# Documentation overview

Mandarin documentation describes how to connect payment services — from ready-made no-code solutions to full API integration.

# Where to start

# Request authentication

The method depends on which API you use.

# X-Auth

Used in the main Public API: payment acceptance, payouts, tokenization, simplified identification.

Each request includes an X-Auth header — a string built from merchantId, a signature, and a unique requestId. The signature is SHA256 of merchantId, requestId, and Secret. This confirms the request comes from the account owner and helps prevent replay attacks.

Credentials (merchantId and Secret) are taken from the personal account.

Details: Basic principles — authentication.

# OAuth 2.0 (Bearer)

Used in Business API, self-employed API, and BaaS (routing).

First, obtain an access_token via OAuth 2.0 with the client_credentials grant, then send it in the Authorization: Bearer {token} header. The token is valid for a limited time (usually 10 hours); request a new one when it expires.

client_id and client_secret are issued by Support (opens new window).

Details: Business API, Self-employed, BaaS.

# X-Api-Key

Used in the unified payment form API (invoice creation).

The API key is created in the personal account in payment link settings (Integration section) and sent in the Authorization: X-Api-Key: {key} header.

Details: Easy start — unified payment form.

# Callback notifications

Notifications from Mandarin to your callbackUrl are signed with the sign field. Verify the signature on your side before processing the operation status.

Details: sign verification.

# Sandbox and production

Behavior depends on the service:

  • Main Public API (payments, payouts, tokenization) — the environment is determined by credentials: a test Secret uses sandbox, a production Secret uses production. The API URL is the same.
  • Simplified identification, self-employed, BaaS, and other services — access to the test environment and OAuth applications is configured by Support (opens new window). See the Testing section for setup details.

Test requests do not result in real transactions in banking systems. More details are in Basics.