Business Reporting API Integration Guide

Business Reporting API

ProductsBusiness Reporting API Integration Guide
reporting

Environment	Base URL
Sandbox	https://proxy.payanywhere.dev
Production	https://proxy.payanywhere.com

How To Start

Sign up for a free North Developer account.
Contact us for credentials. Once credentials are provisioned, they can be referenced when logged in by selecting the User profile icon in the top right corner of the screen and selecting Credentials.
Apply for a Merchant Processing Account. Once approved, a Merchant ID (MID) will be provided to you.
Use the API specification to build your app. When logged in, you can use the Integration Tracker to view the status of your integration, notes from meetings with Integration Engineers, resources related to your solution, and more by clicking the User profile icon in the top right corner of the screen and selecting Integrations.
When development is complete, contact us and once we ensure things are working properly, you will receive Production credentials.

Server Requirements

Any connections must be made over TLS v1.2 or higher. The following are the supported ciphers:

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384

Authentication

For calls that require authentication, first call the Auth endpoint. This endpoint will return a JWT that should be used with the Authorization header, as well as an account ID that should be used as a request parameter for account-related requests.

Authentication Request

Method: POST
Request URL: https://proxy.payanywhere.com/auth

Headers:

Name	Value	Description
Content-Type	application/json	Required. Content type of message. For most messages, this will be the default.
Content-Length	1234	Required. This value should be set to the exact length of the message body you are sending.
x-nabwss-appsource	pa_isv_1234567890abc	Required. This value is specific to each individual API account. For example, ISVs selling an application to multiple companies would use a different value for each company. Similarly, if a user has multiple accounts (MIDs) with us, the value for the x-nabwss-appsource header would be different for each MID.

Body:


{
  "mid": "Your MID",
  "developerKey": "Your Developer Key",
  "password": "Your Auth Password"
}

Authenticated Response

HTTP Status: 200
JSON Response:


{
  "accountId": "Account ID",
  "mid": "Your MID",
  "token": "JWT"
}

Unauthenticated Response

HTTP Status: 404
JSON Response:


{
  "message": "Sorry, your developer key and/or password is incorrect."
}

Invalid Post Data Response

HTTP Status: 400
JSON Response:


{
  "message": "credentials not supplied"
}

Refresh Authentication Session

This endpoint takes a previously-authorized JWT and creates a new JWT with an extended expiration date. Data stored within the token will stay the same, and the user will still have access to any of the endpoints. The bearer token lasts for 40 minutes and should be expired when done with an API sequence.

Send valid JWTs through the Authorization header and replace your stored JWT with the token response upon success. Note that this endpoint can only refresh valid JWTs signed by this application. Invalid or expired JWTs are unauthorized and will return as such. The developerKey and password will be provisioned by a North Integration specialist.

Refresh Authentication Session Request

Method: POST
Request URL: https://proxy.payanywhere.com/auth/refreshSession

Headers:

Name	Value	Description
Content-Type	application/json	Required. Content type of message. For most messages, this will be the default.
Content-Length	1234	Required. This value should be set to the exact length of the message body you are sending.
Authorization	Bearer	Required. should be replaced with the JSON web token received from the latest authorization.
x-nabwss-appsource	pa_isv_1234567890abc	Required. This value is specific to each individual API account. For example, ISVs selling an application to multiple companies would use a different value for each company. Similarly, if a user has multiple accounts (MIDs) with us, the value for the x-nabwss-appsource header would be different for each MID.

Refresh Authentication Session Success Response

HTTP Status: 200
JSON Response:


{
  "token": "New JWT"
}

Refresh Authentication Session Failure Response

This failure response is typically received when an expired or invalid token is provided in the request.

HTTP Status: 401
JSON Response:


{
  "message": "Unauthorized"
}

Log Out of Authenticated Session

This endpoint will logout and expire a JWT. It requires a previously authorized JWT.

Log Out of Authenticated Session Request

Method: GET
Request URL: https://proxy.payanywhere.com/auth/expireToken

Headers:

Name	Value	Description
Content-Type	application/json	Required. Content type of message. For most messages, this will be the default.
Content-Length	1234	Required. This value should be set to the exact length of the message body you are sending.
Authorization	Bearer	Required. should be replaced with the JSON web token received from the latest authorization.
x-nabwss-appsource	pa_isv_1234567890abc	Required. This value is specific to each individual API account. For example, ISVs selling an application to multiple companies would use a different value for each company. Similarly, if a user has multiple accounts (MIDs) with us, the value for the x-nabwss-appsource header would be different for each MID.

Log Out of Authenticated Session Success Response

HTTP Status: 200
JSON Response:


{
  "message": "You have been logged out successfully."
}

Log Out of Authenticated Session Failure Response

This failure response is typically received when an expired or invalid token is provided in the request.

HTTP Status: 401
JSON Response:


{
  "message": "Unauthorized"
}