Page History
Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Communication takes place with the help of postback requests (postbacks). After each Client request for input or output, a postback is sent to the Client with the result of the operation.
Attention: To change the time zone when displaying the time in transactions, set the required time zone in the settings (path: Personal Account -> Settings -> paykassma Settings -> Time Zone) via the Paykassma TP request. Default time zone +08: 00 PST Asia/Manila
Receiving the postback (postbake)
To accept postbacks, you need to implement a separate path that you can use to receive postbacks. They are sent by a POST request in JSON format.
The Paykassma server is waiting for a response in json {"status": "ok"} response code 200, otherwise, when receiving a different response, Paykassma will forward the postback with a certain frequency.
Deposit
Client-side signature generation
When sending postbacks, Paykassma also sends a signature: a specially generated hash line that is created using a private key. The signature is calculated following way:
$signature = sha1($postback_access_key . $postback_private_access_key . md5($transactions->toJson(JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE)));
a string consisting of three parameters is passed to the sha1 function:
Parameter
Description
$postback_access_key
public key;
$postback_private_access_key
private key;
Hash from the MD5 function of the entire transaction list in JSON format
The result of executing this code is a string that cannot be forged without having a private key that is not transmitted in postbacks.
The client can compare the generated signature with the received signature from the postback and thus make sure that the data that came was actually sent and not forged by an attacker.
Postback of transactions for deposit
Request body:
Name
Type
Description
access_key
string
The access key is specified in the settings of the personal account of the TS Paykassma
signature
string
The signature used to verify the authenticity of the postback.
Attention: the principle of signature formation is given below in a separate paragraph.
label
string
Unique user ID in the client's system
Stockpiling
object
The amount of transactions involved in the accumulation (one or more transactions) converted to all currencies. Conversion is carried out on the basis of open data on exchange rates.
All currencies are transmitted with an accuracy of up to hundredths, cryptocurrencies have 8 digits in the fractional part (one hundred millionth accuracy). Passed as an list.
Attention: the description of the accumulation functionality is given below in a separate paragraph
stockpiling_id
integer
Unique accumulation ID
transactions
array
Information about completed transactions participating in the accumulation (one or more) is transmitted.
List of transactions:
Name
Type
Description
amount
double
Transaction amount
currency_code
string
Transaction currency code
wallet_type
string
Payment system in which the transaction was made
transaction_id
string
Unique transaction ID in Paykassma
transaction_type
integer
Transaction type: 0 = automatic, 1 = debug, 2 = forced
from
string or “null”
Unique ID of the user's account from which the payment was received (if any information is available)
created_datetime
string
Transaction creation date
activated_datetime
string
Transaction activation date
custom_id
string or “null”
Transmitting the transaction ID received from the Client from the plugin to the Client's system.
Attention: It may be "null" if the custom_transaction_id parameter was not passed earlier.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"access_key":"mrOYReXJphqo7lkL"//
"signature":"dfsfrwe3344d",
"label":1
"Stockpiling":{
"USD":80,
"INR":6008.39,
"EUR":72.86
},
"stockpiling_id":18,
"transactions":[
{
"amount":6008.39,
"currency_code":"INR",
"wallet_type":"paytm",
"transaction_id":"15",
"transaction_type":1,
"from":85XXXX1369,
"created_datetime":"2019-12-18 23:28:45",
"activated_datetime":"2019-12-18 23:28:45",
"custom_id":"3123123"
}
]
} |
Withdrawal
Client-side signature generation
Each postback is signed by signature, it is formed as follows:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
$data = [
...
];
$data['signature'] = generateSignature($data); // return fa0ee1e2acf7f898635ec417491381c0a4f9d35c
//send $data like json ...
function generateSignature(array $data) {
$privateKey = 'yourprivatekey';
ksort($data);
$implode = self::multiImplode( ':', $data);
return sha1($privateKey . md5($implode));
}
function multiImplode($glue, $array): string
{
$finArray = [];
foreach ($array as $val) {
$finArray[] = is_array($val) ? self::multiImplode($glue, $val) : $val;
}
return implode($glue, $finArray);
} |
Postback of transactions for withdrawal
Postback of transactions for withdrawal when using an actual version query "https://api.{URL_server_Paykassma}/v2/withdrawal/create"Requst body:
Name
Type
Description
string
Unique withdrawal ID
integer
Available withdrawal statuses:
Processed = 1
Rejected = 5
string
A comment comes with html tags
Payment system
Amount
Currency
Unique identifier of the user for whom the withdrawal is performed
Recipient’s account number
Name of an account recipient
Email of an account recipient
A provider who makes electronic payment using the selected payment method
Unique identifier assigned by the central bank of the country
Bank branch code
Postback signature
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
'withdrawal_id' : '12345',
'status' : '1',
'comment' : 'comment',
'payment_system' : 'paytm',
'amount' : '1000',
'currency_code' : 'INR',
'label' : '125',
'account_number' : '123456789',
'account_name' : '',
'account_email' : '',
'payments_details':
{
'payments_provider' : '',
},
'bank_details':
{
'bank_code' : '',
'branch_code' : '',
},
'signature' : 'signature'
} |
Expected responses to postbacks from a client
code | Message |
200 | Ok |
400 | error receiving |
401 | error validation |
404 | not found http exception |
500 | not enough fields |
501 | empty postback |
502 | incorrect signature |
503 | data integrity error |
- If successful, expect the client to have http status - 2XX.
- All 200th codes should be accompanied by "status" = "ok"
- In case of failure, expect from the client http status other than 2XX (depending on the error) and an error message.
For example, error validation, not enough fields.
https://api.{URL_server_Paykassma}/withdrawal/manual/create"Requst body:
Name
Type
Description
id
withdrawal_id
string
Withdrawal ID in the Client’s system
wallet_type
string
Payment system type
wallet_recipient
string
Recipient's wallet number
wallet_sender
string
Sender's wallet number
account_name
string
Name of the bank account holder
account_number
string
string
Email of the person who is being paid
double
Withdrawal amount
integer
Available withdrawal statuses:
New = 0
Canceled = 2
Processed = 1
Date and time of creationDate and time of updateReason for failure. This parameter is not sent if the status is 1| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"id": 957,
"withdrawal_id": "5165837",
"wallet_type": "imps",
"wallet_recipient": "123",
"wallet_sender": "5125124",
"account_name": "test",
"account_number": "123",
"email": "[email protected]"
"amount": 1000.00,
"status": 1,
"created_at": "2021-02-16 12:23:34",
"updated_at": "2021-02-26 17:22:43",
"failed_reason": "test"
"signature": "SIGNATURE"
} |
New postback format
At present, we are making the transition to the use of the new Postback format. Unlike the previous one, it contains parameters for depositing and withdrawing in one body./Withdrawal
Client-side signature generation
When sending postbacks, Paykassma also sends a signature: a specially generated hash line that is created using a private key. The signature is calculated following way:
$signature = sha1($postback_access_key . $postback_private_access_key . md5($additionalDataArray->toJson(JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE)));
a string consisting of three parameters is passed to the sha1 function:
Parameter | Description |
$postback_access_key | public key; |
$postback_private_access_key | private key; |
Hash from the MD5 function of the entire transaction list in JSON format | |
The result of executing this code is a string that cannot be forged without having a private key that is not transmitted in postbacks.
The client can compare the generated signature with the received signature from the postback and thus make sure that the data that came was actually sent and not forged by an attacker.
Requst Requеst body:
| Название | Тип | Описание | ||
|---|---|---|---|---|
| signature | string | Postback signature | ||
| wallet_type | string | Payment system in which the transaction was made | ||
| amount | float | Transaction amount | ||
currency_code | string | Transaction currency code | ||
| label | string | Unique user ID | ||
| converted_amount | array | The amount of transactions involved in the accumulation (one or more transactions) converted to all currencies. Conversion is carried out on the basis of open data on exchange rates. All currencies are transmitted with an accuracy of up to hundredths, cryptocurrencies have 8 digits in the fractional part (one hundred millionth accuracy). Passed as an list. Attention: the description of the accumulation functionality is given in a paragraph | ||
| direction | string | Transaction direction. Possible value:
| ||
created_datetime | string | Transaction date | ||
| access_key | string | The access key is specified in the settings of the personal account of the TS Paykassma | ||
| additional_data | array | Transaction data | ||
activated_datetime | string | Transaction activation date | ||
| exchanger_identifier | string | Unique User's account identifier which a transaction request came from | ||
| comment | string | Сomment | ||
| wallet_type | string | Payment system in which the transaction was made | ||
| amount | string | Transaction amount | ||
| currency_code | string | Transaction currency code | ||
stockpiling_id | integer | Unique accumulation ID | ||
transaction_id | string | Unique transaction ID in Paykassma | ||
transaction_type | integer | Transaction type: 0 = automatic, 1 = debug, 2 = forced | ||
plugin_custom_order_id | string | Unique transaction ID in the client's system | ||
withdrawal_id | string | Unique withdrawal ID | ||
withdrawal_status | integer | Available withdrawal statuses: | ||
account_number | string | Recipient’s account number | ||
account_name | string | Recipient name | ||
account_email | string | Recipient email | ||
bank_details | array | |||
bank_code | string | Unique ID assigned by the central bank of the country | ||
branch_code | string | Bank branch code | ||
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"signature":"signature",
"wallet_type": "paytm_api",
"amount": 13629,
"currency_code": "INR",
"label":"6424468",
"converted_amount": {
"USD":40.43,"INR":3327,"EUR":40.98,"IDR":625650.25,"MYR":190.71,"VND":988191.07,"SGD":57.43,
"THB":1539,"NGN":17640.29,"TRY":751.48,"AED":148.51,"CAD":55.52,"AUD":64,"BDT":4276.41,"AFN":3531.25,
"ALL":4807.24,"AMD":16333.46,"AOA":18109.34,"ARS":6179.09,"AWG":72.88,"AZN":68.73,"BAM":80.49,"BBD":80.86,
"BGN":80.2,"BHD":15.24,"BIF":83303.64,"BMD":40.43,"BND":57.44,"BOB":279.23,"BRL":211.91,"BSD":40.43,"BTC":0.00209234
},
"direction":"ingoing",
"created_datetime":"2023-06-30 10:59:24",
"access_key":"access_key",
"additional_data": [ {
"activated_datetime":"2023-06-30 13:59:24",
"exchanger_identifier":"97489343",
"comment":"",
"amount":"13628.5",
"currency_code":"INR",
"wallet_type":"paytm_api",
"stockpiling_id":262402,
"transaction_id":"160028076535305",
"transaction_type":0,
"plugin_custom_order_id":"6424468",
"withdrawal_id":null,
"withdrawal_status":null,
"account_number":"",
"account_name":"",
"account_email":"",
"bank_details": {
"bank_code":"",
"branch_code":""
}
}
{...}
]
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"signature":"fcb57aabb9a7f46cd27f1b4249aeb9912bd49300",
"wallet_type":"nagad_api",
"amount":820,
"currency_code":"BDT",
"label":"autotest898404792700response_500",
"converted_amount":
{
"USD":7.56,"INR":620,"IDR":113212.08,"MYR":34.39,"VND":178667.64,"SGD":10,
"THB":257.14,"NGN":5947.67,"TRY":203.5,"AED":27.75,"CAD":9.93,"AUD":11.07,"BDT":820,"AFN":647.27,
"ALL":681.27,"AMD":2946.58,"AOA":6231.79,"ARS":2025.9,"AWG":13.62,"AZN":12.84,"BAM":13.17,"BBD":15.11,
"BGN":13.17,"BHD":2.85,"BIF":21376.13,"BMD":7.56,"BND":10.02,"BOB":52.24,"BRL":36.2,"BSD":7.56,"BTC":0.00025009
},
"direction":"outgoing",
"created_datetime":"2023-07-20 08:09:01",
"access_key":"Neiwk12Mdk2pdi1Jdi",
"additional_data":
[
{
"activated_datetime":"",
"exchanger_identifier":"",
"comment":"autotest approve by file",
"amount":"820",
"currency_code":"BDT",
"wallet_type":"nagad_api",
"stockpiling_id":null,
"transaction_id":"",
"transaction_type":null,
"plugin_custom_order_id":"",
"withdrawal_id":"autotest984047927037",
"withdrawal_status":1,
"account_number":"5632221204",
"account_name":"autotest983948600573",
"account_email":"",
"bank_details":
{
"bank_code":null,
"branch_code":null
}
}
]
} |
Receiving information about the postback that was sent earlier
The system allows you to request information about the postback for input or output that was sent earlier. See here for details
| Table of Contents | ||
|---|---|---|
|