API Standards

This document defines the shared standards and conventions used across all Nelnet Payment Services (NPS) APIs.

It is intended for technical integrators and describes how NPS APIs behave consistently, regardless of the specific service (Payments, Tokenization, Risk, Notifications, etc.).

Across all services, you can expect:

• REST-oriented endpoints
• JSON request and response bodies
• Explicit, documented field names
• Stable response structures
• Clear separation between authentication, context, and behavior

All production API traffic is sent to:

https://api.nelnetpay.com

A non-production environment is available for testing:

https://api.uat.nelnetpay.com

All API requests must include the following headers.

• NPS APIs use Bearer token authentication
• JWTs are created server-to-server using API keys
• JWTs are passed in the Authorization header

All NPS APIs use a shared response envelope across success, validation errors, and payment declines.

{
  "responseCode": "A100",
  "responseMessage": "Approved"
}

responseCode is the authoritative field for programmatic decision making. Always branch logic on responseCode, never on responseMessage.

→ See Response Format for full details and examples.

• Uppercase snake case
• Clients should tolerate new values

• API URLs do not include a version by default
• Versioning is explicit when required
• Strategy is evolving and will be communicated ahead of changes

• Consistent REST conventions across services
• Canonical error response structure
• Predictable field formats
• Explicit authentication model