API Reference

The PowerBoard API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. JSON is returned by all API responses, including errors.

To make the API as explorable as possible, accounts have test mode and live mode API keys. There is no "switch" for changing between modes, just use the appropriate URL to perform a live or test transaction. Requests made with test mode credentials never hit the banking networks and incur no cost.



You can get up and running using the PowerBoard API in just a few minutes.

Step 1: Sign up for a PowerBoard account.

Step 2: Add a gateway in Gateway > Add New. Use the link for a guide on how to add a service.

Step 3: Retrieve your API public and secret key from the admin portal in My Company > API & Settings, which you'll need to authenticate:

API credentials


An endpoint is a unique URL that represents an object or collection of objects which serves as the base of all PowerBoard API interactions.

PowerBoard provides two different public environments to access. You can access the different environments from the following URLS:

EnvironmentAPIAdmin portal

Content Security Policy

If you have configured a Content Security Policy, the full set of directives that PowerBoard requires can be found are:

Production Environment

  • script-src https://widget.powerboard.commbank.com.au
  • frame-src https://widget.powerboard.commbank.com.au
  • connect-src https://api.powerboard.commbank.com.au
  • style-src https://widget.powerboard.commbank.com.au

Pre-Production Environment

  • script-src https://widget.preproduction.powerboard.commbank.com.au
  • frame-src https://widget.preproduction.powerboard.commbank.com.au
  • connect-src https://api.preproduction.powerboard.commbank.com.au
  • style-src https://widget.preproduction.powerboard.commbank.com.au


3D Secure

If you are using 3d Secure 2.0 in your integration, you will need to use 'frame-src *' in your CSP implementation. Further info can be found in our 3DS Guide here