Token & Payment Flow
Overview
The 88Pay Transactional API allows merchants to process payments securely by using a two-step authentication and transaction creation process.
This flow ensures that every transaction is authorized with a short-lived token, adding an extra layer of security.
Payment Flow
To process a payment, follow these steps:
1. Generate an Access Token
Before creating a payment, you must request an access token.
This token is valid for 60 seconds and must be used immediately to initiate a transaction.
Endpoint
POST https://api.88pay.io/api/auth/token
Headers
| Header | Type | Description |
|---|---|---|
x-api-key | string | Your API key provided by 88Pay. |
X-Merchant-Id | string | Your unique merchant ID assigned by 88Pay. |
Example Request
POST /api/auth/token HTTP/1.1
Host: api.88pay.io
x-api-key: sk_live_MCH-COL-29ZTP4_d09d866..........
X-Merchant-Id: MCH-COL-2KKAK
Content-Type: application/json
Example Response
{
"status": "Success",
"code": 200,
"message": "Token generated successfully",
"data": {
"access_token": "eyJhbGciOiJFQ0RILU......",
"expires_in": 60,
"session_id": "sess_c6eda115-6933-45ae-8c9b-....."
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
status | string | Operation result (Success or Error). |
code | number | HTTP status code. |
message | string | Description of the response. |
access_token | string | Short-lived token used for the next transaction request. |
expires_in | number | Token validity in seconds. |
session_id | string | Session identifier, required for the next step. |
2. Create a Payment Transaction
Once you have the access_token, you can create a payment transaction.
Endpoint
POST https://api.88pay.io/api/transactions/charges
Headers
| Header | Type | Description |
|---|---|---|
Authorization | string | Bearer token obtained from step 1. Format: Bearer <access_token>. |
x-session-id | string | Session ID obtained from step 1 (session_id). |
Request Body
| Field | Type | Description |
|---|---|---|
flow | string | Transaction flow type (e.g., "PAYIN" for incoming payments). |
method_code | string | Payment method code (e.g., "CARDS"). |
method_category | string | Payment method category (e.g., "CARD"). |
country | string | ISO 3166-1 alpha-3 country code (e.g., "MEX" for Mexico). |
currency | string | ISO 4217 currency code (e.g., "MXN"). |
amount | number | Payment amount. |
description | string | Description of the transaction (e.g., "Compra #3"). |
customer_id | string | Unique customer identifier in the merchant’s system. |
notification_url | string | URL for receiving payment notifications (webhook). |
return_url | string | URL to redirect the customer after payment completion. |
Example Request
POST /api/transactions/charges HTTP/1.1
Host: api.88pay.io
Authorization: Bearer eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyN...
x-session-id: sess_9279ff82-ba53-4438-ac3d-.....
Content-Type: application/json
{
"flow": "PAYIN",
"method_code": "CARDS",
"method_category": "CARD",
"country": "MEX",
"currency": "MXN",
"amount": 100.00,
"description": "Compra #3",
"customer_id": "cust_987654",
"notification_url": "https://merchant.example.com/notify",
"return_url": "https://merchant.example.com/notify"
}
Example Response
{
"status": "Success",
"code": 200,
"message": "Method processed",
"data": {
"urlCheckout": "https://checkout.tu-dominio.com/mex/cards?amount=100¤cy=MXN&customer_id=cust_987654&description=Compra+%233&return_url=https%3A%2F%2Fmerchant.example.com%2Fnotify¬ification_url=https%3A%2F%2Fmerchant.example.com%2Fnotify",
"amount": 100,
"currency": "MXN",
"reference": ""
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
urlCheckout | string | URL where the customer can complete the payment. |
amount | number | Payment amount. |
currency | string | Currency used for the payment. |
reference | string | Transaction reference number (may be empty initially). |