Communication takes place with the help of postback requests (postbacks). After each Client request for input or output, a postback is sent to the Client with the result of the operation.
Attention: To change the time zone when displaying the time in transactions, set the required time zone in the settings (path: Personal Account -> Settings -> paykassma Settings -> Time Zone) via the Paykassma TP request. Default time zone +08: 00 PST Asia/Manila
Receiving the postback (postbake)
To accept postbacks, you need to implement a separate path that you can use to receive postbacks. They are sent by a POST request in JSON format.
The Paykassma server is waiting for a response in json {"status": "ok"} response code 200, otherwise, when receiving a different response, Paykassma will forward the postback with a certain frequency.
Deposit
Client-side signature generation
When sending postbacks, Paykassma also sends a signature: a specially generated hash line that is created using a private key. The signature is calculated following way:
$signature = sha1($postback_access_key . $postback_private_access_key . md5($transactions->toJson()));
a string consisting of three parameters is passed to the sha1 function:
Parameter | Description |
$postback_access_key | public key; |
$postback_private_access_key | private key; |
Hash from the MD5 function of the entire transaction list in JSON format |
The result of executing this code is a string that cannot be forged without having a private key that is not transmitted in postbacks.
The client can compare the generated signature with the received signature from the postback and thus make sure that the data that came was actually sent and not forged by an attacker.
Postback of transactions for deposit
Request body:
Name | Type | Description |
access_key | string | The access key is specified in the settings of the personal account of the TS Paykassma |
signature | string | The signature used to verify the authenticity of the postback. Attention: the principle of signature formation is given below in a separate paragraph. |
label | string | Unique user ID in the client's system |
Stockpiling | object | The amount of transactions involved in the accumulation (one or more transactions) converted to all currencies. Conversion is carried out on the basis of open data on exchange rates. All currencies are transmitted with an accuracy of up to hundredths, cryptocurrencies have 8 digits in the fractional part (one hundred millionth accuracy). Passed as an list. Attention: the description of the accumulation functionality is given below in a separate paragraph |
stockpiling_id | integer | Unique accumulation ID |
transactions | array | Information about completed transactions participating in the accumulation (one or more) is transmitted. |
List of transactions:
Name | Type | Description |
amount | double | Transaction amount |
currency_code | string | Transaction currency code |
wallet_type | string | Payment system in which the transaction was made |
code | string or “null” | Name of the manual payment system. Filled in only when you specify wallet_type = “manual”. |
transaction_id | string | Unique transaction ID in Paykassma |
transaction_type | integer | Transaction type: 0 = automatic, 1 = debug, 2 = forced |
from | string or “null” | Unique ID of the user's account from which the payment was received (if any information is available) |
created_datetime | string | Transaction creation date |
activated_datetime | string | Transaction activation date |
custom_id | string or “null” | Transmitting the transaction ID received from the Client from the plugin to the Client's system. |
{ "access_key":"mrOYReXJphqo7lkL"// "signature":"dfsfrwe3344d", "label":1 "Stockpiling":{ "USD":80, "INR":6008.39, "EUR":72.86 }, "stockpiling_id":18, "transactions":[ { "amount":6008.39, "currency_code":"INR", "wallet_type":"paytm", "code":null, "transaction_id":"15", "transaction_type":1, "from":85XXXX1369, "created_datetime":"2019-12-18 23:28:45", "activated_datetime":"2019-12-18 23:28:45", "custom_id":"3123123" } ] }
Withdrawal
Client-side signature generation
Each postback is signed by signature, it is formed as follows:
$data = [ ... ]; $data['signature'] = generateSignature($data); // return fa0ee1e2acf7f898635ec417491381c0a4f9d35c //send $data like json ... function generateSignature(array $data) { $privateKey = 'yourprivatekey'; ksort($data); $implode = implode(':', $data); return sha1($privateKey . md5($implode)); }
Postback of transactions for withdrawal
There are two types of postbacks:
When a client makes a request
When, for technical reasons, the request was created by Paykassma Technical Support
First type:
Requst body:
Name | Type | Description |
withdrawal_id | integer | Unique ID withdrawals |
status | integer | Available withdrawal statuses: Processed = 1 Rejected = 5 |
description | string | Comment, comes with html tags |
{ "withdrawal_id":3479370, "status": 1, "description":"<p>123<\/p>" }
Second type:
Requst body:
Name | Type | Description |
status | integer | Available withdrawal statuses: New = 0 |
description | string | Comment, comes with html tags |
withdrawal_id | integer | Unique ID withdrawals |
wallet_type | string | Payment system type |
wallet_recepient | string | Recipient's wallet number |
label | string | The unique identifier for the user on the client's system, passed in the label parameter when composing the URL in the iframe |
amount | double | Withdrawal amount. Has 2 decimal places for all currencies and 8 digits for cryptocurrencies |
currency_code | string | Transaction currency code |
{ "status": 1, "description": "<p>123<\/p>", "withdrawal_id": 3479370, "wallet_type": "IMPS", "wallet_recipient": "123", "label": "123", "amount": 1000, "currency_code": "INR" }