1.4.5. Making requests to V3 API

Requests made to V3 API must contain appropriate Content-Type specified via corresponding HTTP header. For JSON requests, “application/json” must be specified.

UTF-8 must be used as an encoding for data.

All requests to API v3 must be signed. Signature is sent in X-Authorization HTTP request header.

Signatures are computed using HMAC_SHA1 algorithm; the request body is signed for JSON requests. Key is derived in the following way:

  1. Take merchantControlKey
  2. Remove dashes from it
  3. Unhex the result to binary

Transfer and transfer-form requests debug

For integration purposes you may use E-Commerce test cards to generate random card numbers.

Mandatory parameters
Endpoint Id
Client Order Id make it or use your internal invoice ID
Merchant control key
Transaction amount
Transaction currency
Source card reference
Source card number
Cardholder first name
Cardholder last name
Сard expiry month
Сard expiry year
Security code (CVV)
Sender's city
Sender's country
Sender's ZIP Postcode
Sender's state
Sender's street
Sender's first name
Sender's last name
Sender's IP address
Source SubscriberId
Source SubscriberType
Source alias
Destination card reference
Destination card number
Receiver's city
Receiver's country
Receiver's ZIP Postcode
Receiver's state
Receiver's street
Receiver's first name
Receiver's last name
Destination SubscriberId
Destination SubscriberType
Destination alias
Optional parameters
Order Description
Site URL
Redirect URL
Callback URL
Sender's street 2
Sender's phone
Sender's E-mail
Receiver's street 2
Receiver's phone

String to sign

Status request debug

Endpoint Id
Client Order Id
Merchant control key
Session token

String to sign