Error codes
Errors are JSON objects with error (machine-readable) and message (human-readable).
HTTP statuses
Section titled “HTTP statuses”| HTTP | error | Typical cause |
|---|---|---|
| 400 | BAD_REQUEST | Missing fields, bad amount, non-HTTPS notifyUrl, unsupported token, etc. |
| 401 | UNAUTHORIZED | Missing Authorization, bad HMAC, timestamp outside ±5 minutes |
| 404 | NOT_FOUND | Unknown paymentId |
| 409 | CONFLICT | Duplicate orderNo for the merchant |
| 500 | INTERNAL_ERROR | Server error—retry and contact operations |
Examples
Section titled “Examples”400 Bad Request
Section titled “400 Bad Request”{ "error": "BAD_REQUEST", "message": "Invalid amount" }401 Unauthorized
Section titled “401 Unauthorized”{ "error": "UNAUTHORIZED", "message": "Invalid merchant HMAC signature" }{ "error": "UNAUTHORIZED", "message": "Merchant HMAC authorization is required" }404 Not Found
Section titled “404 Not Found”{ "error": "NOT_FOUND", "message": "Payment not found" }409 Conflict
Section titled “409 Conflict”{ "error": "CONFLICT", "message": "Payment order already exists" }Webhook delivery failures
Section titled “Webhook delivery failures”If your notifyUrl does not return 2xx within 5 seconds, we retry automatically (up to 8 times, exponential backoff). Make the endpoint idempotent; delivery details are available through your operations channel (not part of this public API surface).