Payment sending via API

At step 2, the merchant's request must be sent to eCom using the POST method to the address

Request parameters in step 2:
Name Obligation Format Description
ORDER Yes N(6 - 10) Order number, must be unique for this merchant
AMOUNT Yes N(1 - 13) Order amount, separator - dot
CURRENCY Yes C(3) Order currency (ISO 4217, for example KZT)
MERCHANT Yes C(6 - 15) Merchant identifier
TERMINAL Yes C(6 - 8) Terminal identifier
NONCE No N(6 – 64) Random unique number
LANGUAGE No С(2) Client's preferred language, "ru" and "en" values are supported
CLIENT_ID No N(0 – 64) Authenticated Client ID
DESC Yes C(1 – 50) Brief description of the order
DESC_ORDER No C(0 – 4000) Full order description
EMAIL No C(0 – 80) Client Email Address
BACKREF No C(0 – 250) Link for sending the result for the order
Ucaf_Flag No C(0 – 250) Reserved for UCAF data
Ucaf_Authentication_Data No C(0 – 250) Reserved for UCAF data
crd_pan No C(250) Encrypted card number
crd_exp No C(250) Expiration date of the card in MM / YY format, in encrypted form
crd_cvc No C(250) CVV/CVC/CVC2 of the cards in encrypted form
P_SIGN Yes C(80 - 250) Order signature

The algorithm for generating a signature in the P_SIGN field is as follows: you need to collect the order fields values (without LANGUAGE!) In one line through the separator ";", then add this line to the value of the SHARED_SECRET secret key (this key is individual for each merchant), and calculate from the resulting string SHA512 hash value. In the lines DESC, DESC_ORDER, before processing, you need to remove all line breaks. For example, in PHP it will look like this:


An example of calculation (in JS) is on the example page

Note! In the product system, the hash should be calculated not in the browser on the client side, but in the procedure on the side of the merchant's web server!

The example on the test.html page is for testing purposes only.

The secret key SHARED_SECRET should never be available to anyone outside your server!

If the parameters crd_pan, crd_exp, crd_cvc (card number, card expiration date and cvv / cvc / cvc2) are sent to the request, the card entry page is not displayed, but the operation in MPI is immediately started. The crd_pan, crd_exp, crd_cvc parameters must be encrypted on the web page on which they are entered, before transmission using the public key provided by the bank manager. An example of encryption and checksum calculation is on the example page

If you enter the details of a payment card on a merchant's website, the entire merchant's website is considered to affect the security of card data, and according to PCI DSS, the following requirements apply to the website:

  • work only via HTTPS with a valid SSL certificate
  • complete the SAQ-EP self-assessment sheet
  • pass ASV testing on a quarterly basis (automated site check for vulnerabilities)

Encryption of card data must be done on the client's web page, before signing the data with a secret key!

Possible order cancellation registration result codes:
Code Description (ru) Description (en)
11 Сервис временно недоступен, попробуйте позже Service temporary unavailable, try again later
12 Неправильное значение в поле ORDER: %s Order number is invalid: %s
13 Неправильная сумма: %s Amount is invalid: %s
14 Неправильная валюта: %s Currency is invalid: %s
15 Сервис MPI временно недоступен, попробуйте позже MPI service temporary unavailable, try again later
16 Сервис Db временно недоступен, попробуйте позже Db service temporary unavailable, try again later
17 Неправильное значение в поле MERCHANT: %s Merchant is invalid: %s
18 Запрос ORDER=%s уже выполнялся Request of ORDER=%s is already in progress
19 Неправильная дата дейстия карты (MM/ГГ) : %s Card exp date (MM/YY) is invalid: %s
20 Неправильное значение в поле TERMINAL : %s Terminal is invalid: %s
21 Неправильная подпись! Signature is invalid!
22 Не найден курс валюты %s The rate of currency %s is not found
23 Превышен лимит! %s Limit exeeded! %s
24 Не указано значение в поле "%s". The value of field "%s" is required.
25 Размер значения в поле "%s" менее %d симоволов. The size of value of the field "%s" less then %d symbols.
26 Размер значения в поле "%s" больше %d симоволов. The size of value of the field "%s" more then %d symbols.
27 Введите валидное значение в поле "%s". Enter a valid value of field "%s".
28 Ошибка MPI при выполнении проверки 3DS: %s MPI returns error: %s
29 Недопустимый тип карты Invalid card type
99 Другая ошибка : %s Other error: %s/td>