present API allows to perform transfers between the cards of physical persons issued by Ukrainian banks.
Request parameters
The request with required parameters is to be formed on the side of merchant and to be transferred by POST method through HTTP protocol to URL https://api.wayforpay.com/api
For the purposes of confirmation of data validity there should be generated and transferred in the request the HMAC_MD5 control signature using SecretKey of merchant.
The line which subjects to HMAC_MD5 is generated through catenation of parameters merchantAccount, orderReference, amount, currency, cardBeneficiary divided with “;” (semi-column) in coding UTF-8
| Parameter | Description | Mandatory |
|---|---|---|
| transactionType | Type of request takes the value P2P_TRANSFER | yes |
| merchantAccount | Unique Seller’s identifier | yes |
| merchantAuthType | Autharization Type: May take one of the following values: - simpleSignature (default) | no |
| merchantTransactionSecureType | Type of safety for transaction completion. - AUTO | no |
| merchantDomainName | Domain name of merchant’s web-site | yes |
| orderReference | Unique number of the order in merchant’s system | yes |
| orderDate | Date of transfer | yes |
| amount | Amount of order | yes |
| fee | amount of commission | yes |
| currency | currency of transfer: UAH | yes |
| card | The card number of the sender - 16 characters | no |
| expMonth | Card Expiry Date (mounth) - MM | no |
| expYear | Card Expiry Date (year)- YYYY | no |
| cardCvv | Card Security Code CVV / CVV2 | no |
| cardHolder | Cardholder Name, as indicated on the card | no |
| recToken | Card token for recarring withdrawals | no |
| clientFirstName | Sender's First name | no |
| clientLastName | Sender's Last Name | no |
| clientAddress | Sender’s address | no |
| clientCity | Sender’s city | no |
| clientState | Client state/region | no |
| clientZipCode | Client postal code | no |
| clientCountry | Sender country | no |
| clientEmail | Sender Email | no |
| clientPhone | Sender phone number | no |
| cardBeneficiary | Card number of recipient | yes |
| deliveryFirstName | Delivery First Name | no |
| deliveryLastName | Delivery Last Name | no |
| deliveryEmail | Email of recipient | no |
| deliveryPhone | Phone number of recipient | no |
| merchantSignature | Request signature | yes |
| apiVersion | The protocol version. Default value: 1 | yes |
| Note: Fields (card + expMonth + expYear + cardCvv + cardHolder) or recToken should be mandatory. |
|---|
Card verification 3ds verify
Interim response for client authentication
If the sender’s card supports 3d secure verification, Wayforpay system will return the parameters for client authentication.
The merchant has to transfer the client with such parameters to url of issuer for authentication.
The time during which the session for verification is active – 10 minutes. If within 10 minutes COMPLETE_3DS will not be obtained the system will cancel transaction as unsuccessful.
| Parameter | Description | Example |
|---|---|---|
| merchantAccount | Seller’s identifier | test_merch_n1_p2p |
| orderReference | Unique number of the order in merchant’s system | P2P-1430206527 |
| amount | Amount of order | 0.31 |
| currency | Currency of order | UAH |
| authCode | authorization code - assigned by Bank | null |
| createdDate | Date of creation request in psp (UTC) | 1430206630 |
| processingDate | date of transaction processing | null |
| recToken | card token for recurring payments |
|
| reason |
| Wait 3ds data |
| transactionStatus | transaction status | InProcessing |
| reasonCode | Code of refusal | 5100 |
| fee | Amount of commission | 1 |
| d3AcsUrl | Address of ACS server of Issuer to which you want to redirect the user for authentication | https:\\3dsecure.ukrsibbank.com\acs\auth\start.do |
| d3Md | Unique identifier which must be transmitted to the url method POST, in time when client will be rerouted | ODMyNzRmNjgtMjEyYS00ODAyLWExYjMtZTc1Y2ZkZTNjYTBi |
| d3Pareq | PaReq message, which must be transmitted to the url method POST, in time when client will be rerouted | eJx1kmFvgjAQhv+K8QfQFkHBnE3YNNFF0ajZol+WBi+CAcRSVPbr 1yrO7cP66Z43vXvvroV1LBGH\nK4wqiRxmWJZij61kN2gvgk+bOZ7 TZW0Oi2CJJw5nlGVyzDmzqGUDeaDOk1EscsVBRKeXSchdx+1R\ nD0iDkKGcDDmjzfGZ51IXyF2GXGTI11iq1lSocyKA3BSIjlWuZM 096gB5AFQy5bFSRdknBKNjpotE\naKXJqRC1pfkpkqxIdJsmAcizx0Vlol IbXJMdnw9ndfi1zMLDXs0Oo3qzonQ+DOrpx2gAxNyAnVDI\n bcpc6thei9F+p9dnuvBNB5GZzji1OkwPfAcojEdwB6P\/5n\/m0k8gMY9q 7ntUyw8CvBbHHHWedvyJ\ngTyneB2bvUdKr3I\/3V5UuHo\/+7F MxsXhknbtFN+2m11qmrtfMhUT7ch8498AEFOGNA9Nmp+goz8\/\n5Bt+QbuA
|
| authTicket | Authorization Ticket | d185a769977cc297b13bfd0edd9bdd29 |
| merchantSignature | Request signature | 09c85c95722fee7c2283d5f189902035 |
After obtaining of data from Wayforpay system the merchant has to transfer to d3AcsUr by POST method the parameters d3Pareq и d3Md in the following form:
<form name="MPIform" action='${d3AcsUrl}' method="POST">
<input type="hidden" name="PaReq" value='${d3Pareq }'>
<input type="hidden" name="MD" value='${d3Md }'>
<input type="hidden" name="TermUrl" value='${TempUrl}'>
</form>
TempUrl - url transferred by the merchant to which the issuer will return response after client authentication.
Confirmation of 3d secure verification
After completing by the client of authentication and redirecting to TempUrl with the result obtained from the issuer the merchant sends the COMPLETE_3DS request.
| Parameter | Description | Mandatory |
|---|---|---|
| apiVersion | The protocol version. Default value: 1 | yes |
| transactionType | Type of request takes the value COMPLETE_3DS | yes |
| authorization_ticket | ticket of authorization | yes |
| d3ds_md |
| no |
| d3ds_pares |
| yes |
Response parameters – result of transfer
For the purposes of confirmation of data validity there should be generated and transferred in the request the HMAC_MD5 control signature using SecretKey of merchant.
The line which subjects to HMAC_MD5 is generated through catenation of parameters merchantAccount, orderReference, amount, currency, authCode, cardPan, transactionStatus, reasonCode divided with “;” (semi-column) in coding UTF-8
| Parameter | Description | Example |
|---|---|---|
| merchantAccount | Seller’s identifier | test_merchant |
| orderReference | Unique number of the order in merchant’s system | 1212dd1 |
| merchantSignature | hash_hmac |
|
| amount | Amount of order | 100 |
| currency | Currency of order | UAH |
| authCode | Authorization code - assigned by Bank | 324567 |
| createdDate | Date of creation request in psp (UTC) | 123456789 |
| processingDate | Date of transaction processing (UTC) | 12345678 |
| recToken | Card token for recurring payments | 121213321-3213213-3213213-321-3 |
| transactionStatus | Status of Transaction | Approved |
| reason | Reason for refusal | Ok |
| reasonCode | Code of refusal | 110 |
An example of request and response
{
"transactionType":"P2P_TRANSFER",
"merchantAccount":"test_merch",
"merchantAuthType":"SimpleSignature",
"merchantSignature":"60c5d743b71f79abe48c7183ada4b451",
"apiVersion":1,
"orderReference":"myOrder1",
"orderDate":1421412898,
"amount":10.13,
"currency":"UAH",
"card":"4111111111111111",
"expMonth":"11",
"expYear":"2020",
"cardCvv":"111",
"cardHolder":"TARAS BULBA",
"cardBeneficiary":"4111111111111111"
}{
"merchantAccount": "test_merchant",
"orderReference": "DH783023",
"merchantSignature":"b95932786cbe243a76b014846b63fe92",
"amount": "10.13",
"currency": "UAH",
"authCode": "221562",
"createdDate": "13.01.2014 15:10:47",
"processingDate": "13.01.2014 15:10:52",
"transactionStatus": "Approved",
"reason": "ok",
"reasonCode": "1100"
}