Peach Payments

Security / Authentication

All requests must be sent over SSL

All requests are authenticated against an Authorization Bearer header with an access token. All the other data parameters are sent as body parameters, see Authentication Parameters for more information.

Throttling

Throttling is the process of limiting the number of requests submitted to a given operation in a given amount of time. Throttling protects the web service from being overwhelmed with requests and ensures providing a healthy web service.

Following throttling values has been configured:

Live system

• COPYandPAY- Get the payment status
  Only 9 requests within one minute are allowed based on the checkoutId.

  GET /v1/checkouts/{checkoutId}/payment
  max-amount-request: 9 
  time-unit: minute

• COPYandPAY- Update checkout
  200 requests within one minute are allowed based on the checkoutId

  POST /v1/checkouts/{checkoutId}
  max-amount-request: 200 
  time-unit: minute

• Server-to-Server- Get the payment status
  Only two requests within one minute are allowed based on the paymentId.

  GET /v1/payments/{paymentId}
  max-amount-request: 2 
  time-unit: minute

• Server-to-Server- Partial backoffice operations
  200 requests within one minute are allowed based on the paymentId.

  POST /v1/payments/{paymentId}
  max-amount-request: 200 
  time-unit: minute

• Server-to-Server- Payments over a token
  200 requests within one minute are allowed based on the registrationId.

  POST /v1/registration/{registrationId}/payments
  max-amount-request: 200 
  time-unit: minute

• Reporting - Transaction Search Using paymentId
  Only two requests within one minute are allowed based on the paymentId.

  GET /v1/query/{paymentId}/
  max-amount-request: 2 
  time-unit: minute

• Reporting - Transaction Search Using merchantTransactionId
  Only two requests within one minute are allowed based on the merchantTransactionId.

  GET /v1/query/
  max-amount-request: 2 
  time-unit: minute

• Secure Query - Query secure payment token
  Only 100 requests within one hour are allowed based on the registrationId.

  GET /v1/secureRegistrations/{registrationId}
  max-amount-request: 100 
  time-unit: hour