The Axepta Online API allows you to seamlessly process and manage payments, supporting 350+ payment methods worldwide. Built on REST principles, the API is designed to be predictable and developer-friendly, with resource-oriented URLs, JSON-encoded requests and responses, and standard HTTP status codes.
Security
The Axepta Online API is designed with maximum security while remaining easy to implement. All communication occurs over HTTPS (TLS 1.2 or higher), ensuring end-to-end encryption at the transport level. This prevents packet sniffing, replay attacks, and other vulnerabilities without requiring additional encryption of the data itself.
Test Before You Go Live
Use our test environment to test your integration without affecting live data. The root URL determines whether the request is for test or live integration.
For functional documentation, please refer to the Confluence Guide
Securely authenticate API requests using Basic Auth or OAuth 2.0
The Axepta Online API supports two authentication methods to ensure secure access to payment processing and management endpoints. Choose the approach that aligns with your integration needs:
Basic Authentication
Use your Merchant ID as the username and API Key as the password. Combine them in the format MerchantID:APIKey, encode the string using Base64, and include it in the Authorization header with the Basic prefix for direct access to endpoints.
OAuth 2.0
Generate a short-lived JSON Web token (JWT) by authenticating with your API key via the authorization/oauth/token endpoint.
Create checkout session
This endpoint generates a URL for a hosted payment page where customers can securely select their preferred payment method and complete their transaction.
Create payment
This endpoint is used to initiate a payment for a specific payment method. You can choose between two integration types:
Note that not all payment methods support both HOSTED and DIRECT integration types. Some support only one of these options, while others support both. For detailed information about the supported integration types for each payment method, refer to the payment method-specific documentation in our product guide.
Confirm payment
This endpoint is used for payment methods that require a multi-step payment flow. It allows you to confirm a previously created payment instance (initiated via the Create Payment endpoint) to complete the transaction. This step is essential for certain payment methods to finalize the payment process.
Incremental authorization
This endpoint allows you to increase the authorized amount for an existing card transaction when the initial authorization is insufficient. The additional amount is appended to the original authorization, and the total authorized amount reflects both.
Reverse payment
This endpoint is used to reverse a payment that has not yet been captured, effectively canceling the authorization.
Capture payment
This endpoint is used to capture an existing authorized payment.
Refund payment
This endpoint is used to refund a captured payment.
Refund payment without reference
This endpoint is used to refund a payment without reference.
Retrieve payment details by Payment ID
This endpoint is used to retrieve payment details with the Payment ID (payId)
Retrieve payment details by Transaction ID
This endpoint is used to retrieve payment details with the Transaction ID (transId)
Update payment details
This endpoint is used to update payment details
Create payment link
This endpoint allows you to generate a payment link that can be shared with customers via email, SMS, or other channels. When customers click the link, they are redirected to a hosted payment page where they can select their preferred payment method and complete the transaction.
Receive payment result notifications via Webhooks
The Axepta Online API enables asynchronous event notifications through Webhooks, allowing your system to automatically receive the final result of a payment for hosted integration types, without the need for continuous polling.
Basic Webhook
Sends only the payId, allowing your system to fetch full payment details afterward.
Enhanced Webhook
Sends the complete payment information directly within the webhook payload.
For information on securing webhook communication, see the Security & verification section in the documentation.
The payload contains only the unique Axepta Online payId. The merchant can use this value to call the Retrieve payment details by payment ID endpoint to obtain full transaction details.
Since no sensitive data is transmitted, no HMAC signature is used for this Webhook type.
When the merchant receives a webhook, their endpoint must respond with an HTTP status code to acknowledge successful processing.
This is a notification sent by Axepta Online about the final result of a payment.
curl -i -X POST \
'https://test.paymentpage.axepta.bnpparibas/api/v2/{merchantBasicWebhookUrl}' \
-H 'Content-Type: application/json' \
-d '{
"payId": "78f5adccfe8640e5a549613389ff33we"
}'This is a notification sent by Axepta Online API about the final result of a payment.
Selected payment method(s).
curl -i -X POST \
'https://test.paymentpage.axepta.bnpparibas/api/v2/{merchantEnhancedWebhookUrl}' \
-H 'Content-Type: application/json' \
-d '{
"payId": "78f5adccfe8640e5a549613389ff33we",
"transId": "txn_7890",
"refNr": "45687",
"status": "OK",
"responseCode": "00000000",
"responseDescription": "success",
"amount": {
"value": 10000,
"currency": "EUR"
},
"paymentMethods": [
{
"type": "CARD"
}
],
"creationDate": "2025-09-23T13:20:30Z"
}'Retrieve customers
This endpoint is used to retrieve a list of customers.
Retrieve customer
This endpoint is used to retrieve details of a specific customer.
Update customer data
This endpoint is used to update customer data.
Delete customer
This endpoint is used to delete a specific customer and associated payment methods.
Retrieve payment methods
This endpoint is used to retrieve all payment methods for a specific customer.
Retrieve payment method
This endpoint is used to retrieve details of a specific payment method.
Delete payment method
This endpoint is used to delete a specific payment method.