Skip to content
/
Create/Register a webhook...

Ryft Payment API (1.1.0)

Ryft provides a collection of APIs that you can use to accept and process payments + marketplace functionality (payouts). We have a testing environment called sandbox, which you can sign up for to test API calls without affecting live data.

Authentication

When you sign up for an account, you are given a secret and public API key pair. You authenticate with our API by providing the appropriate key in the request Authorization header. Never share your secret keys. Keep them guarded and secure.

Public API key

Public keys should only be used in JavaScript or native applications. This key is solely used to identify the partner making requests. Supply this key in the Authorization header.

Secret API key

Your secret key should always be supplied in the Authorization header. Make sure this key is stored securely on your backend and never surfaced client-side.

Rate Limiting

We use rate limiting on a per-user basis to protect our APIs against abuse. Our Sandbox environment is limited to 5 requests per second. Our production environment is limited to 50 requests per second.

We also allow a brief burst above this limit to accommodate a sudden increase in traffic.

If you exceed the above quota then the API will respond with a 429 status code and you will need to retry the API call (we recommend implementing a retry policy with an exponential back-off).

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://ryftpay.com
Ryft
support@ryftpay.com
Languages
Servers
Sandbox environmment
https://sandbox-api.ryftpay.com/v1/
Production environment
https://api.ryftpay.com/v1/

Payments

Process payments with Ryft: authorizations, voids, captures, refunds etc.

Operations

Webhooks

Create and manage webhooks.

Operations

Signatures

As an additional security measure, you can verify the integrity of any webhook event you receive by checking the signature we provide within the Signature header. To do this simply take the webhook endpoint secret and HMAC-SHA256 the request body. If the signatures are not equal then you may want to discard the message.

Retry Policy

If your webhook URL begins to fail we will start our retry mechanism. For each failing event we immediately retry several times before then retrying with an increasing delay until we've exhausted the maximum number of attempts. Each retry happens after (0, 1, 5, 10, 10, 10 minutes)

Create/Register a webhook endpoint

Request

Create/Register a webhook endpoint to start receiving events

Security
secretApiKeyAuth
Bodyapplication/jsonrequired
urlstring

The URL of your webhook endpoint to register

Example: "https://example-endpoint.com/webhook"
activeboolean

Whether the endpoint is active (receiving events) or not

Example: true
eventTypesArray of strings(EventType)

The event types you want the endpoint to receive

Items Enum"PaymentSession.approved""PaymentSession.captured""PaymentSession.declined""PaymentSession.voided""PaymentSession.void_failed""PaymentSession.refunded""PaymentSession.refund_failed""PaymentSession.requires_action""Account.created""Account.updated"
Example: ["PaymentSession.captured","PaymentSession.refunded"]
curl -i -X POST \
  https://sandbox-api.ryftpay.com/v1/webhooks \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "url": "https://example-endpoint.com/webhook",
    "active": true,
    "eventTypes": [
      "PaymentSession.captured",
      "PaymentSession.refunded"
    ]
  }'

Responses

Webhook successfully registered

Bodyapplication/json
secretstring

The Webhook's signature secret (only returned on initial creation). Ensure this is stored securely

Example: "whs_0f6b1b5a-aef0-4011-978b-19fd4a4d46ea"
idstring

The unique Id for the webhook endpoint

Example: "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a"
activeboolean

Whether the endpoint is actively receiving events or not

Example: true
urlstring

The URL of the webhook endpoint

Example: "https://example-endpoint.com/webhook"
eventTypesArray of strings(EventType)

The event types the endpoint is receiving

Items Enum"PaymentSession.approved""PaymentSession.captured""PaymentSession.declined""PaymentSession.voided""PaymentSession.void_failed""PaymentSession.refunded""PaymentSession.refund_failed""PaymentSession.requires_action""Account.created""Account.updated"
Example: ["PaymentSession.captured","PaymentSession.refunded"]
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the webhook endpoint was created

Example: 1470989538
Response
application/json
{
  "secret": "whs_0f6b1b5a-aef0-4011-978b-19fd4a4d46ea",
  "id": "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a",
  "active": true,
  "url": "https://example-endpoint.com/webhook",
  "eventTypes": [
    "PaymentSession.captured",
    "PaymentSession.refunded"
  ],
  "createdTimestamp": 1470989538
}

List your webhook endpoints

Request

Returns a list of your webhook endpoints. They are returned in sorted (by epoch) order (default is newest first).

Security
secretApiKeyAuth
curl -i -X GET \
  https://sandbox-api.ryftpay.com/v1/webhooks \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Successfully retrieved your webhook endpoints

Bodyapplication/json
itemsArray of objects(WebhookEndpoint)
Response
application/json
{
  "items": [
    { … }
  ]
}

Retrieve a webhook endpoint

Request

This is used to fetch a webhook by its unique Id

Security
secretApiKeyAuth
Path
webhookIdstringrequired

Webhook Id to retrieve

Example: wh_01FCTS1XMKH9FF43CAFA4CXT3P
curl -i -X GET \
  https://sandbox-api.ryftpay.com/v1/webhooks/wh_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Webhook endpoint successfully retrieved

Bodyapplication/json
idstring

The unique Id for the webhook endpoint

Example: "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a"
activeboolean

Whether the endpoint is actively receiving events or not

Example: true
urlstring

The URL of the webhook endpoint

Example: "https://example-endpoint.com/webhook"
eventTypesArray of strings(EventType)

The event types the endpoint is receiving

Items Enum"PaymentSession.approved""PaymentSession.captured""PaymentSession.declined""PaymentSession.voided""PaymentSession.void_failed""PaymentSession.refunded""PaymentSession.refund_failed""PaymentSession.requires_action""Account.created""Account.updated"
Example: ["PaymentSession.captured","PaymentSession.refunded"]
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the webhook endpoint was created

Example: 1470989538
lastUpdatedTimestampinteger(int64)

The epoch timestamp (seconds) when the webhook endpoint was last updated

Example: 1470989538
Response
application/json
{
  "id": "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a",
  "active": true,
  "url": "https://example-endpoint.com/webhook",
  "eventTypes": [
    "PaymentSession.captured",
    "PaymentSession.refunded"
  ],
  "createdTimestamp": 1470989538,
  "lastUpdatedTimestamp": 1470989538
}

Update a webhook endpoint

Request

This is used to update a webhook by its unique Id

Security
secretApiKeyAuth
Path
webhookIdstringrequired

Webhook Id to update

Example: wh_01FCTS1XMKH9FF43CAFA4CXT3P
Bodyapplication/jsonrequired
urlstring or null

The new URL of your webhook endpoint

Example: "https://example-endpoint.com/webhook"
activeboolean or null

Whether the endpoint is active (receiving events) or not

Example: true
eventTypesArray of strings or null(EventType)

The event types you want the endpoint to receive

Enum"PaymentSession.approved""PaymentSession.captured""PaymentSession.declined""PaymentSession.voided""PaymentSession.void_failed""PaymentSession.refunded""PaymentSession.refund_failed""PaymentSession.requires_action""Account.created""Account.updated"
Example: ["PaymentSession.captured","PaymentSession.refunded"]
curl -i -X PATCH \
  https://sandbox-api.ryftpay.com/v1/webhooks/wh_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "url": "https://example-endpoint.com/webhook",
    "active": true,
    "eventTypes": [
      "PaymentSession.captured",
      "PaymentSession.refunded"
    ]
  }'

Responses

Webhook endpoint successfully updated

Bodyapplication/json
idstring

The unique Id for the webhook endpoint

Example: "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a"
activeboolean

Whether the endpoint is actively receiving events or not

Example: true
urlstring

The URL of the webhook endpoint

Example: "https://example-endpoint.com/webhook"
eventTypesArray of strings(EventType)

The event types the endpoint is receiving

Items Enum"PaymentSession.approved""PaymentSession.captured""PaymentSession.declined""PaymentSession.voided""PaymentSession.void_failed""PaymentSession.refunded""PaymentSession.refund_failed""PaymentSession.requires_action""Account.created""Account.updated"
Example: ["PaymentSession.captured","PaymentSession.refunded"]
createdTimestampinteger(int64)

The epoch timestamp (seconds) when the webhook endpoint was created

Example: 1470989538
lastUpdatedTimestampinteger(int64)

The epoch timestamp (seconds) when the webhook endpoint was last updated

Example: 1470989538
Response
application/json
{
  "id": "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a",
  "active": true,
  "url": "https://example-endpoint.com/webhook",
  "eventTypes": [
    "PaymentSession.captured",
    "PaymentSession.refunded"
  ],
  "createdTimestamp": 1470989538,
  "lastUpdatedTimestamp": 1470989538
}

Delete a webhook endpoint

Request

This is used to delete a webhook by its unique Id

Security
secretApiKeyAuth
Path
webhookIdstringrequired

Webhook Id to delete

Example: wh_01FCTS1XMKH9FF43CAFA4CXT3P
curl -i -X DELETE \
  https://sandbox-api.ryftpay.com/v1/webhooks/wh_01FCTS1XMKH9FF43CAFA4CXT3P \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Webhook endpoint successfully deleted

Bodyapplication/json
idstring

The Id of the deleted webhook endpoint

Example: "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a"
Response
application/json
{
  "id": "wh_31fba123-0fef-41d6-92ad-fd7089f49f8a"
}

Events

Events are persisted throughout the lifecycle of a payment/action as you use our API. We use events to notify you when something important happens in your account (or a linked sub account). The most commonly used event occurs when a payment is captured, in which case we persist a PaymentSession.captured event and then (optionally) send it to any webhooks you have registered that are listening for that event type.

Note that if you are taking payments as a platform (for sub accounts), events are saved against the sub account accountId, but will be sent to any webhooks that your account has configured.

Operations

Accounts

Account registration for your sub accounts

Operations

Persons

The Persons API allows the creation and management of one or more persons for the purpose of verification for Business sub accounts. Recommended if you wish to implement verification programmatically for your sub accounts. This API cannot be accessed for Individual sub accounts.

Operations

Payout Methods

The Payout Methods API allows the creation and management of payout methods for use when receiving payouts, e.g. bank accounts. Recommended if you wish to implement payouts programmatically for your sub accounts.

Operations

Payouts

A payout represents the transfer of money from Ryft to a connected payout method (bank account), i.e. when we send money you're owed. Typically this is automated.

However, the payouts API allows you to explicitly create payouts for your sub accounts. Generally we'd recommend this if you are a marketplace who wants to control exactly when payouts should be sent out.

Operations

Transfers

A Transfer represents the movement of money between Ryft accounts.

This API allows platforms/marketplaces to transfer money from/to particular sub accounts, useful when:

  • you owe a sub account money from a particular transaction and want to explicitly send it after the fact
  • you want to recoup funds from a sub account, such as when dealing with disputes
  • you want to collect additional/new commission from the sub account
Operations

Balances

The balances API allows you to view your own or a particular sub accounts balances in real-time.

Typically useful when making use of manual payouts or our transfers API so you can determine the funds available prior to initiating requests.

Operations

Balance Transactions

Allows you to query for balance transactions. These transactions represent all actions within a Ryft account that impact account balances.

This API can only be used for reconciliation on transactions created from July 2025 onwards

Operations

Platform Fees

Query any platform fees that your account has taken (when taking payments on behalf of linked sub accounts)

Operations

Customers

The Customers API allows you to persist customer details across sessions. You should use this if you wish to support saving a customer's payment methods and thereby enabling them to reuse previously entered details for future payments.

Operations

Payment Methods

The Payment Methods API allows you to tokenize and store previously used payment methods.

Operations

Subscriptions

The subscriptions API allows you to automatically have Ryft schedule and charge recurring payments for a specific day and time. This API is not required to process recurring payments. After additional configuration, you can use our payment-sessions API to create and charge the recurring payments yourself.

Operations

Files

The Files API allows you to query for and upload files to Ryft. Some files may be generated internally by Ryft when requesting reports, or alternatively you may have uploaded evidence/verification documents

Operations

Apple Pay

Allows implementation of Apple Pay on the web via the API with Ryft's Apple Pay processing certificate.

Operations

Disputes

Disputes (also known as chargebacks) occur when a cardholder wants to query or challenge a transaction on their card statement. The Disputes API allows you to keep track of and manage disputes.

Operations

In-Person Products

The in-person products API allows you query for the products we offer for in-person payments. Useful to view and decide which SKUs you wish to order. Note that products themselves cannot be ordered. You must select one or more SKUs to purchase equipment.

Operations

In-Person SKUs

The in-person SKUs API allows you query for the SKUs we offer for in-person payments. SKUs are ultimately the items you order when purchasing equipment. Each SKU is scoped to a specific country and currency.

Operations

In-Person Orders

The in-person orders API allows you to request physical terminal orders to specific locations. Used in combination with our terminal API you can integrate in-person (card present) payments.

Operations

In-Person Locations

The in-person locations API allows you to setup and manage the locations in which terminals reside.

Operations

In-Person Terminals

The in-person terminals API allows you to setup and manage your physical terminal hardware for in-person (card present) payments.

Operations