Transactive's API is designed to be easy to integrate with.
Transactive's API conforms to ReST principles, making it simple and predictable. Its functionality centres around its key entities and the operations they support, and it responds synchronously to requests with a standard set of HTTP responses.
All post-submission payment-related communication with Transactive is asynchronous in nature: payment events occur within the Transactive backend and Transactive issues notifications via webhooks.
API calls are authenticated using cryptographically random credentials issued in the form of API keys.
Transactive's API is only accessible over HTTPS, using TLS 1.2 and select secure ciphers. Transactive's domain is additionally configured with HSTS and is included on pre-load lists, where available.
API calls are checked to ensure that callers have the appropriate authority. This is done via authorities on the API keys themselves that cumulatively determine what operations they are allowed to perform.
- Reporting - can view payments
- Payments - can make payments
- Admin - can perform admin tasks such as creating new contacts
Transactive has several features to help ensure only valid payments are processed.
Transactive will never process payments twice, even if it receives them, as long as they are uniquely identified.
Transactive can determine on an account-by-account basis which accounts may be sent payments.
At both the contract and individual contact level, daily and one-time limits for outbound payments can be specified, while at the contract level there is a cumulative account limit.