API Specifications – Payments

6. API Specifications – Payments

6.1 Authentication and Security Management

All API requests must be made through HTTPS. You must authenticate all requests by using the HTTP Authorization header. The POP API header value format is as follows:

  • Use HTTP basic authentication to authenticate the request.
  • Specify the auth-parameter, where the overall parameter value is provided in the form is

Note: x-cpm-sec-token is a unique value that you generate for a unique request. Velocity uses this value to verify if a request is submitted multiple times. This value must be a valid UUID (Universally Unique Identifier), with a canonical format using hexadecimal text with inserted hyphen characters. You can consult CELLPOINT DIGITAL support to check if this is enabled for your account.

The following is an example of parameters in HTTP header section:

x-cpm-sec-token- 6lutO0jd0h1YjlHqjAn6cjKYF5n2ZJjp%2fDNk08IGKS0%3d

To integrate Apple Pay with your application, complete the following steps:

  1. Initialize payment using mpoint/initialize-payment.
  2. Invoke Pay API call to retrieve the session for the Apple Pay Payment
  3. Authorize payment using /mpoint/authorize-payment.

Note: You must Process Response of initialize payment to complete the integration process.

Note: This document details the API flow for the mobile side of the integration.
You may be required to refer to the CellPoint Digital Velocity - iOS SDK - Integration Guide.

6.2 Apple Pay Integration

Before you start the API integration, you must follow the Apple Web Integration checklist and branding guidelines as follows: