Your First request to AfterPay API
In order to send requests to AfterPay an AfterPay account is needed. To create a new account, register on the My Account page. The API key will be generated automatically after account creation. If you don't see it immediately, refresh the "Account" page after a few seconds and it will appear. The page also shows you how long the key will be valid. Your API Key is stored in your account and will be used for authentication. API Keys have to be present in every request.
Let’s start with the easiest request in the AfterPay API - the GetVersion request. GetVersion does not require any input parameters (except your API key of course) and returns the simple message containing only the version of the API. This example serves as a baseline for future requests and introduces the core concepts in AfterPay API.
Generally all our requests can be tested with Postman, however you can use any other API-Testing application.
Your first transaction with AfterPay in Postman
Insert the https://sandbox.afterpay.io/api/v3/version to the URL input box and select the corresponding method (GET in this tutorial) from the dropdown list. If the "Send" button is pressed, the request is sent to the AfterPay server and the response can be seen in the Postman window.
As you can see from the picture (and from your Postman window), the server responded with status code 401 Unauthorized and the response body contains an error message. The error appeared because the AfterPay API did not know who made the request and did not grant access to its services. To avoid this kind of error, the API key must be provided for authentication. There is a button with the label "Headers (0)" under the URL box. In this tab it is possible to define the list of all headers which are sent during the request. (0) in the tab label indicates that there are currently no headers.
For authentication, the header "X-Auth-Key" must be added to the list of headers.
The value of this header will be your personal API key (you can get this key from your account).
If the request is sent again, the server responds with status code 200 "OK" and the response body contains the version of the current API.
The same request principles apply for the other available requests too.