Unipaas
Foundation
Unipaas provides end-to-end embedded payments for digital platforms and marketplaces (SaaS, gig economy, B2B/B2C marketplaces). You onboard vendors (sub-merchants), accept payments, manage accounts (balances), and pay funds out — while controlling money flows and staying PSD2/PCI compliant.
Get a sandbox key. Create a free test account at https://portal.unipaas.com/signup. The test account is unlimited and always available. Find your Private Key in the portal under the developer/keys section. Sandbox and Live credentials are completely separate and share no data.
Base URLs.
- Sandbox:
https://sandbox.unipaas.com/platform - Production (Live):
https://api.unipaas.com/platform
Two auth modes (details in references/auth.md).
- Server-to-server: send your Private Key as
Authorization: Bearer {{PRIVATE_KEY}}directly on API calls (checkout creation, pay-ins, accounts, payouts, onboarding). The private key must stay server-side. - Two-step
/authorizeflow (for client-side platform embeds): your serverPOSTs the private key to/authorizewithscopesand (usually) avendorId, and receives a temporaryaccessToken. The client uses that access token — never the private key.
Idempotency. To avoid duplicate execution on retries, add a requestId: <id> header to POST requests. The same requestId applied multiple times yields a single result. Request IDs are valid for 24 hours.
Decision map
Four products, three integration tiers. Pick the tier that matches your dev capacity and PCI posture.
| Product | No-code | Low effort | Mid effort |
|---|---|---|---|
| Onboarding | Hosted onboarding link | Embedded UI (unipaas.components) | Onboarding API |
| Accept payments | Payment Link (portal) | Checkout Page / Web SDK | Pay-in API (server-to-server) |
| Account management | Portal view | Account/Balance component | Account API |
| Pay funds out | Manual/Scheduled payout via portal | Payout form / Account component | Payouts API |
Guidance:
- Want zero code? Use Payment Link, hosted onboarding link, portal payouts.
- Want your own UI with low effort + reduced PCI? Use the Checkout Page (redirect), Web SDK secure fields, or buyer web-embeds; use platform embeds for onboarding/balance/portal.
- Want full control / white-label / native app? Use the APIs. Pay-in API (raw card data) requires PCI SAQ D.
Note: a transaction sent without a vendorId is recorded against the platform account.
Client-side checkout paths
See references/web-sdk.md for full steps. Two buyer-payment paths, both authenticated with the sessionToken returned by a server-side POST /pay-ins/checkout — not the /authorize access token.
- Secure-fields SDK — load
https://cdn.unipaas.com/unipaas.sdk.js(exposes theUnipaasglobal). Build your own card form, thennew Unipaas().initTokenize(sessionToken, fields, options). Secure fields are a feature of this bundle, not a separate package. - Buyer web-embeds — load
https://cdn.unipaas.com/embedded-ui.js, thenunipaas.buyerComponents(sessionToken, config)and.create("checkout"|"card"|"digitalWallet").mount("#id").
Auth boundary (important):
- Buyer payment (secure fields and buyer web-embeds) →
sessionTokenfromPOST /pay-ins/checkout. - Platform embeds (
unipaas.components: balance, invoice, onboarding, payPortal, notification) → the/authorizeaccess token with scopes + vendorId. Buyer checkout does not use the/authorizeaccess token.
After any client-side authorization, verify server-side with GET /pay-ins/{authorizationId}; status must be CAPTURED for success.
References
- references/auth.md — the
/authorizeflow, scopes, token lifecycle, idempotency. - references/accept-payments.md — Accept Payments product, the three tiers, the Checkout Page, create-payment, tokenization, webhooks.
- references/web-sdk.md — the two client-side buyer-payment paths fed by
sessionToken. - references/security.md — key handling, what stays server-side, the PCI surface.