CityPay Rest API PayPost-v5

PayPOST is a HTTP RESTful payment API used for server to server transactional processing.

Legal Notice 

This document contains information proprietary to CityPay Limited (CPL). The data contained herein may not be duplicated in whole or in part, used, or disclosed by the recipient or purchaser for any purpose other than to evaluate the systems and specifications described in this document.

CPL makes no warranty of any kind with regard to this documentation, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. CPL shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.

What is PayPOST?

PayPOST is a HTTP RESTful payment API used for server to server transactional processing.

It provides a number of payment mechanisms including

The API provides data in XML or JSON response documents.

The Basic Payment Mechanism

Payment requests are performed by constructing a synchronous payment transaction request using TLS encryption (HTTPS) to the Payment Gateway. When the transaction has completed the gateway will return an XML or JSON document which can then be parsed for data collection and validation within the Merchant's application.

  1. Merchants send a HTTP POST message protected using TLS to the gateway servers.
  2. The request is passed internally through the gateway network to the central processing and authorisation servers. These servers act as an intelligent routing device, forwarding transactions for authorisation and collating information for batching and settlement.
  3. The gateway validates the transaction request based on configured processing rules.
  4. If participating, the transaction is advanced to the 3D-Secure Merchant Plug In to check whether the card holder participates in 3D-Secure. If the card participates and authentication is required the API will return a request for authentication
  5. The authorisation request is routed for authorisation with the merchant's bank.
  6. The authorisation response is retrieved and validated against post-processing rules before reformatting the request for subsequent response delivery.
  7. The transaction is stored in a central database ready for settlement to occur.


  1. Transaction Processing
  2. API HTTP Request Model
  3. API HTTP Response Model
  4. API 3-D Secure Response
  5. Pre-Auth Transaction Processing
  6. Card Holder Account Transaction Processing
  7. Policy Settings

Further Information

Single Page for Printing

+44 (0)1534 884000