API Overview¶
SecPaid provides a RESTful V2 API for external developers. All V2 endpoints are authenticated via API key and are routed through the SecPaid API gateway.
API Key Access
API keys are provisioned by our support team. Contact compute@spacepitch.org to request a key for development or production.
The V2 API is stable and intended for external integrations. Do not use V1 endpoints — those are reserved for the SecPaid web application and Zapier integration.
Interactive Documentation¶
An interactive Swagger UI is available at app.secpaid.com/swagger.
Environments¶
| Environment | Base URL |
|---|---|
| Development | https://app.dev.secpaid.com |
| Production | https://app.secpaid.com |
Always test against the development environment before going to production.
V2 Endpoints¶
All V2 endpoints share the prefix /api/v2/ and use POST as the HTTP method.
| Endpoint | Description |
|---|---|
createLink |
Create a basic payment link |
createSplitLink |
Create a split payment link with recipients |
getMyUnusedLinks |
List payment links that have not been paid yet |
getMyUsedLinks |
List payment links that have been paid |
deleteLink |
Delete an unused payment link |
getPayInTransactions |
List incoming payments (pay-ins) |
getPayOutTransactions |
List payout transactions |
refundPayment |
Submit a refund request for a payment |
getTaxInvoiceList |
List monthly service fee invoices |
Key Features¶
- API key authentication via
tokenheader - Webhook notifications to your Payment Endpoint on payment events
- Callback URL support for redirect-based payment confirmation
- Split payments with configurable per-recipient share percentages
- Full or partial refund requests
- Pay-in and payout transaction history with filtering
Error Handling¶
All endpoints return a consistent response envelope:
{
"ResponseCode": 1,
"ResponseMsg": "Human-readable message",
"Result": "True",
"data": {}
}
On error, ResponseCode is 0 and Result is "False". Standard HTTP status codes are also used:
| Code | Meaning |
|---|---|
| 200 | Success |
| 400 | Bad request — invalid parameters |
| 401 | Unauthorized — invalid or missing API key |
| 403 | Forbidden — insufficient permissions |
| 429 | Too many requests — rate limit exceeded |
| 500 | Internal server error |
Rate Limiting¶
Rate limits are applied per API key. If you exceed your limit you will receive a 429 Too Many Requests response. Contact support to adjust limits for load testing or high-volume use cases.