API Overview

This section provides general information applicable to all API calls in UEAT's Open API. It covers Authentication, request/response formats, Error Handling, and best practices.

Base URL

The Non-Production URL is shared once the qualification certification process is completed with success.
The Production URL is shared once the certification process is completed with success.

Authentication

UEAT uses an authentication token via a custom header. Each POS partner must have a unique authentication key (secret) that must be included in every request to the API.

UEAT will provide the key to be able to encrypt and decrypt the token.

This key is essential for all communications between the POS and UEAT.

For details, see the Authentication section.

Request Format

Protocol: HTTPS only
Content-Type: application/json
Encoding: Each token must be encrypted using HS256 format.

Response Format

Responses are in JSON format and typically include:

status: Indicates success or failure.
errors: Array of error objects if applicable.

Example:

{
  "status": "success",
  "errors": { ... }
}

Error Handling

UEAT uses standard HTTP status codes:

200 OK: Request successful
400 Bad Request: Invalid input
401 Unauthorized: Missing or invalid API Key
404 Not Found: Resource not found
429 Too Many Requests: Rate limit exceeded
500 Internal Server Error: System error

Error object example:

{
  "errors": [
    {
      "code": "INVALID_PAYLOAD",
      "message": "The request body is missing required fields."
    }
  ]
}

See Error Handling for specifics.

Rate Limiting

UEAT enforces rate limits to ensure stability.
If exceeded, you will receive 429 Too Many Requests.

Best Practices

Validate payloads before sending.
UEAT provides unique identifiers for requests to avoid duplication.
Log both requests and responses for troubleshooting.
Test thoroughly in the non-prod environment before going live.

Table of Contents