Инструменты страницы



Request for order payment

In this document, the following data type conventions are used when describing request and response parameters:

  • string – string;
  • array – data array;
  • object – data object;
  • data – date;
  • boolean – boolean (logical) data type;
  • int. (integer) – integer data type;
  • amount – a numeric data type (amount).

This request also allows to accept a one-phase P2P_debit payment only if the order is registered as a P2P order with the passed parameter WITHOUT_TO_CARD feature.

Request parameters:

Parameter Type Description Example

mdOrder

string

Order number in the payment gateway. Unique within the payment gateway.

0f7a3d11-43ac-7942-80ce-08f700f18047

bindingUuid

string

Sbersafe binding identifier.

pan

string

Payment card number.

4276010013296064

expiry

string

The validity of the card.

202412

cardholder

string

Name of the cardholder.

Integration Tester

cvc

string

CVC/CVV2 code on the back of the card.

555

phone

string

Customer's phone number without a leading «7».

9875270160

email

string

Customer's email address.

test@test.com

deliveryAddress

string

Delivery address.

loyaltyId

string

Loyalty program identifier.

sbrf_spasibo

loyaltyPointAmount

string

Amount of «Spasibo» bonuses (in units of bonuses). When you specify bonuses in the order registration request, they are deducted from the amount in amount rather than being added to it.

100

loyaltyPayments

string

A block containing information about the loyalty program identifier and the amount of points.

externalBindingId

string

Gateway Binding (External).

importExternalBindings

string

Flag for importing bindings.

params

string

Extra options.

It is forbidden to pass reserved names in the parameter (if they are passed, the order may be rejected):

  • sbrf_spasibo:amount_bonus
  • sbrf_sbermiles:amount_bonus
  • loyaltyId

googlePaymentToken

string

Google Pay payment token.

samsungPaymentToken

string

Samsung Pay payment token.

applePaymentToken

string

Apple Pay payment token.

threeDSServerTransId

string

Transaction identifier created on the 3DS server.

This parameter is used for Customer authentication using the 3DS Protocol version 2.0.

blockBindingCreationEnable

boolean

Additional parameter used in order to avoid saving card data during payment.

Response parameters:

Parameter Type Description Value example

errorCode

int

Error code.

0

errorMessage

string Error description. «Invalid operation for the current order status»

mdOrder

string

Order number in the payment gateway. Unique within the payment gateway.

de2ad073-79f5-7877-b600-69d00008e652

orderStatus

string

Order status in the payment system.

DEPOSITED

acsUrl

string

Redirect address to the address of the ACS server.

"https://test.com/acs/auth/start.do"

paReq

string

Parameter to pass to ACS for authentication.

eJxVUk1zgjAQ/SsM95KEr1pnjUOLnXqgYxUvvVHYAVQ+DFDUX99EUeshM/t2N2/3vQSmXCV5mU70dfj+N

termUrl

string

URL to redirect the payer to after authentication.

"https://test.com/release04/order/finishTds"

redirect

string Return address after the payment. "https://test.com/release04/merchants/sbersafe/finish.html4"

is3DSVer2

boolean

Flag indicating that the payment/transfer will be made using the 3DS Protocol version 2.0. The following values are available:

  • true – the payment/transfer will be made using the 3DS Protocol version 2.0;
  • false – the payment/transfer will not be made using 3DS Protocol version 2.0.

This parameter is used for Customer authentication using the 3DS Protocol version 2.0.

packedCReq

string

Packed data of challenge request. This value should be used as the value of the creq parameter of the link to ACS (acsUrl), for redirecting the customer to ACS.

threeDSServerTransId

string

Transaction identifier created on the 3DS server.

This parameter is used for Customer authentication using the 3DS Protocol version 2.0.

threeDSMethodURL

string

The URL address of the ACS to collect data about the browser.

This parameter is used for Customer authentication using the 3DS Protocol version 2.0.

threeDSMethodURLServer

string

URL address of the 3DS server for connecting browser data to include in the AReq (Authentication Request) request from the 3DS server to the ACS server.

This parameter is used for Customer authentication using the 3DS Protocol version 2.0.

threeDSMethodDataPacked

string

Base64-encoded CReq (Challenge Response) data to send to the ACS server.

This parameter is used for Customer authentication using the 3DS Protocol version 2.0.

Request example: 

POST /order/payment?mdOrder=0f7a3d11-43ac-7942-80ce-08f700f18047&pan=4276010013296064&expiry=202412&cardholder=Integration%20Tester&cvc=555&phone=9875270160&email=test@test.com HTTP/1.1
Host: 3dsec.sberbank.ru/sbersafe

Content-Type: application/x-www-form-urlencoded

Accept: application/json

Content-Length: <content-lenght>

Response example: 

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-cache
{"errorCode":0,"mdOrder":"0f7a3d11-43ac-7942-80ce-08f700f18047","orderStatus":"DEPOSITED","redirect":"https://test.com/payment/merchants/rbs/finish.html?orderId=0f7a3d11-43ac-7942-80ce-08f700f18047&lang=ru","status":"SUCCESS"}