Saved card based payment
When registered, you will be given data, that is needed when making the payment:
| TerminalID | Store identification |
| ClientID | Client Identification |
| ClientSecret | Secret Key |
The card is saved if you previously passed the cardsave: true parameter, the payment was successful and you received CardID in the response
Please note that access to the 3D page is not provided for this functionality therefore the operations do not have the necessary level of protection.
When registering and issuing a terminal, the configuration of the 3DSecure check will be determined according to what is specified in the application. It can be either enabled or disabled. Depending on this setting, the system's responses will differ: when the 3DSecure check is enabled, they will differ from the responses received when the check is disabled. With the 3DSecure check disabled, calling the 3D page is not provided, and as a result, the operations do not have the necessary level of protection.
Receiving a token for payment processing (for each operation it is necessary to obtain and use the original token)
TEST URL POST https://test-epay-oauth.epayment.kz/oauth2/token PROD URL POST https://epay-oauth.homebank.kz/oauth2/token
Request
Body: form-data
grant_type: "client_credentials" scope: "payment" client_id: "test" client_secret: "yF587AV9Ms94qN2QShFzVR3vFnWkhjbAK3sG" invoiceID: "000000001" amount: 100 currency: "KZT" terminal: "67e34d63-102f-4bd1-898e-370781d0074d" postLink: "" failurePostLink: ""
| Field | Description |
|---|---|
| grant_type | Authorization type, client_credentials used to process payment |
| scope | Resource |
| client_id | Merchand Identification, сan be retrieved on the merchant account page, initially received when registering |
| client_secret | Merchant access key, сan be retrieved on the merchant account page, initially received when registering. |
| invoiceID | The order number, generated by the merchant, must be unique for each new order, from 6 to 15 digits. If your order number contains more than 6 characters, then additional uniqueness must be maintained in the last 6 characters |
| amount | Order amount |
| currency | Order currency |
| terminal | Salespoint identification, сan be retrieved on the merchant account page, initially generated when registered. |
| postLink | Optional parameter. Sends postLink in case of success |
| failurePostLink | Optional parameter. Sends failurePostLink in case of failure |
Response
{ "access_token":"DCEB8O_ZM5U7SO_T_U5EJQ", "expires_in": 7200, "refresh_token":"", "scope":"payment", "token_type":"Bearer" }
| Field | Description |
|---|---|
| access_token | A token that is used for payment processing. |
| expires_in | Expiry period of a token |
| refresh_token | Not used with this type of authorization |
| scope | Resource, payment type used for payment authorization |
| token_type | uthorization type |
Payment processing
In order to process payment with cardID, paymentType = cardId parameter is required.
Incoming parameters on payment page
| Field | Description | Required |
|---|---|---|
| invoiceId | The order number, generated by the merchant, must be unique for each new order, from 6 to 15 digits. If your order number contains more than 6 characters, then additional uniqueness must be maintained in the last 6 characters | Yes |
| backLink | Link to return the buyer to the store (website) after successful payment | Yes |
| failureBackLink | Link to return the buyer to the store (website) after payment in case of unsuccessful payment | No |
| postLink | A link to send a notification about the authorization of a payment | Yes |
| failurePostLink | A link to send a notification about the failed authorization of payment or store error | No |
| language | Information about authorization sever's interface language kaz, rus, eng | No |
| description | This field conveys information about the goods or services for which payment is made, the allowed number of characters is 125 bytes | Yes |
| accountId | Personal id of a client in Merchants system | No |
| terminalId | Terminal number for payment | Yes |
| amount | Transaction amount | Yes |
| currency | Transaction currency | Yes |
| token | Authorization token | Yes |
| paymentType | payment type - cardId | Yes |
| cardid | Card token | Yes |
TEST URL POST https://test-epay-api.epayment.kz/payments/cards/auth POST URL /payments/cards/auth Authorize: bearer KJHKJH8&5F&D3&F
Request
Headres: Authorization: bearer KJHKJH8&5F&D3&F Body: { "amount":100, "currency":"KZT", "name":"TEST TEST", "terminalId":"67e34d63-102f-4bd1-898e-370781d0074d", "invoiceId":"10101112", "invoiceIdAlt":"8564546", "description":"test", "accountId":"uuid000001", "email":"parkhomchik@gmail.com", "phone":"77472261170", "backLink":"https://testmerchant/order/1123", "failureBackLink":"https://testmerchant/order/1123/fail", "postLink":"https://testmerchant/order/1123", "failurePostLink":"https://testmerchant/order/1123/fail", "language":"rus", "paymentType":"cardId", "recurrent": true, "cardId":{ "id":"e7e2587f-de26-4f41-ae1f-80c1fea31728" //значение полученного ранее cardID, при первичной оплате } }
Response
In case of success HTTP Code 200
{ "id": "75890cc5-157a-4cce-9624-16b227c2b9ec", "accountId": "", "amount": 100, "amountBonus": 0, "currency": "KZT", "description": "payment", "invoiceID": "9999999", "invoiceIdAlt":"8564546", "language": "RU", "phone": "77777777777", "reference": "099467918563", "intReference": "C3B673466V9600X3", "secure3D": null, "cardID": "22f2c5db-64d8-475f-8066-af3de3dc8233", "code": 0, "status": "AUTH", }
In case of error HTTP Code 4xx
{ "code": -1, "message": "error message" }
Response with 3DSecure (not final): HTTP Code 2xx
{ "id": "d5782400-d8c5-4856-b5b9-115be68b63ca", "accountId": "", "amount": 10, "amountBonus": 0, "currency": "", "description": "", "email": "", "invoiceID": "", "language": "", "phone": "", "reference": "", "intReference": "", "secure3D": { "paReq": "eyJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiJlMGQyNmQwMS0yZjA0LTRlZjYtYTNmYy00NGI1OTMyMTdjOTEiLCJhY3NUcmFuc0lEIjoiN2FlZDkxYjctODJmZS00N2Y0LWJiNDAtZGRjNTYyYWE1ZjNhIiwiY2hhbGxlbmdlV2luZG93U2l6ZSI6IjA1In0", "md": "ZTBkMjZkMDEtMmYwNC00ZWY2LWEzZmMtNDRiNTkzMjE3Yzkx", "action": "https://epay-proxy.homebank.kz/" }, "cardID": "ХХХХХХХ-c686-6634-e063-ХХХХХХХХХ", "fee": 0, "code": 0, "status": "3D" }
After receiving the payment result with 3DSecure, the client must be redirected to the password input form.
The following parameters are used: paReq, md, action.
In the TermUrl parameter, the address should be used where the merchant's system will receive the result of the 3DSecure verification.
On the partner's page (TermUrl), it is necessary to execute confirm after receiving the data.
Example of constructing the form for redirecting the client:
* <body onload="javascript:OnLoadEvent();"> <FORM ACTION="<%=action%>" METHOD="post" NAME="ThreeDform" target="_self"> <input name="PaReq" type="hidden" value="<%=paReq%>"> <input name="MD" type="hidden" value="<%=md%>"> <input name="TermUrl" type="hidden" value="https://merchantsite.com/3dRes"> </FORM> <div align="center"> <h1>Дождитесь ответа! <br><br> Жауабын күтіңіз!<br><br> Wait for an answer!<br><br> </h1> </div> </body> <SCRIPT>function OnLoadEvent () { document.forms[0].submit(); }*