DEVELOPER
DEVELOPER
Products

Gateway Business Reporting API Integration Guide

reporting






EnvironmentBase URL
Sandboxhttps://proxy.payanywhere.dev
Productionhttps://proxy.payanywhere.com



How To Start

  1. Sign up for a free North Developer account.
  2. Log in to the Payments Hub portal.
  3. Navigate to Business Settings then API Access to complete the configuration.
  4. On the API Access page, click Get Credentials under the Invoicing API section and follow the on-screen instructions. Please ensure you save your API password, as it will only be shown once.
  5. Contact us and we'll request that you provide your Developer Key which will enable you to access the Gateway Business Reporting API endpoints.
  6. Use the guide below and the API specification to build your app.
  7. When development is complete, contact us and once we ensure things are working properly, you will receive Production credentials.

Server Requirements

Any connections must be made over TLS v1.2 or higher. The following are the supported ciphers:

  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384

Authentication

For calls that require authentication, first call the Auth endpoint. This endpoint will return a JWT that should be used with the Authorization header, as well as an account ID that should be used as a request parameter for account-related requests.

Authentication Request


Method: POST
Request URL: https://proxy.payanywhere.com/auth

Headers:

NameValueDescription
Content-Typeapplication/jsonRequired. Content type of message. For most messages, this will be the default.
Content-Length1234Required. This value should be set to the exact length of the message body you are sending.
x-nabwss-appsourcepa_isv_1234567890abcRequired. This value is specific to each individual API account. For example, ISVs selling an application to multiple companies would use a different value for each company. Similarly, if a user has multiple accounts (MIDs) with us, the value for the x-nabwss-appsource header would be different for each MID.


Body:



Authenticated Response


HTTP Status: 200
JSON Response:



Unauthenticated Response


HTTP Status: 404
JSON Response:



Invalid Post Data Response


HTTP Status: 400
JSON Response:



Refresh Authentication Session

This endpoint takes a previously-authorized JWT and creates a new JWT with an extended expiration date. Data stored within the token will stay the same, and the user will still have access to any of the endpoints. The bearer token lasts for 40 minutes and should be expired when done with an API sequence.

Send valid JWTs through the Authorization header and replace your stored JWT with the token response upon success. Note that this endpoint can only refresh valid JWTs signed by this application. Invalid or expired JWTs are unauthorized and will return as such. The developerKey and password will be provisioned by a North Integration specialist.

Refresh Authentication Session Request


Method: POST
Request URL: https://proxy.payanywhere.com/auth/refreshSession

Headers:

NameValueDescription
Content-Typeapplication/jsonRequired. Content type of message. For most messages, this will be the default.
Content-Length1234Required. This value should be set to the exact length of the message body you are sending.
AuthorizationBearer Required. should be replaced with the JSON web token received from the latest authorization.
x-nabwss-appsourcepa_isv_1234567890abcRequired. This value is specific to each individual API account. For example, ISVs selling an application to multiple companies would use a different value for each company. Similarly, if a user has multiple accounts (MIDs) with us, the value for the x-nabwss-appsource header would be different for each MID.


Refresh Authentication Session Success Response


HTTP Status: 200
JSON Response:



Refresh Authentication Session Failure Response


This failure response is typically received when an expired or invalid token is provided in the request.

HTTP Status: 401
JSON Response:



Log Out of Authenticated Session

This endpoint will logout and expire a JWT. It requires a previously authorized JWT.

Log Out of Authenticated Session Request


Method: GET
Request URL: https://proxy.payanywhere.com/auth/expireToken

Headers:

NameValueDescription
Content-Typeapplication/jsonRequired. Content type of message. For most messages, this will be the default.
Content-Length1234Required. This value should be set to the exact length of the message body you are sending.
AuthorizationBearer Required. should be replaced with the JSON web token received from the latest authorization.
x-nabwss-appsourcepa_isv_1234567890abcRequired. This value is specific to each individual API account. For example, ISVs selling an application to multiple companies would use a different value for each company. Similarly, if a user has multiple accounts (MIDs) with us, the value for the x-nabwss-appsource header would be different for each MID.


Log Out of Authenticated Session Success Response


HTTP Status: 200
JSON Response:

Log Out of Authenticated Session Failure Response


This failure response is typically received when an expired or invalid token is provided in the request.

HTTP Status: 401
JSON Response:

Get Started
Working With UsHardwareSecurityFAQsGlossaryTags by Topic
Products
In-Person PaymentsOnline PaymentsFull-FeaturedMerchant Management
Explore
About UsBlogNorth.comNorth HubNorth Exchange
More
Log InCreate AccountContact UsTerms of UsePrivacy PolicyCookies
©2026 North is a registered DBA of NorthAB, LLC. All rights reserved. North is a registered ISO of BMO Harris Bank N.A., Chicago, IL, Citizens Bank N.A., Providence, RI, The Bancorp Bank, Philadelphia, PA, FFB Bank, Fresno, CA, Wells Fargo Bank, N.A., Concord, CA, and PNC Bank, N.A.