WiPay
Payments APIv1.0.9

FAQ

Frequently asked questions about the Payments API

What is an API Key?

In the context of WiPay's Payments API, the API Key is a random alphanumeric string tied to your WiPay BUSINESS Account. It is used exclusively on your server to verify Transaction Response data by re-calculating the response hash.

The API Key is not sent to the Payments API endpoint — it is only used server-side. A transaction is considered verified only when the re-calculated hash exactly matches the hash parameter in the response.

Do not share your API Key. If it has ever been publicly exposed or compromised, regenerate it immediately.

What is a Hosted Payment Page?

A Hosted Payment Page (HPP) is a checkout page hosted by the payment provider rather than by your application. In the Payments API flow, your application creates the payment request, WiPay returns or opens the hosted checkout URL, and the customer enters card details on WiPay's hosted page instead of on your website.

This matters because it can substantially reduce the PCI DSS scope of your own environment. The PCI Security Standards Council states that when a merchant outsources payment processing and does not store, process, or transmit cardholder data, many PCI DSS requirements may not apply directly to the merchant environment. PCI SSC also defines SAQ A for merchants with account-data functions completely outsourced to PCI DSS validated third parties, where the merchant does not store, process, or transmit account data in electronic form on its systems or premises. Redirect-based hosted payment pages are designed around that model.

Using an HPP does not remove your responsibilities entirely. PCI SSC is explicit that outsourcing payment processing does not remove the merchant's responsibility to ensure account data is properly protected by the third party. Your exact validation path depends on your full integration and operating environment, so you should confirm it with your acquirer, compliance team, or Qualified Security Assessor.

See Payments API Overview for the hosted-checkout model and Hosted Checkout Flows for the shared redirect behavior.

How do I get my API Key?

  1. Log into your verified WiPay BUSINESS Account.
  2. Navigate to the Developer page (profile menu → Developer).
  3. Open the Payment API tab.
  4. If you have not registered a website yet, enter the Website URL from which you will send API requests and click Submit.
  5. After the website is registered, your API Key is displayed on the page.

If you do not see the Developer option, ensure your WiPay BUSINESS Account has been Verified.

How do I generate a new API Key?

Generating a new API Key permanently replaces the previous one — the old key cannot be recovered.

  1. Log into your verified WiPay BUSINESS Account.
  2. Navigate to the Developer page → Payment API tab.
  3. Click Generate new API Key and confirm the prompt.

The new key takes effect immediately. Update your server-side hash-verification code with the new key.

What is the API Key for the TEST account?

The API Key for the sandbox test account is 123.

Changelog

Payments API version history and release notes

Fee Rates

Transaction fee rates by country and plan

On this page

What is an API Key?What is a Hosted Payment Page?How do I get my API Key?How do I generate a new API Key?What is the API Key for the TEST account?