Skip to main content

Overview

Merchant endpoints handle merchant registration and public merchant information lookup.

Endpoints

Get Merchant by Address

Lookup merchant information by Sui address (public endpoint). 
GET /api/identipay/v1/merchants/by-address/:suiAddress

Path Parameters

suiAddress
string
required
The merchant’s Sui address (66-character hex with 0x prefix)

Response

name
string
Merchant display name
publicKey
string
Merchant’s public key (64-character hex)
suiAddress
string
Merchant’s Sui address
did
string
Merchant’s decentralized identifier (DID)

Example Request

curl https://api.identipay.com/api/identipay/v1/merchants/by-address/0xabc123...

Example Response

{
  "name": "Acme Store",
  "publicKey": "a1b2c3d4e5f6...",
  "suiAddress": "0xabc123...",
  "did": "did:identipay:acme.com:550e8400-e29b-41d4-a716-446655440000"
}

Error Responses

404 Not Found
Merchant with the specified address does not exist
{
  "error": "Merchant not found"
}

Register Merchant

Register a new merchant and receive an API key (public endpoint). 
POST /api/identipay/v1/merchants/register

Request Body

name
string
required
Merchant display name (1-255 characters)
suiAddress
string
required
Merchant’s Sui address (66-character hex with 0x prefix)
hostname
string
required
Merchant’s hostname (1-255 characters, must be unique)
publicKey
string
required
Merchant’s public key (64-character lowercase hex)

Response

id
string
Generated merchant UUID
did
string
Merchant’s decentralized identifier
apiKey
string
API key for authenticated endpoints (shown only once)

Example Request

curl -X POST https://api.identipay.com/api/identipay/v1/merchants/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Store",
    "suiAddress": "0xabc123...",
    "hostname": "acme.com",
    "publicKey": "a1b2c3d4e5f6..."
  }'

Example Response

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "did": "did:identipay:acme.com:550e8400-e29b-41d4-a716-446655440000",
  "apiKey": "ip_live_abc123def456..."
}
The API key is only returned once during registration. Store it securely.

Error Responses

Implementation Details

Registration Flow

When a merchant registers (see routes/merchants.ts:35-83):
  1. Validate Input: Check required fields and formats
  2. Check Uniqueness: Verify hostname is not already registered
  3. Generate Credentials:
    • UUID for merchant ID
    • DID: did:identipay:{hostname}:{id}
    • API key (random secure string)
    • API key hash (SHA-256)
  4. On-Chain Registration: Call suiService.registerMerchantOnChain() to register in the trust registry
  5. Database Storage: Store merchant info with hashed API key
  6. Return Response: Return ID, DID, and plain-text API key

Security

  • API keys are hashed using SHA-256 before storage
  • Only the hash is stored in the database
  • The plain-text API key is never retrievable after initial registration

DID Format

Merchant DIDs follow the pattern: 
did:identipay:{hostname}:{uuid}
Example: 
did:identipay:acme.com:550e8400-e29b-41d4-a716-446655440000
  • Proposals - Create payment proposals (requires API key)
  • Transactions - Check transaction status (requires API key)

Build docs developers (and LLMs) love

Get started for freeTalk to us