BridgPay Merchant API
HMAC-SHA256 authenticated payout APIs. Byte-compatible with the legacy v1 contract — drop in your existing prod integration unchanged.
BridgPay's merchant APIs use HMAC-SHA256 authentication to ensure request authenticity, payload integrity, replay-attack prevention, and response integrity.
End points
| Environment | Base URL |
|---|---|
| Production | https://api.bridg.money |
| Beta | https://api-beta.bridg.money |
| UAT (this stack) | https://api.n3v.in |
The four endpoints
| Method | Path | Purpose |
|---|---|---|
POST | /v1/beneficiaries | Create a beneficiary |
DELETE | /v1/beneficiaries/:beneficiaryId | Soft-delete a beneficiary |
POST | /v1/payouts | Initiate a payout |
GET | /v1/payouts/:payoutTransactionId | Fetch a payout's current state |
That's the entire merchant-facing public surface. Everything else — wallet balance, top-ups, KYC, settings — happens inside the merchant portal.
Quick start
- Generate an API key + signing key under Settings → API Keys in the merchant portal. The signing key is shown once — store it in your secret manager immediately.
- Compute the HMAC signature over the canonical request string for every call. See Generate Signature.
- Send three headers on every signed request:
x-api-key,x-timestamp,x-signature. See Authentication Headers. - Receive payout status updates via webhook. See Webhooks.