pay-publicapi

December 9, 2025 ยท View on GitHub

GOV.UK Pay Public API service in Java (Dropwizard)

General configuration

Configuration of the application is performed via environment variables, some of which are mandatory.

VariableRequired?DefaultDescription
ADMIN_PORTNo8081The port number to listen for Dropwizard admin requests on.
ALLOW_HTTP_FOR_RETURN_URLNofalseWhether to allow service return URLs to be non-HTTPS
BIND_HOSTNo127.0.0.1The IP address for the application to bind to.
CONNECTOR_URLYes-The URL to the connector service
DISABLE_INTERNAL_HTTPSNofalseDisable secure connection for calls to internal APIs
PORTNo8080The port number to listen for requests on.
PUBLICAPI_BASEYes-The base URL clients can use to reach the API. e.g. http://api.example.org:1234/
PUBLIC_AUTH_URLYes-The URL to the publicauth service
REDIS_URLNolocalhost:6379The location of the Redis endpoint to store rate-limiter information in
REDIS_SSLNofalseWhether to establish TLS encrypted connections to the Redis instance
TOKEN_API_HMAC_SECRETYes-HMAC secret to be used to validate that the given token is genuine (API Key = Token + HMAC (Token, Secret)

Rate limiting

The application will rate-limit incoming API requests, recording the current rate limit state in Redis (see REDIS_URL above). The rate-limiting behaviour can be tuned via the following environment variables which all have default values:

VariableDefaultDescription
RATE_LIMITER_VALUE75Number of non-POST requests allowed per RATE_LIMITER_PER_MILLIS milliseconds
RATE_LIMITER_VALUE_POST15Number of POST requests allowed per RATE_LIMITER_PER_MILLIS milliseconds
RATE_LIMITER_ELEVATED_ACCOUNTS-Comma-separated list of accounts to which ..._ELEVATED_... limits apply (example: 1,2,3)
RATE_LIMITER_ELEVATED_VALUE_GET100Number of non-POST requests allowed per RATE_LIMITER_PER_MILLIS milliseconds (for RATE_LIMITER_ELEVATED_ACCOUNTS)
RATE_LIMITER_ELEVATED_VALUE_POST40Number of POST requests allowed per RATE_LIMITER_PER_MILLIS milliseconds (for RATE_LIMITER_ELEVATED_ACCOUNTS)
RATE_LIMITER_VALUE_PER_NODE25Number of non-POST requests allowed per RATE_LIMITER_PER_MILLIS milliseconds for a given client
RATE_LIMITER_VALUE_PER_NODE_POST5Number of POST requests allowed per RATE_LIMITER_PER_MILLIS milliseconds for a given client
RATE_LIMITER_PER_MILLIS1000Rate limiter time window
RATE_LIMITER_LOW_TRAFFIC_ACCOUNTS-Comma-separated list of accounts to which ..._LOW_TRAFFIC_... limits apply (example: 5,6,7)
RATE_LIMITER_LOW_TRAFFIC_VALUE_GET4500Number of non-POST requests allowed per RATE_LIMITER_LOW_TRAFFIC_PER_MILLIS in milliseconds for a given account (for RATE_LIMITER_LOW_TRAFFIC_ACCOUNTS)
RATE_LIMITER_LOW_TRAFFIC_VALUE_POST1Number of POST requests allowed per RATE_LIMITER_LOW_TRAFFIC_PER_MILLIS in milliseconds (for RATE_LIMITER_LOW_TRAFFIC_ACCOUNTS)
RATE_LIMITER_LOW_TRAFFIC_PER_MILLIS60000rate limit internal per RATE_LIMITER_LOW_TRAFFIC_PER_MILLIS (in milliseconds) for RATE_LIMITER_LOW_TRAFFIC_ACCOUNTS

API specification

Read our developer documentation for guidance on using the API.

For more detailed information you can use our OpenAPI specifiation.

Dependencies

WireMock is used for mocking dependent services

Licence

MIT License

Vulnerability Disclosure

GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. Please refer to our vulnerability disclosure policy and our security.txt file for details.