Skip to content

Developer platform

開発者 API

冪等性キー、署名付き Webhook、ホスト型チェックアウトを備えた REST 決済 API。

REST API Signed webhooks Hosted checkout
01Sandbox firstTest outcomes before live onboarding
02Secure eventsHMAC signatures and replay protection
03Clear operationsTransactions, reports, and settlement visibility
04Regional routingProvider-ready payment orchestration

Start here

Make your first test payment.

Use Sandbox credentials, create a payment intent, send the customer to hosted checkout, and verify the signed webhook before updating your order.
01
QuickstartFollow the integration sequence
02
API referenceReview available endpoints
03
WebhooksVerify signed payment events
04
Testing guideSimulate payment outcomes

Quickstart

v1
  1. 1Create merchant account
  2. 2Generate sandbox keys
  3. 3Create payment intent
  4. 4Redirect to hosted checkout
  5. 5Verify webhook signature
  6. 6Reconcile settlement report

セキュリティモデル

HMAC
  • WQN bearer API keys are issued only after document review approval.
  • Provider credentials remain server-side and are never sent to merchant browsers.
  • Signed webhooks with timestamp tolerance and replay protection.
  • Hosted checkout keeps raw card or wallet details outside merchant systems.

Endpoints

REST
WQN Gateway API v1 endpoint overview.
MethodPathUse
POST /api/v1/payments Create a live hosted-checkout payment through the WQN key and OneCloudPay provider route
GET /api/v1/payments List recent payments for the authenticated merchant API key
GET /api/v1/payments/{id} Read payment state, checkout URL, and provider references
GET /api/v1/wallet Read merchant wallet balances and recent ledger entries
GET /api/v1/bank-accounts List masked bank accounts configured for the authenticated merchant
GET /api/v1/kyc Read merchant KYC/KYB profile status
GET /api/v1/withdrawals List merchant withdrawal requests
POST /api/v1/withdrawals Create a withdrawal request and lock wallet balance for operations approval
GET /api/v1/settlements List merchant settlement batches
GET /api/v1/reports/summary Read payment, wallet, settlement, and withdrawal totals
GET /api/v1/notifications List merchant notifications
GET /api/v1/support-tickets List support tickets opened by the merchant
POST /api/v1/support-tickets Open a support ticket for integration, settlement, webhook, or payment issues
GET /api/v1/payment-links List merchant payment links
GET /api/v1/qr-codes List merchant QR payment codes
GET /api/v1/webhooks List configured merchant webhook endpoints
POST /v1/checkout/sessions Planned hosted checkout session abstraction for future provider routing
POST /v1/provider-routes/2c2p Select 2C2P-style route for card, wallet, QR, BNPL, or counter payment
POST /v1/providers/2c2p/payment-token Create a provider session token before redirect, direct, or SDK payment
POST /v1/providers/2c2p/webhook Receive encrypted/signed provider notification and normalize WQN event
POST /v1/refunds Create full or partial refund
POST /v1/payments/{id}/cancel Cancel or void eligible pending provider transaction
POST /v1/webhooks/test Send a signed test webhook to merchant endpoint
GET /v1/settlements List settlement batches and reconciliation files

リクエスト例

curl -X POST "https://gateway.wqnwqn.com/api/v1/payments" \
  -H "Authorization: Bearer wqn_sandbox_your_merchant_key" \
  -H "Idempotency-Key: ORDER-1001-create" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 50,
    "currency": "USD",
    "merchant_reference": "ORDER-1001",
    "description": "Order 1001",
    "return_url": "https://merchant.example.com/success",
    "cancel_url": "https://merchant.example.com/cancel"
  }'

レスポンス例

{
  "data": {
    "id": "wqn_pay_9a41c20bd1ee4552",
    "object": "payment",
    "status": "pending",
    "amount": 50,
    "currency": "USD",
    "merchant_reference": "ORDER-1001",
    "checkout_url": "https://gateway.wqnwqn.com/sandbox/checkout/...",
    "provider": "sandbox",
    "provider_payment_id": "pay_test_provider_..."
  }
}

Webhook delivery flow

Security guide
  1. 1Receive and authenticate the provider event
  2. 2Normalize provider status to a WQN event
  3. 3Persist the event idempotently
  4. 4Sign the merchant webhook payload
  5. 5Deliver, record the response, and retry safely

Webhook security notes

Required
  • Verify the HMAC SHA-256 signature against the raw request body.
  • Reject stale timestamps and store processed event IDs to prevent replay.
  • Return a successful response only after durable processing or queueing.
  • Handle duplicate and out-of-order events without corrupting payment state.
  • Retry transient failures with bounded exponential backoff.

安心して構築

API を確認し、決済結果をシミュレーションし、本番準備チェックリストを整えます。
Sandbox を開始 サポートへ相談