Features

Transactive's API is designed to be easy to integrate with.

ReSTful

Transactive's API conforms to ReST principles, making it simple and predictable. Its functionality centres around its key entities and the operations they support, and it responds synchronously to requests with a standard set of HTTP responses.

Event-Driven

All post-submission payment-related communication with Transactive is asynchronous in nature: payment events occur within the Transactive backend and Transactive issues notifications via webhooks.

Secure

Authentication

API calls are authenticated using cryptographically random credentials issued in the form of API keys.

Transactive's API is only accessible over HTTPS, using TLS 1.2 and select secure ciphers. Transactive's domain is additionally configured with HSTS and is included on pre-load lists, where available.

Authorization

API calls are checked to ensure that callers have the appropriate authority. This is done via authorities on the API keys themselves that cumulatively determine what operations they are allowed to perform.

  • Reporting - can view payments
  • Payments - can make payments
  • Admin - can perform admin tasks such as creating new contacts

Safe

Transactive has several features to help ensure only valid payments are processed.

Duplicate Detection

Transactive will never process payments twice, even if it receives them, as long as they are uniquely identified.

Account Whitelisting

Transactive can determine on an account-by-account basis which accounts may be sent payments.

Financial Limits

At both the contract and individual contact level, daily and one-time limits for outbound payments can be specified, while at the contract level there is a cumulative account limit.