Merchant API
Welcome to the Revolut Merchant API - your solution to managing the core aspects of e-commerce and accepting online payments. Whether you're a startup, a growing business, or an established enterprise in the e-commerce industry, our API helps you streamline your operations.
As a Revolut Business customer with a Merchant Account, you can use the Merchant API to leverage the following features:
- Order management
- Customer management
- Payment management
- Payout management
- Dispute management
- Reporting analytics
- Webhook management
- Location management
... and more.
API versions
We highly recommend using versioning in your API calls. If you don't provide a version header on the operations where it's required, you will receive an error response.
The Merchant API uses request header versioning. Where it is required you need to use the Revolut-Api-Version header parameter to specify an API version. Each request, where it is indicated in the API specification, must contain a version header in the following format:
'Revolut-Api-Version: 2024-09-01'
For more information, see: API versions
Test the Merchant API
You can test the Merchant API in Postman by forking this collection:
Authentication
- API Key: Api-Key
- SSL
- API Key: Payload-Signature
Each Merchant API request must contain an authorization header in the following format:
'Authorization: Bearer <yourSecretApiKey>'
To use this API, you need to generate API keys from your Revolut Business account. The Secret key is used in the authorization header for all server calls, while the Public key is provided with payment methods at checkout.
For detailed instructions on generating your API keys, see: Generate API keys.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | Authorization |
This authentication protocol is used exclusively when using Fast checkout.
Connection over HTTPS is using SSL authentication. For successful authentication, your system's certificate should be issued by a Public Certificate Authority (PCA) and your system should trust Revolut's public certificate.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | ssl |
This authentication protocol is used exclusively when using Fast checkout.
Data integrity and authorship will be verified using a payload-based signature. The response of a successful URL registration for address validation (see: Register address validation for Fast checkout) will contain a secret signing key.
The signing key will be used by Revolut to compute a Hash-based Message Authentication Code (HMAC) payload signature whenever the registered URL is called, which should be verified by your backend.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | Revolut-Pay-Payload-Signature |