Payment Gateway API Documentation Generator
Fill in a small config and generate a complete, payment-specialized API documentation page — authentication, Create Payment, refunds, disputes, subscriptions, webhooks, idempotency, error codes and PCI compliance notes — with copyable curl/JSON snippets and a one-click Markdown export. Generated entirely in your browser.
Send your secret key as a Bearer token in the Authorization header. Rotate keys regularly and scope them to the least privilege your integration needs.
Authorization: Bearer sk_live_4eC39HqLyjWDarjtT1zdp7dcCharge $24.99 (2499 minor units, USD). The Idempotency-Key makes retries safe.
curl -X POST https://api.acmepay.com/v1/payments \
-H "Authorization: Bearer sk_live_4eC39HqLyjWDarjtT1zdp7dc" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: idem_$(uuidgen)" \
-d '{
"amount": 2499,
"currency": "USD",
"source": "tok_visa",
"description": "Order #1042",
"capture": true
}'{
"id": "pay_acme-pay_3Nd8x2KqL",
"object": "payment",
"status": "succeeded",
"amount": 2499,
"amount_captured": 2499,
"currency": "USD",
"source": {
"brand": "visa",
"last4": "4242",
"exp_month": 12,
"exp_year": 2029
},
"description": "Order #1042",
"idempotency_key": "idem_b1f9c0d4-7a2e-4c11-9f3d-2a6e8c1b5d7f",
"livemode": true,
"created": 1718668800
}Issue a full or partial refund. Omit amount for a full refund.
curl -X POST https://api.acmepay.com/v1/refunds \
-H "Authorization: Bearer sk_live_4eC39HqLyjWDarjtT1zdp7dc" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: idem_$(uuidgen)" \
-d '{
"payment": "pay_acme-pay_3Nd8x2KqL",
"amount": 1250,
"reason": "requested_by_customer"
}'{
"id": "re_9Kp2sLm4Qe",
"object": "refund",
"status": "succeeded",
"payment": "pay_acme-pay_3Nd8x2KqL",
"amount": 1250,
"currency": "USD",
"reason": "requested_by_customer",
"created": 1718672400
}A dispute is created when a cardholder charges back. Submit evidence before evidence_due_by.
{
"id": "dp_5Tn7vQx1Az",
"object": "dispute",
"status": "needs_response",
"payment": "pay_acme-pay_3Nd8x2KqL",
"amount": 2499,
"currency": "USD",
"reason": "fraudulent",
"evidence_due_by": 1719273600,
"created": 1718758800
}Recurring billing against a saved customer and price, with an optional trial.
curl -X POST https://api.acmepay.com/v1/subscriptions \
-H "Authorization: Bearer sk_live_4eC39HqLyjWDarjtT1zdp7dc" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: idem_$(uuidgen)" \
-d '{
"customer": "cus_Qh3Lp9Rm",
"price": "price_monthly_pro",
"quantity": 1,
"trial_period_days": 14
}'{
"id": "sub_8Wd2kPq0Lx",
"object": "subscription",
"status": "active",
"customer": "cus_Qh3Lp9Rm",
"price": "price_monthly_pro",
"quantity": 1,
"currency": "USD",
"amount_per_period": 2499,
"current_period_start": 1718668800,
"current_period_end": 1721260800,
"cancel_at_period_end": false
}Payment outcomes can be asynchronous. Subscribe to events instead of polling, and verify the signature on every payload.
| Event | Fires when |
|---|---|
| payment.succeeded | A payment was authorized and captured successfully. |
| payment.failed | A payment attempt was declined or errored. |
| payment.pending | An asynchronous payment (e.g. bank debit) is awaiting settlement. |
| refund.created | A full or partial refund was issued against a payment. |
| refund.failed | A refund could not be processed and was reversed. |
| dispute.opened | The cardholder opened a chargeback; evidence is required. |
| dispute.closed | A dispute was resolved (won or lost). |
| subscription.renewed | A subscription cycle billed successfully. |
| subscription.canceled | A subscription was canceled or lapsed. |
Send a unique Idempotency-Key header on every money-moving POST. The server stores the first response for 24 hours and replays it for any retry with the same key — a dropped connection never double-charges. Reusing a key with a different body returns 409 idempotency_conflict.
| HTTP | Code | Meaning |
|---|---|---|
| 400 | bad_request | Malformed JSON, missing required field, or unsupported parameter. |
| 401 | unauthenticated | Missing or invalid API key / signature. |
| 402 | card_declined | The card issuer declined the charge (insufficient funds, fraud rules, etc.). |
| 403 | forbidden | The key is valid but lacks permission for this resource or is in the wrong mode. |
| 404 | resource_missing | No object exists for the supplied id. |
| 409 | idempotency_conflict | An Idempotency-Key was reused with a different request body. |
| 422 | validation_error | Parameters are well-formed but fail a business rule (e.g. amount below minimum). |
| 429 | rate_limited | Too many requests; back off using the Retry-After header. |
{
"error": {
"type": "card_error",
"code": "card_declined",
"decline_code": "insufficient_funds",
"message": "Your card has insufficient funds.",
"http_status": 402,
"request_id": "req_3Kd8xQ2Lp9"
}
}- Tokenize card data. Collect PANs with a hosted field or client SDK so raw card numbers never touch your servers — this keeps you in the reduced PCI-DSS SAQ A scope.
- Never log a PAN, CVV or full track data. Mask to the last four digits.
- Always use HTTPS (TLS 1.2+) and reject plaintext requests.
- Rotate keys and signing secrets and store them in a secrets manager, not in source control.
Note: this is a documentation template, not legal or compliance advice. Confirm your PCI-DSS obligations with a Qualified Security Assessor and your legal team before publishing.
What good payment API docs get right
Payment APIs are unforgiving to document badly, because every ambiguity is a chance to move the wrong amount of money. The two details that distinguish credible payment docs from generic REST docs are amount representation and idempotency. Amounts are always integers in the currency's smallest unit — cents, pence, paise — never floats, because floating-point arithmetic on money rounds in ways that fail reconciliation. This generator emits integer minor units everywhere alongside the explicit ISO currency code, so a reader is never left guessing whether 2499 means twenty-five dollars or twenty-five cents.
Webhooks are not optional in payments — they are how you learn the true outcome of an asynchronous flow. A card may require 3-D Secure, a bank debit settles hours later, and a dispute lands days after the original charge; none of those final states fit in the synchronous HTTP response. Good docs publish the event catalogue (payment.succeeded, payment.failed, refund.created, dispute.opened) up front and insist on signature verification, because a webhook endpoint that trusts unsigned payloads is a fraud vector. The generated webhook table gives integrators that catalogue immediately.
Idempotency keys deserve a section of their own, and most generated docs omit them. The contract is simple but load-bearing: a unique key on every money-moving POST lets the client retry a dropped request without double-charging, and reusing a key with a different body must fail loudly with 409 rather than silently doing the wrong thing. Pair that with a clear error table — 402 card_declined, 422 validation_error, 429 rate_limited with Retry-After — and integrators can build correct retry logic on the first read. The companion API authentication builder covers the auth half of that contract in depth.
Finally, compliance. Reducing PCI-DSS scope through tokenization — collecting card data with a hosted field so PANs never reach your servers — is the single highest-leverage architectural decision in a payments integration, and it belongs in the docs so partners build it correctly from day one. The compliance notes here summarize that good practice but are deliberately framed as a template, not advice; your real obligations depend on your processor and jurisdiction. For the surrounding REST surface, the OpenAPI documentation generator turns a full spec into a browsable reference.
Trusted by Fintech & Payments Engineers
“The minor-units handling and the idempotency key on every POST are exactly right — most generated docs get money representation wrong. I switched the currency to INR and every example updated to paise correctly. Dropped the Markdown straight into our internal docs site.”
“Flipping the auth scheme to HMAC and seeing the X-Signature pattern propagate into every curl example saved me writing the auth section by hand. The 409 idempotency_conflict and 402 card_declined rows in the error table are the ones people always forget to document.”
“I use this to scaffold partner-facing docs before our writers polish them. The webhook table and the not-legal-advice disclaimer on the compliance section are sensible defaults. I'd love a Python/Node SDK snippet toggle, but the curl plus JSON pairing already covers the core.”
“The subscription example with trial_period_days and the renewal webhook matched our real model closely enough that I copied it almost verbatim. Runs entirely in-browser so I could draft docs for an unreleased gateway without anything leaving my laptop.”
Love using our calculator?
Related API tools
Similar Calculators
More tools in the same category
OpenAPI/Swagger Documentation Generator
Generate interactive API documentation from OpenAPI specifications
Postman Collection to Docs Converter
Convert Postman collections into comprehensive API documentation
cURL to Documentation Converter
Transform cURL commands into structured API documentation
Interactive API Playground Generator
Create interactive API testing playgrounds for your documentation
GraphQL Schema Visualizer
Visualize GraphQL schemas with interactive diagrams and documentation
Webhook Documentation Generator
Generate comprehensive webhook documentation with payload examples
Often Used Together
Complementary tools for complete analysis
Related Articles
Dive deeper with our expert guides and tutorials related to Payment Gateway API Documentation Generator
auth · payments · refunds · disputes · webhooks · idempotency · errors · compliance · in-browser · Last reviewed: 2026-06