In this article, you can find a glossary of GoCardless API specific terms, abbreviations, and acronyms that you may come across within our product/service. Feel free to get in touch via api@gocardless.com if we're missing a term or you have further questions.
A
Access token - A unique identifier for a merchant requesting access to the API. A merchant can generate an access token in the dashboard. When a request is made, we can then match the token they provide to the one we have stored, in order to authenticate and identify the requesting merchant.
API - A Bridge between two systems that wouldn’t normally work together - e.g. systems that don’t have a common language to speak to each other.
App - A representation of a partner integration.
App fee - A fee that partners can charge on top of the fees GoCardless take on a transactional basis.
C
Client ID - Used to authenticate and identify a partner app during the OAuth flow.
Client library - A set of code that developers can add to their development projects. It provides chunks of code that do the basic things an application needs to do in order to interact with the API, saving a developer time and effort.
Client secret - Used to authenticate and identify a partner app during the OAuth flow.
Custom payment page - A payment page hosted by the integrator themselves. Integrators using custom payment pages would typically not be using the redirect flow.
E
Endpoint - An endpoint is simply one end of a communication channel with the API. e.g. to make requests relating to subscriptions you would use the /subscriptions endpoint.
H
HTTPheader - HTTP headers are the name or value pairs that are displayed in the request and response messages of message headers for Hypertext Transfer Protocol. When making an HTTP request to the API, an Authorization, GoCardless-Version, Accept and Content-Type header are required.
I
Idempotency key - A header that can be added to any request to the API to prevent the same request being made more than once. Any requests to create a resource with a key that has previously been used will not succeed and will respond with a 409
idempotent_creation_conflict error.
Integration - A system that uses the API to create and manage resources e.g. a website, customer relationship management software, accounting software, content management system etc
J
Javascript flow - Used by merchants with custom payment pages to securely store customer bank details on our server.
JSON - A human-readable and lightweight data exchange format. It's the format used to send and retrieve the majority of information through the API.
M
Metadata - A set of data that describes and gives information about other data. It can be used to add custom data to a customer, payment, subscription and certain actions such as retrying a payment.
O
OAuth - OAuth allows a partner to work with other users’ GoCardless accounts. Once a user approves you, you can use the GoCardless API on their behalf and receive their webhooks.
P
Paginated-list - Whenever you make a request to get a list of resources from the API, there is a limit on the number of resources returned. If the results exceed the limit, the API returns a paginated list that allows you to make further requests to retrieve the full results.
Post-onboarding URL - During the OAuth flow, you can check whether a merchant has already been verified. If they have yet to do so, then you can send them through the post-onboarding flow to verify their account. One they've finished the onboarding flow, they are then redirected to the post-onboarding flow URL that can be set on your app.
Publishable access token - During the javascript flow, the publishable access token is embedded within a payment form. When the form is submitted, the publishable access token is then used to obtain a customer bank account token to retrieve the newly created ID of the bank account hosted on our servers.
R
Redirect Flow - Redirect flows enable you to use GoCardless’ hosted payment pages to set up mandates with your customers.
Redirect URL - The URL that a customer is returned to after entering their payment details via the redirect flow.
Request ID - Every request made to our API can be uniquely identified by its request ID.
Restricted endpoint - An endpoint only accessible to merchants/partners with custom payment pages enabled.
Revenue share - A percentage share that partners can take of the fees GoCardless charge per transaction.
S
Scenario simulator - Special customer names that can be used in the sandbox environment to trigger sequences of events almost instantly.
Session token - A random ID that must be provided when the redirect flow is created and again when it is completed. This allows integrators to ensure that the user who was originally sent to the GoCardless payment pages is the one who has completed them.
T
Test webhook - A webhook that can be sent manually sent using mock data in the sandbox environment.
W
Webhook - A webhook is a request that GoCardless sends to a merchant’s server to alert them of an event. This allows merchants to receive real-time notifications from GoCardless when things happen in their account, so they can take automated actions in response
Webhook secret - A unique ID used to identify and authenticate your webhook endpoint. It is used when signing webhooks to ensure that the webhook being sent is genuine.