Last update: August 3, 2023

Exchange format

The exchange format of the API is JSON with UTF-8 encoding.

Exchange security

Exchanges are secured end to end via a tunnel encrypted by HTTPS in TLS 1.2 Protocol.

Partner authentication through API KEY

Any call to a Web service shall include, in the header of the request, a variable X-Oney-Authorization = 'API KEY' in order to ensure his identification by Oney. The API KEY is specific to the partner (merchant or PSP). The API Key is a data that allows:

  • Secure exchange between Oney and the partner system
  • Control authorizations to access the services of the Oney interface
  • Calibrate the number of queries per second (limit) that the partner may send to Oney

The API Key is generated and assigned by Oney to a partner.
The API Key is specific to an environment: A partner will have a specific API Key for the qualification environment and a specific one for production environment.

So, for a given environment, it is the same KEY used for all merchants (or shops) belonging to a common brand partner.
The API Key is sent by Oney by email within an encrypted file in a zip format, a password will be provided through the phone.

Global unique identifier (GUID)

Oney assign to each partner (PSP and merchant) a GUID to be able to manage their contract.
This GUID is present in all requests from partner to Oney. GUID is specific to an environment (like API KEY) and to a country