In order to make payments securely, Super Payments uses API Keys, alongside TSL for all API requests, encrypting data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit.
Only server-to-server flows are supported. Integration via the front end (e.g. iframes, etc...) is not yet supported.
You'll need your API key to make secure calls to the Super Payments API. You'll need to pass a valid checkout-api-key header, otherwise you will receive an unauthorised error.
All endpoints should be called on the server-side to prevent exposing your API key.
In a similar way to API Key validation, the webhook response also includes a unique confirmation ID Key you should use to guarantee the security of the updates to your services.
Updated about 1 year ago