ARYZE Open Finance
API reference

Payment API

Authentication, payments, and the outbound payment status webhook.

The Payment API is served from a single base URL and versioned under /v1:

https://payment-api.openfinance.aryze.io

All endpoints except POST /v1/auth/token require a Bearer JWT in the Authorization header. Exchange your API key's client secret for a token at the auth endpoint, cache it for up to 60 minutes, and send it as Authorization: Bearer <access_token> on every other call.

Create access token

POST /v1/auth/token — exchange a client secret for a JWT.

Initiate a payment

POST /v1/payments/initiate — start a payment and get a flow URL to redirect the customer.

Get a payment

GET /v1/payments/{transactionId} — fetch current status and details.

Webhook events

Outbound events posted to your webhook URL when a payment changes state.

Rate limits

EndpointPolicyLimit
POST /v1/auth/tokentoken10 requests / minute
POST /v1/payments/initiate, GET /v1/payments/{transactionId}payment100 requests / minute

Exceeding a limit returns 429 Too Many Requests.

Conventions

  • Content type: every request and response body is application/json.
  • Timestamps: ISO 8601, UTC (2026-04-21T14:30:00Z).
  • Amounts: decimal numbers in the payment currency (100.50, not 10050 minor units).
  • Currency: ISO 4217 code (EUR, GBP, …).
  • Environment: the same base URL serves sandbox and live — the environment is determined by the API key you authenticate with and is echoed back in the token response.

API reference

Spec-driven reference for the Payment API and its outbound webhook.

Create access token

Exchange an API key's client secret for a Bearer JWT access token.

On this page

Rate limits
Conventions