docs.cresoracommerce.com/getting-started/quickstart

Quickstart

Audience:DeveloperEst. time:30 minLast updated:May 2026API:v1Phase:MVP 0

Make your first test payment in under 30 minutes using your csk_test_ API key.

ℹNote

Before you begin, you need a Partner account and a test API key (csk_test_ prefix). Request access via the Partner Portal →

Step 1 — Retrieve your test credentials

Sign in to the Partner Portal and navigate to API Settings → Keys. Copy the test secret key — it will be displayed only once. For automated rotation, see Retrieve credentials.

🔁Mode

Your API key prefix tells Cresora which mode to use. csk_test_ keys operate in test mode (no real money movement). csk_live_ keys are issued after certification. Both use the same single API host.

Step 2 — Make your first API call

The Payments API is a single POST endpoint. Pass an amount, currency, and merchant ID.

1curl -X POST https://api.cresoracommerce.com/v1/payments \
2  -H "Authorization: Bearer csk_test_xxxxxxxxxxxx" \
3  -H "Content-Type: application/json" \
4  -H "Idempotency-Key: idem_$(uuidgen)" \
5  -d '{
6    "amount": 10000,
7    "currency": "USD",
8    "payment_method": "card",
9    "merchant_id": "mrch_xxxxxxxxxx",
10    "capture_method": "automatic"
11  }'

Step 3 — Handle the response

1{
2  "id": "pay_xxxxxxxxxxxxxxxxxx",
3  "status": "captured",
4  "amount": 10000,
5  "currency": "USD",
6  "merchant_id": "mrch_xxxxxxxxxx",
7  "created_at": "2026-05-18T10:00:00Z",
8  "test_mode": true
9}

status can be authorized,captured, or failed. Thetest_mode: true flag is always present on sandbox responses — never present in production.

🔒PCI scope

This endpoint must only be called server-to-server. Never pass raw card data through your server — use the HPP integration or direct tokenization to reduce PCI scope to SAQ A.

Step 4 — Set up your webhook receiver

💡Tip

Build your webhook receiver before going live. Webhook events are the authoritative source for payment lifecycle state — don't poll.

Register your endpoint URL in the Partner Portal, then verify the signature on each delivery. See the full webhooks guide.

Common errors

Code	Meaning	Fix
auth_failed	Invalid or expired API key	Check key prefix and rotation status in the Partner Portal
merchant_not_found	merchant_id does not exist under your partner account	Verify MID in the Partner Portal
idempotency_conflict	Same idempotency key used with different parameters	Generate a new unique key per request

Next steps

HPP Integration →

Hosted payment page with white-label branding

Webhooks →

Event catalog & signature verification

Certification Overview →

Path from sandbox to production go-live

Sandbox & Test Data →

Test PANs, ACH returns, 3DS2 simulation