Highnote

Highnote Transactions API

Authorize, capture, charge, and cancel payment transactions (authorizePaymentCard, capturePaymentTransaction, chargePaymentCard), handle incremental and force captures, initiate cardholder transaction disputes, and query paymentTransactions and transactionBatches with HQL search.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.highnote.com/docs/acquiring/about-acquiring
📖
APIReference
https://docs.highnote.com/docs/api-reference/object

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/highnote/refs/heads/main/openapi/highnote-openapi.yml

Other Resources

🔗
GraphQL
https://raw.githubusercontent.com/api-evangelist/highnote/refs/heads/main/graphql/highnote-graphql.md

OpenAPI Specification

highnote-openapi.yml Raw ↑ 
openapi: 3.0.1
info:
  title: Highnote GraphQL API
  description: >-
    The Highnote embedded-finance platform is driven by a single GraphQL endpoint.
    This OpenAPI document models the GraphQL-over-HTTP surface: a single
    POST /graphql operation that accepts a GraphQL query or mutation plus optional
    variables, authenticated with HTTP Basic auth using a base64-encoded API key
    as the username (no password). See graphql/highnote-graphql.md and
    graphql/highnote-schema.graphql for the GraphQL types, queries, and mutations.
  termsOfService: https://highnote.com/legal
  contact:
    name: Highnote
    url: https://docs.highnote.com
  version: '1.0'
servers:
  - url: https://api.us.highnote.com
    description: Live environment
  - url: https://api.us.test.highnote.com
    description: Test environment
security:
  - basicAuth: []
tags:
  - name: GraphQL
    description: Single GraphQL endpoint for all Highnote operations.
paths:
  /graphql:
    post:
      operationId: postGraphql
      tags:
        - GraphQL
      summary: Execute a GraphQL query or mutation
      description: >-
        Executes a GraphQL operation against the Highnote platform. The request body
        is a JSON object with a `query` string (which may contain a query or a
        mutation), an optional `variables` object, and an optional `operationName`.
        Responses always return HTTP 200 with a `data` and/or `errors` field per the
        GraphQL-over-HTTP convention.
      security:
        - basicAuth: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GraphQLRequest'
            examples:
              ping:
                summary: Health check query
                value:
                  query: 'query { ping }'
              listCardProducts:
                summary: List card products
                value:
                  query: >-
                    query { cardProducts(first: 10) { edges { node { id name type
                    status } } pageInfo { hasNextPage endCursor } } }
              issuePaymentCard:
                summary: Issue a virtual payment card
                value:
                  query: >-
                    mutation IssueCard($applicationId: ID!) {
                    issuePaymentCardForApplication(input: { applicationId:
                    $applicationId, formFactor: VIRTUAL }) { id bin last4
                    expirationDate network status } }
                  variables:
                    applicationId: card_product_application_id
      responses:
        '200':
          description: >-
            GraphQL response. Returns HTTP 200 even when the operation produces
            GraphQL errors; inspect the `errors` array.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GraphQLResponse'
        '401':
          description: Missing or invalid API key (Basic auth).
        '429':
          description: Rate limited. Retry with backoff.
components:
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
      description: >-
        HTTP Basic auth. The base64-encoded API key is supplied as the username and
        the password is left empty. Equivalent to sending
        `Authorization: Basic <base64(apiKey)>`.
  schemas:
    GraphQLRequest:
      type: object
      required:
        - query
      properties:
        query:
          type: string
          description: The GraphQL query or mutation document.
        variables:
          type: object
          additionalProperties: true
          description: Optional variable values referenced by the query document.
        operationName:
          type: string
          description: Optional operation name when the document defines multiple operations.
    GraphQLResponse:
      type: object
      properties:
        data:
          type: object
          additionalProperties: true
          nullable: true
          description: The result of the executed operation, keyed by field name.
        errors:
          type: array
          description: GraphQL errors, if any were produced during execution.
          items:
            $ref: '#/components/schemas/GraphQLError'
    GraphQLError:
      type: object
      properties:
        message:
          type: string
        path:
          type: array
          items:
            type: string
        extensions:
          type: object
          additionalProperties: true