As a Revolut Business customer, you can use the Merchant API to accept online payments (Card Not Present) by debit or credit cards, and also to manage the orders and customers.
You can test the Merchant API in Postman:
Each Merchant API request must contain an authorization header in the following format to make a call:
"Authorization: Bearer <yourSecretApiKey>"
Before you start, ensure that you've successfully applied for a Merchant Account in your Revolut Business Account.
The Public key is on the same path in your Revolut Business account as the Secret key. There are two different functions for each:
Complete the following steps to generate the Production API keys (Secret, Public):
You can also use this link to directly open the Merchant API page.
Use these keys only for the production environment. For the Revolut Business Sandbox environment, use the sandbox API keys.
This authentication protocol is used exclusively when using Fast checkout.
Connection over HTTPS is using SSL authentication. For successful authentication, your system's certificate should be issued by a Public Certificate Authority (PCA) and your system should trust Revolut's public certificate.
This authentication protocol is used exclusively when using Fast checkout.
Data integrity and authorship will be verified using a payload-based signature. The response of a successful URL registration for address validation (see: Register address validation for Fast checkout) will contain a secret signing key.
The signing key will be used by Revolut to compute a Hash-based Message Authentication Code (HMAC) payload signature whenever the registered URL is called, which should be verified by your backend.