Skip to main content

API Reference Overview

CommBank Connected Payments provides a comprehensive suite of REST APIs for payment processing, merchant management, tokenisation, reporting, and more. This page provides an overview of all available APIs and their use cases.

Available APIs

Transaction APIs

Process payments, refunds, captures, and voids through our core transaction endpoints.

Use cases:

  • Process credit/debit card purchases
  • Pre-authorise and capture payments
  • Issue refunds (matched and open)
  • Void transactions before settlement

Key endpoints:

  • POST /pfr/v1/gateway/purchase — Process an immediate payment
  • POST /pfr/v1/gateway/capture — Complete a pre-authorisation
  • POST /pfr/v1/gateway/refund — Issue a matched refund
  • POST /pfr/v1/gateway/refund/open — Issue an open refund to any card
  • POST /pfr/v1/gateway/void — Cancel a transaction before settlement

View Transaction APIs →

Tokenisation APIs

Create, manage, and use secure card tokens for recurring payments and card-on-file scenarios.

Use cases:

  • Store customer payment methods securely
  • Process recurring billing without storing card data
  • Enable one-click checkout experiences
  • Manage token aliases for easier reference

Key endpoints:

  • POST /tokenmanager/api/v1/tokens/create — Create a new card token
  • POST /tokenmanager/api/v1/tokens/update — Update token information
  • POST /tokenmanager/api/v1/tokens/delete — Delete a token
  • POST /tokenmanager/api/v1/tokens/aliases/create — Create a token alias

View Tokenisation APIs →

Notification APIs

Configure and manage webhook notifications for real-time payment event delivery.

Use cases:

  • Receive real-time transaction updates
  • Configure custom notification rules
  • Set up conditional notifications based on transaction outcomes
  • Manage notification retry behavior

Key endpoints:

  • POST /pfr-notification/v1/management/create — Create a notification rule
  • POST /pfr-notification/v1/management/list — List all notification rules
  • POST /pfr-notification/v1/management/update — Update a notification rule
  • POST /pfr-notification/v1/management/delete — Delete a notification rule
  • POST /sample-notification — Get sample notification payload

View Notification APIs →

Reporting APIs

Generate and download transaction reports, reconciliation files, and analytics.

Use cases:

  • Generate custom transaction reports
  • Download settlement reconciliation files
  • Schedule automated report generation
  • Export transaction data for accounting systems

Key endpoints:

  • POST /merchanthub/api/v1/reportconfigurations/create — Create a new report configuration
  • POST /merchanthub/api/v1/reports/list — List available reports
  • POST /merchanthub/api/v1/reports/retrieve — Retrieve report details
  • POST /merchanthub/api/v1/reports/download/url — Download report file
  • DELETE /merchanthub/api/v1/reports/delete — Delete a report

View Reporting APIs →

Surcharge APIs

Calculate and manage payment surcharges dynamically based on card type and transaction details.

Use cases:

  • Calculate surcharges before payment processing
  • Configure card-specific surcharge rates
  • Comply with surcharging regulations
  • Display accurate surcharge amounts to customers

Key endpoints:

  • POST /merchanthub/api/v1/surcharges/calculate — Calculate surcharge for a transaction
  • POST /merchanthub/api/v1/surcharges/create — Create surcharge configuration
  • POST /merchanthub/api/v1/surcharges/list — List surcharge configurations
  • POST /merchanthub/api/v1/surcharges/update — Update surcharge configuration
  • DELETE /merchanthub/api/v1/surcharges/delete — Delete surcharge configuration

View Surcharge APIs →

Create and manage payment links for invoicing, bill payments, and remote checkout.

Use cases:

  • Send payment links via email or SMS
  • Create shareable payment URLs
  • Process payments without a website
  • Track payment link usage and conversion

Key endpoints:

  • POST /merchanthub/api/v1/paymentlink/create — Create a payment link
  • POST /merchanthub/api/v1/paymentlink/retrieve — Retrieve payment link details

View Pay By Link APIs →

Retry Rules APIs

Configure automatic retry logic for failed transactions and recurring billing.

Use cases:

  • Set up smart retry schedules for failed subscriptions
  • Configure retry intervals based on decline codes
  • Manage retry attempts for recurring billing
  • Optimize authorization success rates

Key endpoints:

  • POST /merchanthub/api/v1/retryrules/create — Create retry rule
  • POST /merchanthub/api/v1/retryrules/list — List retry rules
  • POST /merchanthub/api/v1/retryrules/retrieve — Retrieve retry rule
  • POST /merchanthub/api/v1/retryrules/update — Update retry rule
  • POST /merchanthub/api/v1/retryrules/delete — Delete retry rule

View Retry Rules APIs →

Dynamic Query APIs

Query transaction data and merchant information using flexible search criteria.

Use cases:

  • Search transactions by date range, status, or amount
  • Query merchant hierarchy information
  • Build custom reporting dashboards
  • Integrate transaction data into external systems

Key endpoints:

  • POST /merchanthub/api/v1/dynamicquery/transaction/list — Execute a dynamic query

View Dynamic Query APIs →

User Management APIs

Create and manage user accounts, permissions, and access control.

Use cases:

  • Programmatically create user accounts
  • Manage user permissions and groups
  • Enable/disable user access
  • Reset user passwords

Key endpoints:

  • POST /merchanthub/api/v1/usermanagement/users/signup — Create a new user
  • POST /merchanthub/api/v1/usermanagement/users/list — List users
  • POST /merchanthub/api/v1/usermanagement/users/enable — Enable a user account
  • POST /merchanthub/api/v1/usermanagement/users/disable — Disable a user account
  • DELETE /merchanthub/api/v1/usermanagement/users/delete — Delete a user

View User Management APIs →

Authentication

All API requests require authentication using one of the following methods:

Basic Authentication (Username/Password)

Include credentials in the request body for standard authentication.

{
  "userName": "your-username",
  "password": "your-password"
}

JWT Bearer Token

Use a signed JWT token in the Authorization header to authenticate without sending credentials with every request. Tokens inherit the full permissions of the creating user and include an expiry date.

Authorization: Bearer <token>

X-Auth Token

Create a scoped authentication token with pre-defined mandatory key-value pairs. Primarily used in frontend technologies to enforce specific field values and prevent tampering.

x-authentication-token: <token>

X-Signature

Password-free authentication using JWS ECDSA ES512, resulting in a signed JWT placed in the x-signature request header. Requires an elliptic P521 certificate and approval from your Connected Payments Account Manager.

x-signature: <signed-jwt>

For detailed implementation guides and code samples, see Authentication Methods.