The connection URL for the sandbox server is:
https://[server-name]/gates/onboarding.
Authorization is done via service users. To access the API, a service user is required to be granted with a corresponding privilege. A user can submit API requests using either associated credentials or temporary password generated via authentication operation.
When submitting an API request, you can use either UniPay server URL or the Sanitizing Data Filter (Unibroker) server URL as an endpoint.
Requests that contain tokenized card numbers/bank account numbers can be submitted directly to {Unipay} server.
To reduce PCI exposure, requests with non-tokenized (raw) account data should be passed through the sanitizing data filter server. Otherwise,
L04 error will be returned (Processing of raw account data is not allowed through the specified API end-point for the current user).
If you don’t have a specific reason, we recommend sending all the requests to the same endpoint (data filter).
To learn more about service users and end-points used for API submission, review
Security Management guide.
Request method must be
POST. For convenience purposes,
sandbox server accommodates GET request as well. However,
in production environment only POST request is allowed.
The content-type must be set to
application/x-www-form-urlencoded when
POST request is used.
Request fields are passed as HTTPS request parameters (including cases with callbacks) using
name1=key1&name2=key2 (GET URL) format.
Response fields are passed within the body part of the HTTPS response as a part of the redirect to the response onboarding page.
