This repository is meant to show you how to use Paygate’s API’s, by requesting a token and then using that to call the endpoint of your choice. There are runnable examples in each folder relating to each project, but the main bulk of it is here.
We recommend not using or keeping either the api key or keycode on the client side, if you need access client side, you can send the access token down from a backend and use that.
In the examples here I’m going to be using JavaScript with Axios
Getting a Token
We use oAuth2 to secure our endpoints, you should be given a secret key/api key, this must remain secret from anyone otherwise they will be able to request tokens and act as if they were you, think of it as your password.
Once you have your secret key you can request a token from our token endpoint https://portal.paygateservice.com/IdentityServer/identity/connect/token to do this you need to make a post request.
You can then use this in the auth header of your request.
let tokenResponse = {'...response from above...'}
axios.get('http://somecovidapi/api/[action]',{
headers: { Authorization: `Bearer ${tokenResponse.access_token}` }
})
Extras
You do not need to request a new token for each request, in the token response you’ll notice there’s a expires_in property this is the amount of seconds from requesting the token on when it will expire, in the example above, that would be an hour, so you can use this token for an hour before it expires.
You will have to manage this yourself, although there are a few libraries out there that can help with this.
Identity model is a good choice
The main call will allow a sort code and/or an account number, it will validate this information, along with this there are other calls to get service specific information.
BACS Details
A United Kingdom specific function that returns information specific to the BACS service for a given bank branch.
Returns details or information use specifically for BACS electronic payments. The function can be used to determine that.
The branch is a full BACS scheme member or a sponsored institution or not able to process BACS payments
The branch can handle Electronic Direct Debit Instrutions (DDI)
The branch can accept credits, debits
Details of any disallowed transactions.types.
Redirection sort codes. The sort codes that the payment needs to be directed to if the branch is unable to handles BACS payments directly.
CC&C Details
A United Kingdom specific function that returns information specific to the C&CC service for a given bank branch.
Returns details or information use specifically for the C&CC Service. The function can be used to determine that.
The branch is a C&CC scheme member, a full agency, a debit agency or does not participate in C&CC; does not accept C&CC payments.
The bank ID of the settlement bank
The Debit Agency Sortcode, if applicable
CHAPSS Details
A United Kingdom specific function that returns information specific to the CHAPS Sterling service for a given bank branch.
Returns details or information use specifically for CHAPS Sterling payments. The function can be used to determine that.
The branch accepts CHAPS Sterling payments directly, indirectly or does not participate in the CHAPS Sterling Payment scheme
The routing BIC is the branch accepts CHAPS Sterling payments indirectly
The CHAPS Sterling ID
FPS Details
A United Kingdom specific function that returns information specific to the UK Faster Payments service for a given bank branch.
Address
There are two ways to work with address lookups, the first is a search with the results populating a list, and the second is via autocomplete.
With search you will be billed each time you call the endpoints, so to get a formatted address the minimum amount of billable calls would be two, with autocomplete, you will only get billed when you select a “final” address.
Autocomplete
There is only one endpoint for autocomplete /Address/Autocomplete this will always return an object with a list of addresses, but this will contain data to determine if the selected address is the final address. You will recursively call the same function passing in different sid’s until you reach an array with 1 address in that has the selected boolean set to true, for the initial search we recommend using a debounced function on the input event, this way you can populate the initial list while the user is typing.
This is a bit harder to implement, but does create some nice UX. You can see the images below for an example
The flow for this would follow this logic
flowchart TD
a("User starts typing address")
b("Call is debounced to /Address/Autocomplete")
c("Select list is populated")
d{"On selection check if result has isExpandable or isComplete"}
e("Call /Address/Autocomplete with result's sid")
f("Call /Address/Autocomplete to get formatted address")
a --> b --> c --> d -- isExpandable --> e --> c
d -- isComplete --> f
Search
There are two endpoints for searching addresses, one is a lookup which will return an array of addresses and another which will return more details about an address. The way that you implement this is up to you, however you will always have to call lookup first, as this will give you the address id to pass to the /Address endpoint to get a structured address response back.
While we cannot force how you implement this, we suggest getting a user to enter their postcode and pressing a button to populate a select list with available addresses, then when one is selected call the /Address endpoint to get the formatted address data.
The two images below are an example of this.
The flow for this would follow this logic
flowchart TD
a("User types postcode")
b("User presses button to get list of addresses")
c("Call to /Address/Lookup with typed postcode")
d("Select list is populated with result")
e("On selection, call to /Address with selected addressId")
f("Formatted address is returned")
a --> b --> c --> d --> e --> f
CoP
CoP (Confirmation of Payee/Payer) is a name checking service for UK-based payments. The aim of the service is to reduce certain types of fraud as well as misdirected payments. Today, volumes of Confirmation of Payee/Payer requests are averaging more than one million per day. In short, this will check a name against bank account details to see if they match.
To make this request you will have to pass in the CustomerName, AccountNumber, SortCode and AccountType (along with keycode information)
So for example.
The AccountType must be Personal or Business depending on the bank account you’re checking against. Below is an example of all the possible responses you may get.
Click to hide/show table
AccountNumber
Accountype
ResponseCode
ShortDescription
ResultText
Any
Personal Or Business
MATC
Full Match
The account name provided is a match.
11111111
Personal
ANNM
No Match Found
The account name provided is not the same as the name held on the Account.
11111112
Personal
MBAM
Partial Match
The account name provided is not the same as the name held on the Account. It’s a close match.
11111113
Personal
BANM
Full Match - Business Account not Personal
The account name provided is a match but the account is a Business Account not a Personal one.
11111113
Business
MATC
Full Match
11111114
Business
PANM
Full Match - Personal Account not Business
The account name provided is a match but the account is a Personal Account not a Business one.
11111114
Personal
MATC
Full Match
11111115
Personal
BAMM
Partial Match - Business Account not Personal
This is a Business Account not a Personal one. The account name provided is not the same, it’s a close match.
11111115
Business
MATC
Full Match
11111116
Business
PAMM
Partial Match - Personal Account not Business
This is a Personal Account not a Business one. The account name provided is not the same, it’s a close match.
11111116
Personal
MATC
Full Match
11111117
Personal
AC01
Account Number Not Found
The account details supplied do not exist. Please check details with recipient.
11111118
Personal
IVCR
Reference Not Found
The secondary reference details supplied were not found. Please check details with recipient.
11111119
Personal
ACNS
Account Does Not Support CoP Check
Unable to check the name as the type of account is not supported for CoP checks. This response is also received if the account expects a secondary reference but one was not included.
11111120
Personal
OPTO
Match Unavailable - Customer Opted Out
Unable to check the name as the account holder has opted out of the CoP scheme.
11111121
Personal
CASS
Match Unavailable - Account Switched using CASS
The Account has been switched, please contact the recipient for updated Account details.
11111122
Personal
SCNS
Sort Code Not Found Unable to check the name.
The request has been routed to a responder who does not own the sort code. This would only normally happen due to an issue with the CoP directory, not anything in the request message. This is also the message we return if we cannot find the sort code in the directory to route the request to the right responder.
11111123
Personal
SECMISS
Secondary Reference Missing
The account details provided require a Secondary Reference value before name can be checked. Please check with recipient. (Note: Any value needs to be provided as the secondary reference)
11111123
Personal
MATC
Full Match
Note: An empty string needs to be provided as the secondary reference
11111124
Personal
FOURHUN
400 Error Occurred
Unable to check the name, try again later.
11111125
Personal
HTTPERR
HTTP Error occurred Unable to check the name, try again later.
11111126
Personal
TOOMANY
Too Many Requests
Too Many Requests to Partner Banks - Please try again later
11111127
Personal
NOROUTE
Unable to find a Participant Bank
Unable to find a Participant Bank to handle this request
Email Address
Email address validation will not only validate that an email address is in the correct format but also validate that it is still in use and in general is a good email to use.
Validity will depend on the response of the email address, if the response is “ok” or “unknown” the email address will be classed as valid.
Below are the responses that can be returned.
Click to hide/show table
Status
Description
ok
All is OK. The server is saying that it is ready to receive a letter to,this address, and no tricks have been detected
error
The server is saying that delivery failed, but no information about,the email exists
smtp_error
The SMTP answer from the server is invalid or the destination server,reported an internal error to us
smtp_protocol
The destination server allowed us to connect but the SMTP,session was closed before the email was verified
unknown_email
The server said that the delivery failed and that the email address does,not exist
attempt_rejected
The delivery failed; the reason is similar to “rejected”
relay_error
The delivery failed because a relaying problem took place
antispam_system
Some anti-spam technology is blocking the,verification progress
email_disabled
The email account is suspended, disabled, or limited and can not,receive emails
domain_error
The email server for the whole domain is not installed or is,incorrect, so no emails are deliverable
ok_for_all
The email server is saying that it is ready to accept letters,to any email address
dead_server
The email server is dead, and no connection to it could be established
syntax_error
There is a syntax error in the email address
unknown
The email delivery failed, but no reason was given
accept_all
The server is set to accept all emails at a specific domain.,These domains accept any email you send to them
disposable
The email is a temporary address to receive letters and expires,after certain time period
spam_traps
The email address is maintained by an ISP or a third party,which neither clicks nor opens emails
IBAN
Verifies that an IBAN is valid, decomposes the IBAN and returns useful information such as bank/branch information and BIC.
Phone Number
Verifies that a phone number is valid and in use, it will return the original network details associated with the phone number, along with the current network details.
The international country calling code is required for this request, our advice on this (if you’re only accepting telephone numbers from a single country) is to prefix this yourself (example in the section below).
Using on a form
The intended use of this is to use this on a form, so you can have validation at entry, however due to costs per call, we recommend doing validation on form submit. An example of this would be using it on a form for registering direct debits.
Using the Test Service
We’ve created an endpoint so that you can test your integration before occurring any costs, these have either faked data or a small sample set to test out multiple calls resulting in both good and bad results.
This service will still expect the correct authentication and keycode, the calls below will not include these details, you will have to append them, you will not be charged for using this service.
