Learn about API protocol JSON-RPC used by Trustly's API

JSON-RPC protocol

Trustly's API implements JSON-RPC v1.1 protocol.

All methods are invoked by sending a valid UTF-8 encoded JSON-RPC v1.1 request through HTTPS POST.

JSON-RPC requests are stateless. No cookies are being used. Credentials must be supplied with every request.

API calls

Note: Use HTTPS POST to make JSON-RPC calls to Trustly's API.

Parameters that are not required can be set to null but must be present. All parameters, both in the request and result, are case-sensitive. New optional parameters may in the future be added to existing functions but existing parameters will never be removed. Returned numbers can be returned as a string ("123") and as a number (123).

API call example

Example of JSON-RPC request and response:

POST /api/1 HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Accept: application/json
Host: trustly.com
User-Agent: JSON::RPC::Client/0.93 beta libwww-perl/5.803
Content-Length: 152
Content-Type: application/json

    "method": "Deposit",
    "params": {
        "Signature": "R9+hjuMqbsH0Ku ... S16VbzRsw==",
        "UUID": "258a2184-2842-b485-25ca-293525152425",
        "Data": { ... }
    "version": "1.1"
HTTP/1.1 200 OK
Date: Fri, 25 Apr 2008 10:35:32 GMT
Server: libwww-perl-daemon/1.36
Content-Length: 152
Content-Type: application/json; charset=UTF-8

    "result": {
        "signature": "R9+hjuMqbsH0Ku ... S16VbzRsw==",
        "uuid": "258a2184-2842-b485-25ca-293525152425",
        "method": "Deposit",
        "data": { ... }
    "version": "1.1"

Authentication and UUID

All requests and responses are signed using signature. See Authentication.

All requests must have an UUID (Universally unique identifier) assigned to them in the format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx where x is a hexadecimal digit (0-9 and a-f). This UUID is included in the response to the request along with the name of the method called. A new unique UUID must be generated for each request.

If the Trustly system receives a request that is identical to a previous one (including UUID), the request will not be processed again, instead the method will return the same thing it would have returned the first time, provided that the request was successful. This allows requests to be retried if a communication error would occur.