Инструменты страницы
Request for order payment (paymentorder.do)
The request used for payment for an order is paymentorder.do.
Only POST is supported.
The Payment Gateway supports usage of both internal and external MPI.
Validation of card data occurs in accordance with the table:
| Name | Meaning | Validation |
|---|---|---|
| PAN | N..19 | Card validation (check whether the card number is valid), the number of digits in the card number from 13 to 20 |
| CVC | CVC code | 3 digits |
| YYYY, MM | Year, Month | Present or future date If the card is valid until the current year of the current month, payment is possible before the end of the calendar month |
| TEXT | Cardholder | Not tested |
In this document, the following data type conventions are used when describing request and response parameters:
- A<n> – a sequence of Latin letters of length <n>;
- A..<n> – a sequence of Latin letters with a length not exceeding <n>;
- N<n> – a sequence of digits of length <n>;
- N..<n> – a sequence of digits with a length not exceeding <n>;
- AN<n> – a sequence of Latin letters and numbers of fixed length <n>;
- AN.. <n> – a sequence of Latin letters and numbers with a length not exceeding <n>;
- ANS<n> – a sequence of Latin letters, numbers and characters of fixed length <n>
- ANS.. <n> – a sequence of Latin letters, numbers and characters with a length not exceeding <n>;
- UTC – date and time, in this case: the date must be passed without specifying the time zone, Moscow time, for the SOAP protocol, the standard encoding xs: dateTime is used.
Internal MPI
Request parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
|
|
AN..30 | Yes |
Login of the service account of the merchant. |
|
|
AN..30 | Yes |
Merchant's service account password. |
| MDORDER |
ANS..36 | Yes |
Order number in the payment gateway. Unique within the payment gateway. |
| $PAN |
N12…19 | Yes |
Payment card number. |
| $CVC |
N3 | Yes |
CVC/CVV2 code on the back of the card. |
| YYYY | N4 | Yes | The year of expiration of card validity period. |
| MM | N2 | Yes | The month of expiration of card validity period. |
| TEXT | A..512 | Yes |
Cardholder's name in Latin characters, if available. |
|
|
A2 | Yes |
Language in the ISO 639-1 encoding. If the language is not specified, the default language defined in the store settings is used. |
|
|
ANS..39 | No |
IP-address of the buyer. IPv6 is supported in all requests (up to 39 characters). |
|
|
ANS..40 | No |
Customer's email address. |
|
|
boolean | No |
The possible values are:
|
|
|
String | No |
Additional parameters of the request. Format: {«Name1»: «Value1», «Name2»: «Value2»}. It is forbidden to pass reserved names in the parameter (if they are passed, the order may be rejected):
|
|
|
See description | No |
Customer's registration data (street address, postal code). Required for AVS/AVV checks. Mandatory if «AVS/AVV use allowed» permission is enabled for merchant |
billingPayerData
billingPayerData block parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
|
|
AN..50 | No |
City registered for the card at the Issuer Bank. |
|
|
AN..50 | No |
|
|
|
AN..50 | No |
Address registered for the card at the Issuer Bank. Line 1. Mandatory if «AVS/AVV use allowed» permission is enabled for merchant. |
|
|
AN..50 | No |
Address registered for the card at the Issuer Bank. Line 2. |
|
|
AN..50 | No |
Address registered for the card at the Issuer Bank. Line 3. |
|
|
AN..50 | No |
Postal code registered for the card at the Issuer Bank. Mandatory if «AVS/AVV use allowed» permission is enabled for merchant. |
|
|
AN..50 | No |
State registered for the card at the Issuer Bank (ISO 3166-2). |
* By default, the orderNumber and description fields are passed to the bank's processing system (no more than 99 characters, %, +, carriage return \r and line feed \n cannot be used)
Response parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
|
|
ANS..3 | Yes |
Error code. |
|
|
| No |
|
|
|
ANS..* | No |
On a successful response. Result of a payment attempt. The available values are presented below.
|
|
|
ANS..* | No |
On a successful response. In the case of a payment without the need for authentication to the ACS – URL to which redirect is performed after the payment. In case of a 3D-Secure payment, the URL to return to ACS. |
|
|
AN..512 | No |
URL to redirect the payer to after authentication. Not used for payments that do not require additional authentication on the issuing Bank's ACS. |
|
|
AN..512 | No |
Redirect address to the address of the ACS server. Not used for payments that do not require additional authentication on the issuing Bank's ACS. |
|
|
AN..512 | No |
Request for the payer authentication. Not used for payments that do not require additional authentication on the issuing Bank's ACS. |
Error codes
| Error code | Error text |
|---|---|
| 0 | Request processing took place without system errors |
| 5 | All payment attempts are used |
| 5 | System or internal error |
Request example:
MDORDER=0d4b02cb-5147-4232-9012-4d38c743ahr6&$PAN=5555555555555599&$CVC=123&YYYY=2015&MM=12&TEXT=Card Holder&language=ru
An example of a response in case of a payment that does not require additional authentication on the ACS of the Issuing Bank:
{"redirect":"www.ya.ru?MDORDER=8cfb5c89-c2db-49e4-80c5-a0569c897cbf&ANSWER=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E%0A%3CPSApiResult+primaryRC%3D%220%22+secondaryRC%3D%220%22%2F%3E&STATE=payment_deposited&ACTION_CODE=0&AUTH_CODE=2","info":"Your order is proceeded, redirecting...","errorCode":0}
An example of a response in case of a 3DS payment that requires additional authentication on the ACS of the Issuing Bank:
{"info":"Your payment has been processed, redirecting.",
"acsUrl":"https://test.paymentgate.ru/acs/auth/start.do",
"paReq":"eJxVUdFygjAQ/BWG9xKioNQ54tCirQ+oo/QDKNwAVYIGENuvbyJQ60Nmdu8um80ez
K/FUbugqPKS\nuzo1TF1DHpdJzlNX/wiXT44+ZxBmAtHfY9wIZBBgVUUpanni6kWVGlRnsPV2e
GbQKzEpZIyADFRe\nEXEW8ZpBFJ9fVmtmjaYT0wTSUyhQrHw2BdIB4FGBbI8X5Is8zep1zhHIr
Qhx2fBafLOJNQYyEGjE\nkWV1fZoR0ratkZZlekRDNEBUB8jdwbZRqJJK1zxhge+13Vn8bMLD9
yZM7eDLs4Lw4AJRE5BENbKR\nSS3TNm2NOjPTmVnS+60OUaEsMGrKrvpQR+GkXvEee/9rILMUM
urhHwMDvJ5KjnJC5veHgdxdv76r\nFONaxuSveRIvnyfeWxjsNk4QHXJaFZ/V+NIuVba3IaWYy
4ioTTtJRYAoGdKvjfQrlehh1b8el7SS\n",
"termUrl":"https://test.paymentgate.ru:443/testpayment/rest/finish3ds.do",
"errorCode":0}
If the payment requires the use of 3-D Secure technology, then once the response to order payment request is received, the Customer must ne redirected to ACS. There are two ways to redirect: standard and simplified (see table below).
| Redirect types | Description | |
|---|---|---|
| Standard | To redirect to ACS the merchant must send to the customer to the address specified in the acsUrl parameter with the request body MD=mdorder&PaReq=pareq&TermUrl=redirect, where:
The request must be in POST format. Depending on the connection scheme used, the Customer after being authenticated on ACS will be redirected to the Payment Gateway or to the Store. The payment completion processes for each of these cases are described below. |
|
| Simplified |
In order for the Customer to get to the ACS page, the Merchant redirects him to the Payment Gateway page with the following URL pattern: Please remember to include api. before the domain name.
< |
|
If no attempts left, the gateway returns the following response to the last payment attempt.
{"redirect":"false.html?login=test&orderId=85eb9a84-2a47-7cca-b0ae-662c000016d1&lang=ru","info":"Operation rejected. Check the entered data, ensure that there are enough funds on the card.. <br>Redirecting...", "errorCode":0}
The redirect URL is the value passed in the failUrl parameter (or returnUrl, if failUrl is missing).
The payment gateway will return the following response for all subsequent payment attempts.
{"redirect":"false.html?login=test&orderId=85eb9a84-2a47-7cca-b0ae-662c000016d1&lang=ru","info":"Redirecting...","errorCode":0}
The redirect URL is the value passed in the failUrl parameter (or returnUrl, if failUrl is missing).
However, the gateway will not return an error.
Return from ACS to Payment Gateway. Standard scheme.
The issuer's ACS authenticates the cardholder and redirects the client to the payment gateway while passing PARes. The payment gateway authorizes the order if the client is successfully authenticated on ACS, or rejects the pre-authorization if the client is not successfully authenticated on the ACS.
Returns from ACS to the store. Scheme involving additional Finish 3DS method
The Issuer's ACS authenticates the cardholder and redirects the Customer back to the Store. The PARes received from ACS is passed to the Store, after which the Store passes it to the gateway using the finish3dsPayment.do method.
Description of finish3dsPayment.do method is given below:
Request parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
|
|
AN..30 | Yes |
Login of the service account of the merchant. |
|
|
AN..30 | Yes |
Merchant's service account password. |
|
|
ANS..36 | Yes |
Order number in the payment gateway. Unique within the payment gateway. |
|
|
ANS | Yes |
Response to the payer's authentication request. |
Response parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
|
|
ANS..* | No |
On a successful response. In the case of a payment without the need for authentication to the ACS – URL to which redirect is performed after the payment. In case of a 3D-Secure payment, the URL to return to ACS. |
|
|
ANS..3 | No |
Error code. |
|
|
AN..512 | No |
Error message (when responding with an error). |
If errorCode = 0 – payment was successful. In other cases with an error, see the error error message
Error codes (errorCode field):
| Error code | Error text |
|---|---|
| 0 | Request processing took place without system errors |
| 5 | Access denied |
| 5 | The user must change the password |
| 7 | Order is not found |
| 7 | System error |
Request example:
mdOrder=906bf262-bd53-4ac7-983c-07127954681b& paRes=eJzFV2uTokoS%2FSsTcz8aPYCC6A3HiOKNCshT8BtCyRuUN%2Fz6RXu6p%2B9s78bsbtxYIgyLE5VJnso8%0D%0AlVUb IywhZHToNSXcbiRYVW4Av0T%2B969ZFXzDvm43R6DB6on4qwW%2Bdq%2FwhVi58AVfXvAXlySWL95l%0D%0AQULU8yD0HwYtLK uoyLfYN%2FTbfIO8vU7OSy9083q7cb07JcpbfE4uUXSD%2FHjdZLAUmS25QV4HG%2BSn%0D%0AxbF5jKopxD7ytxIDutcfOypG MigGi8mj2Mlj8n2DPGZsfLeG2zmK4SiBEl%2Bw5Z%2Fo8k9siuaJb24P%0D%0AdyArmsn3nEDRRxQfsc20HCXMvWG7xBcb5P1t A%2FtbkcOH1QZ5H2%2BQn%2BHd3HyLfniw6Zl8T%2BjGsLeb%0D%0AOso%2BDeuJb6rarZtq62yQH6ON57btFgBAUQt%2FlELl vNechTSAt2ei%2B5yygV60RYkpqOn%2FaQXSoCij%0D%0AOsweof4V2CCPUJBnYrcbPQry6WMl%2FNJnaV59%2FxrW9e1PBOm6 7lu3%2BFaUATKfiCDoGpkm%2BFUU%2FPH1%0D%0A1Qr6Yn4t%2FiMz2s2LPPLcNBrdeqoKCdZh4X95j%2B0zN4b28IQhGku%2F TK5ePAzPXx4IusCIySfyudMP%0D%0AzH7nK78GW1buSxW6j4JGfnG03WjwCh8VAb%2BYmvj96x%2B%2FqQwmCmBV%2FzfRvEXy 0cObP8tNG7hlvTHg%0D%0AZld%2BdR0XC5bRZ0wYBGuMX0TS9ze715kb5D38H9xeE%2FlhwV4nhqxy1zVg8vNYF6J7bIQ75sC3 1BX1%0D%0AvfnyZIdDwMh25uRqdQpmB%2FFgIVlIKGMHfIHB%2FQYfHIkQuagyA0JJOEij%2FEj267KDx4zB6cpEayhj%0D%0A 6JGjXBat9Pu51hZ3S7RqlaN3A4Pn%2BpAplzUteVK%2FNnftIfCCarw7pnsiLt3N6B2MtOSdkF%2BC7x%2BS%0D%0A9IPlHg6v rGwCXTNu7b6OaFjW0XWqlmkfkESRLgyaBsE9AJ1IgUDcgWPO6SN0oll6kQDK0%2Fqd18XL%0D%0AglFZilJNILGgp0ewowLZoo BjgNQyJA10TOAwlqru2c5nHHsXnnlulNSuo1%2FxA9vJqm6pPWuA46ut%0D%0AZNACdfNpbLjM16hE4TZjsKjESJ0cA1QazV7i igkTn5g0vmOdyrAHCSQ8wEyWCiXasqSeZYDy6rcw%0D%0AKFQOvYxLHFvqGQbsX%2FHKABi1sxhWk8DqaQt6SfT4FD3Yu%2Fay ULvgvOoY1dnti7MYtp4MnpzBRA0F%0D%0AksjvQMFTYM%2BTfuSWjBpgpBln7c6tBE6PT%2BHRv6yR9c0%2Btyewb7x1d7%2FH zCJvzWU3a3a1I3J3GW9t%0D%0AehYnJExwiyPjNmG4hYai11xIl51iNddRTTlAzlT7djIkvrosh6ELbamzLp6yajDc4y2knxEW 7BIj%0D%0AKC3tcj%2Bnii1mME3l9oRdqx0hRLp1FVZwSEEgUQDwceCKT26COuVCQxWKclhOThaLcK1iFH%2BNCrLp%0D%0A9z Kcp46PCc1OEsBjfXyx024SD8G%2Fm1uYeqLGUzbVqqPVZ655tttZ5siqEsCf60yHkqDOucE5aaE3%0D%0AspI0LeQT7yXGZFNT 0tiO6Z62DNuFnWurtZetW1%2F8tR67Z1xsp3ISmLhd%2Fylf3Gu%2BWCDC87m21XtK%0D%0A7VHcnQdRxicF4h7mzknSghDFB2 M%2FiztSSXaIefIBFpArc5cQSGns1nOCXEcFUVbZQbCtWXPylqdy%0D%0AKXIKDq59pLYz%2FoQcJXV1a%2FB1sYLtejBaxy2q lX3ER99UcK2yqW5dOlqjH3GlndfKfn8sMmV3cC86%0D%0AMVVfShdNQpI40hvsJN5flfmpVPPxIdXop1SnKucREQpdvf5%2FSl VmnFHG%2FirVH1h3jP8nqR4fvH5I%0D%0AlX9K9SSHkxSvv%2FIFE9%2Bp2mTA0FSkTm5URl91ScOZHJ64buTqh5lGLC03GbFm 6jwOd0fYwt6NB71D%0D%0AQe2eVhgUGjoc4Iq0A4Y%2F2g1g6eKy17BbQcZZ1pIylt2LtPcPdQ0KYi%2BWpzVU5OUMmS10vBaT Zl%2Fe%0D%0AZ0vrYAy9TtQZKUzYwhICxW2c%2Bxl0Pt3r3F1suLhq4rCa2XbfdlRTEFUnMkAFVIHz0ZMb9eTsM4F6%0D%0Aoi hdhwoCbq2PiM6xCEEgYKLP6vIN2TNU91gvQZdY16DygDLO8hq%2FmrKq5fhdISs9tuvbSfA1MnI5%0D%0A9saKf9PWqdO0yhC9 WS0ysb2dxkmbj7g0iaUMMHETkM%2Fqc8oXBejaptC2TtGZapqtwKfFKrjTXRyH%0D%0AHXO4uXNLq1K3qfZ8vcJP6TGyUUOYU% 2Fc%2BQ8bsOFCxnDf2iRcyFd8HXHZ3UR1yGLgeEWcBTpDdgeWu%0D%0AgDGxynk0LJe0p1z6kp51QNKOjJgeBGVGYOoQ32RuLd CzZL689KZ7O1dz64TMb95xSWa1Kgx25Ki%2F%0D%0AJ1Nq9uiop%2F2bTE1pPbWOJqHtBp%2F5eXPwhjM77Bt8tQo%2B273%2B Hsm8S1btJ8nisgF6%2BdldWewXrBNj%0D%0Aduob%2BJsP28rS0dEpwxd24SXzU5G1pjaUDlCnlLPt%2FV7XFB2%2BVNG7tM%2 FpS2UkeKdTUd4J3HrG32v7%0D%0AeIgx2tnPdT%2FLmVpC1%2BMSdk17UOvMUwaubWoMoeZJo2p8CfXrCuHJS3XjclU9hXToTY e9DCACqpjl%0D%0APnKUgIpMkT7g0SGIjYt%2F5cANMjiXFDDDiOvcSpXVsrQKkpArgPX22WLQEsbKFQTUVTbat675WPOf%0D% 0AHYelkE6lJQD%2BZceRZX%2BJHI2BnN0DWd%2Bdg%2BqCCnmEEGrEqUrSoNJhQeAXWshEyYMhvuOQYbYGGuOL%0D%0AuhK6Mm 4oOrGcS6OD7KU0ETskYXSWu5SB2xP3qh1UJmKsBncxEd602JvfrYrq2LkLrd0Mk8hjnB%2FG%0D%0A7naxylHVT7rQOJ15iTUu XhZuMtic3BxPzTK7rDX0s46D%2FDwnIu9nx5%2Bnyud19Hk7ftyfPt6a%2FwFG%0D%0ADPms%0D%0A& userName=login&password=password
Response example:
{"redirect":"http://ya.ru?orderId=906bf262-bd53-4ac7-983c-07127954681b","errorCode":0}