Frequently Asked Questions

Do I need to change the URL when I change from my Sandbox account to Production?

No. The URL will always be whether in Testing or Production.

What is the difference between the webpayments token and api keys?

In Fattmerchant.js, the webpayments token is a public key that is used to enable your account to accept payments only. The api key is a secret key that allows you to hit all API routes (ex. charges, refunds, voids)

Since the webpayments token is public, does that pose any security risk to me?

No. Using your web payments token enables your account to accept payments, but never transactions issued on your behalf that would result in funds coming out of your account. All secure information goes through Fattmerchant.js so that no sensitive information is ever stored or exposed, keeping you PCI compliant.

Does Fattmerchant.js support using multiple credit cards for a split transaction?

Yes, but each credit card will have to be tokenized one at a time. You can then set up partial payments using those tokenized payment methods.

Can I save any information from the form that is generated with an instance of FattJs?

No. In order to stay PCI compliant, FattJs utilizes an iFrame which will not allow you to pull out any of the values that are entered in the form.

Which browsers does Fattmerchant.js support?

Fattmerchant.js supports all current major versions of Firefox, Safari, Chrome, and Edge. While Fattmerchant.js might run without major issues in other browsers, we do not actively test Fattmerchant.js in them and generally do not fix bugs that may appear in them.


These are some common issues that you may run into while setting up an integration with Fattmerchant.js

Invalid Credentials / Token not provided Error Message

Confirm that your headers are set up correctly. Ensure there are no brackets or quotes around your api key. Authorization: Bearer insert_api_key_here Make sure that you are using the correct API Key (Sandbox vs Live Account)

Not seeing your Invoice or Customer?

Check to see that your token has the correct merchant associated. Visit and paste your token in the Debugger. You can view the merchant in the Decoded Payload section.