QR Payment

API Configuration

API Version

Merchant ID

Merchant password

Server URL

1. Get QR code (createInvoice)

Query data

Unique order number in your store
Description of payment
The amount of payment in kopecks (if 0, then the payer enters the amount in the application manually)
Currency of payment (UAH, EUR, RUR, etc.)
1 - test transaction; 0 - actual transaction
1 = The invoice is reusable and can be paid more than once (if set to 1, the parameters user_to, date_life, date_start_push, and count_push are ignored), 0 = one-time invoice
0 = write-off from Visa & MasterCard cards; 1 = blocking of funds
You can bill the specific user (specify the mobile phone number of the user in the international format 380xxxxxxxxx, his email address or account_id)
Date of expiry of the invoice in Y-m-d format
Date to start sending PUSH alerts
Number of notifications. 1 notice = 1 day. Notifications are sent once a day
URL where the server will return the payment result
URL where the user will land after successful payment (for websites only)
URL where the user will land after failed payment (for websites only)
Data that is returned back to the merchant when paying the invoice
Specify any value

Value Description Type
invoice_id Unique identifier of the invoice string (12)
qr QR Code Image URL string
link_app Link for opening in the application string
site_pay A short link for paying an invoice on the site string
2. Invoice status (statusPayment)

Query data

Unique identifier of the invoice
Unique order number on the merchant side
Get a list of payments for the specified token, works only for long-term QR long_term (if the token is not specified or set to 0, it will return the payment status, if you set it to 1, it will return the list of comleted payments with token 1)

Value Description Type
status The status of the transaction (it is returned only if no one has yet tried to pay the invoice (processing - in the process of payment; canceled - the invoice is expired (date_life) string
payments The array of all attempts to pay the invoice array
- trans_id Unique Transaction ID string (12)
- date_pay Payment date string
- amount Amount in copecks int
- order_id Unique order number on the merchant side string (64)
- status The status of the transaction (processing - in the process of payment; canceled - the invoice has expired (date_life) or the payer has canceled it; approved - the payment has been made; waitingauthcomplete - the money is blocked on the card and waiting for withdrawal or cancellation of payment) string
- test 1 - test transaction; 0 - actual transaction smallint
- description Description of payment string
- success_url URL where the user will land after successful payment (for websites only) string
- fail_url URL where the user will land after failed payment (for websites only) string
- fields_other The data required by the merchant, which are returned back to the merchant when thhe invoice is paid string
- fields_app The result of the payer's choice of data that was created by the merchant when invoicing string
- email User email string
- fname First Name string
- lname Last name string
- mobile Mobile phone number string
3. Update payment token (updateMark)

Query data

Unique Transaction ID
Transaction Token

Value Description Type
success Returns true if success or error code and error description boolean
4. Withdraw the blocked amount (settlePayment)

Query data

Unique Transaction ID
Amount in copecks

Value Description Type
success Returns true if success or error code and error description boolean
5. Partial refund of funds (refundPayment)

Query data

Unique Transaction ID
Amount in copecks

Value Description Type
success Returns true if success or error code and error description boolean
6. Cancellation / Refund (voidPayment)

Query data

Unique Transaction ID

Value Description Type
success Returns true if success or error code and error description boolean
7. Processing the payment result on the merchant side (result_url)

Example JSON response from the server that will come to you to the specified result_url when creating an invoice

{
  "trans_id": "123456789012",
  "status_pay": 3,
  "site_id": "1000000001",
  "order_id": "12345",
  "amount": 25000,
  "currency": "UAH",
  "mktime": "1487602271287",
  "test": 0,
  "fields_other": null,
  "fields_app": null,
  "hash": "72d4a48dc7fe890af8beb00cd440c12d",
  "account_id": "102541125",
  "mobile": "380971111111",
  "fname": "Vitaliy",
  "lname": "Kurshinov",
  "email": "vit@mymail.com"
}

Response data

Value Description Type
trans_id Transaction ID string (12)
status_pay Transaction status 1 - pending payment; 2 - the transaction was canceled; 3 - paid; 5 - money is blocked on the payer's card; 6 - refund of money to the payer int (1)
site_id Unique Merchant ID string (10)
order_id Уникальный идентификатор заказа на стороне торговца string (100)
amount Amount in copecks int
currency Currency (UAH, USD, EUR ...) string (3)
mktime Date and time in microseconds string
test 1 - test transaction; 0 - actual transaction int (1)
fields_other Data that is returned back to the merchant when paying the invoice string or object or array
fields_app Additional data that is returned to the merchant when paying the invoice object
hash Response signature string (32)
account_id Payer's ID string (9)
mobile Payer's mobile phone number string (min 10)
fname Payer's First Name string
lname Payer's Last Name string
email Payer's email string

Creating a signature hash to verify the payment status

To generate hash, we use the HMAC-MD5 encryption algorithm . All necessary data must be concatinated through a triple colon :::

An example of signature generaton in PHP programming language

$respons = json_decode(file_get_contents("php://input"));
$site_passw = 'Z@(K0APS@B~MW1Q';
$hash = hash_hmac('md5', $respons->trans_id.':::'.$respons->status_pay.':::'.$respons->site_id.':::'.$respons->order_id.':::'.$respons->amount.':::'.$respons->currency.':::'.$respons->mktime.':::'.$respons->test, $site_passw);
if ($respons->hash === $hash) // The response from the server is valid. Otherwise the ressponse is not trusted