Environments & Rate Limits¶
Environments¶
SecPaid provides two separate environments:
| Environment | Base URL | Purpose |
|---|---|---|
| Production | https://app.secpaid.com |
Live payments, real money |
| Development | https://app.dev.secpaid.com |
Testing, no real money charged |
Separate credentials
Each environment has its own API Key. Do not mix tokens between environments.
Development Environment¶
- Uses test mode — no real money is charged
- Use test card numbers for simulated payments
- Ideal for integration testing and webhook development
Production Environment¶
- Processes real payments via card and bank transfer
- All webhook calls go to your production servers
- Ensure your
callback_urlandpayment_endpointpoint to production URLs
Rate Limits¶
All API endpoints are rate-limited to prevent abuse:
| Scope | Limit |
|---|---|
| Per IP / per user | 60 requests per minute |
When you exceed the rate limit, subsequent requests receive an HTTP 429 Too Many Requests response until the window resets.
Best Practices¶
- Cache responses where appropriate (e.g., transaction lists)
- Use webhooks instead of polling for payment status
- Implement exponential backoff on rate limit errors
- Contact support if you need higher limits for your use case