Saving cards
Basic mechanics for saving cards. Further, the saved cards can be used both for payments and for payments
To use this request, you should contact your manager
Basic mechanics for saving cards. Further, the saved cards can be used both for payments and for payments
To use this request, you should contact your manager
Adding a card
Request
curl --location --request POST 'https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/add' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--form 'pg_merchant_id={{paybox_merchant_id}}' \
--form 'pg_user_id=1234' \
--form 'pg_post_link={{post_link}}' \
--form 'pg_back_link=http://site.kz/back' \
--form 'pg_salt=some random string' \
--form 'pg_sig={{paybox_signature}}'
# Signature example:
'add;http://site.kz/back;{{paybox_merchant_id}};{{post_link}};some random string;1234;{{secret_key}}'
Reply
<?xml version="1.0" encoding="utf-8"?>
<response>
<pg_payment_id>12345</pg_payment_id>
<pg_merchant_id>1234</pg_merchant_id>
<pg_order_id/>
<pg_redirect_url>https://api.paybox.money/v1/merchant/1234/cardstorage/view?pg_payment_id=ee4f2b59ad667949a1143353543</pg_redirect_url>
<pg_status>ok</pg_status>
<pg_type>init</pg_type>
<pg_salt>4vXEfz6S</pg_salt>
<pg_sig>3f3bb687c0d4b8c8331eb797e1d20a75</pg_sig>
</response>
Next, you need to open the iframe on the payment page (URL iframe pg_redirect_url from the request), after which the user will open an interface for entering the following card data:
If there is no 3DSecure, the money is blocked on the card, after which the user is given 20 minutes or 3 attempts to enter the following payment information:
- Card number
- Name of the cardholder
- Year/Month of expiration of the card
- CVV/CVC After clicking on the "Add card" button, the presence of 3DSecure on the card will be checked.
If there is no 3DSecure, the money is blocked on the card, after which the user is given 20 minutes or 3 attempts to enter the following payment information:
- Payment amounts
- Payment confirmation code
Signature generation:
$pg_merchant_id = {{paybox_merchant_id}};
$secret_key = {{paybox_merchant_secret}};
$request = [
'pg_merchant_id'=> $pg_merchant_id,
'pg_user_id' => 1234,
'pg_post_link' => 'http://site.kz/post',
'pg_back_link' => 'http://site.kz/back',
'pg_salt' => 'some random string',
];
//generate a signature and add it to the array
ksort($request); // sort alphabetically
array_unshift($request, 'add');
array_push($request, $secret_key);
$request['pg_sig'] = md5(implode(';', $request)); // signature
unset($request[0], $request[1]);
Request URL
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/add
Headers
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/add
Headers
Request fields
Response parameters
Adding cards for payouts
Request
curl --location --request POST 'https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/add2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--form 'pg_merchant_id={{paybox_merchant_id}}' \
--form 'pg_user_id=1234' \
--form 'pg_post_link={{post_link}}' \
--form 'pg_back_link=http://site.kz/back' \
--form 'pg_salt=some random string' \
--form 'pg_sig={{paybox_signature}}'
# Пример подписи:
'add2;http://site.kz/back;{{paybox_merchant_id}};{{post_link}};some random string;1234;{{secret_key}}'
Response
<?xml version="1.0" encoding="utf-8"?>
<response>
<pg_payment_id>12345</pg_payment_id>
<pg_merchant_id>1234</pg_merchant_id>
<pg_order_id/>
<pg_redirect_url>https://api.paybox.money/v1/merchant/1234/cardstorage/view?pg_payment_id=ee4f2b59ad667949a1143353543</pg_redirect_url>
<pg_status>ok</pg_status>
<pg_type>init</pg_type>
<pg_salt>4vXEfz6S</pg_salt>
<pg_sig>3f3bb687c0d4b8c8331eb797e1d20a75</pg_sig>
</response>
Next, you need to open the iframe on the payment page (URL iframe pg_redirect_url from the request), after which the user will see an interface for entering the following card data:
- Card number
Signature generation:
$pg_merchant_id = {{paybox_merchant_id}};
$secret_key = {{paybox_merchant_secret}};
$request = [
'pg_merchant_id'=> $pg_merchant_id,
'pg_user_id' => 1234,
'pg_post_link' => 'http://site.kz/post',
'pg_back_link' => 'http://site.kz/back',
'pg_salt' => 'some random string',
];
//generate a signature and add it to the array
ksort($request); //sort alphabetically
array_unshift($request, 'add2');
array_push($request, $secret_key);
$request['pg_sig'] = md5(implode(';', $request)); // signature
unset($request[0], $request[1]);
URL request
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/add2
Headers
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/add2
Headers
Request fields
Response fields
Deleting a card
Remove card
Remove card
Request
curl --location --request POST 'https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/remove' \
--form 'pg_merchant_id={{paybox_merchant_id}}' \
--form 'pg_user_id=1234' \
--form 'pg_card_token=ef741cfc-f85e-41a0-84e6-2ba964912182' \
--form 'pg_salt=some random string' \
--form 'pg_sig={{paybox_signature}}'
# Signature example:
'remove;ef741cfc-f85e-41a0-84e6-2ba964912182;{{paybox_merchant_id}};some random string;1234;{{secret_key}}'
Reply
<?xml version="1.0" encoding="utf-8"?>
<response>
<card>
<pg_status>deleted</pg_status>
<pg_merchant_id>1234</pg_merchant_id>
<pg_card_id/>
<pg_card_hash/>
<deleted_at>2020-07-28 09:45:51</deleted_at>
</card>
<pg_salt>3wOIeVEc</pg_salt>
<pg_sig>5b8c60b26ee1addc9956ebc8426353e6</pg_sig>
</response>
We get pg_card_token from Post link request and pg_user_id to delete cards, we make the following request.
Signature generation:
$pg_merchant_id = {{paybox_merchant_id}};
$secret_key = {{paybox_merchant_secret}};
$request = [
'pg_merchant_id'=> $pg_merchant_id,
'pg_user_id' => 1234,
'pg_card_token' => 'ef741cfc-f85e-41a0-84e6-2ba964912182',
'pg_salt' => 'some random string',
];
//generate a signature and add it to the array
ksort($request); // sort alphabetically
array_unshift($request, 'remove');
array_push($request, $secret_key);
$request['pg_sig'] = md5(implode(';', $request)); // signature
unset($request[0], $request[1]);
Request URL
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/remove
Поля запроса
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/remove
Поля запроса
Response parameters
Getting a list of cards
Get list of cards
Get list of cards
Request
curl --location --request POST 'https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/list' \
--form 'pg_merchant_id={{paybox_merchant_id}}' \
--form 'pg_user_id=1234' \
--form 'pg_salt=some random string' \
--form 'pg_sig={{paybox_signature}}'
# Signature example:
'list;{{paybox_merchant_id}};some random string;1234;{{secret_key}}'
Reply
<?xml version="1.0" encoding="utf-8"?>
<response>
<card>
<pg_status>approved</pg_status>
<pg_merchant_id>1234</pg_merchant_id>
<pg_card_id>56</pg_card_id>
<pg_card_token>ef741cfc-f85e-41a0-84e6-2ba964912182</pg_card_token>
<pg_recurring_profile_id>317</pg_recurring_profile_id>
<pg_card_hash>5101-45XX-XXXX-7898</pg_card_hash>
<pg_card_hhash>2163f971d73a8c928a7d739fb2732ee1</pg_card_hhash>
<created_at>2019-07-19 06:03:08</created_at>
</card>
<card>
<pg_status>approved</pg_status>
<pg_merchant_id>1234</pg_merchant_id>
<pg_card_id>93</pg_card_id>
<pg_card_token>ef741cfc-f85e-41a0-84e6-2ba964912182</pg_card_token>
<pg_recurring_profile_id>331</pg_recurring_profile_id>
<pg_card_hash>4003-03XX-XXXX-5378</pg_card_hash>
<pg_card_hhash>5d90a02298685b8e2787b68863c8ae2a</pg_card_hhash>
<created_at>2019-08-22 12:45:41</created_at>
</card>
<pg_salt>0reqSARN</pg_salt>
<pg_sig>4cdff2e2e7f54bd4f3cde31dcac9155c</pg_sig>
</response>
By the user pg_user_id we get a list of cards with the following request.
Signature generation:
$pg_merchant_id = {{paybox_merchant_id}};
$secret_key = {{paybox_merchant_secret}};
$request = [
'pg_merchant_id'=> $pg_merchant_id,
'pg_user_id' => 1234,
'pg_salt' => 'some random string',
];
//generate a signature and add it to the array
ksort($request); // sort alphabetically
array_unshift($request, 'list');
array_push($request, $secret_key);
$request['pg_sig'] = md5(implode(';', $request)); // signature
unset($request[0], $request[1]);
Request URL
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/list
Request fields
POST https://api.paybox.money/v1/merchant/{{paybox_merchant_id}}/cardstorage/list
Request fields
Response parameters
Successful save notification
Reply to post_link from merchant
Reply to post_link from merchant
<?xml version="1.0" encoding="UTF-8"?>
<pg_status>ok</pg_status>
If entered correctly, the payment is canceled and the blocked amount is instantly returned to the user's card, and the card itself is considered successfully added to the system.
If the input attempts are exceeded, or after the allotted time expires, the payment is canceled and the blocked amount is instantly returned to the user's card.
If the card is successfully added, the pg_xml parameter will contain the following XML:
In this case, pg_type will be equal to confirm.
Merchant server should respond with status 200
Post link on the merchant side must be public, without authorization.
Request URL
POST {{post_link}}
Headers
If the input attempts are exceeded, or after the allotted time expires, the payment is canceled and the blocked amount is instantly returned to the user's card.
If the card is successfully added, the pg_xml parameter will contain the following XML:
In this case, pg_type will be equal to confirm.
Merchant server should respond with status 200
Post link on the merchant side must be public, without authorization.
Request URL
POST {{post_link}}
Headers
Request fields