Menu

Please select your page

Your First request to AfterPay API

In order to send requests to AfterPay, an AfterPay account is needed. To create a new account, register on the My Account page. The API key will be generated automatically after account creation. If you don't see it immediately, refresh the "Account" page after a few seconds and it will appear. The page also shows you how long the key will be valid. Your API Key is stored in your account and will be used for authentication. API Keys have to be present in every request. Let’s start with the easiest request in the AfterPay API - the GetVersion request. GetVersion does not require any input parameters (except your API key of course) and returns the simple message containing only the version of the API. This example serves as a baseline for future requests and introduces the core concepts in AfterPay API. Generally, all our requests can be tested with Postman, however, you can use any other API-Testing application.

Your first transaction with AfterPay in Postman

Open Postman and an empty request window. The current tutorial shows you how to get the API Version. The GetVersion page in the documentation gives you the URL and a method for a request.

qsg-01-blank-postman.png

Insert the https://sandbox.afterpay.io/api/v3/version to the URL input box and select the corresponding method (GET in this tutorial) from the dropdown list. If the "Send" button is pressed, the request is sent to the AfterPay server and the response can be seen in the Postman window.

qsg-03-set-url-method.png

As you can see from the picture (and from your Postman window), the server responded with status code 401 Unauthorized and the response body contains an error message. The error appeared because the AfterPay API did not know who made the request and did not grant access to its services. To avoid this kind of error, the API key must be provided for authentication. There is a button with the label "Headers (0)" under the URL box. In this tab, it is possible to define the list of all headers which are sent during the request. (0) in the tab label indicates that there are currently no headers.

qsg-04-authorization-required.png

For authentication, the header "X-Auth-Key" must be added to the list of headers. The value of this header will be your personal API key (you can get this key from your account). If the request is sent again, the server responds with status code 200 "OK" and the response body contains the version of the current API.

qsg-05-key-added.png

The same request principles apply to the other available requests too.