API Introduction

Acquired.com supports payments via the Card API or the Banking API – you decide what works best for your business. Our platform has your back.

Endpoints

Time to play - access your API using these endpoints:

Security

Once you’re ready to get started in production, do us a favour and send your IP address(es) to the support@acquired.com team to use our API.

We can’t overstate how important security is to everyone at Acquired.com. Here is how we protect each other when you’re using our API:

Request Hash

Each transaction gets a request_hash. We generate one, you generate one, and if they match when we receive your transaction then everyone knows it’s legit.

You’ll need a company_key to calculate the request_hash value. If this is your first time, or if you lost your previous key, send the support@acquired.com team a note. They’ll sort you out.

Here’s what you do next:

  • First concatenate the request fields with your company_key.
  • Then SHA256 encrypt the resulting string

For AUTH_ONLY, AUTH_CAPTURE, CREDIT and BENEFICIARY_NEW request types, concatenate the values from the table below.

Parameter Format Length Description
timestamp string 14 Date and time of transaction submission, in the format yyyymmddhhmmss.
transaction_type string 1-20 The transaction type being performed.
company_id int 1-11 API Company ID we issue to merchants.
merchant_order_id string 1-50 Unique ID used to identify each transaction.
company_key string 1-30 Hash value we assign to merchants.

For VOID,CAPTURE,REFUND, ACCOUNT_UPDATER and PAY_OUTrequest types, concatenate the values from the table below.

Parameter Format Length Description
timestamp string 14 Date and time of transaction submission, in the format yyyymmddhhmmss.
transaction_type string 1-20 The transaction type being performed.
company_id int 1-11 API Company ID we issue to merchants.
original_transaction_id int 1-50 transaction_id value we generated and returned in the original request.
company_key string 1-30 Hash value we assign to merchants.

Here’s sample code for calculating the request_hash value:

function request_hash($param,$company_key){
    if(in_array($param['transaction_type'],array('AUTH_ONLY','AUTH_CAPTURE','CREDIT','BENEFICIARY_NEW'))){
        $str=$param['timestamp'].$param['transaction_type'].$param['company_id'].
        $param['merchant_order_id'];
        }elseif(
            in_array($param['transaction_type'],array('CAPTURE','VOID',
            'REFUND','SUBSCRIPTION_MANAGE','ACCOUNT_UPDATER','PAY_OUT'))){
            $str=$param['timestamp'].$param['transaction_type'].$param['company_id'].
            $param['original_transaction_id'];
        }
        return hash('sha256',$str.$scompany_key);
    }
      

Coming soon...
        

Coming soon...
      

Response Hash

You’ll see a response_hash parameter in our response to all your transaction requests. That’s how you know it’s absolutely, definitely from Acquired.com.

response_hash is calculated in the same way whatever the transaction type – it’s a concatenated 64-character SHA256-encrypted string created from the following response values:

Parameter Format Length Description
timestamp string 14 Date and time of transaction submission, in the format yyyymmddhhmmss.
transaction_type string 1-20 The transaction type being perform.
company_id int 1-11 API Company ID we issue to merchants.
transaction_id int 1-50 Unique transaction_id value we generated.
response_code int 1-3 Code describing transaction results.
company_key string 1-30 Hash value we assign to merchants.

Here’s sample code for calculating the response_hash value:

function response_hash($param,$company_key){
    $str=$param['timestamp'].$param['transaction_type'].$param["company_id"].$param['transaction_id'].$param['response_code'];
    return hash('sha256',$str.$company_key);
      

Coming soon...
        

Coming soon...