You can use the Helcim API to integrate payments and other aspects of the Helcim system into your application or website. The API can also be used to retrieve, create, or modify a number of data objects beyond payments, including customers, card batches, invoices, and transactions.

API Overview

The Helcim API is grouped into several subcategories as outlined in our API reference documentation. Each of these have a different use case and allow you to execute different functions in the Helcim system.

The Payment API endpoints enable merchants to process credit card payments through their website or application. Payment types include, Purchase, Preauthorization, Capture, Verify, Refund, and Reverse.
The Invoice API endpoints enable merchants to create, view, and update invoices. API functions include Get invoice, Get invoices, Create invoice and Update invoice.
The Card Batch API endpoints enable merchants to view and settle their Credit Card Batches. API functions include Get Card Batches, Get Card Batch, and Settle an Open Card Batch.
The Card Transaction API endpoints enable merchants to view previous payment transactions. API functions include Collects up to 1000 Card Transactions and Get Card Transaction by id.
The Customer API endpoints enable merchants to create, view and update customers and view and modify customer payment information. API functions include Get customer and Get customers, Create customer, Update customer, as well as functions to get existing card and bank account information linked to customer objects.

Let's get started!

API Overview

Technical Overview

The newest version of the Helcim API brings our API endpoints up to a modern REST standard that is familiar to developers.

When using the Helcim API there are some important technical points to take into consideration. Outlined below we'll cover some of these points and where appropriate we will link to relevant documentation to help you integrate with Helcim smoothly.

Only requests authenticated by a valid Helcim API token will be accepted by any API endpoint.
The Helcim API will only accept requests sent from your website or applications secure back-end server.

API Message Format

The Helcim API consumes requests in JSON with all required information in the request header and body and returns a JSON object as a response.

When a successful connection is established, a standard status 200 HTTP code will be returned for successful requests. You should not assume that a status 200 code indicates that the requested action was successfully performed; instead you should refer to the response object for more information on the outcome of the request.

Request Header

Only authorized users may submit requests to Helcim API endpoints. In order to authenticate with our service, send your api-token in the header of your request and ensure that the permissions for your respective API Access Configuration allow for the request you are making.

Request headers should also include accept and 'content-type' parameters set to 'application/json'.
Requests sent to Payment API endpoints also require an idempotency-key value to be sent.

  headers: {
    accept: 'application/json',
    'content-type': 'application/json',
    'api-token': 'YOUR_API_TOKEN'
  }

Request Body

Body parameters should be sent in your request in JSON format. Each respective endpoint has unique required and optional body parameters to be sent in your request.

Review our API reference documentation to see what information is required for the endpoint that you are calling, or review the specific API guides for more detailed information about specific requests.

Responses

The API will return a response as a JSON object for your website or application to consume, with relevant data objects or an errors object that outlines any errors that occurred. Some possible response types from the API include:

A single object
A transaction response object
An array of objects
An array of errors

// Example transaction response object
{
  "transactionId": 25557533,
  "dateCreated": "2024-05-13 12:49:06",
  "cardBatchId": 3559552,
  "status": "APPROVED",
  "user": "Helcim System",
  "type": "purchase",
  "amount": 100.99,
  "currency": "CAD",
  "avsResponse": "X",
  "cvvResponse": "",
  "cardType": "MC",
  "approvalCode": "T7E8ST",
  "cardToken": "2f7c46a9aa15c52da72380",
  "cardNumber": "5454545454",
  "cardHolderName": "John Doe",
  "customerCode": "CST1035",
  "invoiceNumber": "INV1263",
  "warning": ""
}

HTTP Response Codes

The Helcim API will return a response code appropriate to the outcome of the request and will follow REST best practices when it comes to HTTP response codes.

HTTP Status Code	Message	Description
200	Ok	The request succeeded. This response is a generic response for successful requests, including getting or updating a resource.
201	Created	A new resource was successfully created and is typically provided in response to a POST request to create a new resource.
202	Accepted	The request has been received but not yet acted upon and is returned when a request is queued for later processing.
204	No Content	The request was successful, but the Helcim API has no data to respond with, such as when a resource is successfully deleted.
400	Bad Request	The server cannot process your request. The JSON response will contain the desired information requested, or an error with the structure of the API request (such as missing or invalid request fields).
401	Unauthorized	There are missing or invalid credentials in the request. Either no API token was provided, or an incorrect API token was provided, such as providing a legacy token for a V2 endpoint.
403	Forbidden	The given credentials are not permitted for this action. The permissions associated with the API token do not allow for the requested action and should be updated resending the request.
405	Method Not Allowed	The resource or action exists, but is not supported with the given request method, such as attempting to delete a resource that does not allow for this.
409	Conflict	The request received conflicts with a previous request accepted by the APOI, often caused by an idempotency key that has been assigned to an existing successful transaction.
500	Internal Server Error	A fatal error in logic has impacted the ability of the API to provide a well structured response. Internal server errors can be reported to Helcim support for further investigation.
522	Service Unavailable	Services are down, impacting our ability to provide a response at this time.

API Rate Limits

In order to protect the Helcim system and maintain service quality and availability for our merchants, the Helcim API has rate limits on requests to our endpoints.

These rate limits restrict the number of API calls a user can make to our API in a given time period and multiple API tokens on the same Helcim account share the same limit. The Helcim API will check the total number of requests in the last 60 seconds or 60 minutes from the time of request, to ensure that the total number of requests does not exceed the below limits.

Concurrent Limit: 5 calls in progress at one time.
Minute Limit: 100 calls per minute.
Hourly Limit: 3000 calls per hour.

If you exceed the rate limits outlined in this documentation, the Helcim API will return an error response with HTTP code 429 - Too Many Requests. You will need to wait until your limits have reset before making further calls to the Helcim API.

Headers

The remaining requests for each rate limit are included in the header of the Helcim API response to your request.

minute-limit-remaining: 99
hour-limit-remaining: 2999

SSL / TLS Ciphers

Helcim API calls are made over HTTPS (port 443) and the connection is secured using an SSL certificate with a SHA256 key. To adhere to strong PCI-DSS standards we've disconnected weak connections and ciphers, including SSLv3, TLS1.0 and TLS1.1.

Below is a complete list of allowed ciphers:

EECDH+ECDSA+AESGCM
EECDH+aRSA+AESGCM
EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256
EECDH+aRSA+SHA384
EECDH+aRSA+SHA256
EECDH
EDH+aRSA