Contact Us
Skip Navigation LinksHome > Overview  

Overview

The PayFac API is a RESTful web service. This means it can be accessed from any internet enabled client without the need for that client to have specific knowledge about the implementation of the service beyond the method names and required data structures. Clients accessing the PayFac API service must meet the requirements dictated by Strong Customer Authentication (SCA), which requires two factors of authentication:

  • Client Username and Password - Embedded in the API Key associated with the PayFac API HTTP request
  • Client Certificate - Sent in the HTTP request to use mTLS

Only clients who have previously completed the onboarding process and securely pre-shared their unique certificate can gain access to the PayFac API service. A client must use a certificate signed by a Certificate Authoriser and each client must have their own unique client certificate (which cannot be shared between other providers).

For more details about the onboarding process and certificate requirements, please contact the EQPay Relationship Management team.

Authentication and Authorisation

HTTPS Headers

Every request to the PayFac API requires:

  • HTTP header in the following format:

    Authorization : username:AccountKey

    The username will be a valid email address supplied by the client and setup by our backoffice staff in PayFac. The AccountKey is a form of password that is used to identify the account the client is accessing. It is possible for a username to be associated with more than one account, and so the AccountKey is used to determine which account the specific request is related to.
  • Client certificate used for mTLS authentication

    The client certificate will be a unique certificate belonging to the client, which is pre-shared with PayFac backoffice staff during onboarding. Each client has their own unique certificate, signed by a Certificate Authoriser. The presentation of that certificate alone therefore uniquely identifies the client.

Requesting Data from PayFac

HTTP GET

Using the HTTP GET method you can request resources from PayFac. The example below shows how you can retrieve a specific Payment Batch from PayFac by passing a Payment Batch Reference with the GET method. Where xxxxxx denotes a valid Payment Batch Reference

https://api.payfac.com/api.svc/paymentBatch/xxxxxxx

Submitting Data to PayFac

HTTP POST

To submit data to PayFac, use the HTTP POST method. Each method takes a specific xml format, and only correctly formatted requests can be read. Incorrectly formatted xml will receive HTTP 500 error messages.