dpay.pl API
Complete API reference for dpay.pl payment gateway. Supports PayByLink, BLIK, bank transfers, credit cards, Paysafecard, Google Pay, Apple Pay, MB WAY, Bizum, SMS Premium, and Direct Carrier Billing.
Authentication
All API requests are authenticated using SHA-256 checksums. The checksum is generated by concatenating specific request parameters with your Secret Hash (available in the dpay.pl merchant panel).
Rate Limits
Payment API endpoints (api-payments.dpay.pl) are limited to 120 requests per minute per service. Stricter limits apply to BLIK alias endpoints: /blik/aliases - 60/min, /blik/aliases/unregister - 30/min, /blik/recurring/status - 60/min.
Panel endpoints under /api/v1/pbl/ are limited per service (default 120 requests per minute; a custom limit may be configured for your service). Responses include X-RateLimit-Limit and X-RateLimit-Remaining headers. When the limit is exceeded, the API returns HTTP 429 with Retry-After and X-RateLimit-Reset headers.
Servers
- API Payments (
api-payments.dpay.pl) - Payment registration and card processing - Panel (
panel.dpay.pl) - Transaction management, banks, SMS, User API - Gateway (
secure.dpay.pl) - Direct Carrier Billing and utilities
Authentication
- HTTP: Bearer Auth
Partner API key issued to your dpay Connect platform. Send it as Authorization: Bearer dpk_.... The key is looked up by the 8-character public prefix that follows dpk_ and compared against a stored SHA-256 hash in constant time; a key that is inactive, revoked, or expired is rejected. The key scopes every call to your channel's merchants and carries a fixed set of scopes (account:read, payments:write, payouts:write); keep it strictly server-side. Missing or malformed keys return 401; a valid key that lacks the required scope returns 403.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | dpk_... |
Contact
dpay.pl Support: info@dpay.pl