### Example cURL Request for Authentication Source: https://www.docs.flizpay.de/docs/custom-integrations/core-concepts/authentication This example demonstrates how to make a cURL request to the authentication endpoint, including the API key and request body. The 'email' and 'iban' parameters are optional and may require prior whitelisting. ```curl curl --request POST \ --url https://api.flizpay.de/auth/verify-apikey \ --header 'X-API-Key: YOUR_API_KEY' \ --header 'Content-Type: application/json' \ --data '{"email": "user@example.com", "iban": "DE02120300000000202051"}' ``` -------------------------------- ### Example Webhook Payload Source: https://www.docs.flizpay.de/docs/custom-integrations/core-concepts/webhooks This is an example of the JSON payload structure sent by Fliz for a completed transaction. It includes transaction details, amounts, currency, timestamp, and optional metadata. ```json { "transactionId": "123456789", "status": "completed", "amount": "95.00", "originalAmount": "100.00", "currency": "EUR", "timestamp": 1672531200000, "metadata": { "customerId": "customer_456" } } ``` -------------------------------- ### Example cURL Request to Create Transaction Source: https://www.docs.flizpay.de/docs/custom-integrations/mobile-apps/direct-integration Use this cURL command to test creating a transaction. Replace YOUR_JWT_HERE with your actual JWT token. ```curl curl --request POST \ --url https://api.flizpay.de/transactions \ --header 'Authentication: Bearer YOUR_JWT_HERE' \ --header 'Content-Type: application/json' \ --data '{ \ "Amount": 1000, \ "Currency": "EUR", \ "source": "sdk_integration", \ "metadata": { "internalCustomerId": "customer_10456" } \ }' ``` -------------------------------- ### Example Authentication Response Source: https://www.docs.flizpay.de/docs/custom-integrations/core-concepts/authentication Upon successful authentication, the API will return a JWT token. This token should be used for subsequent API requests. ```json { "token": "JWT_TOKEN" } ``` -------------------------------- ### Example Transaction Response Source: https://www.docs.flizpay.de/docs/custom-integrations/mobile-apps/direct-integration The API response contains a redirectUrl that you will use to open the payment webview. ```json { "redirectUrl": "https://secure.flizpay.de?token=stpdlkzgxtpyfuzm" } ``` -------------------------------- ### Construct Final Webview URL Source: https://www.docs.flizpay.de/docs/custom-integrations/mobile-apps/direct-integration Append your JWT token and a custom redirect URL scheme to the redirectUrl received from the transaction creation step. ```url https://secure.flizpay.de?token=stpdlkzgxtpyfuzm&jwt=YOUR_JWT_HERE&redirect-url=myapp:// ``` -------------------------------- ### Initiate a Transaction with Fliz Pay API Source: https://www.docs.flizpay.de/docs/custom-integrations/web/direct-integration Use this curl command to make a POST request to the Fliz API to create a new transaction. Ensure you replace placeholders with your actual API key, client type, and transaction details. The response will contain a redirect URL. ```curl curl --request POST \ --url https://api.flizpay.de/transactions \ --header 'X-API-key: YOUR_API_KEY' \ --header 'X-Client-Type: YOUR_CLIENT_TYPE' \ --header 'accept: application/json' \ --header 'content-type: application/json' \ --data '{ "amount": 10000, "currency": "EUR", "externalId": "order101", "successUrl": "https://shop.com/success", "failureUrl": "https://shop.com/failure", "metadata": { "internalCustomerId": "customer_10456" } }' ``` -------------------------------- ### Initiate Transaction Source: https://www.docs.flizpay.de/docs/custom-integrations/web/direct-integration Initiate a payment transaction by making a POST request to the Fliz API endpoint. This call generates a redirect URL for the Fliz checkout page. ```APIDOC ## POST /transactions ### Description Initiates a new payment transaction with Fliz Pay. ### Method POST ### Endpoint https://api.flizpay.de/transactions ### Headers - **X-API-KEY** (string) - Required - The API key for authentication. - **X-Client-Type** (string) - Required - Specifies the client type. - **accept** (string) - Required - Should be 'application/json'. - **content-type** (string) - Required - Should be 'application/json'. ### Request Body - **amount** (integer) - Required - The total amount of the cart. - **currency** (string) - Required - The currency of the amount (e.g., 'EUR'). - **externalId** (string) - Required - Your unique reference ID for the order. - **successUrl** (uri) - Optional - Your URL to redirect to upon successful payment. - **failureUrl** (uri) - Optional - Your URL to redirect to upon failed payment. - **metadata** (object) - Optional - Key-value pairs for additional transaction data. ### Request Example ```json { "amount": 10000, "currency": "EUR", "externalId": "order101", "successUrl": "https://shop.com/success", "failureUrl": "https://shop.com/failure", "metadata": { "internalCustomerId": "customer_10456" } } ``` ### Response #### Success Response (200) - **redirectUrl** (string) - The URL to redirect the user to the Fliz checkout page. ``` -------------------------------- ### Verify API Key Source: https://www.docs.flizpay.de/docs/custom-integrations/core-concepts/authentication This endpoint is used to verify your API key and obtain a JWT token for subsequent requests. ```APIDOC ## POST https://api.flizpay.de/auth/verify-apikey ### Description Verifies the provided API key and returns a JWT token. ### Method POST ### Endpoint https://api.flizpay.de/auth/verify-apikey ### Parameters #### Request Body Parameters - **email** (String) - Optional - End-user’s e-mail address. Passing it lets the user skip any extra user-verification step. The usage of this parameter is mostly for mobile apps and requires previous whitelisting with Fliz. - **iban** (String) - Optional - IBAN of the ultimate payment recipient. Omit it to use the company IBAN you set up. - **name** (String) - Optional - Account holder’s name that goes with the `iban`, shown on the payment confirmation. Omit it to use your own company name you set up. ### Required Header - **X-API-Key** (String) - Your generated API Key. ### Request Example ```curl curl --request POST \ --url https://api.flizpay.de/auth/verify-apikey \ --header 'X-API-Key: YOUR_API_KEY' \ --header 'Content-Type: application/json' \ --data '{"email": "user@example.com", "iban": "DE02120300000000202051"}' ``` ### Response #### Success Response (200) - **token** (String) - JWT token for authentication. ``` -------------------------------- ### Required Header for Authentication Source: https://www.docs.flizpay.de/docs/custom-integrations/core-concepts/authentication Include this header in your requests to authenticate with the FLIZpay API. Replace 'YOUR_API_KEY' with your actual API key. ```http X-API-Key: YOUR_API_KEY ``` -------------------------------- ### Add a Transaction Source: https://www.docs.flizpay.de/docs/custom-integrations/mobile-apps/direct-integration Create a transaction by making a POST request to the FLIZ API. This endpoint requires authentication and returns a redirect URL for payment processing. ```APIDOC ## POST /transactions ### Description Creates a new transaction and returns a redirect URL to initiate the payment process. ### Method POST ### Endpoint https://api.flizpay.de/transactions ### Parameters #### Request Body Parameters - **amount** (Int) - Required - The transaction amount. - **currency** (String) - Required - The currency code (e.g., 'EUR'). - **source** (String) - Required - Integration source identifier (e.g., 'sdk_integration'). - **metadata** (Object) - Optional - Custom key-value pairs to enrich or track a transaction. #### Required Header - **Authentication** (String) - Required - Bearer token for authentication (e.g., 'Bearer YOUR_JWT_HERE'). ### Request Example ```curl curl --request POST \ --url https://api.flizpay.de/transactions \ --header 'Authentication: Bearer YOUR_JWT_HERE' \ --header 'Content-Type: application/json' \ --data '{ \ "Amount": 1000, \ "Currency": "EUR", \ "source": "sdk_integration", \ "metadata": { "internalCustomerId": "customer_10456" } \ }' ``` ### Response #### Success Response (200) - **redirectUrl** (String) - The URL to redirect the user to for completing the payment. #### Response Example ```json { "redirectUrl": "https://secure.flizpay.de?token=stpdlkzgxtpyfuzm" } ``` ``` -------------------------------- ### API Key Verification Endpoint Source: https://www.docs.flizpay.de/docs/custom-integrations/core-concepts/authentication Use this POST endpoint to verify your API key. Ensure your API key is kept secure and never shared publicly. ```http POST https://api.flizpay.de/auth/verify-apikey ``` -------------------------------- ### Create Transaction Request Source: https://www.docs.flizpay.de/docs/custom-integrations/mobile-apps/direct-integration Make a POST request to the FLIZ API to create a transaction. Include your JWT in the header and transaction details in the request body. ```http POST https://api.flizpay.de/transactions ``` ```http Authentication: Bearer YOUR_JWT_HERE ``` ```json { "Amount": 1000, "Currency": "EUR", "source": "sdk_integration", "metadata": { "internalCustomerId": "customer_10456" } } ``` -------------------------------- ### Validate Webhook Signature with Node.js Source: https://www.docs.flizpay.de/docs/custom-integrations/core-concepts/webhooks This middleware validates the request body against the X-Fliz-Signature header using HMAC-SHA256 and timingSafeEqual for security. It ensures requests originate from Fliz. The FLIZ_WEBHOOK_SIGNING_SECRET environment variable must be set. ```javascript const { createHmac, timingSafeEqual } = require('crypto'); /* This middleware validates the request body against the X-Fliz-Signature header. If the signature is invalid, an error is thrown. If the signature is valid, the next middleware is called. ✨ The comparison uses crypto.timingSafeEqual to prevent timing attacks that could leak signature bytes. */ function validateRequest(req, res, next) { const secret = process.env.FLIZ_WEBHOOK_SIGNING_SECRET; const data = req.body; const expectedSignature = sign(data, secret); const signature = req.get('X-Fliz-Signature') || ''; // Convert both signatures to Buffers of equal length const expected = Buffer.from(expectedSignature, 'hex'); const supplied = Buffer.from(signature, 'hex'); const valid = expected.length === supplied.length && // lengths must match timingSafeEqual(expected, supplied); // constant-time compare if (!valid) throw new Error('invalid signature!'); next(); } /* Parameter "data" is the request / response body. The response is the X-FLIZ-SIGNATURE. */ function sign(data, secret) { return createHmac('sha256', secret) .update(JSON.stringify(data)) .digest('hex'); } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.