Skip to content

Environments & Rate Limits

Environments

SecPaid provides two separate environments:

Environment Base URL Purpose
Production https://app.secpaid.com Live payments, real money
Development app.dev.secpaid.com Testing, no real money charged

Separate credentials

Each environment has its own API Key. Do not mix tokens between environments.

Development environment

The development environment runs at app.dev.secpaid.com. Use it for integration work, plugin setup (JTL, WooCommerce, etc.), and webhook testing before you go live.

Development Production
Dashboard app.dev.secpaid.com app.secpaid.com
API base URL https://app.dev.secpaid.com/api/v2/ https://app.secpaid.com/api/v2/
Money Test mode — no real charges Live payments

Development accounts

Development accounts are not created via self-signup. Contact support@secpaid.com to request access to app.dev.secpaid.com. We will provision your account and share your sandbox API Key and dashboard login. Use that key only against app.dev.secpaid.com — production keys do not work in development, and vice versa.

  • Uses test mode — no real money is charged
  • Use test card numbers for simulated payments
  • Ideal for integration testing and webhook development
  • Point shop plugins and API clients at Sandbox / development URLs and tokens until go-live

Production Environment

  • Processes real payments via card and bank transfer
  • All webhook calls go to your production servers
  • Ensure your callback_url and payment_endpoint point to production URLs

Rate Limits

All API endpoints are rate-limited to prevent abuse:

Scope Limit
Per IP / per user 60 requests per minute

When you exceed the rate limit, subsequent requests receive an HTTP 429 Too Many Requests response until the window resets.

Best Practices

  • Cache responses where appropriate (e.g., transaction lists)
  • Use webhooks instead of polling for payment status
  • Implement exponential backoff on rate limit errors
  • Contact support if you need higher limits for your use case