Home / Welcome

Glossary

Plain-English definitions for every term you'll see in EPD docs and dashboards.

A

API key — the secret string your code sends with every request to prove which merchant the call belongs to. Format: epd_<env>_sk_<random>.

API version — a date like 2026-02-11 that tells EPD which version of the API to behave like. Sent in the epd-version header. Lets your code keep working even after EPD ships changes.

B

Bearer token — the way you send an API key. The HTTP header Authorization: Bearer <key>.

billing_id — the EPD Gateway identifier for a single stored card inside a customer vault. Passed to EPD Commerce so it can mirror that card onto a customer. Distinct from customer_vault_id, which identifies the vault itself.

customer_vault_id — the EPD Gateway identifier for a customer’s vault. A vault holds one or more stored cards (each addressed by its own billing_id). Returned by EPD Gateway’s customer_vault=add_customer call. Sent to EPD Commerce as epd_gateway_customer_vault_id on POST /v1/customers.

C

Capture — actually moving the money from the cardholder. EPD captures immediately on a successful order; some integrations split into authorize-then-capture.

Cardholder — the human whose card is being charged.

Chargeback — when a cardholder disputes a charge with their bank and the bank pulls the money back. You can fight chargebacks with evidence.

Composite tool — an MCP tool that performs more than one underlying API call in a single step (e.g. create_customer_and_charge).

Cursor pagination — list endpoints return at most one page; you ask for the next page using a cursor returned in cursors.next.

D

Dunning — the process of recovering from a failed renewal: retry, email the customer, give them a chance to update their card.

E

epd-version — the header you send to pin your code to a particular API version date.

EPD-Signature — the header on inbound webhooks that proves the event came from EPD.

Environment — sandbox or live. Decided per API key.

I

Idempotency key — a unique string you send with a write request so EPD can recognize duplicate retries and not run the action twice. Header: X-EPD-Idempotency-Key.

Issuer / issuing bank — the bank that gave the cardholder their card. Approves or declines the charge.

L

Live mode — real cards, real money. Triggered by sending an epd_live_sk_... key.

M

Merchant — you. The business taking the payment.

Merchant Portal — the EPD web dashboard at commerce.epd.com where you manage your account.

MCP — Model Context Protocol. The protocol used to expose EPD as a set of tools an AI agent can call. See the MCP overview.

O

Order — a single sale: who paid, how much, with what payment method, in what currency. Orders can be refunded.

P

Payment method — a stored, reusable card on a customer record. Mirrored from EPD Gateway by billing_id. Identified by its UUID id.

Plan — pricing + cadence for a product. e.g. “Pro Monthly $29.99/month”. A product can have many plans.

Product — a thing you sell, conceptually. Has a name and description; price lives on a plan.

R

request_id — id returned on every error and (often) success response. Format: req_ followed by 32 hex characters. Quote it in support tickets.

Resource id — the id of any EPD resource (customer, payment method, product, plan, order, subscription, transaction, webhook endpoint, webhook event record) is a bare UUID — e.g. 550e8400-e29b-41d4-a716-446655440000. There is no resource-type prefix.

Restricted key — an API key with limits on which resources it can read or write. Use these for narrow-purpose services.

Refund — reversing a paid order, fully or partially. Endpoint: POST /v1/orders/:id/refund.

S

Sandbox mode — the test environment. Same code, same endpoints, no real money. Triggered by epd_test_sk_... keys.

Settlement — the bank-to-bank money movement that follows a successful capture. Typically completes 1–3 business days later.

Signing secret — the per-endpoint secret used to verify webhook signatures. Starts with whsec_.

Subscription — a recurring contract: this customer, this plan, this payment method. Generates renewal orders automatically. Identified by its UUID id.

T

Tool annotation — flag on an MCP tool indicating whether it is read-only, destructive, idempotent, or affects external systems.

Transaction — a single payment attempt against a card. An order can have one or many transactions if there were retries.

Trial — a free period at the start of a subscription. Not currently supported on the EPD API; implement trial logic in your application or use a $0 plan in the portal.

V

Vault — secure storage for card data, in EPD Gateway. EPD Commerce stores only a tokenized mirror.

W

Webhook — an HTTP POST that EPD sends to your server when something happens.

Webhook endpoint — a URL of yours that EPD knows about and will deliver events to.

whsec_ — the prefix of a webhook signing secret.