curl --request POST \
--url https://sandbox.api.prava.space/v1/sessions \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"user_id": "<string>",
"user_email": "jsmith@example.com",
"total_amount": "<string>",
"currency": "<string>",
"purchase_context": [
{
"merchant_details": {
"name": "<string>",
"url": "<string>",
"country_code_iso2": "<string>",
"category_code": "<string>",
"category": "<string>"
},
"product_details": [
{
"description": "<string>",
"unit_price": "<string>",
"product_id": "<string>",
"quantity": 1
}
],
"effective_until_minutes": 15
}
],
"user_phone": "<string>",
"user_country_code_iso2": "<string>",
"external_order_ref": "<string>",
"description": "<string>",
"integration_type": "full_checkout",
"callback_url": "<string>",
"card": {
"card_id": "<string>",
"vault_ref_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}
}
'import requests
url = "https://sandbox.api.prava.space/v1/sessions"
payload = {
"user_id": "<string>",
"user_email": "jsmith@example.com",
"total_amount": "<string>",
"currency": "<string>",
"purchase_context": [
{
"merchant_details": {
"name": "<string>",
"url": "<string>",
"country_code_iso2": "<string>",
"category_code": "<string>",
"category": "<string>"
},
"product_details": [
{
"description": "<string>",
"unit_price": "<string>",
"product_id": "<string>",
"quantity": 1
}
],
"effective_until_minutes": 15
}
],
"user_phone": "<string>",
"user_country_code_iso2": "<string>",
"external_order_ref": "<string>",
"description": "<string>",
"integration_type": "full_checkout",
"callback_url": "<string>",
"card": {
"card_id": "<string>",
"vault_ref_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
user_id: '<string>',
user_email: 'jsmith@example.com',
total_amount: '<string>',
currency: '<string>',
purchase_context: [
{
merchant_details: {
name: '<string>',
url: '<string>',
country_code_iso2: '<string>',
category_code: '<string>',
category: '<string>'
},
product_details: [
{
description: '<string>',
unit_price: '<string>',
product_id: '<string>',
quantity: 1
}
],
effective_until_minutes: 15
}
],
user_phone: '<string>',
user_country_code_iso2: '<string>',
external_order_ref: '<string>',
description: '<string>',
integration_type: 'full_checkout',
callback_url: '<string>',
card: {card_id: '<string>', vault_ref_id: '3c90c3cc-0d44-4b50-8888-8dd25736052a'}
})
};
fetch('https://sandbox.api.prava.space/v1/sessions', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://sandbox.api.prava.space/v1/sessions",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'user_id' => '<string>',
'user_email' => 'jsmith@example.com',
'total_amount' => '<string>',
'currency' => '<string>',
'purchase_context' => [
[
'merchant_details' => [
'name' => '<string>',
'url' => '<string>',
'country_code_iso2' => '<string>',
'category_code' => '<string>',
'category' => '<string>'
],
'product_details' => [
[
'description' => '<string>',
'unit_price' => '<string>',
'product_id' => '<string>',
'quantity' => 1
]
],
'effective_until_minutes' => 15
]
],
'user_phone' => '<string>',
'user_country_code_iso2' => '<string>',
'external_order_ref' => '<string>',
'description' => '<string>',
'integration_type' => 'full_checkout',
'callback_url' => '<string>',
'card' => [
'card_id' => '<string>',
'vault_ref_id' => '3c90c3cc-0d44-4b50-8888-8dd25736052a'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://sandbox.api.prava.space/v1/sessions"
payload := strings.NewReader("{\n \"user_id\": \"<string>\",\n \"user_email\": \"jsmith@example.com\",\n \"total_amount\": \"<string>\",\n \"currency\": \"<string>\",\n \"purchase_context\": [\n {\n \"merchant_details\": {\n \"name\": \"<string>\",\n \"url\": \"<string>\",\n \"country_code_iso2\": \"<string>\",\n \"category_code\": \"<string>\",\n \"category\": \"<string>\"\n },\n \"product_details\": [\n {\n \"description\": \"<string>\",\n \"unit_price\": \"<string>\",\n \"product_id\": \"<string>\",\n \"quantity\": 1\n }\n ],\n \"effective_until_minutes\": 15\n }\n ],\n \"user_phone\": \"<string>\",\n \"user_country_code_iso2\": \"<string>\",\n \"external_order_ref\": \"<string>\",\n \"description\": \"<string>\",\n \"integration_type\": \"full_checkout\",\n \"callback_url\": \"<string>\",\n \"card\": {\n \"card_id\": \"<string>\",\n \"vault_ref_id\": \"3c90c3cc-0d44-4b50-8888-8dd25736052a\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://sandbox.api.prava.space/v1/sessions")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"user_id\": \"<string>\",\n \"user_email\": \"jsmith@example.com\",\n \"total_amount\": \"<string>\",\n \"currency\": \"<string>\",\n \"purchase_context\": [\n {\n \"merchant_details\": {\n \"name\": \"<string>\",\n \"url\": \"<string>\",\n \"country_code_iso2\": \"<string>\",\n \"category_code\": \"<string>\",\n \"category\": \"<string>\"\n },\n \"product_details\": [\n {\n \"description\": \"<string>\",\n \"unit_price\": \"<string>\",\n \"product_id\": \"<string>\",\n \"quantity\": 1\n }\n ],\n \"effective_until_minutes\": 15\n }\n ],\n \"user_phone\": \"<string>\",\n \"user_country_code_iso2\": \"<string>\",\n \"external_order_ref\": \"<string>\",\n \"description\": \"<string>\",\n \"integration_type\": \"full_checkout\",\n \"callback_url\": \"<string>\",\n \"card\": {\n \"card_id\": \"<string>\",\n \"vault_ref_id\": \"3c90c3cc-0d44-4b50-8888-8dd25736052a\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://sandbox.api.prava.space/v1/sessions")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"user_id\": \"<string>\",\n \"user_email\": \"jsmith@example.com\",\n \"total_amount\": \"<string>\",\n \"currency\": \"<string>\",\n \"purchase_context\": [\n {\n \"merchant_details\": {\n \"name\": \"<string>\",\n \"url\": \"<string>\",\n \"country_code_iso2\": \"<string>\",\n \"category_code\": \"<string>\",\n \"category\": \"<string>\"\n },\n \"product_details\": [\n {\n \"description\": \"<string>\",\n \"unit_price\": \"<string>\",\n \"product_id\": \"<string>\",\n \"quantity\": 1\n }\n ],\n \"effective_until_minutes\": 15\n }\n ],\n \"user_phone\": \"<string>\",\n \"user_country_code_iso2\": \"<string>\",\n \"external_order_ref\": \"<string>\",\n \"description\": \"<string>\",\n \"integration_type\": \"full_checkout\",\n \"callback_url\": \"<string>\",\n \"card\": {\n \"card_id\": \"<string>\",\n \"vault_ref_id\": \"3c90c3cc-0d44-4b50-8888-8dd25736052a\"\n }\n}"
response = http.request(request)
puts response.read_body{
"session_id": "<string>",
"session_token": "<string>",
"iframe_url": "<string>",
"order_id": "<string>",
"expires_at": "2023-11-07T05:31:56Z"
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}Create Session
Create a new payment session for a customer and order
curl --request POST \
--url https://sandbox.api.prava.space/v1/sessions \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"user_id": "<string>",
"user_email": "jsmith@example.com",
"total_amount": "<string>",
"currency": "<string>",
"purchase_context": [
{
"merchant_details": {
"name": "<string>",
"url": "<string>",
"country_code_iso2": "<string>",
"category_code": "<string>",
"category": "<string>"
},
"product_details": [
{
"description": "<string>",
"unit_price": "<string>",
"product_id": "<string>",
"quantity": 1
}
],
"effective_until_minutes": 15
}
],
"user_phone": "<string>",
"user_country_code_iso2": "<string>",
"external_order_ref": "<string>",
"description": "<string>",
"integration_type": "full_checkout",
"callback_url": "<string>",
"card": {
"card_id": "<string>",
"vault_ref_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}
}
'import requests
url = "https://sandbox.api.prava.space/v1/sessions"
payload = {
"user_id": "<string>",
"user_email": "jsmith@example.com",
"total_amount": "<string>",
"currency": "<string>",
"purchase_context": [
{
"merchant_details": {
"name": "<string>",
"url": "<string>",
"country_code_iso2": "<string>",
"category_code": "<string>",
"category": "<string>"
},
"product_details": [
{
"description": "<string>",
"unit_price": "<string>",
"product_id": "<string>",
"quantity": 1
}
],
"effective_until_minutes": 15
}
],
"user_phone": "<string>",
"user_country_code_iso2": "<string>",
"external_order_ref": "<string>",
"description": "<string>",
"integration_type": "full_checkout",
"callback_url": "<string>",
"card": {
"card_id": "<string>",
"vault_ref_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
user_id: '<string>',
user_email: 'jsmith@example.com',
total_amount: '<string>',
currency: '<string>',
purchase_context: [
{
merchant_details: {
name: '<string>',
url: '<string>',
country_code_iso2: '<string>',
category_code: '<string>',
category: '<string>'
},
product_details: [
{
description: '<string>',
unit_price: '<string>',
product_id: '<string>',
quantity: 1
}
],
effective_until_minutes: 15
}
],
user_phone: '<string>',
user_country_code_iso2: '<string>',
external_order_ref: '<string>',
description: '<string>',
integration_type: 'full_checkout',
callback_url: '<string>',
card: {card_id: '<string>', vault_ref_id: '3c90c3cc-0d44-4b50-8888-8dd25736052a'}
})
};
fetch('https://sandbox.api.prava.space/v1/sessions', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://sandbox.api.prava.space/v1/sessions",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'user_id' => '<string>',
'user_email' => 'jsmith@example.com',
'total_amount' => '<string>',
'currency' => '<string>',
'purchase_context' => [
[
'merchant_details' => [
'name' => '<string>',
'url' => '<string>',
'country_code_iso2' => '<string>',
'category_code' => '<string>',
'category' => '<string>'
],
'product_details' => [
[
'description' => '<string>',
'unit_price' => '<string>',
'product_id' => '<string>',
'quantity' => 1
]
],
'effective_until_minutes' => 15
]
],
'user_phone' => '<string>',
'user_country_code_iso2' => '<string>',
'external_order_ref' => '<string>',
'description' => '<string>',
'integration_type' => 'full_checkout',
'callback_url' => '<string>',
'card' => [
'card_id' => '<string>',
'vault_ref_id' => '3c90c3cc-0d44-4b50-8888-8dd25736052a'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://sandbox.api.prava.space/v1/sessions"
payload := strings.NewReader("{\n \"user_id\": \"<string>\",\n \"user_email\": \"jsmith@example.com\",\n \"total_amount\": \"<string>\",\n \"currency\": \"<string>\",\n \"purchase_context\": [\n {\n \"merchant_details\": {\n \"name\": \"<string>\",\n \"url\": \"<string>\",\n \"country_code_iso2\": \"<string>\",\n \"category_code\": \"<string>\",\n \"category\": \"<string>\"\n },\n \"product_details\": [\n {\n \"description\": \"<string>\",\n \"unit_price\": \"<string>\",\n \"product_id\": \"<string>\",\n \"quantity\": 1\n }\n ],\n \"effective_until_minutes\": 15\n }\n ],\n \"user_phone\": \"<string>\",\n \"user_country_code_iso2\": \"<string>\",\n \"external_order_ref\": \"<string>\",\n \"description\": \"<string>\",\n \"integration_type\": \"full_checkout\",\n \"callback_url\": \"<string>\",\n \"card\": {\n \"card_id\": \"<string>\",\n \"vault_ref_id\": \"3c90c3cc-0d44-4b50-8888-8dd25736052a\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://sandbox.api.prava.space/v1/sessions")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"user_id\": \"<string>\",\n \"user_email\": \"jsmith@example.com\",\n \"total_amount\": \"<string>\",\n \"currency\": \"<string>\",\n \"purchase_context\": [\n {\n \"merchant_details\": {\n \"name\": \"<string>\",\n \"url\": \"<string>\",\n \"country_code_iso2\": \"<string>\",\n \"category_code\": \"<string>\",\n \"category\": \"<string>\"\n },\n \"product_details\": [\n {\n \"description\": \"<string>\",\n \"unit_price\": \"<string>\",\n \"product_id\": \"<string>\",\n \"quantity\": 1\n }\n ],\n \"effective_until_minutes\": 15\n }\n ],\n \"user_phone\": \"<string>\",\n \"user_country_code_iso2\": \"<string>\",\n \"external_order_ref\": \"<string>\",\n \"description\": \"<string>\",\n \"integration_type\": \"full_checkout\",\n \"callback_url\": \"<string>\",\n \"card\": {\n \"card_id\": \"<string>\",\n \"vault_ref_id\": \"3c90c3cc-0d44-4b50-8888-8dd25736052a\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://sandbox.api.prava.space/v1/sessions")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"user_id\": \"<string>\",\n \"user_email\": \"jsmith@example.com\",\n \"total_amount\": \"<string>\",\n \"currency\": \"<string>\",\n \"purchase_context\": [\n {\n \"merchant_details\": {\n \"name\": \"<string>\",\n \"url\": \"<string>\",\n \"country_code_iso2\": \"<string>\",\n \"category_code\": \"<string>\",\n \"category\": \"<string>\"\n },\n \"product_details\": [\n {\n \"description\": \"<string>\",\n \"unit_price\": \"<string>\",\n \"product_id\": \"<string>\",\n \"quantity\": 1\n }\n ],\n \"effective_until_minutes\": 15\n }\n ],\n \"user_phone\": \"<string>\",\n \"user_country_code_iso2\": \"<string>\",\n \"external_order_ref\": \"<string>\",\n \"description\": \"<string>\",\n \"integration_type\": \"full_checkout\",\n \"callback_url\": \"<string>\",\n \"card\": {\n \"card_id\": \"<string>\",\n \"vault_ref_id\": \"3c90c3cc-0d44-4b50-8888-8dd25736052a\"\n }\n}"
response = http.request(request)
puts response.read_body{
"session_id": "<string>",
"session_token": "<string>",
"iframe_url": "<string>",
"order_id": "<string>",
"expires_at": "2023-11-07T05:31:56Z"
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}{
"error": {
"code": "<string>",
"message": "<string>",
"details": {}
}
}user_id and user_email are required for merchant (secret-key) requests: they identify the
customer this session belongs to. Only one purchase_context entry is supported per session
(multi-merchant is not yet available).Notes
- Sessions are short-lived and single-use, tied to a specific merchant, customer, and order.
effective_until_minutesinpurchase_contextcontrols how long the mandate (the spending permission created when the cardholder approves) is valid (default: 15).session_tokenandiframe_urlare used on the frontend: embedded via the SDK, or opened directly for hosted checkout.- Set
integration_type: "embedding"for the SDK flow; omit it (or use"full_checkout") for hosted, and provide acallback_url. - Sessions can be revoked via
POST /v1/sessions/:id/revoke.
Error responses
| Status | Code | Cause |
|---|---|---|
| 400 | VAL_2001 | Validation error: missing or invalid fields (details included in response) |
| 401 | AUTH_1001 | Invalid API key |
| 401 | AUTH_1002 | Missing or invalid Authorization header |
| 429 | TRIES_EXHAUSTED | Sandbox test-transaction limit reached for this merchant |
| 500 | MERCHANT_LOOKUP_ERROR | Failed to load merchant account for the given key |
| 500 | CONFIG_ERROR | Server-side configuration issue (Visa or Skyflow not configured) |
Authorizations
Your secret key: sk_test_* (sandbox) or sk_live_* (production).
Body
Unique identifier for the customer in your system
255Customer's email address
Total order amount in decimal format (e.g. "49.99")
ISO 4217 currency code — exactly 3 uppercase letters (e.g. "USD")
Exactly one purchase context object. Multi-merchant sessions are not currently supported.
1 elementShow child attributes
Show child attributes
Customer's phone number
Customer's country — 2 uppercase ISO 3166-1 letters
Your external order reference ID
255Human-readable description of the order
How the card is collected. full_checkout = hosted redirect; embedding = mount the iframe via the SDK.
full_checkout, embedding For hosted checkout: the https URL Prava redirects the cardholder to after they finish.
2048Pre-select a card for the session
Show child attributes
Show child attributes
Response
Session created