Skip to main content

QR NBU PayIn

In Payonhost QR NBU PayIn service allows you to create a QR code for payment using a banking application. QR code is generated according to standard of NBU (National Bank of Ukraine).

Scenario of interaction

mermaid

  1. Client clicks on the Payment button and selects the Payment by QR code method
  2. Merchant executes a request to generate a QR code by transmitting payment details
  3. In response you receive a link to a form with a QR code and a button to go to the bank's application
  4. Merchant displays the generated QR code
  5. Client scans a QR code or presses a button to go to the banking app
  6. In the banking application, the client verifies the correctness of the recipient's (merchant's) data
  7. Client confirms the transfer by pressing the payment button
  8. Client's bank application displays information about the successful transfer
  9. Client's bank initiates the transfer to the beneficiary's bank (merchant)
  10. Payonhost sends callback on successful payment

Create a transaction

To create a transaction, use the /transaction/create method.

Request parameters

Authorization parameters

NameTypeMandatoryDescription
authobjectYesAuthorization data
auth.pointintegerYesThis is your point_id from the credentials you received earlier
auth.keyintegerYesSession key generated on the merchant's side. You can use unixtime as a key value
auth.hashstringYesmd5 hash of a string obtained by concatenating point_id, api_token and key: md5(point + api_token + key)
An example of a correctly calculated hash (the data in the example is random):
point_id = 111
key = 1234
api_token = aiGha$et0ainah4%*eu9Vish8oo
Correct hash: fda3ff2903690ed6795ea997a8cc1773

General request parameters

NameTypeMandatoryMax. lengthDescription
localestringYes2Language of the payment page. Available languages: en, ua, ru, pt, fr, es
external_customer_idstringYes99Client ID in the merchant's system. Used for improvement of the transaction's search during incidents analysis, as well as for improvement of operation of the anti-fraud system
If such a parameter is absent in the system, it is necessary to send an alternative value for payer's identification, for example: mobile phone number or email
customer_ip_addressstringYes45Client's IP address. Both IPv4 and IPv6 addresses are allowed. It is important to send the client's real ip to avoid false positives of the anti-fraud system
external_transaction_idstringYes48Transaction ID in the merchant system. Must be unique for each transaction. If a transaction already exists with the same point_id and external_transaction_id, payment creation will be rejected with an error 203
external_order_idstringNo48Order ID in the merchant system. It is allowed to create multiple transactions with the same external_order_id
account_idintegerYesMerchant account ID in the payment gateway. Provided by the Payonhost manager
wallet_idintegerYesMerchant wallet ID in the payment gateway. Provided by the Payonhost manager
service_idintegerYesPayment gateway service ID. Provided by the Payonhost manager
descriptionstringNo100Description of payment purpose
amountintegerYesPayment amount, in the minimum currency units (kopecks, cents, etc.). For example, for 3.2 USD, you need to pass the 320 value. If the amount differs from the one provided to us during transaction creation, we will overwrite it with the correct amount and send the received sum to the merchant
amount_currencystringYes6Payment currency code (3-letter ISO 4217 code for fiat currency). For example: UAH, USD, EUR
pointobjectNoA set of point parameters for payment creation. The parameters, that could possibly be passed inside of the point object are presented below
point.callback_urlstringNo1000URL for the callbacks transmission to the merchant. See the Callbacks section for details. The parameter may be absent in the request. Although, if it was passed, then its value cannot be empty. Parameter's value should also be valid, and lead not to an IP from the local network. The same condition applies to other URLs
point.return_urlstringNo1000URL to redirect the client back to the merchant's site before the final transaction status is received. It is used only for host-2-host interaction, if a client's redirect to the acquirer's URL was necessary for authorization

Request parameters - fields for creating a transaction

NameTypeMandatoryMax. lengthDescription
fields.payment_purposestringYes140Purpose of payment that matches description
warning

The same description and fields.payment_purpose must be forwarded in the request body

Request example

Request: /transaction/create
{
"auth": {
"point": 111,
"key": 1234,
"hash": "fda3ff2903690ed6795ea997a8cc1773"
},
"locale": "en",
"external_transaction_id": "1234567890",
"external_order_id": "100",
"external_customer_id": "123",
"customer_ip_address": "0.0.0.0",
"account_id": 123,
"wallet_id": 123,
"service_id": 123,
"amount": 500,
"amount_currency": "UAH",
"description": "Test payment",
"fields": {
"payment_purpose": "Test payment"
}
}

Response parameters

The table contains a description of the parameters that are returned inside the response object (see Response structure).

NameTypeDescription
account_idintegerMerchant account ID in the payment gateway
amountintegerPayment amount in minimum currency units
amount_currencystringPayment currency (3-letter ISO 4217 code)
external_customer_idstringClient ID in the merchant system
external_order_idstringOrder ID in the merchant system
external_transaction_idstringTransaction ID in the merchant system
idintegerIdentifier of the created transaction in the payment gateway
is_testbooleanFlag indicating whether the transaction is a test one. Automatically affixed to all transactions created using a merchant's test account
point_idintegerPayment acceptance point ID
resultobjectThe result of transaction creation. Contains pay_url link to the payment form
result.pay_urlstringLink to the payment form with QR code
service_idintegerPayment gateway service ID
statusintegerTransaction status (see Status reference)
wallet_idintegerMerchant wallet ID in the payment gateway

Example of a response

Response: /transaction/create
{
"error": {
"code": 0,
"title": "Success"
},
"response": {
"account_id": 123,
"amount": 500,
"amount_currency": "UAH",
"external_customer_id": "123",
"external_order_id": "100",
"external_transaction_id": "1234567890",
"id": 1234567890,
"is_test": false,
"point_id": 111,
"result": {
"pay_url": "https://payment.page.url"
},
"service_id": 123,
"status": 10,
"wallet_id": 123
}
}

Displaying the payment page to the customer

You can consider the transaction created, after reception of pay_url, and redirect the customer to the received URL. This can be done in one of the following ways:

  • Use iframe to open the page on your site;
  • Redirect the customer from your site to the received pay_url;
  • Send a link to the customer using any method.
NOTE

In order to fight fraud, the list of domains on which payments are allowed, may be limited for some merchants. If this restriction is active, the Referer header, containing the domain of the website which the transition was made from, is checked, when you go to the payment page
In this case, the payment page can be displayed to the customer either in iframe or by javascript (when redirecting by returning code 302, the Referer header is not sent)

Waiting for payment to complete

After the customer has navigated to the payment page, the merchant has to expect a callback from the payment gateway, which will be sent as soon as the transaction reaches its final status. You can read more about callbacks in the Callbacks section.

The back-redirect of the customer to the merchant's page is not connected with a callback sending. It is quite possible that the redirect will go first, and the callback will be delivered shortly after. This must be taken into account during integration.

Payment status request

The merchant can send the /transaction/find request to get the current status of the transaction. In addition to the transaction status, the response will also contain the payer's card number mask in fields.card_number, if the acquirer has provided information about the card that was used for the payment. Below is the example of the /transaction/find request, details - on the method description page.

Request: /transaction/find
{
"auth": {
"point": 111,
"key": 1234,
"hash": "fda3ff2903690ed6795ea997a8cc1773"
},
"id": 1234567890
}
Response: /transaction/find
{
"error": {
"code": 0,
"title": "Success"
},
"response": {
"account_id": 123,
"account_wallet_amount": 500,
"account_wallet_currency": "UAH",
"amount": 500,
"amount_currency": "UAH",
"created_at": "2021-01-23 10:04:44",
"description": "Description",
"external_customer_id": "123",
"external_order_id": "100",
"external_transaction_id": "1234567890",
"extra": {},
"failure_reason_code": null,
"failure_reason_message": "",
"id": 1234567890,
"is_test": false,
"point_id": 111,
"service_id": 123,
"status": 10,
"status_description": "",
"wallet_id": 123
}
}