API Requests

In order to make payments securely, Super Payments uses API Keys, alongside TSL for all API requests, encrypting data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit.

Generate your API keys in your business portal.

Only server-to-server flows are supported. Integration via the front end (e.g. iframes, etc...) is not yet supported.


Watch out!

You'll need your API key to make secure calls to the Super Payments API. You'll need to pass a valid checkout-api-key header, otherwise you will receive an unauthorised error.

All endpoints should be called on the server-side to prevent exposing your API key.


Webhook Signature Verification

In a similar way to API Key validation, the webhook response also includes a unique confirmation ID Key you should use to guarantee the security of the updates to your services.