Overview

The iwocaPay ecommerce API is a REST API. It has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

You can use the iwocaPay ecommerce API in sandbox mode, which doesn’t affect your live data or interact with the banking networks.

Base URLs

iwocaPay’s ecommerce API endpoints are accessible at a base URL. The staging environment and production environment use different base URLs.

You must use HTTPS for all interactions with our API.

Staging
Production

Use the staging environment to develop and test your integration.

https://stage.iwoca-dev.co.uk/

The staging environment should be used for development and testing. It behaves identically to the production environment.

The production environment must only be used for real loan applications.

https://www.iwoca.co.uk/

Authentication

All requests require your access token as a header to authenticate against our API. The following example shows how to do this in Bash, Typescript, Python 3, and PHP. You might use similar code to create an order via the iwocaPay API.

curl
  -X POST
  -H 'Authorization: Bearer SUPPLIER_ACCESS_TOKEN'
  -H "Content-Type: application/json"
  -d '{"data": {"amount": 4200, "reference": "#order1"}}'
  https://www.iwoca.co.uk/api/lending/edge/ecommerce/seller/SUPPLIER_UUID/order/

fetch(
    "https://www.iwoca.co.uk/api/lending/edge/ecommerce/seller/SUPPLIER_UUID/order",
    {
        method: "POST",
        headers: {
            Authorization: "Bearer SUPPLIER_ACCESS_TOKEN",
            "Content-Type": "application/json",
        },
        body: JSON.stringify({
            data: {
                amount: 4200,
                reference: "#order1",
            },
        }),
    },
)
    .then((response) => response.json())
    .then((data) => console.log("Order created:", data))
    .catch((error) => console.error("Error creating create-order:", error));

import requests

url = "https://www.iwoca.co.uk/api/lending/edge/ecommerce/seller/SUPPLIER_UUID/order"
headers = {
    "Authorization": "Bearer SUPPLIER_ACCESS_TOKEN",
    "Content-Type": "application/json",
}
data = {
    "data": {
        "amount": 4200,
        "reference": "#order1",
    }
}

response = requests.post(url, headers=headers, json=data)
if response.ok:
    print("Order created:", response.json())
else:
    print("Error creating order:", response.status_code, response.text)

<?php

$url = "https://www.iwoca.co.uk/api/lending/edge/ecommerce/seller/SUPPLIER_UUID/order";
$accessToken = "SUPPLIER_ACCESS_TOKEN";

$data = [
    "data" => [
        "amount" => 4200,
        "reference" => "#order1"
    ]
];

$headers = [
    "Authorization: Bearer $accessToken",
    "Content-Type: application/json",
];

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if ($response === false) {
    echo "Curl error: " . curl_error($ch);
} elseif ($httpCode >= 200 && $httpCode < 300) {
    echo "Order created: " . $response;
} else {
    echo "Error creating order: HTTP $httpCode, " . $response;
}

curl_close($ch);

?>

Get an access token

Request your access token from your account manager. See the Contact us page for more information.

Redirect URLs

redirect_url contains a URL, describing where iwocaPay should send a customer after they have checked out and completed an order. This URL should be to an order confirmation page or somewhere which represents the end of your transaction process.

redirect_url is defined when we issue your access token, and is the same for all orders.