Overview
About
This page outlines the basic information required to interact with the Reach Checkout API as well as contextual information to better define when certain requests should be sent.
API Request Basics
Every merchant is assigned a merchant ID and a secret shared only with Reach. Data sensitive requests and responses are signed using the shared secret in order to verify the sender and data integrity.
A different merchant ID and Secret is assigned for sandbox and production environments.
More specifically...
A simple Reach API request has a UTF-8 encoded JSON request body and a Base-64 encoded SHA-256 HMAC signature based on the request body using the shared secret as the key.
The request body and signature is then URL encoded before being sent using either HTTP GET or POST.
For example:
The above example is a sandbox /checkout request for a credit card order. Since credit card details are normally added to a /checkout request on the customer's browser, and the merchant's secret should never be made public, the card details are appended to the request and are not a part of the signature calculation.
Available API Requests
| Request Name | HTTP Type | What it does |
|---|---|---|
| /getRates | GET | Returns the current foreign exchange rates available for all configured countries. |
| /localize | GET POST | Returns locale information for a given country or customer IP address, including the current foreign exchange rate. |
| /fingerprint | GET | Assigns a unique device id to the customer to guard against fraudulent activity. |
| /getPaymentMethods | GET | Returns all available payment methods for a given country and currency. |
| /badge | GET | Retrieves location declaration information from Reach. |
| /openContract* | POST | Creates a contract within Reach. |
| /checkout* | POST | Creates the order with Reach. |
| /modify* | POST | Modifies the order details. |
| /create* | POST | Creates a merchant’s order within Reach without billing information. |
| /authorize* | POST | Authorizes payment for the order, holding the funds until the order is captured. |
| /capture* | POST | Captures payment for an authorized order. |
| /cancel* | POST | Cancels an authorized order. A captured order may not be canceled. |
| /refund* | POST | Refunds a captured order. An authorized order that has not been captured may not be refunded. |
| /query* | POST | Retrieves information about an order. |
*Signature required.
Where requests are usually implemented:
Communication Diagram
Updated over 4 years ago