← Home

W3Pay developers

Card validation, immediate charges, scheduled (deferred) charges, refunds. Powered by W3 identity; every request is scoped to the caller's org.

Access

Sign in with your W3 account to use the interactive tester and view your org's logs and payments.
→ Sign in (W3) → Admin Dashboard → API Docs Health

Authenticate

  1. Mint an API key in the Admin Dashboard → API Keys tab, or via the CLI: 
    pnpm mint-api-key --org <org> --name <name>
    The secret (w3pay_sk_...) is shown once — store it securely.
  2. Send the key on every /api/v1/payments/* request: 
    Authorization: Bearer w3pay_sk_...
Idempotency-Key: <uuid>   // for POSTs
Scopes: payment:read grants GET access; payment:write grants POST and DELETE access. Keys are org-scoped — org_id is derived from the key automatically.

Card validation

POST /api/v1/cards/validate
{ "pan": "4242424242424242", "expMonth": 12, "expYear": 2028, "cvv": "123" }

Immediate payments

POST   /api/v1/payments              // create (pspToken from client-side tokenization)
GET    /api/v1/payments              // list — filters: status, currency, from, to, limit, cursor
GET    /api/v1/payments/:id          // status of a single payment
POST   /api/v1/payments/:id/refund   // refund (currently manual-only for axo)
Amount is in the smallest unit (agorot for ILS). Supported currencies: ILS, USD, EUR, GBP.

Deferred (scheduled) payments

POST   /api/v1/payments/deferred           // store card-on-file, charge on billing_date
GET    /api/v1/payments/deferred           // list — filters: status, from, to, limit, cursor
GET    /api/v1/payments/deferred/:id       // status of a single deferred payment
DELETE /api/v1/payments/deferred/:id       // cancel before it runs
Cards are validated locally at create time (Luhn + BIN + expiry + CVV). PSP-side validity is checked when the scheduler charges on the billing day. A successful charge fires a signed webhook to your webhook_url.