Plexy
Pay APIGate APIDashboard
Pay APIGate APIDashboard
  1. Pay API
  • Overview
  • Authorization
  • Webhooks
  • API Errors
  • Test Scenarios
  • Ecommerce Plugins
  • API
    • Payments
      • Overview
      • Payment Links
        • Create Payment Link
        • List Payment Links
        • Retrieve Payment Link by Order Reference
        • Cancel Payment Link
        • Retrieve Payment Link
        • Update Payment Link Expiration
        • Retrieve Payment Links Statistics
      • Reccurent Payments
        • Create Merchant-Initiated Payment
      • Direct Payments
        • Get Keys
        • Create Host-to-Host Payment
      • Transaction Management
        • Find Transaction's History by ID
        • Find Transaction by Payment Link ID
        • Find Transaction by ID
        • Find Transaction by Order reference
      • Payment Management
        • Cancel Payment
        • Capture Payment
        • Process Refund
      • Split Requests
        • Create
        • List
        • Update
        • Get By Id
        • Delete
      • Settlement Payment Order
        • Create
        • Get by id
        • List
    • Payouts
      • Retrieve Payout Transactions
      • Process Payout
      • Save Card for Payouts
    • Customers
      • Get Customer's Card Tokens
      • List Customers
      • Create Customer
      • Get Customer by ID
      • Get Customer's Transactions
    • Merchants
      • Payment Beneficiary
        • Create
        • Update
        • Gey By Id
        • List
        • Transfer from beneficiary balance to merchant balance
        • Create manual settlement for beneficiary
      • Retrieve Merchant's Details
  • Client SDK
    • Server flow
      • Advanced server flow
      • Session server flow
    • Web
      • Web Drop-in
      • Web Components
    • Flutter
      • Flutter Drop-in
      • Flutter Components
  • Schemas
    • Schemas
      • response.TransactionList
      • entity.SplitRequest
      • entity.PaymentBeneficiary
      • request.CreatePaymentBeneficiary
      • entity.SettlementPaymentOrder
      • entity.PayoutRequest
      • entity.PayoutRequestRowData
      • command.HandleThreeDResult
      • domain.Report
      • entity.CardSaveSessionCustomer
      • entity.Permission
      • entity.UserProfile
      • entity.UserRole
      • errors.Message
      • errors.Source
      • errors.Type
      • git_plexypay_com_ecom_back_api_internal_domain_view.Page-domain_Report
      • git_plexypay_com_ecom_back_api_internal_domain_view.Page-entity_UserProfile
      • git_plexypay_com_ecom_back_api_internal_platform_errors.Code
      • models.CSVApiRequest
      • models.CreateBussinessDetails
      • models.KeyResponse
      • models.OnboardingRequest
      • models.Transaction
      • paymentcore.Address
      • paymentcore.CustomerDetails
      • request.AuthorizePayment
      • request.BrowserDetails
      • request.CardData
      • request.ChangeUserRole
      • request.ContinueThreeDS
      • request.CreateCardSaveSession
      • request.CreateInviteSession
      • request.CreatePaymentLink
      • request.CreatePaymentLinkMetadata
      • request.HandlePayout
      • request.MerchantInitiatedPayment
      • request.PasswordRequest
      • request.Recurring
      • request.RefundPayment
      • request.SaveCard
      • request.SaveOneCustomer
      • request.TwoStepAuthorizePayment
      • request.UpdateMerchantSettingsRequest
      • request.UpdatePaymentLink
      • response.AcquirerResponseThreeDSecure
      • response.AuthorizeAndCapturePayment
      • response.AuthorizePayment
      • response.CancelPaymentResponse
      • response.CapturePaymentResponse
      • response.ContinueThreeDS
      • response.Currency
      • response.Customer
      • response.CustomerTransaction
      • response.CustomerTransactions
      • response.Customers
      • response.Error
      • response.Merchant
      • response.MerchantInitiatedPayment
      • response.MerchantSettings
      • response.PaymentLink
      • response.PaymentLinkInfo
      • response.PaymentLinkMetadata
      • response.PaymentLinksInfo
      • response.PaymentLinksStatistics
      • response.PaymentLinksStatisticsItem
      • response.Payout
      • response.Permission
      • response.RefundPaymentResponse
      • response.Report
      • response.SavedCard
      • response.Session
      • response.Settlement
      • response.SettlementTransaction
      • response.Store
      • response.Stores
      • response.Transaction
      • response.TransactionDetails
      • response.TransactionEvents
      • response.TransactionHistoryEvent
      • response.TransactionHistoryEventData
      • response.TransactionResponse
      • response.TransactionWebhookDetails
      • response.Transactions
      • response.UpdateMerchantSettingsResponse
      • response.UserProfile
      • value.PaymentMethod
    • receipt
    • Error
    • DecimalAmount
    • ProductType
    • ProductCategory
    • Product
    • Order
    • AgentBalance
    • AgentDeposit
    • TopupRequest
    • CreateOrderRequest
Pay APIGate APIDashboard
Pay APIGate APIDashboard
  1. Pay API

Authorization

This page describes how to authenticate your server to Plexy Pay’s HTTP API. Authentication is API-key–based and sent in the Authorization header.

Overview#

Auth scheme: API Key
Header: Authorization: <api-key>
Transport: HTTPS only (TLS 1.2+)
Who uses it: Your backend (never expose keys in client-side code/apps)

Sending the API Key#

Include your key in the Authorization header on every request:
Authorization: <api-key>

Best Practices#

Do not prepend Bearer — only use the plain API key string.
Store keys securely: environment variables + secret managers (e.g., Vault, AWS Secrets Manager).
Never embed in front-end/mobile code or logs. Mask keys (********) in any output.
Rotate regularly: support multiple active keys during rotation.
Least privilege: use separate keys per system/environment (prod, stage) and per application.
Protect at rest: disable shell history logging of commands containing keys; prefer .netrc/env var injection.
Respond to compromise: revoke the key immediately and rotate credentials; audit recent calls.
Do not prefix your key with Bearer . The header must contain only the raw API key value, for example:
Authorization: ********************

Example API Method#

GET /v1/transactions/by-payment-link/{payment_link_id}
Retrieve a transaction by its payment link identifier.
Auth: Authorization: <api-key> (⚠️ not Bearer)
Method: GET
Path Params:
payment_link_id — UUID
cURL
Responses
200 OK — transaction payload (see example above)
401 Unauthorized — missing/invalid API key
404 Not Found — not found or out of scope
Modified at 2025-09-23 12:44:53
Previous
Overview
Next
Webhooks
Built with