The connection URL for the sandbox server:
https://[server-name]/gates/tms/xurl. The callback URL for returns:
must be provided by the merchant.
Authorization is done via service users. To access the API, a service user is required to be granted with a corresponding privilege. A user can submit API requests using either associated credentials or temporary password generated via authentication operation.
When submitting an API request, you can use either UniPay server URL or the Sanitizing Data Filter (Unibroker) server URL as an endpoint.
Requests that contain tokenized card numbers/bank account numbers can be submitted directly to {Unipay} server.
To reduce PCI exposure, requests with non-tokenized (raw) account data should be passed through the sanitizing data filter server. Otherwise,
L04 error will be returned (Processing of raw account data is not allowed through the specified API end-point for the current user).
If you don’t have a specific reason, we recommend sending all the requests to the same endpoint (data filter).
To learn more about service users and end-points used for API submission, review
Security Management guide.
Request method is
POST.
The content-type must be set to
application/x-www-form-urlencoded when get-update, get-resource, log-state operations are performed.
The content-type must be set to
multipart/form-data or application/x-msdownload when upload-log operation is performed.
Request fields are passed within HTTPS request body (including cases with callbacks) and are required to be URL-encoded.
Response fields are passed within HTTPS response body.
Both request and response field values are passed using
name1=key1&name2=key2 format.