Frequently Asked Questions

Find answers to the most common questions about the Mopay API. If you can't find what you're looking for, please contact our support team.

General Questions

Is there a rate limit for API requests?

Yes, there are rate limits to ensure fair usage of our API. The default rate limit is 100 requests per minute per API key. If you need higher limits, please contact our support team to discuss enterprise options.

What formats does the API support?

Our API accepts and returns data in JSON format. All responses include appropriate HTTP status codes and consistent response structures. XML format is not supported.

Is the API available globally?

Yes, the Mopay API is available globally. However, certain payment methods might have regional restrictions. Please refer to the specific payment method documentation for details.

Technical Questions

How do I handle API errors?

Our API returns standard HTTP status codes along with detailed error messages. For example, a 400 status code indicates a bad request, while a 401 indicates authentication issues. Each error response includes an error code and human-readable message.

{
    'REQUEST': {
      'VERSION': '1.0',
      'ACTION': endpoint,
      'STATUS': 'FAILED'
    },
    'ERRORS': {
      "DETAILS": "Specific error details (Error code and message)"
    }
}

Is there a sandbox environment for testing?

Yes, we provide a sandbox environment for testing your integration. Use your TEST_KEY for all sandbox operations. The sandbox environment is a complete replica of our production environment, but no real transactions are processed.

Does the API support webhooks?

Yes, the Mopay API supports webhooks for event notifications. You can subscribe to events like payment.successful, payment.failed, refund.processed, etc. Webhook deliveries are retried up to 3 times in case of failures.

Security Questions

Is the API PCI compliant?

Yes, our payment infrastructure is PCI DSS Level 1 compliant. However, to minimize your PCI scope, we recommend using our client-side tokenization for collecting payment information directly from customers.

How should I store API keys?

Never store API keys in client-side code or public repositories. API keys should be stored securely on your server and referenced only in server-side code. If you suspect your API key has been compromised, you can rotate it in the dashboard.

Does the API support 2FA?

Yes, two-factor authentication (2FA) is available for your Mopay account. Although it doesn't apply directly to API calls, we recommend enabling 2FA for all users who have access to your Mopay dashboard and API keys.