OnePay API Introduction

The OnePay API is built on REST principles. It uses predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes and authentication.

Get credentials

App ID + Hash Salt

Create transaction

POST to /v3/checkout/link/

Redirect customer

Use redirect_url in response

Receive callback

Verify via status API

Secure by design

Every request is signed with a SHA-256 hash, ensuring transaction integrity end to end. OnePay is ISO 27001 certified, the first payment gateway in Sri Lanka to hold this certification.

REST API

Standard HTTP verbs, predictable URLs, and JSON responses. Integrate in any language, PHP, Node.js, Python, Java, .NET, and more.

Sandbox environment

Test your integration in our sandbox before going live. Sandbox credentials are available from your OnePay merchant dashboard.

Multi-currency

Process payments in LKR and USD. Supports Visa, Mastercard, and all major card networks accepted in Sri Lanka.

Base URL: https://api.onepay.lk

Core Concepts

All Onepay APIs follow standard REST principles, using predictable resource oriented URLs and standard HTTP response codes.

Response Formats

All API responses are returned in standard JSON format. Success responses typically include the requested data, while errors include a clear status message.

API versioning

The current API version is v3. All endpoints are prefixed with /v3/. Breaking changes will be released under a new version prefix, and older versions will be supported with advance notice.

Rate limiting

API requests are rate limited per App ID. If you exceed the limit, you will receive an HTTP 429 Too Many Requests response. Implement exponential backoff in your retry logic. Contact support to request a higher rate limit for your use case.