Skip to main content

Account configuration

To make use of the Checkout Components, the domains that you want to use the SDK on need to be added to your account or your sellers' accounts. If you're using the Deferred integration you will need to retrieve the accountPublishableKey of an account. For certain payment methods, like Apple Pay, additional account configuration is required.

Allowed domains

Depending on your model you need to add domains to your account or the account of your sellers. When your seller is the merchant of record and you use the processing_account_id in the payments request you need to add the domain(s) to your sellers account.

You can add multiple or a single domain to an account. We expect a Fully Qualified Domain Name, for example: "example.com" or "www.example.com". Domains are appended to the allowed list of the account and can be removed separately.

Important

On production all domains must be served over HTTPS.
On staging you can add localhost using HTTP.

Add multiple domains to an account

curl 'https://config-api.rootline.com/v1/accounts/{account_id}/allowed-domains' \
  --request POST \
  --header 'content-type: application/json' \
  --header 'x-api-key: [paste-your-api-key]' \
  --header 'rootline-version: 2024-04-23' \
  --data '{
    "allowed_domains":
    [
        "demoshop.example.com",
        "www.example.com"
    ]
}'

Add a single domain to an account

curl 'https://config-api.rootline.com/v1/accounts/{account_id}/allowed-domains' \
  --request POST \
  --header 'content-type: application/json' \
  --header 'x-api-key: [paste-your-api-key]' \
  --header 'rootline-version: 2024-04-23' \
  --data '{
    "allowed_domain": "demoshop.example.com"
}'

Retrieve allowed domains of an account

curl 'https://config-api.rootline.com/v1/accounts/{account_id}/allowed-domains' \
  --request GET \
  --header 'content-type: application/json' \
  --header 'x-api-key: [paste-your-api-key]' \
  --header 'rootline-version: 2024-04-23'

Removing a domain from an account

curl 'https://config-api.rootline.com/v1/accounts/{account_id}/allowed-domains/www.example.com' \
  --request DELETE \
  --header 'content-type: application/json' \
  --header 'x-api-key: [paste-your-api-key]' \
  --header 'rootline-version: 2024-04-23'

Retrieving the accountPublishableKey

To retrieve the accountPublishableKey from an account for the deferred flow you will need to make a GET /accounts/{account_id} request:

curl 'https://config-api.rootline.com/v1/accounts/{account_id}' \
  --request GET \
  --header 'content-type: application/json' \
  --header 'x-api-key: [paste-your-api-key]' \
  --header 'rootline-version: 2024-04-23'

Apple Pay

Apple Pay requires a domain to be verified in order to use it. To verify your domain you need to take the following steps:

  1. Download the domain association file
  2. Upload the domain association file to each domain you want to offer Apple Pay and make sure it's accessible on the following path: /.well-known/apple-developer-merchantid-domain-association
  3. Make a PATCH request to /accounts/{account_id}/payment-methods-settings/applepay with the domains you want to verify:
curl 'https://config-api.rootline.com/v1/accounts/{account_id}/payment-methods-settings/applepay' \
  --request PATCH \
  --header 'content-type: application/json' \
  --header 'x-api-key: [paste-your-api-key]' \
  --header 'rootline-version: 2024-04-23' \
  --data '{
      "applepay_settings": {
        "domains": [
          "test.com"
        ]
      }
    }'
info

The domain association file needs to be externally accessible. It cannot be password protected or behind a proxy or redirect. Ensure the file is served as Content-Type: text/plain.