Quick Setup: Confirmation of Payee API

Welcome to the Quickstart guide for the Confirmation of Payee API. This quick start will guide you to get your sandbox and production API running as fast as possible!


Sandbox access

In order to gain access to our sandbox environment you must follow 3 simple steps.

  1. Whitelist your IP addresses and get API keys
  2. Get an authorisation token
  3. Make your first API call

Step 1: Whitelist your IP addresses and get API keys

In order to keep our services secure and to prevent our endpoints from any DDOS attack, we have adopted a whitelist only policty. This means you can only access our endpoints from whitelisted IP addresses. Next to that, you will need a username and password for basic authentication when fetching a temporary access token for the real API.

Fill in Form to whitelist your IP addresses and get API keys

We will share your credentials via MSafe, a secure file sharing platform. We have to manually review your request, so it can take up to 2 business days before you have received your credentials.

Step 2: Get an authorisation token

In order to get access to the functional API, you will need an access token. To obtain an access token you need to call the oAuth API. We only support the grant_type: client_credentials. The oAuth 2.0 specifications recommend passing the API key and secret values from step 1 as an HTTP-Basic Authentication header.

There are two ways to set up your first API call. You can download the postman collection and use the first request in the collection with basic authentication, or set the auth call up manually.

Option 1: Use our Postman collection

  1. Import the collection into Postman Image
  2. Setup basic authentication on the first API call in the collection and press "Save" Image
  3. Set up an environment with variables {{smoke_test_access_token}} and {{base_uk_url}}.
  • {{access_token}}: The authorisation request will automatically link your token to that variable so you won't have to setup the authorisation header for your following API calls.
  • {{base_uk_url}}: In this variable, you should set up as 'current value' the endpoint URL provided to you via MSafe. Having trouble? Click here how to set up your variable access token in Postman.
  1. Press "Send" to retreive your token, it's automatically linked to your {{smoke_test_access_token}} variable.

Option 2 Manual setup using a cUrl example

curl --location --request POST '<hostValueWillBeSharedBySurePay>/oauth/client_credential/accesstoken \
    -H 'Authorization: Basic <your basic token>' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d grant_type=client_credentials

The oAuth 2.0 specifications recommend passing the API key and secret values as an HTTP-Basic Authentication header. Also replace <hostValueWillBeSharedBySurePay> with the url provided via MSafe by SurePay.

In pseudo-code: result = Base64Encode(concat('ns4fQc14Zg4hKFCNaSzArVuwszX95X', ':','ZIjFyTsNgQNyxI'))

In this example, ns4fQc14Zg4hKFCNaSzArVuwszX95X is the API key and ZIjFyTsNgQNyxI is the secret.

The result being: bnM0ZlFjMTRaZzRoS0ZDTmFTekFyVnV3c3pYOTVYOlpJakZ5VHNOZ1FOeXhJ==

Step 3: Make your first API call

Option 1: Use our Postman collection

  1. If you have completed all previous steps correctly, you should be able to select any of the requests in the postman collection and run them successfully!

Option 2 Manual setup using a cUrl request

    curl --location --request POST '<hostValueWillBeSharedBySurePay>/v1/gateway' \
    -H 'Authorization: Bearer <your bearer token>' \
    -H 'x-fapi-interaction-id: Querty-example-id-1234567' \
    -H 'Content-Type: application/json' \
    -d '{"SchemeName": "SortCodeAccountNumber","AccountType": "Personal","Identification":
    "99999900000001","Name": ",,David Martin"}'

In this scenario you will need to replace <your bearer token> with your own token, fetched in the previuous step. Also replace <hostValueWillBeSharedBySurePay> with the url provided via MSafe by SurePay.


Production access

Once you have successfully tested your connection with our sandbox and want to move to production, request production access via the following form:

Step 1: Whitelist your IP addresses and get API keys

Get API keys for Production and whitelist your IP addresses

Step 2 & 3: Make your authentication and functional API calls

To connect to the production environment, you can follow the exact same steps as when connecting to the sandbox. The only difference are the endpoints, your credentials and the IP addresses we have whitelisted for you in the previous step.

EndpointURL
UK Auth API ProductionProvided via MSafe after being requested
Confirmation of Payee API ProductionProvided via MSafe after being requested