The PayFacto Payment API v2.0 is a REST API that communicates over HTTPS. All requests and responses use JSON. Authentication uses HTTP Basic Auth. This page covers the technical fundamentals that apply across the entire API β authentication, request format, response format, and base URLs. For the full list of endpoints, products, and reference material, see the PayFacto API v2.0 β Main Page.
Version: v2.0 | Last updated: 2026-06-29
Contents
All requests are authenticated using HTTP Basic Auth. Encode your credentials as username:password in Base64 and pass the result in the Authorization header.
API Credentials
Your PayFacto username and password are issued during merchant onboarding. Never expose them in client-side code, browser requests, or public repositories. All API calls must be made server-to-server.
Authorization header format:
Keep your credentials confidential. The encoded string dXNlcm5hbWU6cGFzc3dvcmQ= above is just an example β replace it with your own Base64-encoded credentials.
All requests are HTTP POST or GET with a Content-Type: application/json body (for POST requests). Two request-level headers apply to all calls:
Authorization
Required on every request. HTTP Basic Auth β see Authentication above.
Idempotency-Key
Recommended on all POST requests. A UUID (max 64 chars) that allows safe retry of failed or timed-out requests without creating duplicate transactions. Generate a fresh key for each new payment attempt. Reuse the same key when retrying a timeout.
Content-Type
Must be application/json for all POST requests.
Amount format:
All monetary amounts are positive integers in the smallest currency unit. For CAD and USD, this is cents β $12.99 is sent as 1299. Never use decimal points or currency symbols.
All responses are JSON. Always check the HTTP status code first, then the status field in the response body.
A 201 Created response means a new resource was created. A 200 OK on a POST means the request was a duplicate of an already-processed idempotency key β the original response is returned. See the PayFacto API v2.0 β Main Page for the full Error & Status Reference.
PayFacto v2.0 uses two separate base URLs β one for core payment processing and one for hosted checkout solutions.
Payment API
UAT (Test)
https://uat.ca.api.payfacto.cloud/payments/v1 β Use during development. No real payments are processed.
Production
https://ca.api.payfacto.cloud/payments/v1 β Switch only after completing UAT testing and certification.
Hosted Checkout API (SHC / SHP / SPL)
UAT (Test)
https://uat.ca.shc.payfacto.cloud β Use during development.
Production
https://ca.shc.payfacto.cloud β Live hosted payment pages.
Never use your production credentials in UAT, or your UAT credentials in production. Contact PayFacto Support to begin the certification process before switching to production.
Endpoint references for Charges, Refunds, Verifications, Hosted Solutions (SHC / SHP / SPL), and Digital Wallets are documented individually in the article index, along with Error & Status Reference.
|