API Essentials

The Papaya Global Workforce Payments API is organized around REST. The API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

HTTP Methods

The Workforce Payments API uses HTTP methods to perform operations on resources. The most commonly used methods are:

Data Types

The Workforce Payments API consistently utilizes data types and formats.

Response Codes

The Papaya Global Workforce Payments API utilizes standard HTTP response codes to communicate the outcome of an API request. A status code falling within the 2xx range signifies success, while codes in the 4xx range point to errors caused by the input data (e.g., invalid parameters or missing information). Conversely, status codes in the 5xx range signal a server-related error.

Errors Response

The body of the Global Workforce Payments API error response typically includes the following fields:

Response Examples with Sub Code

{
  "error": "Error Message",
  "description": "Failed calling service",
  "error_code": "Error Code",
  "sub_code": "Sub Code",
  "error_info": { // Example for HTTP error
    "timestamp": "Timestamp",
    "status": "HTTP Status Code",
    "error": "Error Message",
    "path": "Request Path"
  }
}

{
  "error": "not_found",
  "description": "Wallet not found",
  "error_code": 404,
  "sub_code": 1000,
  "error_info": {
    "timestamp": "2024-03-04T07:55:43.543Z",
    "status": 404,
    "error": "The specified wallet ID does not exist.",
    "path": "/v1/wallet"
  }
}

Response Examples without Sub Code

{
  "error": "Error Message",
  "description": "Failed calling service",
  "error_code": "Error Code"

{
  "error_code": 401, 
  "error": "Unauthorized", 
  "description": "Authorization failed. The server could not verify your credentials. Please check your configuration and try again."
}

Rate Limits

To ensure a responsive and fair usage environment for all our users, we enforce rate limits on our REST API. Each endpoint has an assigned request limit carefully calibrated to balance frequent access with system integrity and equitable resource distribution.

• Standard Rate Limit: Our standard rate limit is 500 requests per minute per authenticated user. This applies to most endpoints unless otherwise specified.

• Extended Limits: Higher rate limits may be available depending on your subscription tier or upon request for specific use cases that require more frequent access.

• Headers and Feedback: Every API response includes HTTP headers that provide your current rate limit status:

  • X-RateLimit-Limit: The maximum number of requests permitted within the window.

  • X-RateLimit-Remaining: The remaining number of requests within the current rate limit window.

  • X-Ratelimit-Used: The total amount of requests you have made during the current rate limit interval.

  • X-RateLimit-Reset: When the current rate limit window resets in UTC epoch seconds.

  • X-Ratelimit-Resource: The resource against which the request was counted for rate-limiting purposes.

• Best Practices: We recommend implementing retry logic with exponential backoff and respecting the Retry-After header where applicable. This approach aids in efficiently utilizing rate limits and reduces the likelihood of encountering limits.

• Exceeding Limits: Attempts to exceed rate limits will result in a 429 Too Many Requests response. Continuous overage may lead to temporary or permanent suspension of API access. We urge all users to architect their applications to handle such responses gracefully.

• Changes and Notifications: Rate limits are subject to change based on system performance and user demand. All changes will be communicated through our developer channels and API change log.