Request format

Requests are to be sent via HTTP 1.1 using SSL (HTTPS) to the following address:<method name>

Requests are authorized in accordance with The OAuth 2.0 Authorization Framework: Bearer Token Usage.

HTTP requests must have this header:

Authorization: Bearer <access_token>
Note. The token that is used must have the necessary permissions to execute the requested method with the specified set of parameters.

Security requirements:

  1. All network interactions are transmitted only via HTTPS.
  2. The TLS version is 1.2 or later.
  3. The application should verify the validity of the server's SSL certificate. If the SSL certificate did not pass verification, the session must be aborted immediately to prevent compromising the authorization data.
  4. Do not store the access token in unencrypted format, for example, as cookies.
  5. Never use the access token in request parameters (GET, POST etc).

Format for request parameters:

  • Key/value pairs, packed as HTTP 1.1 POST request parameters.
  • MIME type: application/x-www-form-urlencoded.
  • Encoding: UTF-8.

Request example:

POST /api/request-payment HTTP/1.1
Content-Type: application/x-www-form-urlencoded