Skip to main content

Guides

Welcome!

This section walks you through everything you need to integrate with Nopan safely and predictably.
If you are new, begin with the Integration Walkthrough, then complete the steps in Authentication, followed by Request Signing. After that, review cross-cutting topics like idempotency, webhooks, versioning, and error handling.

Who this is for

These guides are for engineers building machine-to-machine integrations with Nopan’s APIs.

Quick start

  1. Read the Integration Walkthrough to understand environments, endpoints, and the end-to-end flow.
  2. Set up mTLS with a signed client certificate.
  3. Obtain an access token via OAuth 2.0.
  4. Implement detached request signing on every API call.
  5. Enable idempotency on writes.
  6. Subscribe to webhooks, verify signatures, and consume event types.
  7. Ship with the right versioning strategy and error handling.

Integration Walkthrough

End-to-end setup and the overall request lifecycle.

Start the walkthrough →

Authentication Overview

How mTLS, OAuth tokens, and request signing fit together.

Read the overview →

mTLS Client Certificate

Issue, rotate, and present a signed certificate for transport security.

Set up mTLS →

Access Token

Obtain and use OAuth 2.0 tokens for authorization.

Get a token →

Request Signing

Sign each request for integrity and non-repudiation.

Implement signing →

Idempotency

Make writes safe to retry and prevent duplicates.

Add idempotency →

Mocking

Use mocks to build and test without live funds movement.

Use the mock environment →

Webhooks

Receive events, verify signatures, and handle retries.

Set up webhooks →

Versioning

Choose a version and roll forward safely.

Learn about versions →

Errors

Standard error model, codes, and retry guidance.

Handle errors correctly →

Support

How to contact us and what to include in tickets.

Get support →

Glossary

Definitions of terms used throughout the docs.

Open the glossary →

Architecture at a glance

The authentication and authorization model layers security:

  • Transport: mTLS with a client certificate establishes a mutually authenticated TLS channel.
  • Authorization: OAuth 2.0 access tokens grant scoped access to protected APIs.
  • Integrity: Each request is protected with a detached JWS signature.
Recommended order of implementation
  1. mTLS
  2. Access token flow
  3. Request signing
  4. Idempotency on all non-GET operations
  5. Webhooks and event processing
Go-Live Checklist

You can always rely on your Nopan contact to coordinate your launch.

See the Go-Live Checklist for the full set of steps required before we can begin processing live transactions.