The Payments Public API in Java (Dropwizard)
Switch branches/tags
approved-alpha_staging-1 approved-alpha_staging-1-22 approved-alpha_staging-1-20 approved-alpha_staging-1-17 approved-alpha_staging-1-15 approved-alpha_staging-1-14 approved-alpha_staging-0-10 approved-alpha_release-42 approved-alpha_release-41 approved-alpha_release-40 approved-alpha_release-39 approved-alpha_release-38 approved-alpha_release-36 approved-alpha_release-35 approved-alpha_release-34 approved-alpha_release-33 approved-alpha_release-32 approved-alpha_release-31 approved-alpha_release-30 approved-alpha_release-29 approved-alpha_release-28 approved-alpha_release-27 approved-alpha_release-26 approved-alpha_release-25 approved-alpha_release-24 approved-alpha_release-23 approved-alpha_release-22 approved-alpha_release-21 approved-alpha_release-20 approved-alpha_release-19 approved-alpha_release-18 approved-alpha_release-17 approved-alpha_release-15 approved-alpha_release-14 approved-alpha_release-10 approved-alpha_release-7 approved-alpha_release-4 approved-alpha_release-1 alpha_staging-2-151 alpha_staging-2-150 alpha_staging-2-149 alpha_staging-2-148 alpha_staging-2-147 alpha_staging-2-145 alpha_staging-2-143 alpha_staging-2-142 alpha_staging-2-141 alpha_staging-2-140 alpha_staging-2-137 alpha_staging-2-136 alpha_staging-2-134 alpha_staging-2-133 alpha_staging-2-132 alpha_staging-2-129 alpha_staging-2-128 alpha_staging-2-127 alpha_staging-2-124 alpha_staging-2-123 alpha_staging-2-122 alpha_staging-2-121 alpha_staging-2-119 alpha_staging-2-118 alpha_staging-2-116 alpha_staging-2-115 alpha_staging-2-114 alpha_staging-2-111 alpha_staging-2-109 alpha_staging-2-108 alpha_staging-2-106 alpha_staging-2-101 alpha_staging-2-99 alpha_staging-2-95 alpha_staging-2-94 alpha_staging-2-84 alpha_staging-2-83 alpha_staging-2-78 alpha_staging-2-74 alpha_staging-2-73 alpha_staging-2-72 alpha_staging-2-71 alpha_staging-2-69 alpha_staging-2-67 alpha_staging-2-64 alpha_staging-2-63 alpha_staging-2-61 alpha_staging-2-60 alpha_staging-2-58 alpha_staging-2-56 alpha_staging-2-53 alpha_staging-2-51 alpha_staging-2-50 alpha_staging-2-49 alpha_staging-2-48 alpha_staging-2-47 alpha_staging-2-46 alpha_staging-2-42 alpha_staging-2-41 alpha_staging-2-40 alpha_staging-2-36 alpha_staging-1
Nothing to show
Clone or download
SandorArpa Merge pull request #274 from alphagov/PP-4128-make_card_payment_use_o…

PP-4128 Make CardPayment use Optional
Latest commit b1d8da8 Oct 19, 2018


GOV.UK Pay Public API service in Java (Dropwizard)

Keystore setup for HTTPS outbound calls:

Following variables are needed in order to import the trusted certificates and public keys to a java keystore, which will be used for secure outbound HTTPS calls. Importing certs/keys are handled in This script assumes the infrastructure provids a trusted certificate file (CERT_FILE), a key (KEY_FILE) in a known directory (CERTS_DIR). Then the script creates a keystore (KEYSTORE_FILE) in a separate directory (KEYSTORE_DIR) and imports the certificate and key in to it.

Variable required Description
CERTS_DIR Yes The directory where the import script can find a trusted certificate and any public key
CERT_FILE Yes The name of the certificate file to import
KEY_FILE Yes The key file to import
KEYSTORE_DIR Yes The directory where the java keystore will be created
KEYSTORE_FILE Yes The name of the java keystore file

Rate limiter and Authorization filters setup

These are the variables related to Public API filters.

Variable required Description
RATE_LIMITER_VALUE No (Default 3) Number of requests (other than POST) allowed per time defined by RATE_LIMITER_PER_MILLIS
RATE_LIMITER_VALUE_POST No (Default 3) Number of POST requests allowed per time defined by RATE_LIMITER_PER_MILLIS
RATE_LIMITER_PER_MILLIS No (Default 1000) Rate limiter time window
TOKEN_API_HMAC_SECRET Yes Hmac secret to be used to validate that the given token is genuine (Api Key = Token + Hmac (Token, Secret)

For example:

$ ./ start
$ ./ mvn exec:java
(pay-publicapi log output)
(press CTRL+C to stop service)
$ ./ stop

API through is a hosted service that dynamically generates beautiful documentation and sandbox from a Swagger-compliant API. It also provides customized documentation, markdown editor, automatic API explorer, code sample Generation, custom styling and allows to add a custom domain.

Useful links:

API Specification

The API Specification provides more detail on the paths and operations including examples.

Path Method Description
/v1/payments POST creates a payment
/v1/payments/{paymentId} GET returns a payment by ID
/v1/payments/{paymentId}/cancel POST cancels a payment
/v1/payments/{paymentId}/events GET returns all audit events for the payment referred by this ID
/v1/payments GET search/filter payments
/v1/payments/{paymentId}/refunds GET returns a list of refunds for the payment
/v1/payments/{paymentId}/refunds POST creates a new refund for the payment
/v1/payments/{paymentId}/refunds/{refundId} GET returns a refund by ID
/v1/agreements POST create and agreement



MIT License

Responsible Disclosure

GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. We will give appropriate credit to those reporting confirmed issues. Please e-mail with details of any issue you find, we aim to reply quickly.