to be passed back upon completion (optional)
Use in the sandbox environment.
Authorization request example:
Android Emulator
In case you do not own an Android device on which you can run our Sandbox app for end-to-end testing, you can set up an emulator to run the bunq Sandbox app for Android.
Things you will need
The bunq Sandbox App APK that's optimised for emulating;
Android Studio.
Starting the Android Virtual Device (AVD) Manager
Open Android Studio.
From the top menu, select “Tools” > "Android" > "AVD Manager".
Setting up a new virtual device
Start the wizard by clicking on "+ Create Virtual Device".
Select a device (recommendation: "Pixel 5.0" or "Nexus 6") and press "Next".
Select an x86 system image (recommendation: Nougat, API Level 25, Android 7.1.1 with Google APIs) and press "Next". The image needs to have Google Play Services 10.0.1 or higher.
In the bottom left corner, select "Show Advanced Settings".
Scroll to "Memory and Storage".
Change "Internal Storage" to "2048 MB".
Change "SD card" to "200 MB".
Press "Finish".
Starting the virtual device
On the right side under "Actions", select the green "Play" button.
Wait for the device to boot, this may take a few minutes.
Installing the bunq Sandbox App APK
Open the command line.
Navigate to your Android SDK platform tools directory (e.g. cd ~/Library/Android/sdk/platform-tools on macOS).
Make sure that the virtual device is started and has fully booted.
Run ./adb install ~/Downloads/bunq-android-sandboxEmulator-public-api.apk, this may take a few minutes, and should finish with "Success".
Creating an account or logging in
Create a sandbox account in the developer portal.
Log in to the sandbox app using the sandbox user credentials.
ℹ️ You will be asked to verify your phone number when you open the app for the first time. Sandbox does not send actual SMS messages. Enter any valid phone number and use the default verification code 992266.
If you couldn't generate a sandbox account in the developer portal, use Tinker:
Install Tinker.
Run tinker/user-overview to create a sandbox account. The output of the command will include the login credentials for the sandbox account.
⚠️ NOTE: It is not possible to create accounts using the regular signup in the app, bunq is not reviewing Sandbox applications.
Moving to Production
Have you tested your bunq integration to the fullest and are you now ready to introduce it to the world? Then the time has come to move it to a production environment!
To get started you'll need some fresh API keys for the production environment, which you can create via your bunq app. You can create these under "Profile" by tapping the "Security" menu. We do, however, highly recommend using a standard API Key instead of a Wildcard API Key. The former is significantly safer and it protects you from intrusions and possible attacks.
There's only a few things to do before your beautiful bunq creation can be moved to production. You're going to have to change your API Key and redo the sequence of calls to open a session.
The bunq Public API production environment is hosted at
Do you have any questions or remarks about the process, or do you simply want to show off with your awesome creations? Don't hesitate to drop us a line on
Please be aware that if you will gain access to account information of other bunq users or initiate a payment for them, you maybrequire a PSD2 permit.
Quickstart: Opening a Session
So, you want to start using the bunq API, awesome! To do this, you have to open a session in which you will be making those calls.
Getting an API key
To connect to the API, you have to make sure you have received an API key.
For production:
create an app in the developer portal, or
generate it in the bunq app (Profile → Security & Settings → Developers → API keys).
For sandbox
You can use one of the following ways:
create a sandbox user in the developer portal;
generate an API key in the sandbox app (Profile → Security & Settings → Developers → API keys);
get an API key from Tinker;
run a cURL request: curl -X POST --header "Content-Type: application/json" --header "Cache-Control: none" --header "User-Agent: curl-request" --header "X-Bunq-Client-Request-Id: $(date)randomId" --header "X-Bunq-Language: nlNL" --header "X-Bunq-Region: nlNL" --header "X-Bunq-Geolocation: 0 0 0 0 000". Use sandbox-user-company to generate a business user.
Note that production API key is only usable on production and sandbox key is only usable on sandbox. Sandbox key has a sandbox_ prefix while production key does not have any noticeable prefixes.
Call sequence
The calls you need to perform to set up a session from scratch are the following:
1. POST installation
Each call needs to be signed with your own private key. An Installation is used to tell the server about the public key of your key pair. The server uses this key to verify your subsequent calls.
Start by generating a 2048-bit RSA key pair. You can find examples by looking at the source code of the sdk's located at github.
On the headers page you can find out about the mandatory headers. Take care that if you are in the sandbox environment, you set an Authorization header. Specific to the POST /installation call, you shouldn't use the X-Bunq-Client-Authentication or the X-Bunq-Client-Signature headers.
Post your public key to the Installation endpoint (use \n for newlines in your public key).
Save the Installation token and the bunq API's public key from the response. This token is used in the Authentication header to register a DeviceServer and to start a SessionServer. The bunq API's public key should be used to verify future responses received from the bunq API.
2. POST device-server
Further calls made to the server need to come from a registered device. POST /device-server registers your current device and the IP address(es) it uses to connect to the bunq API.
Use the token you received from POST /installation in the X-Bunq-Client-Authentication header. Make sure you sign your call, passing the call signature in X-Bunq-Client-Signature header.
For the secret, use the API key you received. If you want to create another API key, you can do so in the bunq sandbox app (or production app for the production environment). Login, go to Profile > Security and tap 'API keys'. The freshly created API key can be assigned to one or multiple IP addresses using POST device-server within 4 hours before becoming invalid. As soon as you start using your API key, it will remain valid until the next sandbox reset. For the secret, use the API key you received.
3. POST session-server
To make any calls besides installation and device-server, you need to open a session.
Use the token you received from POST /installation in the X-Bunq-Client-Authentication header. Make sure you sign your call, passing the call signature in X-Bunq-Client-Signature header.
For the secret, use the API key you received.
The token received in the response to POST /session-server should be used to authenticate your calls in this session. Pass this session's token in the X-Bunq-Client-Authentication header on every call you make in this session.
Quickstart: Payment Request
You want to offer bunq payments on a website or in an application.
In this use case the consumer and the merchant both have a bunq account. The consumer wants to pay with bunq and enters their alias in the bunq payment field at checkout. The merchant sends the request for payment to the consumer when the consumer presses enter. The consumer agrees to the request in the bunq mobile app and the merchant has immediate confirmation of the payment. Please be aware that if you will gain access to account information of other bunq users or initiate a payment for them, you require a PSD2 permit.
Before you start
Make sure that you have opened a session and that for any call you make after that, you pass the session’s token in the X-Bunq-Client-Authentication header.
Call Sequence
The consumer is at checkout and selects the bunq payment method. This would be a logical time to open a session on the bunq server.
1. LIST monetary-account
When a request for payment is accepted, the money will be deposited on the bank account the request for payment is connected to. Let’s start by finding all your available bank accounts. Pick one of them to make the request for payment with and save its id.
2. POST monetary-account attachment (optional)
Optionally, you can attach an image to the request for payment.
Make sure you set the Content-Type header to match the MIME type of the image. It’s also required you pass a description of the image via the X-Bunq-Attachment-Description header.
The payload of this request is the binary representation of the image file. Do not use any JSON formatting.
Save the id of the posted attachment. You’ll need it to attach it to the request for payment.
3. POST request-inquiry
Next, create a request inquiry. A request inquiry is the request for payment that your customer can respond to by accepting or rejecting it.
Pass the customer’s email address, phone number or IBAN in the counterpartyalias. Make sure you set the correct type for the alias, depending on what you pass. When providing an IBAN, a name of the counterpartyalias is required. You can provide the id of the created attachment.
You will receive the id of the created request inquiry in the response. Save this id. You will need it to check if the customer has responded to the request yet.
4. GET request-inquiry
After you’ve sent the request for payment, its status can be checked.
When the status is ACCEPTED, the customer has accepted and paid the request, and you will have received the money on the connected monetary account. If the status is REJECTED, the customer did not accept the request.
Quickstart: Create a Tab payment
You will create a tab that can be paid once by a single user, a so called TagUsageSingle, and explore three different ways to make the Tab visible to your customers:
QR code from the CashRegister
QR code from the Tab.
Before you start
Make sure that you have opened a session and that for any call you make after that, you pass the session’s token in the X-Bunq-Client-Authentication header.
Call sequence
1. POST attachment-public
Start by creating an attachment that will be used for the avatar for the cash register.
Make sure you set the Content-Type header to match the MIME type of the image. It is also required you pass a description of the image via the X-Bunq-Attachment-Description header.
The payload of this request is the binary representation of the image file. Do not use any JSON formatting.
Save the uuid of the posted attachment. You'll need it to create the avatar in the next step.
2. POST avatar
Make an avatar using the public attachment you've just created.
The payload of this request is the uuid of the attachment public.
In response, you’ll receive the UUID of the avatar created using the attachment. Save this UUID. You’ll use it as the avatar for the cash register you're about to create.
3. LIST monetary-account
Get a listing of all available monetary accounts. Choose one, and save the id of the monetary account you want your cash register to be connected to. Each paid tab for the cash register will transfer the money to this account.
4a. POST cash-register
Create a cash register. Use the id of the monetary account you want to connect the cash register to in the URL of the request.
In the body provide the uuid of the avatar you created for this cash register. Also make sure to provide a unique name for your cash register. Set the status to PENDING_APPROVAL.
The response contains the id of the cash register you created. Save this id. You will need it to create subsequent tabs and tab items.
4b. Wait for approval
On the production environment, a bunq admin will review and approve your cash register. In the sandbox environment, your cash register will be automatically approved.
5. POST tab-usage-single
Create a new tab that is connected to your cash register. Use the id of the cash register you want to connect this tab to in the URL of your request.
Give the tab a name in merchant_reference. Create the tab with status OPEN, and give the tab a starting amount. You can update this amount later.
The response contains the uuid of the tab you created.
6. POST tab-item (optional)
You can add items to a tab. For instance, if a customer will be paying for multiple products via this tab, you can decide to add an item for each of these. Adding items to a tab is optional, and adding them will not change the total amount of the tab itself. However, if you've added any tab items the sum of the amounts of these items must be equal to the totalamount of the tab when you change its status to WAITINGFOR_PAYMENT.
7. PUT tab-usage-single
Update the status of the tab to WAITINGFORPAYMENT if you want the costumer to pay the tab, and you're done adding any tab items. You can use this request to make the tab visible for your costumers.
To decide how you are going to make your tab visible, pass a visibility object in the payload.
Setting cashregisterqr_code to true will connect this tab to the QR code from the cash register. If this cash register does not have a QR code yet, one will be created. Only one Tab can be connected to the cash register’s QR code at any given time.
Setting tabqrcode to true will create a QR code specifically for this tab. This QR code can not be linked to anything else.
Quickstart: Create a TransferWise payment
You want to send a payment in currency other than euro outside the SEPA zone.
Before you start
Make sure that you have opened a session and that for any call you make after that, you pass the session’s token in the X-Bunq-Client-Authentication header.
ℹ️ bunq relies on TransferWise for international, so you need to create a TransferWise account linked to a bunq account to be able to create international transfers. You can do it either from the bunq app or using our API as described below.
Get the up-to-date exchange rate (optional)
You might want to check the latest currency exchange rate before making a transfer. Here’s how you can do it using the bunq API:
Check the list of supported currencies via GET /user/{userID}/transferwise-currency. Copy the needed currency code.
Create a temporary quote for the currency of your choice via POST /user/{userID}/transferwise-quote-temporary.
ℹ️ A quote is the exchange rate at the exact timestamp. Temporary quotes carry solely informative value and cannot be used for creating a transfer.
Read the temporary quote via GET /user/{userID}/transferwise-quote-temporary/{transferwise-quote-temporaryID}.
Create a TransferWise account
You need a TransferWise account linked to your bunq account to make TransferWise payments via the bunq API. Create one via POST /user/{userID}/transferwise-user, and save its ID.
ℹ️ You cannot use an existing TransferWise account.
Create a quote
Create a quote via POST /user/{userID}/transferwise-quote and save its ID.
ℹ️ Use amounttarget to indicate the sum the recipient must get. Amountsource, on the other hand, will indicate the sum you want to send, but it will not necessarily be the final sum the recipient gets.
ℹ️ Quotes are valid for 30 minutes so if you do not manage to create a transfer within this time, you will need to create another quote.
Get the exchange rate by reading the quote via GET /user/{userID}/transferwise-quote/(transferwise-quoteID).
Create a recipient
If you have sent money via the TransferWise account linked to your bunq account, you can reuse the recipients. You can list their IDs via GET /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient.
To create a new, previously unused recipient, follow these steps:
Retrieve the fields required for creating the recipient as the requirements vary for the type of recipient in each country. Iterate sending the following request pair till there are no more required fields:
GET /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient-requirement
POST /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient-requirement
Create a recipient account using the final request body from the previous step with POST /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-recipient-requirement
Create a transfer
Finally, having both the quote ID and the recipient ID, you can create a transfer. 🎉
Check if there are any additional transfer requirements via POST /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-transfer-requirement.
Create a transfer via POST /user/{userID}/transferwise-quote/{transferwise-quoteID}/transferwise-transfer. You need to specify the ID of the monetary account from which you want the payment to be made.
Quickstart: Downloading attachments
Export receipts and invoices attached to payments to your application.
The scenario you want to achieve
The bunq user has accepted the authorization request and your application can read the bunq user’s account information.
Your application imports all the transactions and attachments.
The bunq user sees the transactions matched with the receipts and invoices in your application.
Before you start
Make sure that you have opened a session
Make sure you pass the session Token in the X-Bunq-Client-Authentication header in all the following requests of the session.
Call sequence
List the payments of the user via GET /user/{userID}/monetary-account/{monetary-accountID}/payment.
Check if the payments have attachments via GET /user/{userID}/monetary-account/{monetary-accountID}/payment/{paymentID}/note-attachment. Save the attachment IDs.
Export the raw content of the attachments via GET /user/{userID}/attachment/{attachmentID}/content.
HINT: You can use callbacks to make sure you don’t miss anything happening on the bunq account.

Payment Initiation API
Swagger for Payment Initiation API Specification

1Forge Finance APIs

Stock and Forex Data and Realtime Quotes

Afterbanks API
La estandarización de la conexión con cualquier banco en tiempo real.
REST API to build the bridge between Ethereum and the real world
Please check out our website for detailed information about this API.
To use our API, you need an API Key (Described as Authorization header in the examples below).
To get one, please create an account on our website.
For our internal documentation, please check out our Docs Site.
If you need help with integrating our API in your application, you can reach us via email or join our official Telegram group.

Paylocity API
For general questions and support of the API, contact: [email protected]
Paylocity Web Services API is an externally facing RESTful Internet protocol. The Paylocity API uses HTTP verbs and a RESTful endpoint structure. OAuth 2.0 is used as the API Authorization framework. Request and response payloads are formatted as JSON.
Paylocity supports v1 and v2 versions of its API endpoints. v1, while supported, won't be enhanced with additional functionality. For direct link to v1 documentation, please click here. For additional resources regarding v1/v2 differences and conversion path, please contact [email protected].
Paylocity will provide the secure client credentials and set up the scope (type of requests and allowed company numbers). You will receive the unique client id, secret, and Paylocity public key for the data encryption. The secret will expire in 365 days.
Paylocity will send you an e-mail 10 days prior to the expiration date for the current secret. If not renewed, the second e-mail notification will be sent 5 days prior to secret's expiration. Each email will contain the code necessary to renew the client secret.
You can obtain the new secret by calling API endpoint using your current not yet expired credentials and the code that was sent with the notification email. For details on API endpoint, please see Client Credentials section.
Both the current secret value and the new secret value will be recognized during the transition period. After the current secret expires, you must use the new secret.
If you were unable to renew the secret via API endpoint, you can still contact Service and they will email you new secret via secure email.
When validating the request, Paylocity API will honor the defaults and required fields set up for the company default New Hire Template as defined in Web Pay.
Paylocity Web Services API uses OAuth2.0 Authentication with JSON Message Format.
All requests of the Paylocity Web Services API require a bearer token which can be obtained by authenticating the client with the Paylocity Web Services API via OAuth 2.0.
The client must request a bearer token from the authorization endpoint:
auth-server for production:
auth-server for testing:
Paylocity reserves the right to impose rate limits on the number of calls made to our APIs. Changes to API features/functionality may be made at anytime with or without prior notice.
Authorization Header
The request is expected to be in the form of a basic authentication request, with the "Authorization" header containing the client-id and client-secret. This means the standard base-64 encoded user:password, prefixed with "Basic" as the value for the Authorization header, where user is the client-id and password is the client-secret.
Content-Type Header
The "Content-Type" header is required to be "application/x-www-form-urlencoded".
Additional Values
The request must post the following form encoded values within the request body:
granttype = clientcredentials
scope = WebLinkAPI
Success will return HTTP 200 OK with JSON content:
"access_token": "xxx",
"expires_in": 3600,
"token_type": "Bearer"
Paylocity uses a combination of RSA and AES cryptography. As part of the setup, each client is issued a public RSA key.
Paylocity recommends the encryption of the incoming requests as additional protection of the sensitive data. Clients can opt-out of the encryption during the initial setup process. Opt-out will allow Paylocity to process unencrypted requests.
The Paylocity Public Key has the following properties:
2048 bit key size
PKCS1 key format
PEM encoding
key (base 64 encoded): The AES symmetric key encrypted with the Paylocity Public Key. It is the key used to encrypt the content. Paylocity will decrypt the AES key using RSA decryption and use it to decrypt the content.
iv (base 64 encoded): The AES IV (Initialization Vector) used when encrypting the content.
content (base 64 encoded): The AES encrypted request. The key and iv provided in the secureContent request are used by Paylocity for decryption of the content.
We suggest using the following for the AES:
CBC cipher mode
PKCS7 padding
128 bit block size
256 bit key size
Encryption Flow
Generate the unencrypted JSON payload to POST/PUT
Encrypt this JSON payload using your own key and IV (NOT with the Paylocity public key)
RSA encrypt the key you used in step 2 with the Paylocity Public Key, then, base64 encode the result
Base64 encode the IV used to encrypt the JSON payload in step 2
Put together a "securecontent" JSON object:
'secureContent' : {
'key' : -- RSA-encrypted & base64 encoded key from step 3,
'iv' : -- base64 encoded iv from step 4
'content' -- content encrypted with your own key from step 2, base64 encoded
Sample Example
"secureContent": {
"key": "eS3aw6H/qzHMJ00gSi6gQ3xa08DPMazk8BFY96Pd99ODA==",
"iv": "NLyXMGq9svw0XO5aI9BzWw==",
"content": "gAEOiQltO1w+LzGUoIK8FiYbU42hug94EasSl7N+Q1w="
Sample C# Code
using Newtonsoft.Json;
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
public class SecuredContent
public string Key { get; set; }
public string Iv { get; set; }
public string Content { get; set; }
public class EndUserSecureRequestExample
public string CreateSecuredRequest(FileInfo paylocityPublicKey, string unsecuredJsonRequest)
string publicKeyXml = File.ReadAllText(paylocityPublicKey.FullName, Encoding.UTF8);
SecuredContent secureContent = this.CreateSecuredContent(publicKeyXml, unsecuredJsonRequest);
string secureRequest = JsonConvert.SerializeObject(new { secureContent });
return secureRequest;
private SecuredContent CreateSecuredContent(string publicKeyXml, string request)
using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider())
aesCsp.Mode = CipherMode.CBC;
aesCsp.Padding = PaddingMode.PKCS7;
aesCsp.BlockSize = 128;
aesCsp.KeySize = 256;
using (ICryptoTransform crt = aesCsp.CreateEncryptor(aesCsp.Key, aesCsp.IV))
using (MemoryStream outputStream = new MemoryStream())
using (CryptoStream encryptStream = new CryptoStream(outputStream, crt, CryptoStreamMode.Write))
byte[] encodedRequest = Encoding.UTF8.GetBytes(request);
encryptStream.Write(encodedRequest, 0, encodedRequest.Length);
byte[] encryptedRequest = outputStream.ToArray();
using (RSACryptoServiceProvider crp = new RSACryptoServiceProvider())
byte[] encryptedKey = crp.Encrypt(aesCsp.Key, false);
return new SecuredContent()
Key = Convert.ToBase64string(encryptedKey),
Iv = Convert.ToBase64string(aesCsp.IV),
Content = Convert.ToBase64string(encryptedRequest)
Questions about using the Paylocity API? Please contact [email protected].
Deductions (v1)
Deductions API provides endpoints to retrieve, add, update and delete deductions for a company's employees. For schema details, click here.
OnBoarding (v1)
Onboarding API sends employee data into Paylocity Onboarding to help ensure an easy and accurate hiring process for subsequent completion into Web Pay. For schema details, click here.

Storecove API
Storecove API