POWERBOARD DEVELOPER HUB
API Reference
PowerBoard Status PagePowerBoard Merchant Portal

Overview

PowerBoard API

The PowerBoard API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. JSON is returned by all API responses, including errors.

To make the API as explorable as possible, accounts have test mode and live mode API keys. There is no "switch" for changing between modes, just use the appropriate URL to perform a live or test transaction. Requests made with test mode credentials never hit the banking networks and incur no cost.

Endpoints

An endpoint is a unique URL that represents an object or collection of objects which serves as the base of all PowerBoard API interactions.

PowerBoard provides two different public environments to access. You can access the different environments from the following URLS:

  • Pre-Production: https://api.preproduction.powerboard.commbank.com.au/
  • Production: https://api.powerboard.commbank.com.au/

Custom Fields

PowerBoard's API allows you to pass in any extra fields or metadata in your transactional API requests via the custom_fields object available in the request.

Custom Fields allows you to send any additional structured information as a key/value pair in the PowerBoard API. This data will then be returned in the API response and webhooks for your consumption where required. These key value pairs will be stored as strings. 

{
      "amount": "110",
      "currency": "AUD",
      "description": "#4123728",
      "reference": "reference1",
      "customer": {
          "first_name": "test",
          "last_name": "name",
          "reference": "customerRef1",
          "email": "kyle<>@example.com",
          "payment_source": {
              "vault_token": "SESSION_VAULT_TOKEN",
              "gateway_id": "GATEWAY_ID"
          }
      },
      "custom_fields": {
          "customer_id": "123456",
          "receipt_number": "#rc123456"
      }
  }

Content Security Policy

If you have configured a Content Security Policy, the full set of directives that PowerBoard requires can be found are:

Production Environment

  • script-src https://widget.powerboard.commbank.com.au
  • frame-src https://widget.powerboard.commbank.com.au
  • connect-src https://api.powerboard.commbank.com.au
  • style-src https://widget.powerboard.commbank.com.au

Pre-Production Environment

  • script-src https://widget.preproduction.powerboard.commbank.com.au
  • frame-src https://widget.preproduction.powerboard.commbank.com.au
  • connect-src https://api.preproduction.powerboard.commbank.com.au
  • style-src https://widget.preproduction.powerboard.commbank.com.au

❗️

3D Secure

If you are using 3d Secure 2.0 in your integration, you will need to use 'frame-src *' in your CSP implementation. Further info can be found in our 3DS Guide here

©2025 Commonwealth Bank of Australia ABN 48 123 123 124 AFSL and Australian credit licence 234945

©2025 Commonwealth Bank of Australia ABN 48 123 123 124 AFSL and Australian credit licence 234945