Transaction APIs

The transactions APIs are used in different levels of the payment activities and interactions.

Transaction endpoints

/tokenizeAdd POST /tokenize to your checkout flow, and store the Flex token for later use.
/transmitOn successful transactions, queue POST /transmit.
/evaluateOn a declined transaction, POST /evaluate for Flex to analyze and rescue/decline it.
/outcomePOST /outcome to get the order status on async calls to /evaluate.

General information

The APIs are RESTful, they use HTTP methods (POST, PATCH, PUT, GET) to perform functions on objects.

Some requests include data in their message body, for example to define the attributes of the object being created or updated.


The sandbox is a completely isolated environment, so feel free to experiment. When you're ready to move to production, we will provide you production credentials and give you access to the live environment.


Real financial data cannot be used in the Sandbox.
Please use our whitelisted test credit cards.


To communicate with the Core API, you must include the proper headers in your API requests.

Request headers

You must include the following headers in requests sent to the Core API:

NameDescriptionRequest TypeValue
authorizationAny request must be authenticated.GET, POST, PUTApi key/Token
content-typeThe media type of the resourcePOST, PUTapplication/json


The Core API version is indicated in each endpoint resource path.

For example, indicates the API is at version 1.

Flex increments the version number when it releases a new version containing backwards-incompatible changes. Minor updates and bug fixes are typically released without incrementing the version number.

Ensure that your application handles API revisions by allowing for additional, unspecified resource fields in the response and for variable response sizes.


Use this list to diagnose failed transactions and fine-tune your exception-handling capabilities.

Error codes are based on HTTP response codes: the first three digits specify the HTTP response code, and the last three digits represent the error.

Response CodeDescription
200 OKYour request completed successfully.
201 CreatedResource created successfully.
204 No ContentReturned on a successful DELETE.
401 UnauthorizedEnter valid credentials to continue.
403 ForbiddenAccess to the requested resource is denied.
405 Method Not AllowedThe method you supplied is not allowed for that resource, for example a PUT method on a read-only resource.
500 Internal Server ErrorAn error occurred that could not be handled by the application.
502 Bad GatewayAn invalid response was received by the server.
503 Service UnavailableThe server is temporarily unable to handle this request.
504 Gateway TimeoutThe server timed out while attempting to complete this request.