Request for order registration with pre-authorization (registerPreAuth.do)

The request used for registering an order with pre-authorization is registerPreAuth.do.

The ability to make two-phase payments is provided by a separate request to the bank representatives.

In this document, the following data type conventions are used when describing request and response parameters:

A<n> – a sequence of Latin letters of length <n>;
A..<n> – a sequence of Latin letters with a length not exceeding <n>;
N<n> – a sequence of digits of length <n>;
N..<n> – a sequence of digits with a length not exceeding <n>;
AN<n> – a sequence of Latin letters and numbers of fixed length <n>;
AN.. <n> – a sequence of Latin letters and numbers with a length not exceeding <n>;
ANS<n> – a sequence of Latin letters, numbers and characters of fixed length <n>
ANS.. <n> – a sequence of Latin letters, numbers and characters with a length not exceeding <n>;
UTC – date and time, in this case: the date must be passed without specifying the time zone, Moscow time, for the SOAP protocol, the standard encoding xs: dateTime is used.

Request parameters

The request parameters are given in table below.

Name	Type	Mandatory	Description
`userName`	AN..30	no (either login/password or token must be specified)	Login issued to the Store upon integration with the Payment Gateway. If a public token (token parameter) is used instead of authentication with the use of login and password, then it is not required to pass the userName parameter.
`password`	AN..30	no (either login/password or token must be specified)	Password issued to the Store upon integration with the Payment Gateway. If an open token (the 'token' parameter) is used instead of login and password authentication, password parameter does not need to be passed.
`token`	AN..30	no (either login/password or token must be specified)	A public key that can be used for authentication when making a request. If login and password are used for authentication during token registration, then the `token` parameter does not need to be passed. To get the public key, contact technical support.
`orderNumber`	ANS..32	Yes	Number (identifier) of the order in the store system. It is unique for every store within the Payment Gateway. If the order number is generated on the Payment Gateway side, this parameter is not mandatory.
`amount`	N..12	Yes	Payment amount in minimum currency units.
`currency`	N3	No	ISO 4217 code of the payment currency. If not specified, default value is used.
`returnUrl`	ANS..512	Yes	The URL to which the user is to be redirected in case of a successful payment (and also in case of a failed payment where the `failUrl` parameter is not passed). The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type: http://<payment_gateway_address>/<merchant_address>.
`failUrl`	ANS..512	No	The address to which the user is to be redirected in case of a failed payment. The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type: http://<payment_gateway_address>/<merchant_address>. The parameter is optional. In this case, an unsuccessful payment will lead to a redirect to `returnUrl`, in the same way it happens when the payment is successful.
`dynamicCallbackUrl`	ANS..512	No	This parameter enables dynamic callback functionality. In it, you can pass the address to which all «payment» callback notifications activated for the merchant will be sent. Payment-related notifications are callback notifications about the following events: successful hold, payment rejected by timeout, cardpresent payment rejected, successful debiting, refund, reversal. Notably, payment-unrelated callbacks that are active for the Merchant (enabling/disabling a binding, binding creation) will be sent to static callback URL.
`description`	ANS..598	No	Description of the order in any format.
`language`	A2	No	Language in the ISO 639-1 encoding. If the language is not specified, the default language defined in the store settings is used.
`pageView`	ANS..20	No	The value of this parameter defines what kind of pages of the payment interface will be loaded for the Customer. The available values are: `DESKTOP` – pages designed to be displayed on desktop computers (pages with names like `payment_<locale>.html` and `errors_<locale>.html` will be searched for in the payment service archive); `MOBILE` – pages designed to be displayed on mobile devices (pages with names like `mobile_payment_<locale>.html` and `mobile_errors_<locale>.html` will be searched for in the payment service archive); If a store has created payment interface pages with arbitrary prefixes added to the names of page files, pas the value of the necessary prefix in the `pageView` parameter to load corresponding pages. For example on passing the iphone value, a search will be carried out in the archive of payment interface pages for pages with the iphone_payment_<locale>.html and iphone_error_<locale>.html names. Where: `locale` – the language of the page in ISO 639-1. For example, ru for Russian or en for English. If the parameter is missing or its value is in incorrect format, the default value is pageView=DESKTOP.
`clientId`	ANS..255	No	Identifier of the Customer in the Store system. This parameter is used for the binding functionality. May be present if the store is allowed to create bindings. Specifying this parameter when processing payments with the use of bindings is mandatory. Otherwise, a payment will be unsuccessful.
`merchantLogin`	AN..255	No	To register an order on behalf of a child Merchant, specify the Merchant login in this parameter.
`jsonParams`	String	No	Block for transferring additional parameters of the merchant. Fields of additional information for further storage are transferred in the following form. {name1:value1,…,nameN:valueN} These fields can be transferred to the bank processing for subsequent display in the registers. The inclusion of this functionality is possible by agreement with the bank during the integration period. If sending notifications from merchant to customer is enabled, the customer's email address must be passed in this block in the email parameter. It is forbidden to pass reserved names in the parameter (if they are passed, the order may be rejected): sbrf_spasibo:amount_bonus sbrf_sbermiles:amount_bonus loyaltyId
`sessionTimeoutSecs`	N..9	No	Order lifetime in seconds. If the parameter is not specified, the value specified in the Merchant settings or the default value (1200 seconds = 20 minutes) will be used. If the request contains the expirationDate parameter, then the value of sessionTimeoutSecs parameter is disregarded.
`expirationDate`	ANS	No	The date and time of the order lifetime expiration. Format: yyyy-MM-ddTHH:mm:ss. If this parameter is not passed in the request, `sessionTimeoutSecs` parameter is used to determine the end of lifetime of the order.
`bindingId`	AN..255	No	The identifier of the previously created binding. Can only be used if the merchant has permission to work with bindings. If this parameter is passed in the given request, it means that: 1. The given order can be paid only using a binding; 2. The payer will be redirected to the payment page on which only entering CVC is required.
`features`	ANS..255	No	Container for the `feature` parameter, the available values for the parameter are: `VERIFY` – if this parameter is specified, after the request for order registration, the cardholder is to be verified without debiting funds from the cardholder account. Thus it is possible to pass a zero amount in the request. This verification allows the Merchant to ensure that a card belongs to the cardholder and to debit this card in the future without verifying authentication data (CVC, 3-D Secure) when processing subsequent payments. Specifics of passing the VERIFY value 1. Even if the payment amount is to be passed in the request, it will not be debited from the account. 2. After the order has been successfully registered, it is set to the REVERSED status. `AUTO_PAYMENT` – if the request for order registration initiates auto-payments. `FORCE_TDS` – Forced payment using 3-D Secure enrollment check. If the card is not enrolled in 3-D Secure, then the payment will take place with ECI = 01/06. `FORCE_SSL` – use of SSL is enforced for the payment (no 3-D Secure). `FORCE_FULL_TDS` – after authentication using 3-D Secure, the PaRes status must only be Y, which guarantees successful user authentication. Otherwise, the transaction will fail. Below is an example of how to use this parameter. <features> <feature>AUTO_PAYMENT</feature> </features>
`autocompletionDate`	ANS..19	No	Date and time of the two-phase payment autocompletion in the following format. `2017-12-29T13:02:51` To enable this functionality, please contact technical support.
`email`	ANS..40	No	Customer's email address.
`phone`	NS..12	No	Customer's phone number. It can be of the following format: `^((+7\|7\|8)?([0-9]){10})$`. Examples: +79000000000 89000000000 9000000000 79000000000 If the number is passed in a separate parameter and in additional parameters, the number specified in this `phone` parameter will be used.
`billingPayerData`	See description	No	Customer's registration data (street address, postal code). Required for AVS/AVV checks. Mandatory if «AVS/AVV use allowed» permission is enabled for merchant

billingPayerData

billingPayerData block parameters

Name	Type	Mandatory	Description
`billingCity`	AN..50	No	City registered for the card at the Issuer Bank.
`billingCountry`	AN..50	No
`billingAddressLine1`	AN..50	No	Address registered for the card at the Issuer Bank. Line 1. Mandatory if «AVS/AVV use allowed» permission is enabled for merchant.
`billingAddressLine2`	AN..50	No	Address registered for the card at the Issuer Bank. Line 2.
`billingAddressLine3`	AN..50	No	Address registered for the card at the Issuer Bank. Line 3.
`billingPostalCode`	AN..50	No	Postal code registered for the card at the Issuer Bank. Mandatory if «AVS/AVV use allowed» permission is enabled for merchant.
`billingState`	AN..50	No	State registered for the card at the Issuer Bank (ISO 3166-2).

By default, the following fields are passed to the Bank processing system:

orderNumber – order number in the store system;
description – order description (no more than 24 characters; %, +, carriage return \r, and line feed \n cannot be used).

Response parameters

The response parameters are given in table below.

Name	Type	Mandatory	Description
`orderId`	ANS36	No	Identifier of the order in the payment system. It is unique within the system. Missing if order registration failed due to an error detailed in ErrorCode.
`formUrl`	AN..512	No	URL of the payment form to which the Customer's browser is to be redirected. This parameter is not returned if the registration of the order was not successful due to the error described in `errorCode`.
`errorCode`	N3	No	Error code. Can be missing if the result has not caused an error.
`errorMessage`	AN..512	No	Error description in the language passed in the `language` parameter in the request.

Error codes

Error code	Error text
0	The request has been processed without system errors.
1	An order with this number has already been processed.
1	Wrong order number.
3	Unknown currency.
4	Order number is empty
4	Merchant name cannot be empty.
4	The amount is missing.
4	Empty return URL
4	Password cannot be empty.
5	Incorrect amount.
5	'Language' parameter is incorrect.
5	Merchant login is incorrect.
5	Access denied.
5	The user must change the password.
5	`[jsonParams]` is invalid.
7	System error.
13	The merchant does not have the permission to process verification payments.
14	Features are specified incorrectly.

Examples

POST request example

amount=100&currency=643&language=ru&orderNumber=87654321&returnUrl=http://yoursite.com&pageView=MOBILE&expirationDate=2014-09-08T14:14:14&merchantLogin=merch_child&features=AUTO_PAYMENT

Response example

{"orderId":"61351fbd-ac25-484f-b930-4d0ce4101ab7","formUrl":"https://3dsec.sberbank.ru/payment/mobile_payment_ru.html?mdOrder=61351fbd-ac25-484f-b930-4d0ce4101ab7"}

Инструменты страницы