Introduction
The TurraTech API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
You can use the TurraTech API in test mode, which does not affect your live data or interact with banking networks. The API key you use to authenticate the request determines whether the request is live mode or test mode.
Base URL
All API requests should be made to: https://api.turratech.com/v1
Request Format
The API accepts request data as JSON. Set the Content-Type header to application/json for all POST and PUT requests.
curl https://api.turratech.com/v1/payments \ -H "Authorization: Bearer sk_test_abc123..." \ -H "Content-Type: application/json" \ -d '{ "amount": 2000, "currency": "gbp", "payment_method": "pm_card_visa" }'
Response Format
All responses are returned as JSON objects. Successful responses include the requested resource. Error responses include an error object with details about what went wrong.
{
"id": "pay_1NqQXYZ123456789",
"object": "payment",
"amount": 2000,
"currency": "gbp",
"status": "succeeded",
"created": 1704067200,
"livemode": false
}Authentication
The TurraTech API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard. Your API keys carry many privileges, so be sure to keep them secure.
Authentication is performed via HTTP Bearer authentication. Provide your API key as the bearer token value.
Keep your keys secure
Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, or browser developer tools. Use environment variables to store keys securely.
API Key Types
| Key Type | Prefix | Description |
|---|---|---|
| Publishable key | pk_test_ / pk_live_ | Safe to expose in client-side code. Used for tokenization. |
| Secret key | sk_test_ / sk_live_ | Must be kept confidential. Used for server-side API calls. |
| Restricted key | rk_test_ / rk_live_ | Limited permissions. Use for specific integrations. |
curl https://api.turratech.com/v1/payments \
-H "Authorization: Bearer sk_test_51ABC123DEF456..."Test vs Live Mode
Use test mode keys (sk_test_) during development. Test mode transactions don't move real money and use test card numbers. Switch to live mode keys (sk_live_) when you're ready to accept real payments.
Errors
TurraTech uses conventional HTTP response codes to indicate the success or failure of an API request. In general: codes in the 2xx range indicate success, codes in the 4xx range indicate an error from the provided information, and codes in the 5xx range indicate an error with TurraTech's servers.
HTTP Status Codes
| Code | Description |
|---|---|
200 | OK — Everything worked as expected. |
201 | Created — A new resource was created successfully. |
400 | Bad Request — The request was unacceptable, often due to missing required parameter. |
401 | Unauthorized — No valid API key provided. |
402 | Request Failed — The parameters were valid but the request failed (e.g., card declined). |
403 | Forbidden — The API key doesn't have permissions to perform the request. |
404 | Not Found — The requested resource doesn't exist. |
409 | Conflict — The request conflicts with another request. |
429 | Too Many Requests — Too many requests hit the API too quickly. |
500 | Server Error — Something went wrong on TurraTech's end. |
Error Response Format
{
"error": {
"type": "card_error",
"code": "card_declined",
"message": "Your card was declined.",
"param": "payment_method",
"decline_code": "insufficient_funds"
}
}Error Types
api_error API Error
An error occurred internally at TurraTech. These are rare.
authentication_error Authentication Error
Invalid API key or insufficient permissions.
card_error Card Error
The card cannot be charged for some reason.
invalid_request_error Invalid Request
Invalid parameters were supplied to the API.
rate_limit_error Rate Limit
Too many requests hit the API too quickly.
validation_error Validation Error
Errors triggered by client-side validation.
Pagination
All top-level API resources have support for bulk fetches via list API methods. These list API methods share a common structure, taking at least these three parameters: limit, starting_after, and ending_before.
Parameters
| Parameter | Type | Description |
|---|---|---|
limit | integer | Number of objects to return. Default is 10, maximum is 100. |
starting_after | string | Cursor for pagination. Object ID to start after (exclusive). |
ending_before | string | Cursor for pagination. Object ID to end before (exclusive). |
curl https://api.turratech.com/v1/payments?limit=25&starting_after=pay_abc123 \
-H "Authorization: Bearer sk_test_..."List Response Format
{
"object": "list",
"data": [
{ "id": "pay_xyz789", ... },
{ "id": "pay_xyz790", ... }
],
"has_more": true,
"url": "/v1/payments"
}Idempotency
The API supports idempotency for safely retrying requests without accidentally performing the same operation twice. This is useful when an API call is disrupted in transit and you do not receive a response.
To perform an idempotent request, provide an Idempotency-Key header with a unique value (we recommend a UUID v4).
curl https://api.turratech.com/v1/payments \ -H "Authorization: Bearer sk_test_..." \ -H "Idempotency-Key: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \ -d '{"amount": 2000, "currency": "gbp"}'
Idempotency Key Lifetime
Idempotency keys are stored for 24 hours. After 24 hours, a new request with the same key will be processed as a new request.
Versioning
When backwards-incompatible changes are made to the API, a new dated version is released. The current version is 2024-01-01. You can set the API version in your Dashboard or on a per-request basis.
curl https://api.turratech.com/v1/payments \ -H "Authorization: Bearer sk_test_..." \ -H "TurraTech-Version: 2024-01-01"
We recommend testing new versions in your development environment before upgrading your account's default version.
Payments
A Payment object represents a single attempt to move money into your TurraTech account. Payments can be made using cards, bank transfers, or alternative payment methods.
POST /v1/payments
Create a new payment to charge a customer.
Create a Payment
| Parameter | Type | Description |
|---|---|---|
amountRequired | integer | Amount in smallest currency unit (e.g., pence for GBP). |
currencyRequired | string | Three-letter ISO currency code (e.g., "gbp", "usd", "eur"). |
payment_method | string | ID of the PaymentMethod to use for this payment. |
customer | string | ID of the Customer this payment is for. |
description | string | Arbitrary string attached to the object for your reference. |
metadata | object | Set of key-value pairs for storing additional information. |
capture_method | string | Controls when funds are captured: "automatic" or "manual". |
confirm | boolean | Set to true to attempt to confirm this payment immediately. |
return_url | string | URL to redirect after payment completion (for 3DS, etc.). |
const payment = await turratech.payments.create({ amount: 2000, currency: 'gbp', payment_method: 'pm_card_visa', confirm: true, description: 'Order #12345', metadata: { order_id: '12345' } });
GET /v1/payments/:id
Retrieve an existing payment by its ID.
GET /v1/payments
List all payments with optional filters.
POST /v1/payments/:id/capture
Capture a payment that was created with capture_method: manual.
POST /v1/payments/:id/cancel
Cancel a payment that has not yet been captured.
Payment Object
{
"id": "pay_1NqQXYZ123456789",
"object": "payment",
"amount": 2000,
"amount_capturable": 0,
"amount_received": 2000,
"currency": "gbp",
"customer": "cus_ABC123",
"description": "Order #12345",
"payment_method": "pm_card_visa",
"status": "succeeded",
"created": 1704067200,
"livemode": false,
"metadata": {
"order_id": "12345"
}
}Customers
Customer objects allow you to perform recurring charges and track multiple payments associated with the same customer. The API allows you to create, delete, and update customers.
POST /v1/customers
Create a new customer.
Create a Customer
| Parameter | Type | Description |
|---|---|---|
email | string | Customer's email address. |
name | string | Customer's full name. |
phone | string | Customer's phone number. |
description | string | Arbitrary string for your reference. |
address | object | Customer's billing address. |
shipping | object | Customer's shipping information. |
metadata | object | Key-value pairs for additional information. |
payment_method | string | ID of PaymentMethod to attach to customer. |
const customer = await turratech.customers.create({ email: 'hello@turratech.com', name: 'Jane Doe', address: { line1: '123 Main Street', city: 'London', postal_code: 'SW1A 1AA', country: 'GB' } });
GET /v1/customers/:id
Retrieve an existing customer.
POST /v1/customers/:id
Update a customer's details.
DELETE /v1/customers/:id
Permanently delete a customer and all their data.
GET /v1/customers
List all customers with optional filters.
Payment Methods
PaymentMethod objects represent your customer's payment instruments. You can use them with Payments to collect payments or save them to a Customer to store instrument details for future payments.
POST /v1/payment_methods
Create a new payment method.
POST /v1/payment_methods/:id/attach
Attach a payment method to a customer.
POST /v1/payment_methods/:id/detach
Detach a payment method from its attached customer.
Supported Payment Method Types
| Type | Description |
|---|---|
card | Credit and debit cards (Visa, Mastercard, Amex, etc.) |
bacs_debit | UK Bacs Direct Debit |
sepa_debit | SEPA Direct Debit (Eurozone) |
bank_transfer | Bank transfer payments |
apple_pay | Apple Pay wallet |
google_pay | Google Pay wallet |
Refunds
Refund objects allow you to refund a payment that has previously been charged but not yet refunded. Funds will be refunded to the original payment method.
POST /v1/refunds
Create a refund for a payment.
Create a Refund
| Parameter | Type | Description |
|---|---|---|
paymentRequired | string | ID of the Payment to refund. |
amount | integer | Amount to refund in smallest currency unit. Defaults to full amount. |
reason | string | Reason for refund: "duplicate", "fraudulent", or "requested_by_customer". |
metadata | object | Key-value pairs for additional information. |
const refund = await turratech.refunds.create({ payment: 'pay_1NqQXYZ123456789', amount: 1000, // Partial refund reason: 'requested_by_customer' });
GET /v1/refunds/:id
Retrieve a refund.
GET /v1/refunds
List all refunds.
Subscriptions
Subscriptions allow you to charge a customer on a recurring basis. A subscription ties a customer to a particular price.
POST /v1/subscriptions
Create a new subscription for a customer.
Create a Subscription
| Parameter | Type | Description |
|---|---|---|
customerRequired | string | ID of the customer to subscribe. |
itemsRequired | array | List of subscription items, each with a price. |
trial_period_days | integer | Number of trial days before charging. |
cancel_at_period_end | boolean | Whether to cancel at period end. |
default_payment_method | string | Payment method for this subscription. |
metadata | object | Key-value pairs for additional information. |
const subscription = await turratech.subscriptions.create({ customer: 'cus_ABC123', items: [{ price: 'price_pro_monthly', quantity: 1 }], trial_period_days: 14 });
POST /v1/subscriptions/:id
Update a subscription (change plan, quantity, etc.).
DELETE /v1/subscriptions/:id
Cancel a subscription.
Webhooks
Webhooks allow you to receive real-time notifications when events happen in your TurraTech account. Configure webhook endpoints to receive POST requests with event data.
POST /v1/webhook_endpoints
Create a new webhook endpoint.
Webhook Signature Verification
All webhook payloads are signed using your webhook signing secret. Always verify the signature before processing webhook data.
const signature = req.headers['turratech-signature']; const payload = req.body; try { const event = turratech.webhooks.constructEvent( payload, signature, webhookSecret ); // Handle the event console.log(`Received event: ${event.type}`); } catch (err) { console.error('Webhook signature verification failed'); return res.status(400).send(); }
Common Event Types
| Event | Description |
|---|---|
payment.succeeded | Payment was successfully processed. |
payment.failed | Payment attempt failed. |
customer.created | New customer was created. |
subscription.created | New subscription was created. |
subscription.updated | Subscription was updated. |
subscription.deleted | Subscription was cancelled. |
invoice.paid | Invoice was paid. |
invoice.payment_failed | Invoice payment failed. |
refund.created | Refund was created. |
dispute.created | Chargeback/dispute was opened. |
Best Practices
Respond to webhooks with a 200 status code quickly (within 30 seconds). Process webhook data asynchronously. Implement idempotency to handle duplicate events.