Guides
Start typing to search…

Postman Guide

Overview

Postman is an application designed to help with API integration and exploration. Intuitive for different tech skill levels, this is the tool of choice both for experienced developers and no-code enthusiasts to get familiar with our available endpoints, requests, and responses.

Using our Postman Collection, you can start testing our API before you write a single line of code.

Install Postman and Quickpay API Collection

  1. Download and install the Postman app (Download here) or use our online Postman project: Quickpay API Postman Project
  2. Run In Postman

After following the steps above and opening Postman, you'll see the Quickpay API collection.

🚧

Important

Running calls in Postman for the Quickpay API will not work unless you've properly configured your authentication settings for your environment.

Update environment variables

The Quickpay Api Postman Collection comes with a built-in Quickpay Api boilerplate environment (template).

Step 1: On the top right corner, select No Environment and then choose Boilerplate Quickpay API Environment.

Step 2: Select the eye icon next to it:

On the next screen, add three variables:

  1. quickpayApiKey: This is the API key you obtained from the merchant management panel.
  2. quickpayPrivateKey: This is the private key file you created for the merchant. You can set the type to be "secret" in order to hide the private key content.
  3. baseUrl: This should be set to your API base URL, for example: https://sandbox-api.quickpay.best

The result will look something like this:


Making your first request

🚧

Important

This Postman Collection makes use of a pre-request script to automatically generate the Authorization header for every request, which allows you to skip coding the signature process.
You can view this script by clicking on the "Pre-request Script" tab within the Collection.

  1. The first API you will call is Get merchant profile in your workspace.
  2. Quickpay Widget API > merchant > Get merchant profile
  3. An HTTP-200 "OK" response will be shown upon a successful API call.

Authentication Flow

Our API uses JWT (JSON Web Token) authentication with RSA signature, similar to Fireblocks:

  1. JWT Generation: Each request generates a JWT token signed with the merchant's private key
  2. Request Signing: The JWT includes request metadata (URI, nonce, timestamp, body hash)
  3. Server Verification: The server verifies the JWT using the merchant's public key stored in the database
  4. Body Hash Validation: Ensures request body integrity and prevents replay attacks

Pre-request Script Details

The collection uses a pre-request script that:

  1. Validates Environment Variables: Ensures required variables are set
  2. Builds Request URL: Constructs the full request path
  3. Hashes Request Body: Creates SHA256 hash of the request body
  4. Generates JWT: Creates a signed JWT with request metadata
  5. Sets Authorization Header: Adds Bearer {jwt} to the request

What's next?

Updated 24 days ago