Skip to main content

Documentation

Header Parameters

REST requests and webhooks contain header parameters for authentication of the messages.

The following headers appear in REST requests in the Payments platform:

  • access_key - Unique access key provided by Rapyd for each authorized user. Required.

    For more information, see Developers.

  • api_version - see Versioning for API Methods.

  • Content-Type - Indicates that the data appears in JSON format. Required.

    Always set to application/json.

  • idempotency - A unique string to protect against duplicate transactions. Optional.

    For more information, see Idempotency.

  • salt - Salt for the request signature. A random string for each request. Recommended length: 8-16 digits, letters and special characters. Required.

  • signature - Signature calculated for each message individually. Required.

  • timestamp - The time of the request, in Unix time (seconds). Required.

    The Rapyd platform is synchronized to the actual current time, as defined by public NTP servers. The timestamp must be synchronized to the actual current time, or less than 60 seconds before the actual current time.

Note

In the Point-of-Sale platform, each method has its own headers. See Point-of-Sale.

In this section:

The number of seconds elapsed since the beginning of the Unix epoch, which was 00:00:00 GMT on January 1, 1970. 10-digit integer.

An industry-standard protocol for synchronizing clocks of computers and telephones.