Skip to content
/
Retrieve an Apple Pay web...

Ryft Payment API (1.1.0)

Ryft provides a collection of APIs that you can use to accept and process payments + marketplace functionality (payouts). We have a testing environment called sandbox, which you can sign up for to test API calls without affecting live data.

Authentication

When you sign up for an account, you are given a secret and public API key pair. You authenticate with our API by providing the appropriate key in the request Authorization header. Never share your secret keys. Keep them guarded and secure.

Public API key

Public keys should only be used in JavaScript or native applications. This key is solely used to identify the partner making requests. Supply this key in the Authorization header.

Secret API key

Your secret key should always be supplied in the Authorization header. Make sure this key is stored securely on your backend and never surfaced client-side.

Rate Limiting

We use rate limiting on a per-user basis to protect our APIs against abuse. Our Sandbox environment is limited to 5 requests per second. Our production environment is limited to 50 requests per second.

We also allow a brief burst above this limit to accommodate a sudden increase in traffic.

If you exceed the above quota then the API will respond with a 429 status code and you will need to retry the API call (we recommend implementing a retry policy with an exponential back-off).

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://ryftpay.com
Ryft
support@ryftpay.com
Languages
Servers
Sandbox environmment
https://sandbox-api.ryftpay.com/v1/
Production environment
https://api.ryftpay.com/v1/

Payments

Process payments with Ryft: authorizations, voids, captures, refunds etc.

Operations

Webhooks

Create and manage webhooks.

Operations

Events

Events are persisted throughout the lifecycle of a payment/action as you use our API. We use events to notify you when something important happens in your account (or a linked sub account). The most commonly used event occurs when a payment is captured, in which case we persist a PaymentSession.captured event and then (optionally) send it to any webhooks you have registered that are listening for that event type.

Note that if you are taking payments as a platform (for sub accounts), events are saved against the sub account accountId, but will be sent to any webhooks that your account has configured.

Operations

Accounts

Account registration for your sub accounts

Operations

Persons

The Persons API allows the creation and management of one or more persons for the purpose of verification for Business sub accounts. Recommended if you wish to implement verification programmatically for your sub accounts. This API cannot be accessed for Individual sub accounts.

Operations

Payout Methods

The Payout Methods API allows the creation and management of payout methods for use when receiving payouts, e.g. bank accounts. Recommended if you wish to implement payouts programmatically for your sub accounts.

Operations

Payouts

A payout represents the transfer of money from Ryft to a connected payout method (bank account), i.e. when we send money you're owed. Typically this is automated.

However, the payouts API allows you to explicitly create payouts for your sub accounts. Generally we'd recommend this if you are a marketplace who wants to control exactly when payouts should be sent out.

Operations

Transfers

A Transfer represents the movement of money between Ryft accounts.

This API allows platforms/marketplaces to transfer money from/to particular sub accounts, useful when:

  • you owe a sub account money from a particular transaction and want to explicitly send it after the fact
  • you want to recoup funds from a sub account, such as when dealing with disputes
  • you want to collect additional/new commission from the sub account
Operations

Balances

The balances API allows you to view your own or a particular sub accounts balances in real-time.

Typically useful when making use of manual payouts or our transfers API so you can determine the funds available prior to initiating requests.

Operations

Balance Transactions

Allows you to query for balance transactions. These transactions represent all actions within a Ryft account that impact account balances.

This API can only be used for reconciliation on transactions created from July 2025 onwards

Operations

Platform Fees

Query any platform fees that your account has taken (when taking payments on behalf of linked sub accounts)

Operations

Customers

The Customers API allows you to persist customer details across sessions. You should use this if you wish to support saving a customer's payment methods and thereby enabling them to reuse previously entered details for future payments.

Operations

Payment Methods

The Payment Methods API allows you to tokenize and store previously used payment methods.

Operations

Subscriptions

The subscriptions API allows you to automatically have Ryft schedule and charge recurring payments for a specific day and time. This API is not required to process recurring payments. After additional configuration, you can use our payment-sessions API to create and charge the recurring payments yourself.

Operations

Files

The Files API allows you to query for and upload files to Ryft. Some files may be generated internally by Ryft when requesting reports, or alternatively you may have uploaded evidence/verification documents

Operations

Apple Pay

Allows implementation of Apple Pay on the web via the API with Ryft's Apple Pay processing certificate.

Operations

Register a domain for Apple Pay

Request

Registers a domain name for Apple Pay on the web. Note that this is required if relying on Ryft's Apple Pay processing certificate.

A Maxiumum of 99 domains can be registered against a single Ryft account.

Each domain must host our verification file under /.well-known/apple-developer-merchantid-domain-association.

Important: the Content-Type of the hosted file must be application/octet-stream.

Security
secretApiKeyAuth
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this if you are processing payments directly under a sub account's URL)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
Bodyapplication/json
domainNamestringrequired

The domain name you want to register for Apple Pay.

Example: "ryftpay.com"
curl -i -X POST \
  https://sandbox-api.ryftpay.com/v1/apple-pay/web-domains \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "domainName": "ryftpay.com"
  }'

Responses

Apple Pay web domain successfully created

Bodyapplication/json
idstring

The unique ID for the web domain

Example: "apwd_01FCTS1XMKH9FF43CAFA4CXT3P"
domainNamestring

The domain name registered for Apple Pay

Example: "ryftpay.com"
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the apple pay web domain was created

Example: 1631696701
Response
application/json
{
  "id": "apwd_01FCTS1XMKH9FF43CAFA4CXT3P",
  "domainName": "ryftpay.com",
  "createdTimestamp": 1631696701
}

List Apple Pay web domains

Request

List the web domains you have registered for Apple Pay

Security
secretApiKeyAuth
Query
ascendingboolean(boolean)

Control the order (newest or oldest) in which the payment sessions are returned. false will arrange the results with newest first, whereas true shows oldest first. The default is false.

Example: ascending=false
limitinteger(int32)

Control how many items are return in a given page The max limit we allow is 50. The default is 20.

Example: limit=10
startsAfterstring

A token to identify where to resume a subsequent paginated query. The value of the paginationToken field from that response should be supplied here, to retrieve the next page of results for that timestamp range.

Example: startsAfter=apwd_01FCTS1XMKH9FF43CAFA4CXT3P_1641912473
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this if you are processing Apple Pay directly under a sub account's registered Apple Pay domain)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
curl -i -X GET \
  https://sandbox-api.ryftpay.com/v1/apple-pay/web-domains \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Successfully retrieved the Apple Pay web domains

Bodyapplication/json
itemsArray of objects(ApplePayWebDomain)
paginationTokenstring or null

A token to use for getting the next page of results - send the same request with this value in the 'paginationToken' query parameter. This field is null when there are no further items to return

Example: "apwd_01FCTS1XMKH9FF43CAFA4CXT3P_1641912473"
Response
application/json
{
  "items": [
    { … }
  ],
  "paginationToken": "apwd_01FCTS1XMKH9FF43CAFA4CXT3P_1641912473"
}

Retrieve an Apple Pay web domain

Request

This is used to fetch an Apple Pay web domain by its unique Id

Security
secretApiKeyAuth
Path
idstringrequired

Apple Pay web domain Id to retrieve

Example: apwd_01FCTS1XMKH9FF43CAFA4CXT3P
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (Required if you registered the domain under a specific sub account)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
curl -i -X GET \
  https://sandbox-api.ryftpay.com/v1/apple-pay/web-domains/apwd_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Apple Pay web domain successfully retrieved

Bodyapplication/json
idstring

The unique ID for the web domain

Example: "apwd_01FCTS1XMKH9FF43CAFA4CXT3P"
domainNamestring

The domain name registered for Apple Pay

Example: "ryftpay.com"
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the apple pay web domain was created

Example: 1631696701
Response
application/json
{
  "id": "apwd_01FCTS1XMKH9FF43CAFA4CXT3P",
  "domainName": "ryftpay.com",
  "createdTimestamp": 1631696701
}

Delete an Apple Pay web domain

Request

This is used to delete an Apple Pay web domain by its unique Id

Security
secretApiKeyAuth
Path
idstringrequired

Apple Pay web domain Id to delete

Example: apwd_01FCTS1XMKH9FF43CAFA4CXT3P
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (Required if you registered the domain under a specific sub account)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
curl -i -X DELETE \
  https://sandbox-api.ryftpay.com/v1/apple-pay/web-domains/apwd_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Apple Pay web domain successfully retrieved

Bodyapplication/json
idstring

The Id of the deleted Apple Pay web domain

Example: "apwd_01FCTS1XMKH9FF43CAFA4CXT3P"
Response
application/json
{
  "id": "apwd_01FCTS1XMKH9FF43CAFA4CXT3P"
}

Create an Apple Pay web session

Request

Request a new Apple Pay web session. Use this endpoint if you process Apple Pay on the web and:

  • you want to rely on Ryft's Apple Pay processing certificate
  • have an existing integration or want to implement Apple Pay via our API (without using our SDKs)
Security
publicApiKeyAuth or secretApiKeyAuth
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this if you are processing Apple Pay directly under a sub account's registered Apple Pay domain)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
Bodyapplication/json
displayNamestring[ 3 .. 64 ] charactersrequired

This is the name displayed within the Apple Pay payment sheet. Must contain UTF-8 characters.

Example: "Ryft Merchandise"
domainNamestringrequired

The domain name you have verified for Apple Pay (omit the protocol). This should match window.location.hostname.

Example: "ryftpay.com"
curl -i -X POST \
  https://sandbox-api.ryftpay.com/v1/apple-pay/sessions \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "displayName": "Ryft Merchandise",
    "domainName": "ryftpay.com"
  }'

Responses

Apple Pay session successfully created

Bodyapplication/json
sessionObjectstring

The opaque Apple Pay session object. This will be a JSON escaped string.

Supply this value to completeMerchantValidation

Example: "..."
Response
application/json
{
  "sessionObject": "..."
}

Disputes

Disputes (also known as chargebacks) occur when a cardholder wants to query or challenge a transaction on their card statement. The Disputes API allows you to keep track of and manage disputes.

Operations

In-Person Products

The in-person products API allows you query for the products we offer for in-person payments. Useful to view and decide which SKUs you wish to order. Note that products themselves cannot be ordered. You must select one or more SKUs to purchase equipment.

Operations

In-Person SKUs

The in-person SKUs API allows you query for the SKUs we offer for in-person payments. SKUs are ultimately the items you order when purchasing equipment. Each SKU is scoped to a specific country and currency.

Operations

In-Person Orders

The in-person orders API allows you to request physical terminal orders to specific locations. Used in combination with our terminal API you can integrate in-person (card present) payments.

Operations

In-Person Locations

The in-person locations API allows you to setup and manage the locations in which terminals reside.

Operations

In-Person Terminals

The in-person terminals API allows you to setup and manage your physical terminal hardware for in-person (card present) payments.

Operations