The Worldpay Total REST API uses the standard HTTP verbs Post, Get, Put, and Delete to perform all of its operations.

The Worldpay Total REST API enables the user to run credit card present (CP) or credit card not present (CNP) transactions. You are also provided tools that allow you to tokenize cards and payments, manage payment accounts and enable recurring billing to automatically bill customers at specified intervals.


There are two ways you can access our REST API; direct RESTful API calls and a prepackaged SDK. Note that this prepackaged SDK is not the same as the IPC SDK. These SDKs are small development environments that give you guidance and structure to make the REST API calls. You do not need to employ these SDKs to use the REST API. They are provided to help kickstart your project. We currently offer C# and Java SDKs for the REST API.


All of the documentation for the REST API is online and can be selected from the menu at the left. Each page of the REST documentation has three sections.

On the far left is the navigation bar that gives you access to the documentation for each call. Here you will have access to 11 categories of transaction types - Card Present, Card Not Present, ACH, Settlement, Recurring Billing, Credits, Refunds, Voids, Vault, Tokenization, and Transaction Reporting and Management. Each menu item will present you with corresponding documentation for that feature.

To the right of the navigation menu is where the feature is described, including the REST endpoint, sample code, the request object sent in the call, and the response objects received from the server. At the top of the page is a drop down box that allows you to choose one of seven programming languages. This selection is then used to display sample code in the context of the chosen language.

The final section on the documentation page is the reference slide-out tab. This tab dynamically opens to display details of the various data structures used in forming the REST calls. Some of the data elements described in the request and response objects have hotlinks that will open this reference tab to the appropriate place. You can also open the slide-out by clicking on the tab.


Each API call needs to include an HTTP Authorization header containing a valid SecureNet ID and Secure Key. The SecureNet ID can be obtained from the email that you received during the sign-up process. You can obtain the Secure Key by signing into the Virtual Terminal with the login credentials that you were also emailed to you. You will then need to navigate to Settings and click on the Key Management link. This is how to construct the authentication header string:

  1. Build a string in the form securenetid:securekey
  2. Base64-encode the string
  3. Supply an "Authorization" header containing "Basic" followed by the encoded string, ex: "Basic YAXtjM40JBYlxX4="

Note that some programming language environments have built-in methods for doing HTTP Basic Authentication. If so, you can provide those calls with your SecureNet ID and Secure Key instead of manually setting the HTTP Authorization header value.

Example (Python)

            # Pull the SecureNet ID from your sign-on email
            snid = '8001269'        

            #Get this from Virtual Terminal
            skey= 'cQxbjKQgCDfp'    

            #base 64 encode the string and accompanying colon
            authId = "Basic " + b64encode(snid + ":" + skey)  

            #build the header to use in all of your REST calls.
            httpHeader = {'Authorization': authId, 
            'Content-Type': 'application/json', 
            'Accept': 'application/json' }