Enhanced API Documentation

Overview

This API follows REST best practices and implements end-to-end payload security and HATEOAS.

Security Model

Transport Security (TLS)

All endpoints are accessible only over HTTPS.

Payload Signing (JWS) & Encryption (JWE)

Client Payload
   ↓
JWS Sign
   ↓
JWE Encrypt
   ↓
HTTPS Transport

HATEOAS (Hypermedia as the Engine of Application State)

HATEOAS allows clients to dynamically navigate and interact with the API through links provided in responses, without hard-coding URLs or application logic.

How It Works

API responses may include a links array. Each link object typically contains:

AttributeDescription
params.relRelationship of the link to the resource (e.g., self, update, delete)
hrefFull URL to access or interact with the resource

Mandatory Links:

Example Response

{
  "links": [
    {
      "params": {
        "rel": "self"
      },
      "href": "https://uat-api.paylution.com/rest/v4/users/usr-b86ab524-2787-46e2-b536-5a70e37349f7"
    }
  ]
}

Example with Multiple Links

{
  "links": [
    { "params": { "rel": "self" }, "href": "https://uat-api.paylution.com/v4/users?page=1" },
    { "params": { "rel": "next" }, "href": "https://uat-api.paylution.com/v4/users?page=2" }
  
  ]
}

Diagram

Example HATEOAS flow for a single resource:

Client API Server GET /users(self) Response: Updated resource / pagination

For more details, see the Hyperwallet HATEOAS documentation.

Try HATEOAS Links

curl -X GET "https://api.paylution.com/rest/v4/users" \
-H "Authorization: Bearer <JWT>" \
-H "Content-Type: application/jose+json"
curl -X PUT "https://api.paylution.com/rest/v4/users" \
-H "Authorization: Bearer <JWT>" \
-H "Content-Type: application/jose+json" \
-d '{ "status": "ACTIVE" }'
curl -X DELETE "https://api.paylution.com/rest/v4/users" \
-H "Authorization: Bearer <JWT>" \
-H "Content-Type: application/jose+json"