Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.veridianhp.com/llms.txt

Use this file to discover all available pages before exploring further.

API introduction

The Veridian API is a small REST API over HTTPS. Requests and responses are JSON. There is no SDK requirement — anything that can speak HTTPS can speak Veridian.

Base URLs

EnvironmentBase URL
Sandboxhttps://api.sandbox.veridianhp.com
Productionhttps://api.veridianhp.com
Sandbox and production are fully isolated. Sandbox keys cannot move money; production keys cannot reach sandbox data.

Authentication

Every request requires an Authorization header with a bearer token: 
Authorization: Bearer vbk_sb_xxxxxxxxxxxxxxxxxxxxxx
See Authentication for key management, rotation, and revocation.

Request format

  • Content-Type: application/json on all POST and PATCH requests
  • UTF-8 only
  • Timestamps are ISO 8601 in UTC: 2026-05-28T15:32:00Z
  • Money is always integer cents: 14500 is $145.00
  • IDs are opaque strings with a typed prefix (ses_, prc_, evt_)

Response format

Successful responses return 200, 201, or 204 with a JSON body matching the schema documented for each endpoint. Error responses always include: 
{
  "error": {
    "code": "session_not_found",
    "message": "No session with that id.",
    "requestId": "req_01HZX9..."
  }
}
See Errors for the full code list and how to map them to your own retry logic.

Stability and versioning

Veridian uses additive versioning:
  • We never break a field or endpoint without a major version bump.
  • We do add new fields, new endpoints, and new event types.
  • Your integration should ignore fields it doesn’t recognize.
  • Webhook payloads follow the same rule.
The current API version is implicit in the base URL. Major version bumps will be opt-in via a Veridian-Version header.

Rate limits

See Rate limits. The short version: sandbox is generous, production is sized for normal practice volume. We return 429 with a Retry-After header if you exceed it.

What’s next

Authentication

API keys, scopes, rotation, revocation.

Sessions

The core payment-session endpoint family.