Page History
Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Communication takes place with the help of postback requests (postbacks). After each Client request for input or output, a postback is sent to the Client with the result of the operation.
Attention: To change the time zone when displaying the time in transactions, set the required time zone in the settings (path: Personal Account -> Settings -> paykassma Settings -> Time Zone) via the Paykassma TP request. Default time zone +08: 00 PST Asia/Manila
Receiving the postback (postbake)
To accept postbacks, you need to implement a separate path that you can use to receive postbacks. They are sent by a POST request in JSON format.
The Paykassma server is waiting for a response in json {"status": "ok"} response code 200, otherwise, when receiving a different response, Paykassma will forward the postback with a certain frequency.
Deposit
Client-side signature generation
When sending postbacks, Paykassma also sends a signature: a specially generated hash line that is created using a private key. The signature is calculated following way:
$signature = sha1($postback_access_key . $postback_private_access_key . md5($transactions->toJson(JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE)));
a string consisting of three parameters is passed to the sha1 function:
Parameter | Description |
$postback_access_key | public key; |
$postback_private_access_key | private key; |
Hash from the MD5 function of the entire transaction list in JSON format |
The result of executing this code is a string that cannot be forged without having a private key that is not transmitted in postbacks.
The client can compare the generated signature with the received signature from the postback and thus make sure that the data that came was actually sent and not forged by an attacker.
Postback of transactions for deposit
Request body:
Name | Type | Description |
access_key | string | The access key is specified in the settings of the personal account of the TS Paykassma |
signature | string | The signature used to verify the authenticity of the postback. Attention: the principle of signature formation is given below in a separate paragraph. |
label | string | Unique user ID in the client's system |
Stockpiling | object | The amount of transactions involved in the accumulation (one or more transactions) converted to all currencies. Conversion is carried out on the basis of open data on exchange rates. All currencies are transmitted with an accuracy of up to hundredths, cryptocurrencies have 8 digits in the fractional part (one hundred millionth accuracy). Passed as an list. Attention: the description of the accumulation functionality is given below in a separate paragraph |
stockpiling_id | integer | Unique accumulation ID |
transactions | array | Information about completed transactions participating in the accumulation (one or more) is transmitted. |
List of transactions:
Name | Type | Description |
amount | double | Transaction amount |
currency_code | string | Transaction currency code |
wallet_type | string | Payment system in which the transaction was made |
transaction_id | string | Unique transaction ID in Paykassma |
transaction_type | integer | Transaction type: 0 = automatic, 1 = debug, 2 = forced |
from | string or “null” | Unique ID of the user's account from which the payment was received (if any information is available) |
created_datetime | string | Transaction creation date |
activated_datetime | string | Transaction activation date |
custom_id | string or “null” | Transmitting the transaction ID received from the Client from the plugin to the Client's system. |
Code Block | ||||
---|---|---|---|---|
| ||||
{ "access_key":"mrOYReXJphqo7lkL"// "signature":"dfsfrwe3344d", "label":1 "Stockpiling":{ "USD":80, "INR":6008.39, "EUR":72.86 }, "stockpiling_id":18, "transactions":[ { "amount":6008.39, "currency_code":"INR", "wallet_type":"paytm", "transaction_id":"15", "transaction_type":1, "from":85XXXX1369, "created_datetime":"2019-12-18 23:28:45", "activated_datetime":"2019-12-18 23:28:45", "custom_id":"3123123" } ] } |
Withdrawal
Client-side signature generation
Each postback is signed by signature, it is formed as follows:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
$data = [ ... ]; $data['signature'] = generateSignature($data); // return fa0ee1e2acf7f898635ec417491381c0a4f9d35c //send $data like json ... function generateSignature(array $data) { $privateKey = 'yourprivatekey'; ksort($data); $implode = self::multiImplode( ':', $data); return sha1($privateKey . md5($implode)); } function multiImplode($glue, $array): string { $finArray = []; foreach ($array as $val) { $finArray[] = is_array($val) ? self::multiImplode($glue, $val) : $val; } return implode($glue, $finArray); } |
Postback of transactions for withdrawal
Postback of transactions for withdrawal when using an actual version query "https:
//api.{URL_server_Paykassma}/v2/withdrawal/create
"
Requst body:
Name | Type | Description |
withdrawal_id | string | Unique withdrawal ID |
status | integer | Available withdrawal statuses: |
comment | string | A comment comes with html tags |
payment_system | string | Payment system |
amount | double | Amount |
currency_code | string | Currency |
label | string | Unique identifier of the user for whom the withdrawal is performed |
account_number | string | Recipient’s account number |
account_name | string | Name of an account recipient |
account_email | string | Email of an account recipient |
payments_details | JSON | |
payments_provider | string | A provider who makes electronic payment using the selected payment method |
bank_details | JSON | |
bank_code | string | Unique identifier assigned by the central bank of the country |
branch_code | string | Bank branch code |
signature | string | Postback signature |
Code Block | ||||
---|---|---|---|---|
| ||||
{ 'withdrawal_id' : '12345', 'status' : '1', 'comment' : 'comment', 'payment_system' : 'paytm', 'amount' : '1000', 'currency_code' : 'INR', 'label' : '125', 'account_number' : '123456789', 'account_name' : '', 'account_email' : '', 'payments_details': { 'payments_provider' : '', }, 'bank_details': { 'bank_code' : '', 'branch_code' : '', }, 'signature' : 'signature' } |
Expected responses to postbacks from a client
code | Message |
200 | Ok |
400 | error receiving |
401 | error validation |
404 | not found http exception |
500 | not enough fields |
501 | empty postback |
502 | incorrect signature |
503 | data integrity error |
- If successful, expect the client to have http status - 2XX.
- All 200th codes should be accompanied by "status" = "ok"
- In case of failure, expect from the client http status other than 2XX (depending on the error) and an error message.
For example, error validation, not enough fields.
https:
//api.{URL_server_Paykassma}/withdrawal/manual/create
"Requst body:
Name | Type | Description |
id | integer | Unique ID withdrawals |
withdrawal_id | string | Withdrawal ID in the Client’s system |
wallet_type | string | Payment system type |
wallet_recipient | string | Recipient's wallet number |
wallet_sender | string | Sender's wallet number |
account_name | string | Name of the bank account holder |
account_number | string | Number of the bank account |
string | Email of the person who is being paid | |
amount | double | Withdrawal amount |
status | integer | Available withdrawal statuses: New = 0 |
created_at | date | Date and time of creation |
updated_at | date | Date and time of update |
failed_reason | string | Reason for failure. This parameter is not sent if the status is 1 |
Code Block | ||||
---|---|---|---|---|
| ||||
{ "id": 957, "withdrawal_id": "5165837", "wallet_type": "imps", "wallet_recipient": "123", "wallet_sender": "5125124", "account_name": "test", "account_number": "123", "email": "[email protected]" "amount": 1000.00, "status": 1, "created_at": "2021-02-16 12:23:34", "updated_at": "2021-02-26 17:22:43", "failed_reason": "test" "signature": "SIGNATURE" } |
New postback format
At present, we are making the transition to the use of the new Postback format. Unlike the previous one, it contains parameters for depositing and withdrawing in one body.
Client-side signature generation
When sending postbacks, Paykassma also sends a signature: a specially generated hash line that is created using a private key. The signature is calculated following way:
$signature = sha1($postback_access_key . $postback_private_access_key . md5($additionalDataArray->toJson(JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE)));
a string consisting of three parameters is passed to the sha1 function:
Parameter | Description |
$postback_access_key | public key; |
$postback_private_access_key | private key; |
Hash from the MD5 function of the entire transaction list in JSON format |
The result of executing this code is a string that cannot be forged without having a private key that is not transmitted in postbacks.
The client can compare the generated signature with the received signature from the postback and thus make sure that the data that came was actually sent and not forged by an attacker.
Requst body:
Название | Тип | Описание | ||
---|---|---|---|---|
signature | string | Postback signature | ||
wallet_type | string | Payment system in which the transaction was made | ||
amount | doublefloat | Transaction amount | ||
currency_code | string | Transaction currency code | ||
label | string | Unique user ID | ||
converted_amount | array | The amount of transactions involved in the accumulation (one or more transactions) converted to all currencies. Conversion is carried out on the basis of open data on exchange rates. All currencies are transmitted with an accuracy of up to hundredths, cryptocurrencies have 8 digits in the fractional part (one hundred millionth accuracy). Passed as an list. Attention: the description of the accumulation functionality is given in a paragraph | ||
direction | string | Transaction direction. Possible value:
| ||
created_datetime | string | Transaction date | ||
access_key | string | The access key is specified in the settings of the personal account of the TS Paykassma | ||
additional_data | array | Transaction data | ||
activated_datetime | string | Transaction activation date | ||
exchanger_identifier | string | Unique User's account identifier which a transaction request came from | ||
comment | string | Сomment | ||
wallet_type | string | Payment system in which the transaction was made | ||
amount | doublestring | Transaction amount | ||
currency_code | string | Transaction currency code | ||
stockpiling_id | integer | Unique accumulation ID | ||
transaction_id | string | Unique transaction ID in Paykassma | ||
transaction_type | integer | Transaction type: 0 = automatic, 1 = debug, 2 = forced | ||
plugin_custom_order_id | string | Unique transaction ID in the client's system | ||
withdrawal_id | string | Unique withdrawal ID | ||
withdrawal_status | integer | Available withdrawal statuses: | ||
account_number | string | Recipient’s account number | ||
account_name | string | Recipient name | ||
account_email | string | Recipient email | ||
bank_details | array | |||
bank_code | string | Unique ID assigned by the central bank of the country | ||
branch_code | string | Bank branch code |
Code Block | ||||
---|---|---|---|---|
| ||||
{ "signature":"signature", "wallet_type": "paytm_api", "amount": 13629, "currency_code": "INR", "label":"6424468", "converted_amount": { "USD":40.43,"INR":3327,"EUR":40.98,"IDR":625650.25,"MYR":190.71,"VND":988191.07,"SGD":57.43, "THB":1539,"NGN":17640.29,"TRY":751.48,"AED":148.51,"CAD":55.52,"AUD":64,"BDT":4276.41,"AFN":3531.25, "ALL":4807.24,"AMD":16333.46,"AOA":18109.34,"ARS":6179.09,"AWG":72.88,"AZN":68.73,"BAM":80.49,"BBD":80.86, "BGN":80.2,"BHD":15.24,"BIF":83303.64,"BMD":40.43,"BND":57.44,"BOB":279.23,"BRL":211.91,"BSD":40.43,"BTC":0.00209234 }, "direction":"ingoing", "created_datetime":"2023-06-30 10:59:24", "access_key":"access_key", "additional_data": [ { "activated_datetime":"2023-06-30 13:59:24", "exchanger_identifier":"97489343", "comment":"", "amount":"13628.5", "currency_code":"INR", "wallet_type":"paytm_api", "stockpiling_id":262402, "transaction_id":"160028076535305", "transaction_type":0, "plugin_custom_order_id":"6424468", "withdrawal_id":null, "withdrawal_status":null, "account_number":"", "account_name":"", "account_email":"", "bank_details": { "bank_code":"", "branch_code":"" } } {...} ] } |
Code Block | ||||
---|---|---|---|---|
| ||||
{ "signature":"fcb57aabb9a7f46cd27f1b4249aeb9912bd49300", "wallet_type":"nagad_api", "amount":820, "currency_code":"BDT", "label":"autotest898404792700response_500", "converted_amount": { "USD":7.56,"INR":620,"IDR":113212.08,"MYR":34.39,"VND":178667.64,"SGD":10, "THB":257.14,"NGN":5947.67,"TRY":203.5,"AED":27.75,"CAD":9.93,"AUD":11.07,"BDT":820,"AFN":647.27, "ALL":681.27,"AMD":2946.58,"AOA":6231.79,"ARS":2025.9,"AWG":13.62,"AZN":12.84,"BAM":13.17,"BBD":15.11, "BGN":13.17,"BHD":2.85,"BIF":21376.13,"BMD":7.56,"BND":10.02,"BOB":52.24,"BRL":36.2,"BSD":7.56,"BTC":0.00025009 }, "direction":"outgoing", "created_datetime":"2023-07-20 08:09:01", "access_key":"Neiwk12Mdk2pdi1Jdi", "additional_data": [ { "activated_datetime":"", "exchanger_identifier":"", "comment":"autotest approve by file", "amount":"820", "currency_code":"BDT", "wallet_type":"nagad_api", "stockpiling_id":null, "transaction_id":"", "transaction_type":null, "plugin_custom_order_id":"", "withdrawal_id":"autotest984047927037", "withdrawal_status":1, "account_number":"5632221204", "account_name":"autotest983948600573", "account_email":"", "bank_details": { "bank_code":null, "branch_code":null } } ] } |
Receiving information about the postback that was sent earlier
The system allows you to request information about the postback for input or output that was sent earlier. See here for details
Table of Contents | ||
---|---|---|
|