API Overview

This section provides the technical foundation for integrating with the Merchant Collection Accounts API. Read this before making your first API call.

Authentication

The API uses Bearer Token authentication. Include your API token in the Authorization header for all requests:

Authorization: Bearer YOUR_API_TOKEN

Security: Never expose your API token in client-side code or public repositories. Store it securely as an environment variable.

Required Headers

Every API request must include these headers:

  • Content-Type*— Must be application/json

  • Authorization*— Bearer token: Bearer YOUR_API_TOKEN

  • x-request-id*— Unique UUID per request for tracing (string)

Example Headers

Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
x-request-id: 550e8400-e29b-41d4-a716-446655440000

x-request-id: Generate a unique UUID for each request. Include this ID when contacting support about specific requests.

Production Environment

Production Only: All API calls operate in the production environment with real bank accounts and actual transactions. There is no sandbox environment available.

  • All allocated accounts are real bank accounts

  • All transactions are live and processed by banking systems

  • Test carefully with small amounts

API Endpoints Summary

  • POST /account/allocate Allocate a new collection account.

  • GET /account/{account_number}/balance Get balance information for a specific account.

  • GET /account/{account_number}/statement Retrieve the transaction history for a specific account.

Best Practices

Request Handling

  • Always generate unique x-request-id values

  • Use proper JSON format for all requests

  • Store x-request-id for support requests

Security

  • Store API tokens securely (environment variables, secrets manager)

  • Implement proper webhook signature verification

PreviousMerchant Bank Collection AccountsNextAllocate Account

Last updated