API Overview

An overview of SePay Bank Hub APIs, including environments, authentication, HTTP status codes, error formats, and the list of endpoints.

Introduction

In addition to Hosted Link, Bank Hub provides a full set of RESTful APIs to:

  • Create and manage link tokens
  • Create and manage companies
  • Manage linked bank accounts
  • Query transaction history
  • Configure merchant settings
  • Configure webhooks for event notifications

API Environments & Versioning

Bank Hub supports two environments:

Production

  • Base URL: https://bankhub-api.sepay.vn
  • API Version: /v1
  • Used for production (real environment)

Sandbox

  • Base URL: https://bankhub-api-sandbox.sepay.vn
  • API Version: /v1
  • Used for development and testing
Note

All endpoints are prefixed with /v1/ and are routed based on the hostname.

API Authentication

Create Access Token

The token endpoint uses Basic Authentication with client_id and client_secret provided by SePay.

POST
/v1/token
Authorization: Basic {base64(client_id:client_secret)}
Security

DO NOT use this API from the client side (browser, mobile app). The token API requires client_secret, which must be strictly protected on the server. Only call this API from your backend server.

See details here: Create Token API

Calling Business APIs

All other business APIs require authentication using a Bearer Token:

Authorization Header
Authorization: Bearer YOUR_ACCESS_TOKEN
Token Management
  • Tokens have a limited lifetime (TTL)
  • When a token expires, the API returns 401 Unauthorized
  • Call /v1/token again to obtain a new token
  • Recommendation: Implement an automatic token refresh mechanism before expiration

HTTP Status Codes

Bank Hub uses standard HTTP status codes:

  • 200 OK – Request succeeded
  • 201 Created – Resource created successfully
  • 400 Bad Request – Validation error or invalid request
  • 401 Unauthorized – Missing or invalid authentication
  • 404 Not Found – Resource not found
  • 405 Method Not Allowed – Incorrect HTTP method
  • 500 Internal Server Error – Server-side error
  • 503 Service Unavailable – Service temporarily unavailable

Error Response Format

All API errors follow a consistent structure:

RESPONSE 400 - Validation Error
{
  "code": 400,
  "message": "Bad request",
  "errors": {
    "field_name": "Detailed error message"
  }
}
RESPONSE 401 - Authentication Error
{
  "code": 401,
  "message": "Unauthenticated"
}
RESPONSE 404 - Not Found
{
  "code": 404,
  "message": "Resource not found"
}

API Endpoints List

  • Link Token APIs:
POST
/v1/link-token/create

Create a link token for linking or unlinking a bank account (can be embedded in an iframe or used with the SDK). API details →

POST
/v1/link-token/get

Retrieve detailed information about a created link token. API details →

POST
/v1/link-token/revoke

Revoke a created link token and deactivate the link. API details →

  • Company APIs:
GET
/v1/company

Get the list of companies belonging to the merchant. API details →

GET
/v1/company/{xid}

Get details of a company by xid. API details →

POST
/v1/company/create

Create a new company for the merchant. API details →

POST
/v1/company/edit/{xid}

Update a company's information by xid. API details →

GET
/v1/company/counter/{xid}

Count transactions for a company. API details →

  • Bank Account APIs:
GET
/v1/bank-account

Get the list of linked bank accounts. API details →

GET
/v1/bank-account/{xid}

Get details of a bank account by xid. API details →

  • Transaction APIs:
GET
/v1/transaction

Query transaction history with flexible filters. API details →

GET
/v1/transaction/{transaction_id}

Get details of a transaction by transaction_id. API details →

  • Merchant Config APIs:
GET
/v1/merchant-config

Get merchant display configuration (logo, name, colors). API details →

POST
/v1/merchant-config

Update merchant display configuration. API details →

POST
/v1/merchant-config/logo

Upload a merchant logo. API details →

  • Webhook APIs:
GET
/v1/webhook

Get the current webhook configuration. API details →

POST
/v1/webhook

Configure webhook URL and secret key for receiving events. API details →

Best Practices

1. Token Management

  • Store tokens securely and never expose them on the client side
  • Implement automatic token refresh before expiration
  • Handle 401 errors by fetching a new token automatically and retrying the request

2. Error Handling

  • Always check HTTP status codes
  • Parse and display error messages from the response
  • Implement retry logic for temporary (5xx) errors

3. Rate Limiting

  • Follow the API rate limits
  • Implement exponential backoff when encountering 429 errors
  • Cache data when possible to reduce the number of API calls

4. Idempotency

  • Use an idempotency key for important requests
  • Store and validate responses based on the idempotency key
  • Safely handle duplicate requests

Next Steps

To get started with Bank Hub API, follow these steps:

  1. Create Access Token - Get a Bearer token to authenticate subsequent APIs
  2. Create Company - Create a company to manage bank accounts
  3. Create Link Token - Create a link for users to connect their bank
Tip

See the Quick Start Guide for a step-by-step integration tutorial with complete code examples.

Previous page
Next page