API Requests & Responses

This page, and it's links, gives details on how to use SmarterPay Cloud API.

If you have issues with SmarterPay Cloud API please contact support, either by telephone on +44 (0)1482 240886, or by email at support@smarterpay.com



The SmarterPay Cloud API is based on a REST service using JSON-formatted requests and responses.
The SmarterPay Cloud API is only available over HTTPS. Attempting to access the API over an unsecured HTTP connection will return a TLS_Required error.

To start using the SmarterPay Cloud API, you will require API credentials, which can be found within the SmarterPay Cloud Portal or from your SmarterPay representative.
The API credentials are consumed, in each REST call, by providing it as a Bearer token in the Authorization header.

The “Content-Type” header must also be provided when sending data to the API, using POST and PUT methods, passing either the standard JSON MIME type (application/json), or the JSON-API variant (application/vnd.api+json).

All requests and responses are UTF-8 encoded.

Providing the “Accept-Charset” header is optional, but recommended.


Format of HTTP request header names and values

The name of the HTTP request header you want to send can only contain:

  • Alphanumeric characters: a-z, A-Z, and 0-9
  • The following special characters: - and _

The value of the HTTP request header you want to send can only contain:

  • Alphanumeric characters: a-z, A-Z, and 0-9
  • The following special characters: _ :;.,\/“'?!(){}[]@<>=-+*#$&`|~^%

Example API Request Header

Authorization: Bearer <token>
Content-Type: application/json
Accept-Charset: utf-8
Idempotency-Key: 8abec541-efca-4efa-856b-50ab8679ec0f




The SmarterPay Cloud API can use idempotency to help prevent accidentally performing the same operation twice.
Idempotency can be used on creating a new record (“POST” method) or updating an existing record (“PUT” method).


To use SmarterPay Clouds API's idempotency, add the “Idempotency-Key: <key>” field to the header of the API request.
Idempotency keys can be up to 255 characters long, and are case sensitive, for example “ABC123” is not the same as “abc123”.
It is recommended to use a UUID/GUID for the idempotency key.


On recieving an API request, with an idempotency key header, SmarterPay Cloud API stores the details of the request, including the endpoint, idempotency key, and payload.
These details will be automatically removed from the system after they're at least 24 hours old.

While the idempotency key details are stored:

  • Any API request, with the same idempotency key, recieved during the processing of the initial request, will be returned with a “409 Conflict” response code and a “A request with the same Idempotency-Key for the same operation is being processed or is outstanding” message.
  • Any API request, with the same idempotency key, but different details, for example different endpoint or payload, will be returned with a “422 Unprocessable Entity” response code and a “Idempotency keys cannot be reused” message.
  • Any API request, with the same idempotency key, and exactly the same request details as the initial request, will be returned with the same response, and response code, as the initial request, with the addition of an “idempotency-replay: true” field in the response header.

After the idempotency key details are removed from the system:

  • Any request with the same idempotency key is treated as a new request, and the process starts again.


Please Note: SmarterPay strongly advises our clients to use the idempotency feature.



SmarterPay Cloud API employs Key-level Global Rate limiting on it's API endpoints.

“Key-level Global Rate limiting” means that each Client's API key is allowed a certain number of API calls in a given time period, before being rejected/limited.

The default rate, for all of our Clients, is 1000 requests per 60 seconds (1 minute).

Once this limit is reached, subsequent requests will recieve a “429 Too Many Requests” response, with the message “Too many requests. Please try again in 60 seconds.”, until the time windows has expired.
Once the time limit has expired request will be accepted again, with their appropriate response, until the limit is reached again for that time period.

If you want to discuss our rate limiting please contact support, either by telephone on +44 (0)1482 240886, or by email at support@smarterpay.com.




The following REST URLs are available to connect to SmarterPay Cloud API. For more information, including API request and response parameters, please use the Rest Service or Option Links below.

Rest Service Base URL Options
Account Validation https://api.smarterpaycloud.com/service.svc/accountvalidation Create, Details (Singular)
API Request https://api.smarterpaycloud.com/service.svc/apirequest Details (Singular)
Bank Account https://api.smarterpaycloud.com/service.svc/bankaccount Create, Update, Details (Singular), Disable, Details (List)
Card https://api.smarterpaycloud.com/service.svc/cards Details (List)
Client Bank Account https://api.smarterpaycloud.com/service.svc/clientbankaccount Details (Singular), Details (List), Details (By SUN)
Credit https://api.smarterpaycloud.com/service.svc/credit Create (Singular), Create (List), Details (Singular), Update, Details (List)
Customer Account https://api.smarterpaycloud.com/service.svc/customeraccount Create, Details (Singular), Update, Details (List)
Ecommerce Branding (V2) https://api.smarterpaycloud.com/service.svc/ecommercebranding Details (Singular)
Ecommerce Page Setup (V2) https://api.smarterpaycloud.com/service.svc/ecommercepagesetup Details (Singular)
Mandate https://api.smarterpaycloud.com/service.svc/mandate Create, Details (Singular), Update, Details (List)
Modulus Check https://api.smarterpaycloud.com/service.svc/moduluscheck Check
Outbound Message https://api.smarterpaycloud.com/service.svc/outboundmessage Details (Singular), Details (List), Resend Outbound Message
Payment https://api.smarterpaycloud.com/service.svc/payment Create (Singular), Create (List), Details (Singular), Update, Details (List)
Payment Link https://api.smarterpaycloud.com/service.svc/paymentlink Create, Details (Singular), Update, Details (List)
Payment Re-present https://api.smarterpaycloud.com/service.svc/payment/{ID}/represent Create
Recurrence Schedule https://api.smarterpaycloud.com/service.svc/recurrenceschedule Create, Details (Singular), Disable, Update, Details (List)
Service User Number https://api.smarterpaycloud.com/service.svc/serviceusernumber Details (Singular), Details (List)
Submission https://api.smarterpaycloud.com/service.svc/submission Details (Singular), Details (List)
Submission Line https://api.smarterpaycloud.com/service.svc/submissionline Details (Singular), Details (List)

{ID} denotes ID of record.

If you have UAT facilities with SmarterPay, please replace “api.smarterpaycloud.com” with “uatapi.smarterpaycloud.com” in the URL to access the testing environment.

The following REST URLs are available to connect to the SmarterPay Cloud Card Payment API. For more information, including API request and response parameters, please use the Rest Service or Option Links below.

Rest Service Base URL Options
Register Transaction https://pay.smarterpay.com/SmarterPayCardPaymentService/api/transaction Create
Refund https://pay.smarterpay.com/SmarterPayCardPaymentService/api/transaction/{ID} Create
Void https://pay.smarterpay.com/SmarterPayCardPaymentService/api/transaction/{ID} Create
Repeat Payment https://pay.smarterpay.com/SmarterPayCardPaymentService/api/transaction/{ID} Create
Deferred Release https://pay.smarterpay.com/SmarterPayCardPaymentService/api/transaction/{ID} Create
Deferred Cancel https://pay.smarterpay.com/SmarterPayCardPaymentService/api/transaction/{ID} Create
Authorise Release https://pay.smarterpay.com/SmarterPayCardPaymentService/api/transaction/{ID} Create

{ID} denotes ID of the card record.

If you have UAT facilities with SmarterPay, please replace “pay.smarterpay.com/SmarterPayCardPaymentService” with “uat-cardpayments.smarterpaycloud.com” in the URL to access the testing environment.


Each API request made to SmarterPay Cloud API will result in a response code.

Any unsuccessful response codes, in the 400 range, should contain more information to help you identify the cause of the problem.

Code Message Description
200 OK Standard response for successful HTTP requests.
202 Accepted The request has been received but not yet acted upon. The request may or may not eventually be acted upon, as it may be disallowed when processing actually takes place.
400 Bad Request The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).
405 Method Not Allowed A request method is not supported for the requested resource; for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.
406 Not Acceptable The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
409 Conflict This code indicates that the request could not be completed due to a conflict with the current state of the target resource. Please see “API Idempotency” for more details.
422 Unprocessable Entity This code indicates that the server understands the content type of the request, the syntax of the request content is correct, but it was unable to process the contained instructions. Please see “API Idempotency” for more details.
429 Too Many Requests This code indicates that the user has sent too many requests in a given amount of time. Please see “API Rate Limiting” for more details.
498 Invalid Token This code indicates an expired or otherwise invalid token.
500 Internal Server Error A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
503 Service Unavailable The server is not ready to handle the request. This code will be returned when the API is in maintenance mode, for example when updates are being applied.

Other error codes may require further investigation.

  • Last modified: 2024/10/11 14:12