Merchant API
Merchant API
doc

Merchant API

Welcome to the Revolut Merchant API - your solution to managing the core aspects of e-commerce and accepting online payments. Whether you're a startup, a growing business, or an established enterprise in the e-commerce industry, our API helps you streamline your operations.

As a Revolut Business customer with a Merchant Account, you can use the Merchant API to leverage the following features:

... and more.

API versions

caution

We highly recommend using versioning in your API calls. If you don't provide a version header on the operations where it's required, you will receive an error response.

The Merchant API uses request header versioning. Where it is required you need to use the Revolut-Api-Version header parameter to specify an API version. Each request, where it is indicated in the API specification, must contain a version header in the following format:

'Revolut-Api-Version: 2024-09-01'
info

For more information, see: API versions

Test the Merchant API

You can test the Merchant API in Postman by forking this collection:

View in Postman

Authorization

Each Merchant API request must contain an authorization header in the following format to make a call:

'Authorization: Bearer <yourSecretApiKey>'

Before you start, ensure that you've successfully applied for a Merchant Account in your Revolut Business Account.

The Public key is on the same path in your Revolut Business account as the Secret key. There are two different functions for each:

  • Public key should be provided with payment methods at checkout
  • Secret key is used as a part of the authorization header for all server calls, e.g., creating order

Complete the following steps to generate the Production API keys (Secret, Public):

  1. Log in to your Revolut Business portal.
  2. On the top left corner, click your account name, click APIs then select Merchant API.
  3. Under the Production API Secret key and Production API Public key sections you will find the API keys needed. If it's your first time on this page, you will need to click the Generate button to create your unique API keys.

You can also use this link to directly open the Merchant API page.

Merchant API - Settings

note

Use these keys only for the production environment. For the Revolut Business Sandbox environment, use the sandbox API keys.

SSL

note

This authentication protocol is used exclusively when using Fast checkout.

Connection over HTTPS is using SSL authentication. For successful authentication, your system's certificate should be issued by a Public Certificate Authority (PCA) and your system should trust Revolut's public certificate.

Revolut-Pay-Payload-Signature

note

This authentication protocol is used exclusively when using Fast checkout.

Data integrity and authorship will be verified using a payload-based signature. The response of a successful URL registration for address validation (see: Register address validation for Fast checkout) will contain a secret signing key.

The signing key will be used by Revolut to compute a Hash-based Message Authentication Code (HMAC) payload signature whenever the registered URL is called, which should be verified by your backend.

Was this page helpful?