Overview
Pepay’s API is organized around three surfaces plus event delivery:- Merchant API: invoices, settlement, tokens, events, and account-level operations.
- Commerce API: product search, merchant carts, checkout, orders, and payments.
- Payor API: session-scoped checkout reads and payment status updates.
- WebSockets: realtime events for merchant and commerce workflows.
- Webhooks: server-to-server event delivery for durable processing.
Base URLs and environments
- Base URL selects the deployment. Default used in examples:
{DEFAULT_BASE_URL}. - Environment (
environment=devnet|mainnet) selects the network context for endpoints that support it. - Devnet uses full testnet rails. Mainnet access must be enabled for your account before production use.
Devnet commerce status updates
For testnet commerce flows, use the devnet simulator endpoint to advance order status transitions. It emits the samecommerce.order.* events you receive via WebSockets and webhooks, so you can test end-to-end behavior without real orders.
Authentication
Pepay supports multiple auth modes depending on surface area (merchant vs commerce vs payor). See: Authentication.Realtime delivery: WebSockets vs Webhooks
| Channel | Best for | Reliability notes |
|---|---|---|
| WebSockets | Live UI updates and realtime dashboards | Includes replay/backfill; events are at-least-once so dedupe by event.id. |
| Webhooks | Server-side side effects and audit trails | Retries on non-2xx; events are at-least-once so dedupe by event.id or X-Pepay-Event-ID. |
Request
To use these examples, first set your environment variable:Response
List response envelope:Errors
401/403auth errors (wrong header type, invalid token, or insufficient scope)429rate limits (respectRetry-After)5xxtransient server errors (retry with backoff where safe)