Account Service Setup
Account services use dedicated base URLs and apikey access. Before calling Account Balances, Account Transactions, or Global Account APIs, configure your access credential and outbound IP allowlist.
Base URLs
| Environment | Base URL |
|---|---|
Production | |
Sandbox |
Environment Switching
Use the matching base URL and apikey for each environment. API paths, request methods, and request structures remain the same.
Access Credential
Account services identify caller permissions by the apikey request header.
| Header | Required | Description |
|---|---|---|
apikey | Yes | API key assigned for account service access. |
apikey values are environment-specific. Do not reuse a sandbox apikey in production, or a production apikey in sandbox. Do not expose apikey in frontend pages, mobile apps, or public repositories. Store it on your server and call account service APIs from the server side.
Outbound IP Allowlist
Before calling account services, provide your server outbound IP addresses to Onerway for allowlist configuration.
Notes
- Provide only stable server outbound IP addresses.
- If sandbox and production use different outbound IP addresses, provide them separately.
- If an outbound IP address changes, update the allowlist before switching traffic.
Business Response Codes
Global Account APIs use respCode to return business results. Common response codes are listed below:
| respCode | Constant | Default respMsg |
|---|---|---|
20000 | SUCCESS_CODE | Success |
40001 | INVALID_PARAMETER | Invalid request parameter |
40002 | INVALID_TIME_RANGE | Invalid query time range |
40003 | UNAUTHORIZED_ACCESS | Access denied |
40004 | RESOURCE_NOT_FOUND | Resource not found |
40005 | REQUEST_FAILED | Request failed |
40006 | DUPLICATE_REQUEST | Duplicate request |
40007 | INIT_GLOBAL_ACCOUNT_FAILED | Init global account failed |
40008 | GLOBAL_ACCOUNT_CUSTOMER_INVALID | Invalid customer id for global account |
40009 | GLOBAL_ACCOUNT_CALLER_NOT_AUTHORIZED | Caller identity does not match customer |