Reporting & Admin API

On this page:


Our Reporting and Administrative API enables you to manage and monitor your vendors using:

API Requests and Responses

The API requests are HTTPS POSTs to the Test or Live environment URLs and contain a single FORM field called XML.


  • The requests are not encoded in XML format.
  • They are regular HTTPS POSTs with the content type “application/x-www-form-urlencoded”.
  • The XML content is contained in the request's XML form field.

The XML field will contain the XML message, which always takes the following format:

  <command>command name</command>
  <vendor>vendor name</vendor>
  <user>user name</user>
  <other command specific parameters in here..../>
  <signature>MD5 Hash Signature</signature>

The signature value is created by taking the rest of the contents of the vspaccess node, appending an element called password which contains the user account's password, and MD5 hashing the message. So in the above example:

MD5 Hash Signature = MD5Hash(
<vendor>vendor name</vendor>
<user>user name</user>
<other command specific params in here..../>
<password>user password</password>")


The response format will always be a XML v1.0 ISO-8859-1 encoded document with a root node called vspaccess:

<?xml version="1.0" encoding="ISO-8859-1" ?>
    <error>Text error message if errorocode is not 0000</error>
    <other command specific results here..../>
    <timestamp>DD/MM/YYYY HH:MM:SS</timestamp>

Error Management

The errorcode field is always present, and for successful requests will always be 0000. All other values indicate an Error Code

The the error element will provide a human readable interpretation of the error code and a timestamp stores the time that the response was sent back to the requesting process.