Skip to content
/
Create an location at whi...

Ryft Payment API (1.1.0)

Ryft provides a collection of APIs that you can use to accept and process payments + marketplace functionality (payouts). We have a testing environment called sandbox, which you can sign up for to test API calls without affecting live data.

Authentication

When you sign up for an account, you are given a secret and public API key pair. You authenticate with our API by providing the appropriate key in the request Authorization header. Never share your secret keys. Keep them guarded and secure.

Public API key

Public keys should only be used in JavaScript or native applications. This key is solely used to identify the partner making requests. Supply this key in the Authorization header.

Secret API key

Your secret key should always be supplied in the Authorization header. Make sure this key is stored securely on your backend and never surfaced client-side.

Rate Limiting

We use rate limiting on a per-user basis to protect our APIs against abuse. Our Sandbox environment is limited to 5 requests per second. Our production environment is limited to 50 requests per second.

We also allow a brief burst above this limit to accommodate a sudden increase in traffic.

If you exceed the above quota then the API will respond with a 429 status code and you will need to retry the API call (we recommend implementing a retry policy with an exponential back-off).

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://ryftpay.com
Ryft
support@ryftpay.com
Languages
Servers
Sandbox environmment
https://sandbox-api.ryftpay.com/v1/
Production environment
https://api.ryftpay.com/v1/

Payments

Process payments with Ryft: authorizations, voids, captures, refunds etc.

Operations

Webhooks

Create and manage webhooks.

Operations

Events

Events are persisted throughout the lifecycle of a payment/action as you use our API. We use events to notify you when something important happens in your account (or a linked sub account). The most commonly used event occurs when a payment is captured, in which case we persist a PaymentSession.captured event and then (optionally) send it to any webhooks you have registered that are listening for that event type.

Note that if you are taking payments as a platform (for sub accounts), events are saved against the sub account accountId, but will be sent to any webhooks that your account has configured.

Operations

Accounts

Account registration for your sub accounts

Operations

Persons

The Persons API allows the creation and management of one or more persons for the purpose of verification for Business sub accounts. Recommended if you wish to implement verification programmatically for your sub accounts. This API cannot be accessed for Individual sub accounts.

Operations

Payout Methods

The Payout Methods API allows the creation and management of payout methods for use when receiving payouts, e.g. bank accounts. Recommended if you wish to implement payouts programmatically for your sub accounts.

Operations

Payouts

A payout represents the transfer of money from Ryft to a connected payout method (bank account), i.e. when we send money you're owed. Typically this is automated.

However, the payouts API allows you to explicitly create payouts for your sub accounts. Generally we'd recommend this if you are a marketplace who wants to control exactly when payouts should be sent out.

Operations

Transfers

A Transfer represents the movement of money between Ryft accounts.

This API allows platforms/marketplaces to transfer money from/to particular sub accounts, useful when:

  • you owe a sub account money from a particular transaction and want to explicitly send it after the fact
  • you want to recoup funds from a sub account, such as when dealing with disputes
  • you want to collect additional/new commission from the sub account
Operations

Balances

The balances API allows you to view your own or a particular sub accounts balances in real-time.

Typically useful when making use of manual payouts or our transfers API so you can determine the funds available prior to initiating requests.

Operations

Balance Transactions

Allows you to query for balance transactions. These transactions represent all actions within a Ryft account that impact account balances.

This API can only be used for reconciliation on transactions created from July 2025 onwards

Operations

Platform Fees

Query any platform fees that your account has taken (when taking payments on behalf of linked sub accounts)

Operations

Customers

The Customers API allows you to persist customer details across sessions. You should use this if you wish to support saving a customer's payment methods and thereby enabling them to reuse previously entered details for future payments.

Operations

Payment Methods

The Payment Methods API allows you to tokenize and store previously used payment methods.

Operations

Subscriptions

The subscriptions API allows you to automatically have Ryft schedule and charge recurring payments for a specific day and time. This API is not required to process recurring payments. After additional configuration, you can use our payment-sessions API to create and charge the recurring payments yourself.

Operations

Files

The Files API allows you to query for and upload files to Ryft. Some files may be generated internally by Ryft when requesting reports, or alternatively you may have uploaded evidence/verification documents

Operations

Apple Pay

Allows implementation of Apple Pay on the web via the API with Ryft's Apple Pay processing certificate.

Operations

Disputes

Disputes (also known as chargebacks) occur when a cardholder wants to query or challenge a transaction on their card statement. The Disputes API allows you to keep track of and manage disputes.

Operations

In-Person Products

The in-person products API allows you query for the products we offer for in-person payments. Useful to view and decide which SKUs you wish to order. Note that products themselves cannot be ordered. You must select one or more SKUs to purchase equipment.

Operations

In-Person SKUs

The in-person SKUs API allows you query for the SKUs we offer for in-person payments. SKUs are ultimately the items you order when purchasing equipment. Each SKU is scoped to a specific country and currency.

Operations

In-Person Orders

The in-person orders API allows you to request physical terminal orders to specific locations. Used in combination with our terminal API you can integrate in-person (card present) payments.

Operations

In-Person Locations

The in-person locations API allows you to setup and manage the locations in which terminals reside.

Operations

Create an location at which one or more terminals will reside

Request

Use this endpoint to setup a new location which will be used for housing one or more terminals. Note that once created a location's address & geo co-ordinates cannot be changed and instead a new location must be created

Security
secretApiKeyAuth
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this when you want to create an in person location under a linked account)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
Bodyapplication/json
namestring[ 5 .. 50 ] charactersrequired

Your name for the location. This can be used for display purposes.

addressobject(InPersonLocationAddressRequest)required
address.​lineOnestring[ 1 .. 80 ] charactersrequired

First line of the address

address.​lineTwostring or null[ 1 .. 80 ] characters

Second line of the address

address.​citystring[ 2 .. 50 ] charactersrequired

The address city/town

address.​countrystring= 2 charactersrequired

The two-character ISO country code

Example: "GB"
address.​postalCodestring[ 2 .. 16 ] charactersrequired

The postal code/zip of the address

address.​regionstring[ 1 .. 80 ] characters

The state/county/province/region Required if the address is in the US/Canada and must be a 2-character ISO state/province code

geoCoordinatesobject or null(GeoCoordinatesRequest)

The geographic coordinates of the location.

metadataobject or null

Your own custom key-value data for this object. These will be sent with any associated events on your webhooks. You can have a maximum of 10 pieces of metadata.

Keys must be between 1 and 30 characters in length.

Values must be between 1 and 250 characters in length.

Example: {"internalID":"1"}
curl -i -X POST \
  https://sandbox-api.ryftpay.com/v1/in-person/locations \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "Ryft Computer Parts",
    "address": {
      "lineOne": "123 Street",
      "city": "Manchester",
      "country": "GB",
      "postalCode": "M1 1AA"
    },
    "geoCoordinates": {
      "latitude": 51.1789,
      "longitude": 1.8262
    },
    "metadata": {
      "custom": "12345"
    }
  }'

Responses

Resource successfully created

Bodyapplication/json
idstring

The unique Id of the location

Example: "iploc_01FCTS1XMKH9FF43CAFA4CXT3P"
namestring

Your name for the location. This can be used for display purposes.

addressobject(InPersonLocationAddress)
geoCoordinates(GeoCoordinates (object or null))
(GeoCoordinates (object or null))
metadataobject

Your own custom key-value data for this object. These will be sent with any associated events on your webhooks. You can have a maximum of 10 pieces of metadata.

Keys must be between 1 and 30 characters in length.

Values must be between 1 and 250 characters in length.

Example: {"internalID":"1"}
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the object was created

Example: 1470989538
lastUpdatedTimestampinteger(int64)

The epoch timestamp (seconds) when the object was last updated

Example: 1470989538
Response
application/json
{
  "id": "iploc_01FCTS1XMKH9FF43CAFA4CXT3P",
  "name": "string",
  "address": {
    "lineOne": "string",
    "lineTwo": "string",
    "city": "string",
    "country": "GB",
    "postalCode": "string",
    "region": "string"
  },
  "geoCoordinates": {
    "latitude": 51.1789,
    "longitude": 1.8262
  },
  "metadata": {
    "internalID": "1"
  },
  "createdTimestamp": 1470989538,
  "lastUpdatedTimestamp": 1470989538
}

List in-person locations

Request

Fetches an paginated list of in-person locations

Security
secretApiKeyAuth
Query
ascendingboolean(boolean)

Control the order (newest or oldest) in which the items are returned. false will arrange the results with newest first, whereas true shows oldest first. The default is false.

Example: ascending=false
limitinteger(int32)

Control how many items are return in a given page The max limit we allow is 50. The default is 10.

Example: limit=10
startsAfterstring

A token to identify the item to start querying after. This is used to get the next page of results after a previous response returned a non-null paginationToken. The value of the paginationToken field from that response should be supplied here, to retrieve the next page of results for that timestamp range.

Example: startsAfter=iploc_01FCTS1XMKH9FF43CAFA4CXT3P_1641912473
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this when you want to list in person location under a linked account)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
curl -i -X GET \
  https://sandbox-api.ryftpay.com/v1/in-person/locations \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

The resource was retrieved successfully

Bodyapplication/json
itemsArray of objects(InPersonLocation)
paginationTokenstring

A token to use for getting the next page of results - send the same request with this value in the 'paginationToken' query parameter. This field is null when there are no further items to return

Example: "iploc_01FCTS1XMKH9FF43CAFA4CXT3P_1641912473"
Response
application/json
{
  "items": [
    { … }
  ],
  "paginationToken": "iploc_01FCTS1XMKH9FF43CAFA4CXT3P_1641912473"
}

Retrieve an in-person location

Request

Fetches an in-person location via its unique ID

Security
secretApiKeyAuth
Path
idstring^iploc_[0-7][0-9A-HJKMNP-TV-Z]{25}required

the unique ID of the location

Example: iploc_01FCTS1XMKH9FF43CAFA4CXT3P
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this when you want to get an in person location under a linked account)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
curl -i -X GET \
  https://sandbox-api.ryftpay.com/v1/in-person/locations/iploc_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

The resource was retrieved successfully

Bodyapplication/json
idstring

The unique Id of the location

Example: "iploc_01FCTS1XMKH9FF43CAFA4CXT3P"
namestring

Your name for the location. This can be used for display purposes.

addressobject(InPersonLocationAddress)
geoCoordinates(GeoCoordinates (object or null))
(GeoCoordinates (object or null))
metadataobject

Your own custom key-value data for this object. These will be sent with any associated events on your webhooks. You can have a maximum of 10 pieces of metadata.

Keys must be between 1 and 30 characters in length.

Values must be between 1 and 250 characters in length.

Example: {"internalID":"1"}
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the object was created

Example: 1470989538
lastUpdatedTimestampinteger(int64)

The epoch timestamp (seconds) when the object was last updated

Example: 1470989538
Response
application/json
{
  "id": "iploc_01FCTS1XMKH9FF43CAFA4CXT3P",
  "name": "string",
  "address": {
    "lineOne": "string",
    "lineTwo": "string",
    "city": "string",
    "country": "GB",
    "postalCode": "string",
    "region": "string"
  },
  "geoCoordinates": {
    "latitude": 51.1789,
    "longitude": 1.8262
  },
  "metadata": {
    "internalID": "1"
  },
  "createdTimestamp": 1470989538,
  "lastUpdatedTimestamp": 1470989538
}

Update an in-person location

Request

Updates an in-person location via its unique ID. Note that addresses and geo co-ordinates cannot be updated, to do this you must create a new location and delete the old one

Security
secretApiKeyAuth
Path
idstring^iploc_[0-7][0-9A-HJKMNP-TV-Z]{25}required

the unique ID of the location

Example: iploc_01FCTS1XMKH9FF43CAFA4CXT3P
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this when you want to update an in person location under a linked account)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
Bodyapplication/json
namestring or null

Your name for the location. This can be used for display purposes.

metadataobject or null

Your own custom key-value data for this object. These will be sent with any associated events on your webhooks. You can have a maximum of 10 pieces of metadata.

Keys must be between 1 and 30 characters in length.

Values must be between 1 and 250 characters in length.

Example: {"internalID":"1"}
curl -i -X PATCH \
  https://sandbox-api.ryftpay.com/v1/in-person/locations/iploc_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "Ryft Computer Parts",
    "metadata": {
      "custom": "12345"
    }
  }'

Responses

The resource was retrieved successfully

Bodyapplication/json
idstring

The unique Id of the location

Example: "iploc_01FCTS1XMKH9FF43CAFA4CXT3P"
namestring

Your name for the location. This can be used for display purposes.

addressobject(InPersonLocationAddress)
geoCoordinates(GeoCoordinates (object or null))
(GeoCoordinates (object or null))
metadataobject

Your own custom key-value data for this object. These will be sent with any associated events on your webhooks. You can have a maximum of 10 pieces of metadata.

Keys must be between 1 and 30 characters in length.

Values must be between 1 and 250 characters in length.

Example: {"internalID":"1"}
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the object was created

Example: 1470989538
lastUpdatedTimestampinteger(int64)

The epoch timestamp (seconds) when the object was last updated

Example: 1470989538
Response
application/json
{
  "id": "iploc_01FCTS1XMKH9FF43CAFA4CXT3P",
  "name": "string",
  "address": {
    "lineOne": "string",
    "lineTwo": "string",
    "city": "string",
    "country": "GB",
    "postalCode": "string",
    "region": "string"
  },
  "geoCoordinates": {
    "latitude": 51.1789,
    "longitude": 1.8262
  },
  "metadata": {
    "internalID": "1"
  },
  "createdTimestamp": 1470989538,
  "lastUpdatedTimestamp": 1470989538
}

Delete an in-person location

Request

Deletes an in-person location. Note that once deleted, the location will no longer be available. You can only the location if it has no terminal assigned to it.

Security
secretApiKeyAuth
Path
idstring^iploc_[0-7][0-9A-HJKMNP-TV-Z]{25}required

the unique ID of the location

Example: iploc_01FCTS1XMKH9FF43CAFA4CXT3P
Headers
Accountstring^ac_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a...

The linked accountId (use this when you want to delete an in person location under a linked account)

Example: ac_3fe8398f-8cdb-43a3-9be2-806c4f84c327
curl -i -X DELETE \
  https://sandbox-api.ryftpay.com/v1/in-person/locations/iploc_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

The resource was successfully deleted

Bodyapplication/json
idstring

The Id of the deleted location

Example: "iploc_01FCTS1XMKH9FF43CAFA4CXT3P"
Response
application/json
{
  "id": "iploc_01FCTS1XMKH9FF43CAFA4CXT3P"
}

In-Person Terminals

The in-person terminals API allows you to setup and manage your physical terminal hardware for in-person (card present) payments.

Operations