P2P BY API
PCI DSS certification is required to work with the company via API
Upon registration, you will be provided with data that will need to be used when making transfers:
| TerminalID | Store identifier |
| ClientID | Client identifier |
| ClientSecret | Secret key |
Test merchant
| URL | https://test-epay.homebank.kz/login |
| epay@halykbank.kz | |
| password | XZG1E@Mm |
| ClientID | test |
| ClientSecret | yF587AV9Ms94qN2QShFzVR3vFnWkhjbAK3sG |
| TerminalID | 3ad0f5bd-88a8-464c-a9a4-cdb16d1dd31 |
Test cards
| PAN | Expire Date | CVC | Status |
|---|---|---|---|
| 4405639704015096 | 01/25 | 815 | unlock |
| 5522042705066736 | 01/25 | 525 | unlock |
| 377514500004820 | 01/25 | 4169 | unlock |
| 4003032704547597 | 09/20 | 170 | lock |
| 5578342710750560 | 09/20 | 254 | lock |
Receiving a token for implementation a transfer
TEST URL POST https://testoauth.homebank.kz/epay2/oauth2/token PROD URL POST https://epay-oauth.homebank.kz/oauth2/token
Request Body: form-data
grant_type: "client_credentials" scope: "transfer" invoiceID: "12321312312" secret_hash: "JDKCNDDGGDTPSKJD" amount: "100" currency: "KZT" client_id: "test" client_secret: "yF587AV9Ms94qN2QShFzVR3vFnWkhjbAK3sG" terminal: "c36b282f-6819-4d4f-85df-a4bdc8a8f703"
| Поле | Описание |
|---|---|
| grant_type | Authorization type, for conducting a payment, the authorization type used is: client_credentials |
| invoiceID | Order number generated by the merchant, must be unique for each new order, from 6 to 15 digits. If your order number contains more than 6 characters, uniqueness must also be maintained for the last 6 characters |
| secret_hash | additional secret value(string) generated by the online store system which will be returned to Postlink |
| amount | Amount |
| currency | Currency |
| scope | Resource |
| client_id | Merchant ID, can be receiving in the merchant's account, issued upon registration |
| client_secret | Client identifier, issued upon registration |
| terminal | Store identifier, issued upon registration |
Response
{
"access_token":"DCEB8O_ZM5U7SO_T_U5EJQ",
"expires_in": 7200,
"refresh_token":"",
"scope":"transfer",
"token_type":"Bearer"
}
| Поле | Описание |
|---|---|
| access_token | Token for implementation the operation |
| expires_in | Token expiration time |
| refresh_token | Not used for this type of authorization |
| scope | Resource, for conducting a payment, the resource used is transfer |
| token_type | Authorization type |
After receiving the token, it must be passed in
Headers Bearer DCEB8O_ZM5U7SO_T_U5EJQ
to the endpoint:
TEST URL https://testepay.homebank.kz/api/p2p/transfer PROD URL https://epay-api.homebank.kz/p2p/transfer
POST method, in the JSON format, should specify the following structure:
Body: raw
{
"order": {
"amount": 100,
"currency": "KZT",
"description": "TEST p2p",
"merchantIdForSavingCards": "",
"id": "123456787538",
"senderIP": "",
"senderEmail": "armanali@epay.kz",
"foreign": false,
"terminalId": "c36b282f-6819-4d4f-85df-a4bdc8a8f703",
"backLink": "https://epay.homebank.kz/demo/success.html",
"failureBackLink": "https://epay.homebank.kz/demo/failure.html",
"postLink": "https://epay.homebank.kz/payform",
"failurePostLink": "https://testmerchant/order/1123/fail"
},
"card": {
"sender": {
"save": false,
"transferType": "TYPEPAN",
"address": "",
"cvc": "951",
"cardCred": "4003039802969821",
"expire": {
"month": "09",
"year": "23"
},
"name": "Sergey Frolov",
"number": ""
},
"receiver": {
"save": false,
"id": "",
"transferType": "TYPEPAN",
"cardCred": "5578342728230613",
}
}
}
Sender fields description:
| Field | Description |
|---|---|
| Amount | Order amount |
| currency | Currency |
| description | Order description |
| merchantIdForSavingCards | Еmpty |
| Id | Order number generated by the merchant, must be unique for each new order, from 6 to 15 digits. If your order number contains more than 6 characters, uniqueness should also be maintained for the last 6 characters |
| senderIP | Sender IP (optional) |
| senderEmail | Client email (optional) |
| foreign | False |
| terminalId | Store identifier |
| backLink | Link to return to the store on successful payment |
| failureBackLink | Link to return to the store on unsuccessful payment |
| postLink | Link Payment notification |
| failurePostLink | Notification of unsuccessful payment, if not filled in, the information will be sent to the address specified in postLink |
| save | Save the card - true, don't save - false |
| transferType | Type of transfer, "TYPEPAN" - by card number, "TYPECARDID" - by saved epay card |
| Address | Address |
| CVC | CVV |
| Id | Empty field |
| Month | Month |
| Year | Year |
| Name | Name |
| cardCred | Sender's card number/ card ID |
Receiver fields description:
| Field | Description |
|---|---|
| save | Save the card - true, don't save - false |
| id | cardid |
| cardCred | Receiver's card number |
| firstName | First name - only for international transfers |
| lastName | Last name - only for international transfers |
| countryCode | Country code - only for international transfers |
Success response:
{ "id": "a9e1b986-be01-4763-9216-610cc63b963c", "amount": 200, "currency": "KZT", "email": "epay@halykbank.kz", "description": "TEST p2p", "reference": "204978430339", "orderID": "1234567893774576", "senderCardID": "88481433-595e-4c01-941f-34569db2426e", "senderCardPAN": "4003********9821", "receiverCardID": "86496cb0-bb5d-4791-bb49-cc27a0f660ce", "receiverCardPAN": "5578********0613", "intReference": "6BD1808D0FF129B0", "terminalID": "95555555", "code": 0, "status": "AUTH" }
Failure response:
{
"code": 487,
"message": "Not permitted to merchant",
"invoiceId": "8161284658525",
"id": "",
"reference": "",
"accountId": "uuid000001"
}
After receiving the payment result with 3DSecure, the client needs to be redirected to the password input form. To do this, the received parameters paReq, md, action are used. In the TermUrl parameter, the address on which the merchant system will receive the 3DSecure password verification result needs to be used. Example of building a form for redirecting the client:
Дождитесь ответа!
Жауабын күтіңіз!
Wait for an answer!
PaRes: eJzNWVnT4jiy/SsdPY9Et3ewO6gvQt53bPD+5g3vNmCDjX/9FXxV1TXVPXHnzsONIYJATqcyU0rlOZLYO+Utz/lTnt5v+cfeyMcxLvJfquzLrxY45tc/Qp0HJ6UBIXZEC3EqspDgx/nXj/3r9fhWfKv8dpgvVMRu/efRq2VFBVDlkd/Gaug/sN/R3/E98u0RermlZdxPH/s4vbKK+UGSKLWl9sjXx32X3xT+w1QcXbcEhsYIFKewPfIp3iN/9rfur9YII1+q7MM9CLyv42mIMwEpTXPmM13cLamyob/skZfGPoun/ANHcQylcPoXDP0DJf+gtnvkLd9fXuZAN9yhbYyBbtE98qNsD2fplvfp84Ng6D3y/WmfL5ehz6EGHOb39h75M7xL3H+gP3wwCmOgbSjdO8HHfqq6n8Ki/sChrbd8P07xdB8/H+vOG631x//574XXT/OPfDv8D83MUpA== MD: 270469967-9CA5EC5779A3358E
Payment confirmation (sending the result of the 3DSecure password check)
URL POST /payment/confirm
Body { "ID": "7943816b-58a8-47f6-a11e-67b63c4228c7", "PaRes": "/ZUo742DgULQ4CotpdByEwF6eQvOAFEggSRUtE+rfsh+A9pV1Uq7VX/B/aPaKfTyYOucmfHx8YzhaLOYa7cYJ34UVvWcYeoahjzy/HBa1YeD+kFZP2IwmMWINQf5OkYGbUwSd4qa71X1nt3HVeXqPK1PHHpCg1l+dHs84rlyszPVGWRpBrsLmNQ3KJA9lUoxn7lhysDlq+NmhxUKZvGwCGRHYYFxs8acRrd32rctWrQKZl4KfIQhdBfIGt32qSowLm6AZBHg0TpM4zuWt8pA9gTW8ZzN0nRZIQSX7p0RBGMjuAei4kC+rPTWCiVSZ+N7DEm/1LpqrobjktO6HNdaw/GNV+f2ZNCuAlEV4LkpMmrmLOmtpJlWpUArNAcki4O7UAZk3pTP+sCwVFfY3xLfAyC7HMsh7P3vGeBmGYWojgD5xOBhwpn4LV7FP7F9exBbTfzRxLN4kfjx7Zd4kfuDJv6Lrfgr15NKiUfpTp0D8vXak4YaA09lZ+3Lnj09871waEX3tU5wPUKPu5PuxJlTNZ", "MD": "271710719-E54F6D8F865285D4", }
Response Redirect Http code 200 Success <https://epay.homebank.kz/payform/success.html> Params amount currency invoiceID accountID description reference language cardid Error <https://epay.homebank.kz/payform/> invoiceID code message