Initialize Payment Session
Initializes a new payment session with the ePay Payments API. This endpoint requires a valid ApiKey and must be called from the server side to ensure the ApiKey is never exposed client-side. You’ll receive the outcome of the payment session on the `notificationUrl` you provide within the request, making it the primary way to track the result of this payment. [Webhooks](/api/create-webhook) can be used separately if you need broader, system-wide updates. *We recommend a minimum timeout of 5 seconds.* :::info Required or configurable fields In the ePay backoffice, under Advanced Point of Sale Settings, you can set default values for many session initialization parameters. This allows you to manage your setup without updating your code. Each property must be defined either in the backoffice or in the API request. If a value is provided in the API request, it overrides the backoffice default. The following fields can be configured: - `scaMode` - `timeout` - `instantCapture` - `processor` - `maxAttempts` - `notificationUrl` - `successUrl` - `failureUrl` - `exemptions` Note: Only a subset of these fields are strictly required for the API request. The table below indicates which fields are mandatory or optional. :::
Authorization
BearerAuth In: header
Header Parameters
Ensures that a request can be safely retried without causing duplicate operations. Typically used for actions like payment creation and operations such as refund and void to prevent accidental double processing. - If a response is replayed due to using the same key, the response will include the header `Idempotent-Replayed: true`. - Idempotency keys are scoped by **[Key, Endpoint, HTTP Verb]**; the same key on a different endpoint or method will not replay the original response. - Responses are cached for **24 hours**. After that, the cache is cleared, so idempotency is only guaranteed within 24 hours of the initial request.
Request Body
application/json
Payment session initialization payload.
TypeScript Definitions
Use the request body type in TypeScript.
Id of the point of sale to associate the payment with.
uuid"01924737-9c18-71c0-ab1a-88698eaceabf"This is the transaction reference, similar to an order ID. The reference **SHOULD** be unique for each payment, as some acquirers enforce per-payment uniqueness. Using a duplicate reference may result in failed payments or make reconciliation difficult. Only ASCII alphanumeric characters and dashes are allowed. **Worldline specific**: `-` is removed if present and if the value is longer than 12 position, the left most part is used.
^[A-Za-z0-9-]{1,36}$1 <= length <= 36"reference-1"This is the transaction reference, similar to an order ID. The reference **SHOULD** be unique for each payment, as some acquirers enforce per-payment uniqueness. Using a duplicate reference may result in failed payments or make reconciliation difficult. Only ASCII alphanumeric characters and dashes are allowed. **Worldline specific**: `-` is removed if present and if the value is longer than 12 position, the left most part is used.
^[A-Za-z0-9-]{1,36}$1 <= length <= 36"reference-1"This is the transaction reference, similar to an order ID. The reference **SHOULD** be unique for each payment, as some acquirers enforce per-payment uniqueness. Using a duplicate reference may result in failed payments or make reconciliation difficult. Only ASCII alphanumeric characters and dashes are allowed. **Worldline specific**: `-` is removed if present and if the value is longer than 12 position, the left most part is used.
^[A-Za-z0-9-]{1,36}$1 <= length <= 36"reference-1"The amount must be defined in minor units. E.g. 2,50 DKK must be set as 250. If amount is set to 0 a token will be created only and returned to the integrator.
100The currency code of the payment. For Danish Kroner defined as DKK. ISO 4217 alpha-3 (e.g., DKK)
^[A-Z]{3}$"DKK"If the payment should be captured instantly or not.<ul><li> `OFF` indicates that the payment should not be captured instantly.</li><li> `VOID` indicates that the payment should be captured instantly and if somehow the instant capture fails the payment is voided.</li><li> `NO_VOID` indicates that the payment should be captured instantly and if the capture fails the authorization is kept (no void is made)</li></ul>
"OFF""VOID""NO_VOID""OFF"If the payment should be captured instantly or not.<ul><li> `OFF` indicates that the payment should not be captured instantly.</li><li> `VOID` indicates that the payment should be captured instantly and if somehow the instant capture fails the payment is voided.</li><li> `NO_VOID` indicates that the payment should be captured instantly and if the capture fails the authorization is kept (no void is made)</li></ul>
"OFF""VOID""NO_VOID""OFF"If the payment should be captured instantly or not.<ul><li> `OFF` indicates that the payment should not be captured instantly.</li><li> `VOID` indicates that the payment should be captured instantly and if somehow the instant capture fails the payment is voided.</li><li> `NO_VOID` indicates that the payment should be captured instantly and if the capture fails the authorization is kept (no void is made)</li></ul>
"OFF""VOID""NO_VOID""OFF"**DEPRECATED:** *This parameter will soon be removed and will no longer have any effect. The functionality has been replaced by routing rules in the ePay back office.* List of processors to use. This is the routing of the payment. The value can be `shift4`, `clearhaus` and `nets`.<br/><br/>Processor priority follows the order in the list. If the first processor fails or declines, the next processor in the list will be attempted, and so on until all processors have been tried. Note that the actual processing order is not guaranteed and may depend on external factors, such as the specific payment card used by the cardholder.
[
"shift4"
]**DEPRECATED:** *This parameter will soon be removed and will no longer have any effect. The functionality has been replaced by routing rules in the ePay back office.* List of processors to use. This is the routing of the payment. The value can be `shift4`, `clearhaus` and `nets`.<br/><br/>Processor priority follows the order in the list. If the first processor fails or declines, the next processor in the list will be attempted, and so on until all processors have been tried. Note that the actual processing order is not guaranteed and may depend on external factors, such as the specific payment card used by the cardholder.
[
"shift4"
]**DEPRECATED:** *This parameter will soon be removed and will no longer have any effect. The functionality has been replaced by routing rules in the ePay back office.* List of processors to use. This is the routing of the payment. The value can be `shift4`, `clearhaus` and `nets`.<br/><br/>Processor priority follows the order in the list. If the first processor fails or declines, the next processor in the list will be attempted, and so on until all processors have been tried. Note that the actual processing order is not guaranteed and may depend on external factors, such as the specific payment card used by the cardholder.
[
"shift4"
]This is the text set on the transaction in the bank viewed by the card holder. That can be e.g. "order 123". Defaults to the ePay transaction id. Some providers does not support long texts, ePay will automatically cut the text to fit the providers requirements.
1 <= length <= 39"order 123"This is the text set on the transaction in the bank viewed by the card holder. That can be e.g. "order 123". Defaults to the ePay transaction id. Some providers does not support long texts, ePay will automatically cut the text to fit the providers requirements.
1 <= length <= 39"order 123"This is the text set on the transaction in the bank viewed by the card holder. That can be e.g. "order 123". Defaults to the ePay transaction id. Some providers does not support long texts, ePay will automatically cut the text to fit the providers requirements.
1 <= length <= 39"order 123"A list of pass through attributes that is sent back to the merchant on webhooks. Max size is 1kb.
A list of pass through attributes that is sent back to the merchant on webhooks. Max size is 1kb.
A list of pass through attributes that is sent back to the merchant on webhooks. Max size is 1kb.
An optional merchant defined customer id used to uniquely identify a user in the merchant system. This field is required to enable stored payment methods and enhanced age verification.
"User159"An optional merchant defined customer id used to uniquely identify a user in the merchant system. This field is required to enable stored payment methods and enhanced age verification.
"User159"An optional merchant defined customer id used to uniquely identify a user in the merchant system. This field is required to enable stored payment methods and enhanced age verification.
"User159"Customer info. These data points are used during SCA/3DS and is required for some schemes. These data may also be sent to the specific payment provider, if required to complete the payment such as Klarna. It is recommended to send all the info that is available to improve the approval rate.
{
"firstName": "Peter",
"lastName": "Nielsen",
"email": "email@example.com"
}Customer info. These data points are used during SCA/3DS and is required for some schemes. These data may also be sent to the specific payment provider, if required to complete the payment such as Klarna. It is recommended to send all the info that is available to improve the approval rate.
{
"firstName": "Peter",
"lastName": "Nielsen",
"email": "email@example.com"
}If not null then pre-authorization webhook are enabled for all transaction attempts for the session. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/preAuth"If not null then pre-authorization webhook are enabled for all transaction attempts for the session. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/preAuth"If not null then pre-authorization webhook are enabled for all transaction attempts for the session. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/preAuth"The array containing list of line items that are part of this order. Maximum of 1000 line items could be processed in a single order. This is used by some payment methods, such as Klarna.
items <= 1000The array containing list of line items that are part of this order. Maximum of 1000 line items could be processed in a single order. This is used by some payment methods, such as Klarna.
items <= 1000The array containing list of line items that are part of this order. Maximum of 1000 line items could be processed in a single order. This is used by some payment methods, such as Klarna.
items <= 1000**Note `scaMode` is always set to `FORCE` when initializing a subscription due to EU PSD2 regulations.** <br><br> To create a subscription, allowing you to process MIT transactions in the future, you must send the subscription object. To process MIT transactions you must ensure your acquirer agreement has recurring payments enabled.
An optional subscription ID can be used to update an existing active subscription with new payment details, such as a new card or a completely different payment method.
uuidAn optional amount in minor units (e.g., 1095 = 10.95 DKK) that can be used to differentiate the recurring subscription amount from the current transaction amount. This is useful if customers are not expected to pay today, but must pay a monthly fee going forward - In this case set amount=0 and subscription.amount=XXX. Defaults to the transaction amount if not given.
The type of subscription. <br/><br/><ul><li>`UNSCHEDULED` Pay-as-you-go type subscriptions with no fixed interval for charges.</li><li>`SCHEDULED` Fixed interval charges like a subscription paid monthly.</li></ul>
"UNSCHEDULED""SCHEDULED""SCHEDULED"An optional merchant defined reference for the subscription. If none is given, then the session reference will be used as a fallback.
"subscription-1"An optional field indicating the expiry of the subscription. This date is used during 3DS, and may improve conversion rates. ePay does not reject payments after this date.
dateAn optional subscription schedule for `SCHEDULED` type subscriptions. Must be omitted for `UNSCHEDULED` type subscriptions. Is required by some payment methods such as Vipps Mobilepay. Is used during 3DS - May improve conversion rates.
The period unit between charges
"DAY""WEEK""MONTH""YEAR"The number of period units between each charge. `1-31`. Example: `Frequency: 3, Period: DAY` One charge every 3 days.
An optional property. When given a automatic scheduled billing agreement will be created. This can be used to sign up customers to automatic subscription billing, such as monthly payments. This field is mutually exclusive with subscription.id and subscription.interval
The type of transaction to process. Most merchants should use `PAYMENT` unless they have specific use cases. - `PAYMENT` is for ordinary purchases and the standard type to use for most merchants. - `MOTO` is short for Mail Order & Telephone Order and is typically used by travel agencies who receive payment info over the phone or email. MOTO is exempt from SCA but requires a special acquirer agreement to use.
"PAYMENT""PAYMENT""MOTO"The type of transaction to process. Most merchants should use `PAYMENT` unless they have specific use cases. - `PAYMENT` is for ordinary purchases and the standard type to use for most merchants. - `MOTO` is short for Mail Order & Telephone Order and is typically used by travel agencies who receive payment info over the phone or email. MOTO is exempt from SCA but requires a special acquirer agreement to use.
"PAYMENT""PAYMENT""MOTO"The type of transaction to process. Most merchants should use `PAYMENT` unless they have specific use cases. - `PAYMENT` is for ordinary purchases and the standard type to use for most merchants. - `MOTO` is short for Mail Order & Telephone Order and is typically used by travel agencies who receive payment info over the phone or email. MOTO is exempt from SCA but requires a special acquirer agreement to use.
"PAYMENT""PAYMENT""MOTO"How 3D secure is handled:<br/><ul><li>`SKIP` 3DS is not tried and full liability is put at merchant.</li><li>`NORMAL` 3DS flow is attempted as normal guidelines suggests - Both challenge and frictionless can occur.</li><li>`FORCE` A challenge flow is forced. Note: Third parties in the 3DS flow might ignore this instruction.</li></ul>
"SKIP""NORMAL""FORCE""NORMAL"How 3D secure is handled:<br/><ul><li>`SKIP` 3DS is not tried and full liability is put at merchant.</li><li>`NORMAL` 3DS flow is attempted as normal guidelines suggests - Both challenge and frictionless can occur.</li><li>`FORCE` A challenge flow is forced. Note: Third parties in the 3DS flow might ignore this instruction.</li></ul>
"SKIP""NORMAL""FORCE""NORMAL"How 3D secure is handled:<br/><ul><li>`SKIP` 3DS is not tried and full liability is put at merchant.</li><li>`NORMAL` 3DS flow is attempted as normal guidelines suggests - Both challenge and frictionless can occur.</li><li>`FORCE` A challenge flow is forced. Note: Third parties in the 3DS flow might ignore this instruction.</li></ul>
"SKIP""NORMAL""FORCE""NORMAL"The session is valid for the specified number of minutes. If a timeout occurs, the session expires and no more payment attempts are possible.
1 <= value <= 120120The session is valid for the specified number of minutes. If a timeout occurs, the session expires and no more payment attempts are possible.
1 <= value <= 120120The session is valid for the specified number of minutes. If a timeout occurs, the session expires and no more payment attempts are possible.
1 <= value <= 120120List of exemptions to apply when applicable. Supports [`TRA`, `LVT`]. Note: Using exemptions may shift liability for fraud from the issuer to the merchant.
[]List of exemptions to apply when applicable. Supports [`TRA`, `LVT`]. Note: Using exemptions may shift liability for fraud from the issuer to the merchant.
[]List of exemptions to apply when applicable. Supports [`TRA`, `LVT`]. Note: Using exemptions may shift liability for fraud from the issuer to the merchant.
[]List of allowed payment methods to use for this session. If left empty, all payment methods will be allowed. This is useful for controlling which payment methods are visible in the payment window. If only 1 payment method is allowed and it is redirect-based, such as `VIPPS_MOBILEPAY`, the user will be automatically redirected from the payment window to the MobilePay payment page, without the user having to click anything. If the user then cancels the MobilePay payment, they will be redirected back to the `returnUrl` (Or the `failureUrl` if the `returnUrl` is not specified) instead of going back to the payment window.
[
"CARD",
"VIPPS_MOBILEPAY"
]List of allowed payment methods to use for this session. If left empty, all payment methods will be allowed. This is useful for controlling which payment methods are visible in the payment window. If only 1 payment method is allowed and it is redirect-based, such as `VIPPS_MOBILEPAY`, the user will be automatically redirected from the payment window to the MobilePay payment page, without the user having to click anything. If the user then cancels the MobilePay payment, they will be redirected back to the `returnUrl` (Or the `failureUrl` if the `returnUrl` is not specified) instead of going back to the payment window.
[
"CARD",
"VIPPS_MOBILEPAY"
]List of allowed payment methods to use for this session. If left empty, all payment methods will be allowed. This is useful for controlling which payment methods are visible in the payment window. If only 1 payment method is allowed and it is redirect-based, such as `VIPPS_MOBILEPAY`, the user will be automatically redirected from the payment window to the MobilePay payment page, without the user having to click anything. If the user then cancels the MobilePay payment, they will be redirected back to the `returnUrl` (Or the `failureUrl` if the `returnUrl` is not specified) instead of going back to the payment window.
[
"CARD",
"VIPPS_MOBILEPAY"
]The maximum allowed number of payment attempts for the session.
1 <= value <= 2525The maximum allowed number of payment attempts for the session.
1 <= value <= 2525The maximum allowed number of payment attempts for the session.
1 <= value <= 2525If set to `true` the response property `qrCode` will be filled with a Base64 encoded QR code, which can be displayed for quick device-to-device link sharing such as from a POS device where the customer can scan the code and complete the payment on their own phone
falsefalseIf set to `true` the response property `qrCode` will be filled with a Base64 encoded QR code, which can be displayed for quick device-to-device link sharing such as from a POS device where the customer can scan the code and complete the payment on their own phone
falsefalseIf set to `true` the response property `qrCode` will be filled with a Base64 encoded QR code, which can be displayed for quick device-to-device link sharing such as from a POS device where the customer can scan the code and complete the payment on their own phone
falsefalseIf true: Enables webhooks to the `notificationUrl` for failed transactions. Otherwise only successful transactions are reported.
falseIf true: Enables webhooks to the `notificationUrl` for failed transactions. Otherwise only successful transactions are reported.
falseIf true: Enables webhooks to the `notificationUrl` for failed transactions. Otherwise only successful transactions are reported.
falseIf true: Enables webhooks to the `notificationUrl` for sessions that reach the expired state.
falseIf true: Enables the cardholder to define the transaction amount. Otherwise, the amount from the session is used for transactions. Can be used in conjunction with pre-auth webhooks to reject transactions with unacceptable amounts. **NOTE: This gives client side control over the payment amount. Only use if necessary.**. Must be enabled by ePay support.
falseIf true: Enables the cardholder to define the transaction amount. Otherwise, the amount from the session is used for transactions. Can be used in conjunction with pre-auth webhooks to reject transactions with unacceptable amounts. **NOTE: This gives client side control over the payment amount. Only use if necessary.**. Must be enabled by ePay support.
falseIf true: Enables the cardholder to define the transaction amount. Otherwise, the amount from the session is used for transactions. Can be used in conjunction with pre-auth webhooks to reject transactions with unacceptable amounts. **NOTE: This gives client side control over the payment amount. Only use if necessary.**. Must be enabled by ePay support.
falseThe URL to where ePay notifies about payment statuses. Max length is `1024`. <div class="theme-admonition theme-admonition-info alert alert--info"> <p style="margin-bottom:8px;">All URL properties support dynamic templating with session and transaction data, allowing merchants to define URLs that include ePay-generated resource ID's.</p> <p style="margin-bottom:8px;">This feature can be particularly helpful for some merchants, especially with success and failure URLs, as it simplifies fetching order information upon transaction completion.</p> <p style="margin-bottom:8px;">Unknown template keys will be rejected during request validation.</p> - `${transaction.id}`: The primary id of the associated transaction. - `${transaction.reference}`: The merchant supplied reference from session init. - `${session.id}`: The primary id of the associated session. - `${subscription.id}`: The primary id of the associated subscription. </div>
uri1 <= length <= 1024"https://example.com/notification"The URL to where ePay notifies about payment statuses. Max length is `1024`. <div class="theme-admonition theme-admonition-info alert alert--info"> <p style="margin-bottom:8px;">All URL properties support dynamic templating with session and transaction data, allowing merchants to define URLs that include ePay-generated resource ID's.</p> <p style="margin-bottom:8px;">This feature can be particularly helpful for some merchants, especially with success and failure URLs, as it simplifies fetching order information upon transaction completion.</p> <p style="margin-bottom:8px;">Unknown template keys will be rejected during request validation.</p> - `${transaction.id}`: The primary id of the associated transaction. - `${transaction.reference}`: The merchant supplied reference from session init. - `${session.id}`: The primary id of the associated session. - `${subscription.id}`: The primary id of the associated subscription. </div>
uri1 <= length <= 1024"https://example.com/notification"The URL to where ePay notifies about payment statuses. Max length is `1024`. <div class="theme-admonition theme-admonition-info alert alert--info"> <p style="margin-bottom:8px;">All URL properties support dynamic templating with session and transaction data, allowing merchants to define URLs that include ePay-generated resource ID's.</p> <p style="margin-bottom:8px;">This feature can be particularly helpful for some merchants, especially with success and failure URLs, as it simplifies fetching order information upon transaction completion.</p> <p style="margin-bottom:8px;">Unknown template keys will be rejected during request validation.</p> - `${transaction.id}`: The primary id of the associated transaction. - `${transaction.reference}`: The merchant supplied reference from session init. - `${session.id}`: The primary id of the associated session. - `${subscription.id}`: The primary id of the associated subscription. </div>
uri1 <= length <= 1024"https://example.com/notification"The URL to where the browser is returned, when clicking the `back` button in the Payment Window. This overrides the default defined in the payment window configuration and supports url templating. Max length is `1024`. <div class="theme-admonition theme-admonition-info alert alert--info"> Only used in Payment Window integrations. </div>
uri1 <= length <= 1024"https://example.com/success"The URL to where the browser is returned, when clicking the `back` button in the Payment Window. This overrides the default defined in the payment window configuration and supports url templating. Max length is `1024`. <div class="theme-admonition theme-admonition-info alert alert--info"> Only used in Payment Window integrations. </div>
uri1 <= length <= 1024"https://example.com/success"The URL to where the browser is returned, when clicking the `back` button in the Payment Window. This overrides the default defined in the payment window configuration and supports url templating. Max length is `1024`. <div class="theme-admonition theme-admonition-info alert alert--info"> Only used in Payment Window integrations. </div>
uri1 <= length <= 1024"https://example.com/success"The URL the client is redirected to on a successful payment. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/success"The URL the client is redirected to on a successful payment. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/success"The URL the client is redirected to on a successful payment. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/success"The URL the client is redirected to when no more payment attempts are allowed. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/failure"The URL the client is redirected to when no more payment attempts are allowed. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/failure"The URL the client is redirected to when no more payment attempts are allowed. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/failure"An optional URL the client is redirected to when a payment attempt fails but more attempts are still allowed. If the retryUrl is not provided then the client will be redirected to the failureUrl. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/retry"An optional URL the client is redirected to when a payment attempt fails but more attempts are still allowed. If the retryUrl is not provided then the client will be redirected to the failureUrl. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/retry"An optional URL the client is redirected to when a payment attempt fails but more attempts are still allowed. If the retryUrl is not provided then the client will be redirected to the failureUrl. Max length is `1024`.
uri1 <= length <= 1024"https://example.com/retry"Specifies age verification requirements for the purchase. - If not provided or set to null, no age verification will be performed. - If provided, the customer must verify their age to be at least the value specified in the `minimumAge` property. For danish customers this id verified using MitID. Session.minimumAge will be set; transactions may be rejected if age not verified.
Specifies age verification requirements for the purchase. - If not provided or set to null, no age verification will be performed. - If provided, the customer must verify their age to be at least the value specified in the `minimumAge` property. For danish customers this id verified using MitID. Session.minimumAge will be set; transactions may be rejected if age not verified.
0 <= value <= 99Country code for the delivery country (ISO 3166 alpha-2 country codes). This code determines which electronic ID (eID) is presented to the user (e.g., MitID in Denmark).
"DK"Specifies age verification requirements for the purchase. - If not provided or set to null, no age verification will be performed. - If provided, the customer must verify their age to be at least the value specified in the `minimumAge` property. For danish customers this id verified using MitID. Session.minimumAge will be set; transactions may be rejected if age not verified.
Response Body
application/json
application/json
application/json
application/json
Delete Webhook
Deletes a webhook configuration, stopping ePay from delivering further notifications to the URL. Webhooks are not required Webhooks are separate from the main payment flow and act as a general event notification system. You should use them only if you need to track changes to your ePay data in a system that is different from the one initiating the request. For all payment-related operations, you should use the notificationUrl provided in each request. This is the primary mechanism for receiving the outcome of a payment or operation.
Get Payment Session
Retrieve the current state and details of a specific payment session. This endpoint can be used to look up a session by its ID and inspect its lifecycle, including whether it is still pending, in progress, completed, or expired. Avoid polling This endpoint is subject to rate limits and must not be used for continuous polling. Instead, you should rely on the notificationUrl provided during session initialization to receive the outcome of the payment. This is the primary and recommended integration pattern. Use this endpoint as a fallback mechanism - for example, if you did not receive a webhook or need to manually verify the final state of a session.