Skip to main content

Overview

Credo's Payment Service API is RESTful and uses Open API Standard (OAS). Credo Payment Service API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

The base URLs for the API are:

Quick Help

If you've got any questions, reach us via email: hello@credocentral.com

Authentication and Security

To prevent man-in-the-middle attacks, TLS (HTTPS) is required for all endpoints. Requests over HTTP will return a 403 Forbidden response.

All endpoints in this API require your API key (that's an Authorization header with the value your-key-here).

You can retrieve your API key from the API Keys section on your merchant dashboard Settings page. You'll see two sets of keys, LIVE and TEST. The test keys only work with test data; no real cards are charged or accounts debited. You'll use the test keys when setting up your integration, and when you're done, you can use the live keys for final testing before you launch.

Each set of keys has two keys: a secret key and a public key. You can use the public key when calling endpoints from the client-side (browser, mobile app). You should only use the secret key when calling the API from a server, where it won't be exposed to others.

caution

As the name implies, your secret keys are secret, so they shouldn't be shared with anyone, as it allows them to access your account and act as you. If you think your secret key might have been compromised, you should use the Regenerate button on the API Keys page to invalidate the old one and get a new one.

Most endpoints can be called from either a server or a client, so they work with either key. However, some endpoints may only be used either on the client-side (public key) or server-side (secret key). We'll indicate which keys to use in the documentation for each endpoint.

About this documentation

Below each endpoint heading, you'll find a "Try It" button that launches our API playground. The playground allows you to test the endpoint right from your browser. Be careful with your API keys though—don't use your live key unless you know what you're doing.

If you run into any issues or you've got any questions or complaints, you can always shoot us an email. We can't wait to see what you'll build.🚀