The Client Account Management and Payment Management and Processing services are accessible to the merchant and processors (for EC merchants) using a Web-Services style connection mechanism, where messages are exchanged using JSON encoded resources via RESTful APIs over an encrypted channel. This ensures a simpler integration and allows MYGW to support several integration environments, such as Microsoft COM and .NET, JSP and PHP, etc. The following sections describe the API requests PSPs and merchants can initiate to manage their clients on the MYGW Client Account Management platform, and enable payments through the MYGW Payment Management and Processing service. MYGW maintains two separate systems – test and production, with different URLs. The endpoint for your API request should be set accordingly. While this document will use the web address oneroadpayments.com, the actual endpoint address may be different and will be provided by your PSP. API requests are made by • sending data to the My Gateway Switch for action, for example to create new clients on the merchant client management system or to initiate payments. These API calls are made using POST or PUT methods. • requesting data from the My Gateway Switch, for example to retrieve client details from the merchant client management system or query outstanding payment transactions. These API calls are made using the GET method. THE MYGW SECURITY KEYS The My Gateway Switch maintains unique security keys for each PSP connected to the system. The Merchant Key – the merchant key is used solely in payment related requests and is provided to the PSP at sign up. The merchant keys used on the test and production platforms are different and unique and cannot be interchanged. The use of the merchant key and how it is used to validate data transferred between the PSP and the My Gateway Switch is described below. The Merchant API Key – the merchant API key is used to authenticate the PSP on all API calls made to the My Gateway Switch server, and is provided to the PSP at sign up. This key is common across the test and production platforms for each PSP; but unique to the PSP within the system. The merchant API key authenticates the origin of each API call through its inclusion in the request header "x-api-key" of the API request. For example, in JavaScript the usage of the merchant API key may be as follows: // Allocate a Request Object xhttp = new XMLHttpRequest(); // Set the URL and request headers xhttp.open( method, endpoint …); xhttp.setRequestHeader( "x-api-key", unique_API_key ); Both the Merchant Key and the Merchant API key should be kept secure. MYGW API RESPONSES All MYGW API Responses include a status code, signifying whether the call succeeded. Additionally, the response will usually include relevant data or a status message and potentially more detailed information. The data retrieved from the server is in a JSON object. Format of a Successful API Request An example of a successful MYGW API request { "response": { "statusCode": 201, "message": "Successfully Created" }, “Optional Data”: {} } Format of an Unsuccessful API Request An example of the JSON object sent in response to an unsuccessful MYGW API request is as follows. { "response": { "statusCode": 400, "message": "Error Message", "detail": "Optional More Data" } } An example of executable JavaScript sample source code to manage the data sent from the server in response to an unsuccessful request can be found by clicking on the source code icon below. Note that this is an example of how an error condition can be processed, it is a not a recommendation for how to implement API processing in your own applications. .svg)
| 
