Create payment

post

https://api.truelayer-sandbox.com/v3/payments

Create a new payment

This API must be called using a backend bearer token.

📘
Endpoint path changes
All Payments API v3 endpoints now start with /v3/. The old endpoints still work, but you must use the new path for all new integrations.

Body Params

amount_in_minor

integer

required

≥ 1

A 'cent' value representing the amount. eg 100 = 1GBP or 100 = 1EUR

currency

string

enum

required

Allowed:

payment_method

required

user

object

required

Details of the end user who is making the payment. If you are using your own PISP licence, these fields are not required.

Payments over a mandate don't need user information as this was collected at mandate creation.

metadata

object

Optional field for adding custom key-value data to a resource. This object can contain a maximum of 10 key-value pairs, each with a key with a maximum length of 40 characters and a non-null value with a maximum length of 500 characters.

related_products

object

Optional field for adding related products, at least one product should be set.
Not available when creating recurring payments.

authorization_flow

object

This object contains a declaration of your UI's capabilities. The API adjusts the flow based on this parameter and filters out unsupported providers. If you supply this parameter, you don't need to call the Start authorization flow endpoint.

This cannot be provided if also using the hosted_page option.

hosted_page

object

Provide these parameters to have an auto constructed hosted page URI returned on the response.

This cannot be provided if starting the authorization_flow explicitly.

risk_assessment

object

An optional field for configuring risk assessment and the payment_creditable webhook. Learn how to enable this field.

sub_merchants

object

The details related to any applicable sub-merchants, for example an underlying division of the overall business.

user_consent

Information of how the user's consent is captured for the payment.

Headers

Idempotency-Key

string

required

An idempotency key to allow safe retrying without the operation being performed multiple times.
The value should be unique for each operation, e.g. a UUID, with the same key being sent on a retry of the same request.

Tl-Signature

string

required

A JWS with detached content, signed with your private key.
See Request Signing

X-Forwarded-For

string

Used to collect and record end-user IP address.
The first IP address in the list will be used as the end-user IP address.

X-Device-User-Agent

string

Used to improve end-user's authentication experience based on device type.
If omitted, the User-Agent header will be used instead.

string

enum

Defaults to application/json; charset=UTF-8

Generated from available response content types

Allowed:

Responses

Endpoint path changes

201Payment

400Invalid Parameters

401Unauthenticated

403Forbidden

409Idempotency-Key Concurrency Conflict

422Idempotency-Key Reuse

429Rate Limit Exceeded

500Unknown Error