The Provider API and your needs
Integrating with Payments Acceptance Service allows Sage customers to offer payment options for their customers and process their invoice payments.
For more information about Payments Acceptance Service and the Provider API, go to What is Payments Acceptance Service?.
As an integrated partner, your service will appear in Sage Marketplace. Customers can then onboard to your service.
The provider requirements
Review the requirements for information on how to integrate with Payments Acceptance Service. You can still integrate if some items are not complete. But, there may be a need for further assessment before you integrate.
The Provider API will throttle requests at a default rate of 10 requests per second. If this is exceeded, a 429 error is returned.
- Sage ID access tokens last for 480 minutes. You should re-use your token until it expires. You do not need a new token for each request.
- You need to encrypt the client credentials and API keys given to you during onboarding. Keep these secure at all times.
- You need to notify Sage immediately of any breach of credentials.
- You can validate the header API key and Sage ID token sent in authorisation and notification requests.
Handling authorisation and notifications
With the Provider API you can handle notifications sent from the Payments Acceptance Service. This is an optional requirement.
Notifications (webhooks) are sent to the callback URL. These occur when a user tries to:
- sign up to your payment service.
- make an invoice payment with your payment service.
Provider API requirements for authorisation and notifications
- An authorisation endpoint URL for sandbox and production environments.
- Contact details and job title for the person securing the API key and client credentials.
- Notification endpoint URL for sandbox and production environments. This is optional.
- Notification header name and value to allow verification and routing of notification. This is optional.
Register with Sage
To access our REST APIs you need to be using the following encryption protocol:
- Transport Layer Security (TLS) 1.2
Contact Sage to register
As a payment service provider you’ll need to register with Sage to request your service is connected. After this, app registry and key provisioning is handled by Sage.
To register, go to our Partners page, and select “Request access”.
Getting set up
What you need to do
After you’ve registered with us, you’ll need to:
- implement a connector API.
- onboard businesses to your service.
Implement a connector API
To process webhooks sent by the consumer API you need a connector API. This is needed to check when an invoice payment is made for your payment service.
Onboard businesses to your service
You’ll be informed when a new business tries to onboard through your connector API. On handling the notification, an authorisation link is sent as a response. This allows the onboarding business to complete their application and onboarding request.
What you’ll get from us
After registration, we’ll send you these resources:
- Instructions on how to use the Provider API
- Access credentials
- Postman collections
You can find out more about Postman collections in Stage 3: Integrate.
Find out what you need to do to successfully integrate with our service.