Merchant API
Pay for an order
api
post
/api/orders/{order_id}/payments

Pay for an order

Initiate a payment to pay full amount for an order using a customer's saved payment method.

note

The /orders/{order_id}/confirm endpoint has been deprecated. It will be only supported for already existing implementations.

caution

This endpoint is part of a new API, pay attention to the different endpoint URL.

For more information about how to save and charge payment methods, see: Charge a customer's saved payment method.

The following table shows who can initiate payments on saved payment methods (initiator parameter), depending on if the payment method was saved for the customer or the merchant (savedPaymentMethodFor parameter):

savePaymentMethodFor: customersavePaymentMethodFor: merchant
initiator: customerAllowedAllowed
initiator: merchantNot allowedAllowed
note

Using this endpoint, only merchant initiated payments are supported with Revolut Pay.

For more information about customers' payment methods, see the Retrieve all payment methods of a customer operation.

Authorization

Each Merchant API request must contain an authorization header in the following format to make a call: 

'Authorization: Bearer <yourSecretApiKey>'

Before you start, ensure that you've successfully applied for a Merchant Account in your Revolut Business Account.

The Public key is on the same path in your Revolut Business account as the Secret key. There are two different functions for each:

  • Public key should be provided with payment methods at checkout
  • Secret key is used as a part of the authorization header for all server calls, e.g., creating order

Complete the following steps to generate the Production API keys (Secret, Public):

  1. Log in to your Revolut Business portal.
  2. On the top left corner, click your account name, click APIs then select Merchant API.
  3. Under the Production API Secret key and Production API Public key sections you will find the API keys needed. If it's your first time on this page, you will need to click the Generate button to create your unique API keys.

You can also use this link to directly open the Merchant API page.

Merchant API - Settings

note

Use these keys only for the production environment. For the Revolut Business Sandbox environment, use the sandbox API keys.

SSL

note

This authentication protocol is used exclusively when using Fast checkout.

Connection over HTTPS is using SSL authentication. For successful authentication, your system's certificate should be issued by a Public Certificate Authority (PCA) and your system should trust Revolut's public certificate.

Revolut-Pay-Payload-Signature

note

This authentication protocol is used exclusively when using Fast checkout.

Data integrity and authorship will be verified using a payload-based signature. The response of a successful URL registration for address validation (see: Register address validation for Fast checkout) will contain a secret signing key.

The signing key will be used by Revolut to compute a Hash-based Message Authentication Code (HMAC) payload signature whenever the registered URL is called, which should be verified by your backend.

Request

Path Parameters
Path Parameters

The ID of the Order object.

Header Parameters
Header Parameters

This parameter accepts the Merchant API Secret key to authorise requests coming from the merchant's backend.

It ensures that ensures that each request is authenticated and authorised by verifying the secret key. The secret key should be included in all request headers as a Bearer token.

info

For more information, see: Authorization

Request body
Body object

Object containing information about the saved payment method used to pay for the order.

Possible values: [card, revolut_pay]

Type of saved payment method.

Saved payment method ID.

Possible values: [customer, merchant]

Indicates who is allowed to initiate the payment.

note

Using this endpoint, only merchant initiated payments are supported with Revolut Pay.

Environment object, indicating in which environment the payment was made.

caution

Only required if initiator: customer.

note

Only browser is available at the moment.

Possible values: [browser]

Type of environment where the payment was made.

Defines the offset to UTC in minutes.

The browser's available colour depth.

The browser's screen width in pixels.

The browser's screen height in pixels.

Indicates if the browser has Java enabled.

Defines the width of the pop-up window where the authentication challenge appears.

The URL of the page where the payment was initiated.

Response

Payment initiated

Response body
Body object

The ID of the payment.

Permanent order ID used to retrieve, capture, cancel, or refund an order after authorization.

The payment method used to pay for the order.

Possible values: [card, revolut_pay]

The type of payment method used to pay for the order.

Possible values: [revolut_account, card]

Indicates whether the customer used their card or Revolut account via Revolut Pay.

ID of the saved payment method.

note

The id parameter is only returned if the payment method is saved.

Possible values: [pending, authentication_challenge, authentication_verified, authorisation_started, authorisation_passed, authorised, capture_started, captured, refund_validated, refund_started, cancellation_started, declining, completing, cancelling, failing, completed, declined, soft_declined, cancelled, failed]

The status of the payment.

Details about the authentication challenge that should be performed to complete the authentication process. For more information about Revolut's 3DS solution, see: 3D Secure overview.

Only returned if the payment's state is authentication_challenge.

Possible values: [three_ds, three_ds_fingerprint]

Type of the authentication challenge the payment triggers.

The URL of the authentication challenge.

Was this page helpful?
Loading...