Gateway API
Introduction
The G2G service allows you to organize a direct connection of the merchant to FreedomPay without using payment pages.
Attention!
Connection requires a PCI DSS certificate.
The G2G service allows you to organize a direct connection of the merchant to FreedomPay without using payment pages.
Attention!
Connection requires a PCI DSS certificate.
Signature generation
Any messages (requests and responses) between FreedomPay and the merchant are signed. To form a signature, you must concatenate with the delimiter ;
Any party can add additional parameters to the request or response that are not specified in the documentation. These parameters are also involved in the signature calculation. The message is not signed, and accordingly the pg_salt and pg_sig fields are missing only in one case - when FreedomPay could not identify the merchant and therefore does not know its secret_key. In this case, the pg_error_code field (numerical error code) takes the value 9998.
Main server address:
https://api.freedompay.money
Test server adreess:
https://test-api.freedompay.money
Any messages (requests and responses) between FreedomPay and the merchant are signed. To form a signature, you must concatenate with the delimiter ;
- name of the called script (from the last / to the end or ?)
- all message fields in alphabetical order, including a random string pg_salt, consisting of an arbitrary number of digits and Latin letters, while: a. for nested tags, this rule is applied recursively (XML only) b. fields with the same name are taken in the order in which they appear in the message
- and payment password secret_key, which is set in the store settings and is known only to the merchant and FreedomPay.
Any party can add additional parameters to the request or response that are not specified in the documentation. These parameters are also involved in the signature calculation. The message is not signed, and accordingly the pg_salt and pg_sig fields are missing only in one case - when FreedomPay could not identify the merchant and therefore does not know its secret_key. In this case, the pg_error_code field (numerical error code) takes the value 9998.
Main server address:
https://api.freedompay.money
Test server adreess:
https://test-api.freedompay.money
An example of a request with a signature:
curl --location --request POST 'https://api.freedompay.money/init_payment.php' \
--form 'pg_order_id=23' \
--form 'pg_merchant_id={{paybox_merchant_id}}' \
--form 'pg_amount=25' \
--form 'pg_description=test' \
--form 'pg_salt=molbulak' \
--form 'pg_sig={{paybox_signature}}'
# Signature example:
'init_payment.php;25;test;{{paybox_merchant_id}};23;molbulak;{{secret_key}}'
PHP code example:
$pg_merchant_id = {{paybox_merchant_id}};
$secret_key = {{paybox_merchant_secret}};
$request = [
'pg_merchant_id'=> $pg_merchant_id,
'pg_order_id' => 1234,
'pg_amount' => 100,
'pg_payment_to' => 4405645000006150,
'pg_description' => 'Payment description',
'pg_post_link' => 'http://site.kz/post',
'pg_salt' => 'some random string',
];
//generate a signature and add it to the array
ksort($request); // sort alphabetically
array_unshift($request, 'p2p2nonreg');
array_push($request, $secret_key);
$request['pg_sig'] = md5(implode(';', $request));
unset($request[0], $request[1]);