Guides
  1. CORE FEATURES
  2. Reporting

Mirror Reporting

Mirror Reporting lets your platform give a merchant admin direct access to PaymentsHQ without requiring them to log in separately. You generate a one-time redirect URL via the gateway; when the user follows the URL, they land in PaymentsHQ logged in as the default administrative user for that merchant account.

Use it to add a "View in PaymentsHQ" button in your platform for when merchants need the full reporting UI — tools your partner platform doesn't need to rebuild.

How It Works

flowchart LR
    A[User clicks View in PaymentsHQ] --> B[Server calls the mirror reporting API]
    B --> C[Gateway creates a 20-minute session and returns a REDIRECT URL]
    C --> D[Server sends the URL to the browser]
    D --> E[Browser opens the URL]
    E --> F[PaymentsHQ authenticates the session and shows the merchant dashboard]

The Call

Mirror Reporting uses TYPE=Z (Administrative), SUBTYPE=W (Web Login).

Required parameters

  • TERMID, PASS — credentials of the merchant whose data you want to show

Example request

curl --request POST --url {gateway_endpoint}/ \
  --header 'Content-Type: application/json' \
  --data '{
    "TERMID":  "your_termid",
    "PASS":    "your_pass",
    "TYPE":    "Z",
    "SUBTYPE": "W",
    "JSON":    "Y"
  }'

Example response

{
  "CODE":     "0000",
  "TEXT":     "LOGIN READY",
  "REDIRECT": "https://phq.sportspay.com/SESSION/AbC123XyZ456",
  "DATE":     "20260412",
  "TIME":     "14:23:01",
  "DUR":      "0.180"
}

Redirect the user's browser to the value in REDIRECT. They'll land in PaymentsHQ, logged in as the merchant's default administrative user.

Important Constraints

Session Valid for 20 Minutes

The generated URL is valid for 20 minutes from the time of the response. After that, the session expires and the URL no longer authenticates the user. Generate a fresh URL each time you send a user to PaymentsHQ — don't cache the redirect.

Don't Hardcode the Host

The hostname and path components of the redirect URL may change. Always use the returned REDIRECT value exactly as-is (after ampersand decoding). Don't parse out just a session token and rebuild the URL against a hardcoded domain — future gateway changes will break you.

Implementation Pattern

A typical "View in PaymentsHQ" button implementation:

  1. User clicks "View in PaymentsHQ" in your UI.
  2. Your server calls the Mirror Reporting API using the merchant's TERMID and PASS.
  3. Your server responds to the browser with either a 302 redirect or a JSON payload containing the URL.
  4. The browser navigates to the URL (within 20 minutes).

Security: Never expose TERMID or PASS in browser-facing code. Generate the redirect URL server-side and pass only the redirect URL back to the browser.

API Reference

For the full parameter and response field catalog, see the Mirror Reporting API Reference.

Errors

For error codes returned by the Mirror Reporting call, see Error Codes.


Updated 2 days ago