Payments Team Self Service
Switch branches/tags
approved-alpha_staging-5 approved-alpha_staging-1-66 approved-alpha_staging-1-65 approved-alpha_staging-1-60 approved-alpha_staging-1-58 approved-alpha_staging-1-57 approved-alpha_staging-1-55 approved-alpha_staging-1-53 approved-alpha_staging-1-52 approved-alpha_staging-1-49 approved-alpha_staging-1-39 approved-alpha_staging-1-38 approved-alpha_staging-1-37 approved-alpha_staging-1-36 approved-alpha_staging-1-35 approved-alpha_staging-1-34 approved-alpha_staging-1-33 approved-alpha_staging-1-29 approved-alpha_staging-1-27 approved-alpha_staging-1-26 approved-alpha_staging-1-25 approved-alpha_staging-1-23 approved-alpha_staging-1-22 approved-alpha_staging-1-21 approved-alpha_staging-0-12 approved-alpha_staging-0-10 approved-alpha_staging-0-8 approved-alpha_release-184 approved-alpha_release-183 approved-alpha_release-182 approved-alpha_release-181 approved-alpha_release-179 approved-alpha_release-178 approved-alpha_release-177 approved-alpha_release-176 approved-alpha_release-175 approved-alpha_release-174 approved-alpha_release-173 approved-alpha_release-172 approved-alpha_release-170 approved-alpha_release-169 approved-alpha_release-168 approved-alpha_release-167 approved-alpha_release-166 approved-alpha_release-165 approved-alpha_release-164 approved-alpha_release-163 approved-alpha_release-162 approved-alpha_release-160 approved-alpha_release-159 approved-alpha_release-158 approved-alpha_release-157 approved-alpha_release-156 approved-alpha_release-155 approved-alpha_release-154 approved-alpha_release-153 approved-alpha_release-152 approved-alpha_release-151 approved-alpha_release-150 approved-alpha_release-149 approved-alpha_release-147 approved-alpha_release-144 approved-alpha_release-143 approved-alpha_release-142 approved-alpha_release-141 approved-alpha_release-140 approved-alpha_release-139 approved-alpha_release-138 approved-alpha_release-137 approved-alpha_release-136 approved-alpha_release-135 approved-alpha_release-134 approved-alpha_release-133 approved-alpha_release-132 approved-alpha_release-131 approved-alpha_release-130 approved-alpha_release-129 approved-alpha_release-128 approved-alpha_release-127 approved-alpha_release-126 approved-alpha_release-124 approved-alpha_release-123 approved-alpha_release-121 approved-alpha_release-120 approved-alpha_release-119 approved-alpha_release-118 approved-alpha_release-117 approved-alpha_release-116 approved-alpha_release-115 approved-alpha_release-114 approved-alpha_release-113 approved-alpha_release-112 approved-alpha_release-111 approved-alpha_release-110 approved-alpha_release-109 approved-alpha_release-108 approved-alpha_release-107 approved-alpha_release-106 approved-alpha_release-105 approved-alpha_release-104
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
.github Github PR Template change Jul 19, 2016
app PP-4109 Renamed CSS id Sep 20, 2018
bin PP-3813 Publish all pacts Jun 11, 2018
config PP-4133 Renamed continuation local storage namespace/segment, and ens… Aug 16, 2018
docker PP-4035 Upgrade to alpine linux 3.8 Aug 21, 2018
docs/arch PP-3636 Add ADR on Browser testing Apr 26, 2018
test PP-4215 Split out new tests into a 'to-be' consumer test, until the p… Sep 21, 2018
.dockerignore PP-3636 Add Cypress to Selfservice Apr 26, 2018
.editorconfig Replace EditorConfig with latest from GDS Way Apr 30, 2018
.gitignore PP-3980 Added interation and unit tests for charge events Jul 10, 2018
.nvmrc PP-3891 Upgrade node to 8.11.3 Jun 13, 2018
.sass-lint.yml PP-2317 Added sass-lint to dev dependencies and config file Jul 17, 2017
.snyk PP-3905 Jun 20, 2018 PP-2504 Adding a contribution file Aug 9, 2017
Dockerfile PP-4035 Upgrade to alpine linux 3.8 Aug 21, 2018
Gruntfile.js PP-4121 - add GOV.UK Frontend module Sep 11, 2018
Jenkinsfile PP-3897 Re-enables contract tests for connector Jun 27, 2018
LICENSE PP-2504 Open source selfservice Aug 9, 2017 PP-3636 Update readme with instructions on how to run cypress tests Apr 26, 2018
aws-xray.rules PP-2493 Added AWS sdk Jul 25, 2018 - Added `npm install --production` step to Dockerfile Oct 31, 2017
cypress.json PP-3812 Set cyress.json 'supportFile' to false to prevent Cypress hea… May 25, 2018 PP-2967 Referenced new govukpay/nodejs base image instead of node-alpine Jan 11, 2018 PP-1407 Change session cookie config to use proxySecure Jan 10, 2017
package-lock.json PP-4121 - add GOV.UK Frontend module Sep 11, 2018
package.json PP-4121 - add GOV.UK Frontend module Sep 11, 2018 pp-3167: use instead of npm Jan 25, 2018
server.js PP-4121 - Getting started with GOV.UK Frontend Sep 11, 2018
start.js PP-2345 Enabled standard linter, fixed all errors and restricted to n… Jul 18, 2017


GOV.UK Pay Self Service portal (Node.js)

We use Architecture Decision Records to keep track of the history of software design decisions on this application. Please see docs/arch.

Key environment variables

if you wish to override any variables, please do the following:


cd $WORKSPACE/pay-selfservice/config
cp dev-env.json.example dev-env.json

to edit

cd ~/workspace/pay-selfservice/config
vi dev-env.json

to run mocha tests

npm run compile && npm test

to run cypress tests, in separate tabs:

  • npm run server:cypress
  • npm run pact-stub
  • npm run test:cypress or $(npm bin)/cypress open

to run

LOCAL_ENV=true msl run

Variable required default value Description
PORT X 9200 The port number for the express server to be bound at runtime
SESSION_ENCRYPTION_KEY X Key to be used by the cookie encryption algorithm. Should be a large unguessable string (More Info).
PUBLIC_AUTH_URL X The publicauth endpoint to use when API Tokens.
PUBLIC_AUTH_URL X The endpoint to connector base URL.
SECURE_COOKIE_OFF false/undefined To switch off generating secure cookies. Set this to true only if you are running self service in a non HTTPS environment.
HTTP_PROXY_ENABLED false/undefined To enable proxying outbound traffic of HTTP(S) requests. If set to true make sure to set the following 3 variables
NO_PROXY host:port(s) that need to be by passed by the proxy. Supports comma separated list
NODE_WORKER_COUNT 1 The number of worker threads started by node cluster when run in production mode

#set this to 'true' only if you are running self service in a non HTTPS environment. SECURE_COOKIE_OFF=true

Transaction list

View the transaction list for a given account id.

    GET /transactions

Transaction Search

Search transactions by reference, status and from and to date

    POST /transactions
Form param always present Description
reference X The service reference for a given payment
email X The user email address used for the given payment
status X The payment status
fromDate X A starting date to search for payments
toDate X An ending date to search for payments

Transaction Events list

View the transaction events list for a given account id.

    GET /transactions/{chargeId}
Path param always present Description
chargeId X The charge Id for which the transaction events should be retrieved

Developer tokens

Generate, edit and revoke tokens for a given account id.



MIT License

Responsible Disclosure

GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. We will give appropriate credit to those reporting confirmed issues. Please e-mail with details of any issue you find, we aim to reply quickly.