3.39. /api/v4/transfer-form

Introduction

Transfer is a type of complex transaction that allows to move funds between bank cards (Primary Account Number - PAN), card tokens (Recurring Payment ID - RPI) and Connecting Party bank account (deposits).
Transfer Form integration is relevant for Connecting Party who are not able to accept Connecting Party order ID. card details (Connecting Party’s website must complete PCI DSS certification). Using Transfer Form integration Connecting Party is released of accepting payment details. In this case the accepting and processing of payment details is carried out on the Payneteasy side (if PAN is not sent). This type of integration also allows the Sender (for transfers between cards) or Receiver (for deposit to card) to submit their PAN on Payneteasy side.
Transfer is initiated through HTTPS POST request to the URL with the required parameters depending on a certain transfer Use-Case (see below). Use RSA-SHA256 for authentication.
Transfer Form Use-Cases diagram:

hide members hide circle circle " " as c2 package From <<Frame>> { class "Form" as f1a class "Card number\n(Pan)" as pan1a class "Reccuring Payment ID\n(RPI)" as rpi1a class "Connecting Party Account\n(Deposit to card)" as dca } package To <<Frame>> { class "Card number\n(Pan)" as pan2 class "Reccuring Payment ID\n(RPI)" as rpi2 class "Form" as f2 } f1a --|> pan2 f1a --|> rpi2 f1a -- c2 pan1a -- c2 rpi1a -- c2 dca -- c2 dca -[hidden]> f2 c2 --|> f2

Form to PAN

Transfer from Form to PAN occurs when transferring funds from payment details indicated in form to bank card for which its number is indicated.

Form to RPI

Transfer from Form to RPI occurs when funds are transferred from payment details indicated in form to bank card for which its recurring payment id is indicated.

PAN to Form

Transfer from RPI to Form occurs when funds are transferred from one bank card for which its number is indicated to payment details indicated in form.

RPI to Form

Transfer from RPI to Form occurs when funds are transferred from one bank card for which its recurring payment id is indicated to payment details indicated in form.

Form to Form

Transfer from Form to Form occurs when funds are transferred from payment details indicated in form to another payment details indicated in form.

Deposit to Form

Transfer from deposit to Form occurs when funds are transferred from Connecting Party account to payment details indicated in form.

API URLs

Note

The path in API URL should not be hardcoded, as it may be changed in future.

Integration

Production

https://sandbox.payneteasy.com/paynet/api/v4/transfer-form/ENDPOINTID

https://gate.payneteasy.com/paynet/api/v4/transfer-form/ENDPOINTID

https://sandbox.payneteasy.com/paynet/api/v4/transfer-form/group/ENDPOINTGROUPID

https://gate.payneteasy.com/paynet/api/v4/transfer-form/group/ENDPOINTGROUPID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded and Authorization headers.

Parameter

Description

Value

destination-card-no, alias

destination

Receiver`s card PAN.
Necessity: Required
Type: Numeric
Length: 19

deposit2card

Marker of deposit to card transfer. If true, no sender cardholder data is needed to process the transaction. If false, sender cardholder data is needed.
Value: False
Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.
Necessity: Required
Type: String
Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.
Necessity: Required
Type: Numeric
Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.
Necessity: Required
Type: String
Length: 3

order_desc

Order description.
Necessity: Required
Type: String
Length: 64k

client_orderid

Connecting Party order ID.
Necessity: Required
Type: String
Length: 128

first_name

Sender or Receiver’s first name.
Necessity: Optional
Type: String
Length: 50

last_name

Sender or Receiver’s last name.
Necessity: Optional
Type: String
Length: 50

ssn

Last four digits of the Sender or Receivers’s social security number.
Necessity: Optional
Type: Numeric
Length: 4

birthday

Sender or Receiver’s birthday.
Necessity: Optional
Type: Numeric
Length: 8

address1

Sender or Receiver’s address. (Please note that in some cases it is not possible to send address length more than 50 characters. Please contact your manager for more details.)
Necessity: Optional
Type: String
Length: 256

city

Sender or Receiver’s city.
Necessity: Optional
Type: String
Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.
Necessity: Optional
Type: String
Length: 2

zip_code

Sender or Receiver`s zip code.
Necessity: Optional
Type: String
Length: 10

country

Sender or Receiver’s country (two letter abbreviation).
Necessity: Optional
Type: String
Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.
Necessity: Optional
Type: String
Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.
Necessity: Optional
Type: String
Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +9999999999;mail@example.com etc. This value will be used by fraud monitoring system
Necessity: Optional
Type: String
Length: 128

email

Sender or Receiver’s email address.
Necessity: Optional
Type: String
Length: 50

site_url

URL the original transfer is made from.
Necessity: Optional
Type: String
Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.
Necessity: Optional
Type: String
Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Payneteasy gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. gate.payneteasy.com should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.
Necessity: Optional
Type: String
Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Payneteasy gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. gate.payneteasy.com should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.
Necessity: Optional
Type: String
Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.
Necessity: Optional
Type: String
Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.
Necessity: Optional
Type: String
Length: 128

server_callback_url
URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url refer to Connecting Party callback parameters. This parameter can be sent instead of notify_url. If server_callback_url is sent, Payment Gateway sends callback notification only when original transaction receives final status. If notify_url is sent, Payment Gateway sends callback notification once the original transaction receives final status, and about every future update for this original transaction (reversal, chargeback, etc).
Necessity: Optional
Type: String
Length: 1024

notify_url
URL, where the transaction status is sent to. Connecting Party may use notify URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to notify_url refer to Connecting Party callback parameters. This parameter can be sent instead of server_callback_url. If notify_url is sent, Payment Gateway sends callback notification once the original transaction receives final status, and about every future update for this original transaction (reversal, chargeback, etc). If server_callback_url is sent, Payment Gateway sends callback notification only when original transaction receives final status.
Necessity: Optional
Type: String
Length: 1024

Response Parameters

Note

Response has Content-Type: text/html;charset=utf-8 header. All fields are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value.

Parameter

Description.

type

The type of response. May be async-response, validation-error, error. If type equals validation-error or error, ex:error-message and error-code parameters contain error details.

paynet-order-id

Order id assigned to the order by Payneteasy.

merchant-order-id

Connecting Party order ID.

serial-number

Unique number assigned by Payneteasy server to particular request from the Connecting Party.

error-message

If status is error this parameter contains the reason for decline or error details.

error-code

The error code is case of error status.

redirect-url

The URL to the page where the Connecting Party should redirect the client’s browser. Connecting Party should send HTTP 302 redirect, see General Transfer Form Process Flow.

Request & Response Examples

Transfer from Form to PAN

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.payneteasy.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="eZCXwEp9fO17vGFwPUDStKjOKIP9u0nu", oauth_signature="2qrf7DY0fiy88doBrIGafZBqLLX12ePYWDGLqNxwBfU9T3RzwSYtEj92EPuiJulnZxbPY6av4F2jT1JS02D4KqPAtadsEYb8AabBoSvXPK13FrIXKQ38hrcapmXwz%2Fbh0JJBnN3aMvKJ%2FnsvRChY%2FFpRhdudfdBxZLKpAXYfJQgk42%2FB9pu%2FsBSRWJwTnVZxfavHYMWmrY2rvg2x1nedSJq6O%2Fxffz9OU3CvHOlK%2FGfdI4WFvpHIXpw1Mlz%2F6AnQRdMmYHnoDsFu79GI57NeoBRsZazJBYh%2FE%2FFcS9sHU5BF0yvLQYz%2FCXtb7lDbKeDJTHDDWakyyZPQcOQReIMHpNwNr9mjC%2FucIJitFEldsWWGaOnTc2Tqtrdjzzwukm%2BP7Bi5siJ5Pl%2BxWqOMAEFPnCXfThBKIJrxQXbBwR4YfPaBb70nePybCH8JCX0vakoaH%2BwFJfR0WNgOBfYxQfUYNcEXDmrk8hLbwz%2FXJ6bfanFaE8N3OwijJmlzY%2B4ZrEqBjnklQcBnNuvuxKSb6dKtnRo5UVXEszEiCxEvWQifggohkU1CTHZFpA2qmrxjIcgJoDOhQPV6Lk92LiDtVSE2drxZ%2Bjui69ZzGlnKlM0lVCnFfdahrhtMM9GYNN%2B24YaKd5UkCMIMru%2BfOfvqwrJu00%2FIms8VXwsm9aP8pP4Lr3I%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670421183", oauth_version="1.0"
Content-Length: 303
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&destination-card-no=4268736646656312
&destination_card_printed_name=Test%20Test
&destination_expire_month=12
&destination_expire_year=2023
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Wed, 07 Dec 2022 13:56:03 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddbfa2
&merchant-order-id=34T43R77N
&paynet-order-id=6863810
&redirect-url=https%3A%2F%2Fsandbox.payneteasy.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A577953626976766D4B494A66796F55434370393032673D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 08:25:15 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from Form to RPI

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.payneteasy.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="yQFnx1Zerg4pH28VmLQL3HWc7dQJlAqg", oauth_signature="G2ZRjHOxzhsQ5xIurkM7Bo7REnoBfG3HIDDzwG9XfFGZdFC0815%2FPVS4ESdLPYVEr7iT2K3LtlO2mhMzmIWuRV3YTVKKCbfbuJkPk1OwJOx66ZaX4q0DI5Zej%2FadXiKuJ%2FLe%2BLL8Tp%2Ftzrylk6fiTAoX2AT471hp02xezERVwdEwkhoWB1mqwYE4VxOL8wDk0W0oqR%2Bk1XgWXPcj3E8WV3kEVFwxYwgi6daQyimqReEc5q8fqbUl7sANmIozrSRWqjG2K%2FBLs0W2UFLMcvWdHi2ON%2B%2BnTzaLCExB2991ozSE2jPp4eahkd69Zz%2BEwLENVIn8KDwvA5j25XaGgbqLKK%2BBt5CshObkvZZZ%2FuWqujp%2FzbOBGMuucuwyXe4yW8Ter1YC%2F9zoR%2BMwIcKBd5gaV4mOxQCZ5pe9GMD2805BlM2XDtcB9UT%2FeMs3MR3WIXN51EVCn%2BcazxwEI4LmZ5966aaUGu4GF41JWRQAZBchx4F%2Bd%2BRadwCceBJJSiQg82hwRk4QYnyDEx%2BWqcwErVZGCH8yJhph1Etn3e0G8z0PLBlG2hqTqGPFYivzyFHI1LNW8jl7%2BKJq2HZgXjtcU8Ji%2BVw2JVr86nnM4nPbpIRl7qr%2BSYUpXjWw%2B3e%2F6GtOL%2BOWzVFMo5jKf%2FfyJSdOgbyco1sBHplZRZ8Gsts8UGiIuQ8%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670847388", oauth_version="1.0"
Content-Length: 213
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&destination_card_recurring_payment_id=1491854
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:17:14 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc2d7
&merchant-order-id=34T43R77N
&paynet-order-id=6863948
&redirect-url=https%3A%2F%2Fsandbox.payneteasy.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A66354B455A714F6F32684D61414E78767241354872343D

Fail Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:08:14 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 132

type=validation-error
&serial-number=00000000-0000-0000-0000-000002ddc2b8
&error-message=Recurring+payment+not+found
&error-code=122

Transfer from PAN to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.payneteasy.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="BpGsiUR8CbIjGAD1Qxu8MTtGHnlIvzcF", oauth_signature="ozovWc0wjugTlGfrS8TeSxqQtnSEQ7UrGh7z6B5px5BoKgTWF44Ej6VCAxCWMl%2B1Qxg5iZ5ExOqTWZ2GTx70ly%2B%2BgHkSmz3t02PEr9XJsj2%2FOm4XFoF0LnbVPDje7AmZZBuF2l0iandlUBjJVA%2BarD6dWVv8LNrv3RVyheuhBreAr7dLcSD4Iu44MH76tOZS%2BuMnqqFjKwC37owAdC7xtJwOIF8wrFM272qHnzxbfvZRaJruoG6WO%2F%2BMGJLPnaNbrhfJ99%2BtvCybb0CsVMQqJ%2FsUWM8Z89ci6a4MCPE41v1i9lXyvkZDm6qfoVgKVPUHVVsjbvuu5Ub7MeMgBsl76ZrRsi9yLiHmPLQGqhzxydy14GpCNH9FFM2BdRSlkxfBYV1yzX2Ym4gZMq6myvVsCTDgHeGXeQe%2F%2F7z6lLE3S0%2BgcA6NkuhfLU7lvAl0CguRAvU3%2FlVh3R1p8C9S3BXQak6eM0xYp7hO1wQKXMq4uMM2FjmtTUYe6ZiqyjGbkTrrIEkD%2Fo%2FX1NXXylMbWxuNyoTnQXx%2BQzDsUrY3Mhtb%2FslwCGDY4puOlwiVqGg31EBz0wFWzJFX7n2uQO76g5q%2FnTJqf3dq3AdTC6xpaGC2kek0fxc6FEDdaoVeQ3PwJWYi1kcPbwkcvo4gIi03rcO3JUJZF3TfomkFs%2BFnh%2FwLJHs%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670569138", oauth_version="1.0"
Content-Length: 275
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&card_printed_name=Test%20Test
&client_orderid=34T43R77N
&credit_card_number=4047753518764320
&currency=USD
&cvv2=123
&deposit2card=false
&expire_month=12
&expire_year=2023
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Fri, 09 Dec 2022 06:59:20 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc004
&merchant-order-id=34T43R77N
&paynet-order-id=6863822
&redirect-url=https%3A%2F%2Fsandbox.payneteasy.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A61365A5A5637456C4545743867705438697A512F30633D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Fri, 09 Dec 2022 06:45:14 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from RPI to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.payneteasy.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="y03UAVaLM9NXEwAHD0R9YDCQQFzRWx8b", oauth_signature="Zgx05s2b%2Fr4wSbo0sb2tGXbhPeDYlfJfnziSH57mkYfEMNtGoWCeUlLanQLKq1ddusIBhGUFwpwoh5f22y9tqHRsekiAQ92s9ixQxmvE8sEV3Ov%2FHoTyktrxN0vhPxuwSmwD%2FhX%2FOMJgDaCoOZK%2BxeXfPRVRwlNM8LsDd29i%2FnIUsExWCBujs3M5ThYGz58UJdZmOxrWW3poH2Lb6Fw9b6XMwV2DzvyomhMzZfyQYYX%2BhP22rCmXTg%2BEyTVnJDBiWI3pF6WYQFjdO5tPbcK4bxw4IYNIKKEi78dw0%2FZcb65gfHlaUtqHd3ZXiFiob4YFeV%2B1XKI2wSVBVemEd3jVjOFXDZv2GLzrZOUkxcns6BqkRxMqaWc9%2FbpsL65XdFxB4LUuP2h1PVk6A5yjjanSjp1XqzyAx8EGpxYGAzIPNSsYPVN9x5TuyIqtYVXhz2y0z8RPx5VFmSYr%2BaCr6ruhRNkyonNmk47oPkIkG9PpLivBaq8PnIzUNpExTRIYJXJOwD69CjCPxT%2Fhr3udDQJD4ZHFE3TNA9g1H0VRL%2Ff60jPhZeanf9MgcFqz6jckPQghBixOaTBf9DmP9jmv12IQZ3PR3J3n53nDEUIw%2Fhiga3%2BdZswkJMYS57VB282SVfDXQPO%2F40OC%2B3annev%2BMftiSfChhRgazDRToCnbETXqoKc%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670850681", oauth_version="1.0"
Content-Length: 266
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&card_recurring_payment_id=1491854
&client_orderid=34T43R77N
&currency=USD
&cvv2=123
&deposit2card=false
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 13:12:21 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc34e
&merchant-order-id=34T43R77N
&paynet-order-id=6863959
&redirect-url=https%3A%2F%2Fsandbox.payneteasy.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A5A716755336669466574615739747A737059777A50493D

Fail Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:25:05 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 176

type=validation-error
&serial-number=00000000-0000-0000-0000-000002ddc2ec
&merchant-order-id=34T43R77N
&error-message=Src+card+cvv2+should+be+filled+in+transfer.
&error-code=29

Transfer from Form to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.payneteasy.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="3FUX1QCRBPF7am99UO4bty1qD7FK08I8", oauth_signature="CCvlgjfVBZOwoMS%2FbUXv1LiRlc0Nu3Owf3FwNmPnbP49RWi3ve3VE9Jt61QpRx14pmCz3xFKQt%2Bi4UvXJYlsn206TSZ9H7TGCSHhQQP5vD0mm3Pnq0YgtI2oPpn2PhgM%2FlgwwWcBjBqmCyzM%2FGGqK24zn5C20bxvHL9LfuMgF4bEpIYDGXVh3%2BbhlU5Z2H25fjjttZylm1SLhAi9lOct2%2BtH00TJ%2FgjdWR%2FCnIroLVPWqnYbE8f%2F%2Bz1HuynqW684UUaAiB8WgEulH1BBM6HqYiFAVyfWlLNzDv08cKZew7JPsso17XBdqYyE2QWkREM61FPSQpQsuAnRpezxjRZnmxsShXKqgNwj%2B%2BVeEEP7Z0IFqUreDgSYYSntrgtvZHhX6oNuEn4V8jWA6TO0wPNPKqkEXTk7w53nF0Hn%2FLgAa3FfYSHtCnFP1uELmPnVrO03IWaPPw0%2BcCJzNMua7g%2FYjlCsdV3tlwUwne1R0V3togR5k%2FTnG%2Bub4txjaFeqOm9p517ppKZQn8Fe0jtIIJMCYVRVmsYkeBZyyRgcdIBOAn09fCKZ7y74gI12py%2FvVzagFCjZo05T20gY6OpCkrP4HhWEkKJhrqSCBe7NLC1xZDszfkLFjF9Z4dWvk2PIcNfI3SGYZRks0YFPECycfYzYIJfuKplYAACzR47h30SaOiI%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670835177", oauth_version="1.0"
Content-Length: 167
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 08:53:26 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc1f8
&merchant-order-id=34T43R77N
&paynet-order-id=6863917
&redirect-url=https%3A%2F%2Fsandbox.payneteasy.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A613368326D746C2B72645043314744502B537A6E57343D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 09:18:33 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from Deposit to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.payneteasy.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="SDrbaim155azbf2UthcVDrhwiOA6liE4", oauth_signature="CFUUC1Y6QT5Gj7LA%2FdW6gkGN%2Fh73J8HAxhvYtFx%2F%2FChlQIU7f4uvVmKpOossrRD05wdx0ENHJZLZ8SI%2B610ygcWP%2B3K%2FqEYDI7qjdg8HgKlT3BnjSoGU6EjGjvcMwQSY0AwNJ4adYYZG6G%2Ble9SOvbPcQalkfxIjpTl%2FkyrIVtNS4h9ExkD%2Fg9UUXZ%2F2YAOCyhTy26QwOLOo5NmNeh%2FX7wpqPEyjHfEE%2FWbc3iSNSjlJA9b%2BfX5eFAVxzzZ2X76HRxy%2FuHqah9NszgXsagMHpXOpvovNRLEh7NFBqVDWhoHFfDS%2Bwd6vcLqXxwLKOVecmq06GN1%2BiZX4C9QebaNw6JSx72jMon3hnn37pUSLhzWXz%2BwlMX7XN%2FcTWsZ0kL51DzFXwPAJPVAeNevgxlaFtbELMGcZNOU19u72cOZKMu7%2FsxLAfCgUITCO2NhvZw%2BR8xUZUcxvwu4fvoTXr6rf8r0iloJIA9RoaKobzmPUDcGx3%2F4Hswjbqk7YOg6jxQJD6ZoKscHpLiQLvBWPILsSVMpQUpnUqzBNGexdCd8zaRzqiszwz4hEg6teTMFOLA%2FoQ8Wu%2FxtSs8JMuXsWtestY9h1y5KuXWDy8O9hpN45pBF%2BvtoDfyr6ktKrkZZTZG49FBKk%2FcKi5FjzL5Bsbwv9fgk1%2BRYDexMtHCqX%2Fdrz%2BzMM%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670851416", oauth_version="1.0"
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=true
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 13:23:58 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc35a
&merchant-order-id=34T43R77N
&paynet-order-id=6863960
&redirect-url=https%3A%2F%2Fsandbox.payneteasy.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A5878476D6E717A31324167486F61674C6830743070343D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 13:19:46 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Postman Collection

Request Builder

Enter your private key in PKCS#1 container to use debug. See RSA-SHA256 for details.

Debug form
URL
login

login should be used as Consumer Public for OAuth

destination-card-no
credit_card_number
destination_card_recurring_payment_id

use either RPI or card number, not both

card_recurring_payment_id

use either RPI or card number, not both

amount
currency
cvv2
card_printed_name
expire_month
expire_year
ipaddress
order_desc
redirect_url
redirect_success_url
redirect_fail_url
client_orderid
merchant_form_data
deposit2card

boolean used only to determine if transaction type is deposit2card

Normalized parameters string to sign, according to OAuth 1.0a rules
POST body parameters to submit
OAuth 1.0a headers to submit.
HEX Encoded Signature
* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.
Base64 Encoded Signature
* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.