Skip to main content

API Reference

Amazon Payment Services provides a comprehensive suite of APIs designed for seamless payment processing integration. This reference guide covers authentication, request/response handling, and implementation patterns for production-ready payment solutions.

Quick Start

1

Retrieve API Credentials

Before implementing API calls, ensure you have a test account ready.

Navigate to Merchant ManagementSecurity Settings and collect the following authentication parameters:

ParameterTypeDescriptionSecurity Level
access_codeStringUnique merchant access identifierConfidential
merchant_identifierStringMerchant account routing IDConfidential
sha_request_phraseStringRequest signature secret keyHighly Confidential
sha_response_phraseStringResponse validation secret keyHighly Confidential
  • Environment Variables: Store all credentials in environment variables, never in source code
  • Access Control: Restrict credential access to authorized personnel only
  • Key Rotation: Rotate SHA phrases every 90 days for enhanced security
  • Network Security: Use HTTPS/TLS 1.2+ for all API communications
2

Select Integration Method

Integration Architecture

Choose the appropriate integration pattern based on your technical requirements, PCI compliance scope, and user experience goals.

Integration TypeImplementation ComplexityCustomization LevelTime to Market
Payment LinksVery LowLowFastest
Hosted CheckoutLowLowFastest
Mobile IntegrationMediumNoneMedium
Custom Integration (Non-PCI)HighHighHigh
Custom Integration (PCI)HighHighHigh
3

Implement API Requests

All Amazon Payment Services API endpoints follow standardized request/response patterns and mandatory signature validation.

Every API request must include these foundational parameters:

Required Parameters Schema
{
"service_command" or "command": "TOKENIZATION" or "PURCHASE",
"access_code": "string (required)",
"merchant_identifier": "string (required)",
"merchant_reference": "string (required, unique)",
"language": "string (required, en|ar)",
"signature": "string (required, SHA-256)"
}

API Request Examples

<!-- HTTPS POST form submitted directly to APS from client browser -->
<form method="post" action="https://sbcheckout.payfort.com/FortAPI/paymentPage" id="tokenization_form">
<!-- Required Tokenization Parameters -->
<input type="hidden" name="service_command" value="TOKENIZATION">
<input type="hidden" name="access_code" value="zx0IPmPy5jp1vAz">
<input type="hidden" name="merchant_identifier" value="CycHZxVj">
<input type="hidden" name="merchant_reference" value="TOKEN-XYZ9239-yu898">
<input type="hidden" name="language" value="en">
<input type="hidden" name="return_url" value="https://www.merchant.com/tokenization-callback">
<input type="hidden" name="signature" value="7cad05f0212ed933c9a5d5dffa31661acf2c827a">

<!-- Card input fields (client-side only) -->
<div class="form-group">
<label for="card_number">Card Number *</label>
<input type="text" id="card_number" name="card_number" placeholder="1234 5678 9012 3456" maxlength="19" required>
</div>

<div class="form-row">
  • Parameter Validation: Validate all parameters before signature calculation
  • Amount Format: Always use minor currency units (cents for USD, fils for AED)
  • Unique References: Generate unique merchant_reference for each transaction
  • Signature Security: Never log or expose SHA phrases in application logs
4

Response Handling

Implement robust response processing with signature validation, error handling, and webhook integration for real-time transaction updates. check out our detailed Webhook Documentation.

5

Testing & Validation

Test Cards: Use our comprehensive Testing Cards

Go-Live Process

When ready to move to production, follow our Go-Live checklist

Developer Resources

Was this page helpful?

Thanks for your feedback!