Overview of Getting Started with REST

To get started using the
Barclays
payment API, you must first set up your payment processing system to be REST compliant.
Barclays
uses the REST, or (REpresentational State Transfer), architecture for developing web services. REST enables communication between a client and server using HTTP protocols.
This guide explains how to set up secure communications between your client and server using one of these methods:
JSON Web Token
JSON Web Tokens (JWTs) are digitally signed JSON objects based on the open standard RFC 7519. These tokens provide a compact, self-contained method for securely transmitting information between parties. These tokens are signed with an RSA-encoded public/private key pair. The signature is calculated using the header and body, which enables the receiver to validate that the content has not been tampered with. Token-based applications are best for applications that use browser and mobile clients.
HTTP Signature
Each request is digitally signed, or the entire request is digitally hashed using a private key. Both the client and server will have the same shared secret, which enables each request to be validated on either end. If the request transmission is compromised, the attacker cannot change the request or act as a user because they do not have the secret. HTTP signatures can be used only with API requests. They cannot be used in browser or mobile applications.

Secure Communication Requirements

REST-compliant machines communicate with each other using
stateless messaging
. Stateless messaging is a loosely coupled connection between a client and server, where each message is self-contained. This connection enables the client and server to communicate without first establishing a communication channel and without managing the state between systems.
To ensure secure communications between the client and server, you must provide these security measures:
  • Sender Authentication:
    A receiver needs to know that a message came from a trusted entity.
  • Message Encryption:
    By encrypting the message before transmission and decrypting the message when received, you prevent man-in-the-middle attacks.

Key Features of REST

  • Client/Server model:
    Clients and servers are independent from each other, enabling portability and scalability.
  • Stateless Communication:
    Each request is independent.
  • Uniform Interface:
    Architecture is simplified through uniform standards.

Components of REST

A REST message consists of these four components:
  • Endpoint:
    The endpoint is a Uniform Resource Identifier (URI) that shows where and how to find the resource on the internet. For example, to test an authorization request, you can send the request to this endpoint:
    https://api.smartpayfuse-test.barclaycard
    /pts/v2/payments
    .
  • HTTP Method:
    The method is the action performed by the resource. There are four basic HTTP methods:
    • POST: Create a resource.
    • GET: Retrieve a resource.
    • PATCH: Modify a resource.
    • DELETE: Delete a resource.
  • Headers:
    The header is a collection of fields and their associated values. It provides information about the message to the receiver. Think of it as metadata about the message. The header also contains authentication information that indicates that the message is legitimate.
  • Body:
    The request in JSON format.