Introduction
This documentation includes a description of business processes and REST API methods made available via Conotoxia Pay. The API enables simple and safe automation of the process of making payments and refunds by the Partner's system.
API can be used for:
- setting up and getting payment transactions
- setting up and getting refund transactions
- management of Partner's public keys
- getting Conotoxia Pay’s public keys
The API applies to the following payment processing models:
- With redirection to the Conotoxia Pay payment gateway - the User, after selecting an online payment using Conotoxia Pay on the Merchant's website, is redirected to Conotoxia Pay to continue the payment. The list of payment methods available through Conotoxia Pay is at Pricing.
- Without using the Conotoxia Pay payment gateway - the Merchant can provide the payment method themselves in their payment gateway without redirecting to Conotoxia Pay. When paying, the User stays on the online shop's website without being redirected to another service. The currently available method for this payment model is BLIK (BLIK Level 0).
The business processes for executing payments and refunds are described in the section:
How to start?
In the first stage, you must register the Partner's account and create the store structures. The steps are described below which are necessary to start using Conotoxia Pay API.
Store creation
- You should set up a company account at conotoxia.com and complete your company profile.
- In the next step you should move to the Merchant's panel and
add your store and point of sale. Note that point of sale URL addresses should be configured correctly:
- URL address for payment creation notification - notifications about the payment status will be sent to this address. They are described in more detail in the payment notifications chapter.
- URL address for refund creation notification - notifications about the refund status will be sent to this address. They are described in more detail in the refund notifications chapter.
- URL address for successfully executed payment - the client will be redirected to this address after successful payment approval at Conotoxia Pay. Redirection is described in more detail in redirection parameters chapter.
- URL address for unsuccessful payment - the client will be redirected to this address after unsuccessful payment approval at Conotoxia Pay. Redirection is described in more detail in redirection parameters chapter.
- After creating the store structure, you need to add your own public key in PEM format. The description of key generation is described in more detail in the generating a public key section. More information on communication security is available in the communication with Conotoxia Pay section.
- The last step is to generate access data to Conotoxia Pay API. This operation can be performed on the configuration page in the Merchant's panel.
After completing the above steps, the Partner should have the following data necessary for communication with Conotoxia Pay API:
- point of sale identifier (e.g. POS1234567898765432).
- API client identifier and API client secret needed to obtain an access token to Conotoxia Pay API.
- identifier of his own public key (kid) added to Conotoxia Pay system.
- Conotoxia Pay host addresses, which are described in the documentation as CONOTOXIA_OIDC_HOST and CONOTOXIA_PAY_HOST. They are available on the configuration page.
Creation of a payment order
To create a payment request, simply follow a few easy steps:
- Generate the access token using the POST /connect/token resource. This token should be placed in the Authorization header when communicating with all resources of the Conotoxia Pay API.
- With your own private key, you must sign the request body (an example of the request can be found in the chapter Creating a payment). Note that JWS which will be sent to Conotoxia Pay API should have public key identifier (kid) in header section. It will be used to verify request by Conotoxia Pay system.
- Execute request on the POST /payments resource by placing in the request body JWS data and set correct header according to the information provided in the Communication with Conotoxia Pay section.
- The received response should be decoded and verified in accordance with the information provided in the Communication with the Partner section.
- The response contains the address to which the customer should be redirected in order to approve the payment. The rest of the process is described in the Payment Process section.
Authentication
In order to use Conotoxia Pay it is necessary to process authentication. Each request of the API provided by Conotoxia Pay requires sending an Authorization header, which contains an access token called OAuth 2.0 access token. In order to generate the token, use the POST /connect/token resource. Authentication is performed using HTTP Basic, where the user name is api_client_id and the password api_client_secret. In the body of the request, specify the grant_type parameter set to client_credentials and the scope parameter with the pay_api value.
Generating access token
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded" \
-u "<api_client_id>:<api_client_secret>" \
-d "grant_type=client_credentials&scope=pay_api" \
"<CONOTOXIA_OIDC_HOST>/connect/token"
Response body:
{
"access_token": "M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM",
"expires_in": 900,
"token_type": "Bearer"
}
Enables getting the Conotoxia Pay access token.
Resource
POST <CONOTOXIA_OIDC_HOST>/connect/token
See server addresses
Request headers
Name | Value | Remarks |
---|---|---|
Authorization | api_client_id:api_client_secret | HTTP Basic Authentication. |
Content-Type | application/x-www-form-urlencoded |
Request body
Parameters according to client_credentials mode
Name | Value |
---|---|
grant_type | client_credentials |
scope | pay_api |
Response
Field name | Type | Required | Description |
---|---|---|---|
access_token | String | YES | Token, which must be indicated when using the API provided by Conotoxia Pay. |
expires_in | String | YES | Token validity time in seconds. |
token_type | String | YES | Token type. |
Payments
Setting up payments
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-H "Accept-Language: en,pl;q=0.9,pl-PL;q=0.8" \
-H "User-Accept-Language: en,pl;q=0.9,pl-PL;q=0.8" \
-d "@data.json" \
"<CONOTOXIA_PAY_HOST>/payments"
data.json
{
"externalPaymentId": "342HHH88LKDJ89876767",
"pointOfSaleId": "POS4589631365489654",
"category": "E_COMMERCE",
"totalAmount": {
"currency": "PLN",
"value": 19.99
},
"description": "Payment description."
}
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-H "Accept-Language: en,pl;q=0.9,pl-PL;q=0.8" \
-H "User-Accept-Language: en,pl;q=0.9,pl-PL;q=0.8" \
-d "@data.jws" \
"<CONOTOXIA_PAY_HOST>/payments"
data.jws
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJleHRlcm5hbFBheW1lbnRJZCI6IjM0MkhISDg4TEtESjg5ODc2NzY3IiwicG9pbnRPZlNhbGVJZCI6IlBPUzQ1ODk2MzEzNjU0ODk2NTQiLCJjYXRlZ29yeSI6IkVfQ09NTUVSQ0UiLCJ0b3RhbEFtb3VudCI6eyJjdXJyZW5jeSI6IlBMTiIsInZhbHVlIjoxOS45OX0sImRlc2NyaXB0aW9uIjoiUGF5bWVudCBkZXNjcmlwdGlvbi4ifQ.FH8Ex3JCeCwud4fC_CifILcbrO6EYmjMoh1Q8ERLzfL_-T3Ieeepo4a6r8O7trpvcQKMZ6Pj9jt1SyZ7MzDFXuHXlmSl1FVwR3yqKQDZesxgmAo6ujmdNwJ0muEgUVXw9EAsbc9RKE6fFNCcMekmmkXem8-hFHueJoXZIWNOIVwBHgrMefkOSVQNHz_QD6pWrt5vhJVt1aSLnSBE1sm1Ks-ocoISPwR6MtiyXwiyCisvnTfEXvewDAFmm9b3X7YTXLtBWdKqTs8AnuiLqTx_-DwcNYX4ZPNEgTvZ7BQe_DbcTmdzfewQLVJ4Wg5REyTLUNtyxSxfZVQT_5ZTYtwQWA
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
{
"paymentId": "PAY715037422182587",
"approveUrl": "https://<CONOTOXIA_APPROVAL_HOST>/approve",
"token": "dGBcEMQoyff6OCQY5l1rehXAwgCDnEwhtp573P1EJyswGBJ79G"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVk3MTUwMzc0MjIxODI1ODciLCJhcHByb3ZlVXJsIjoiaHR0cHM6Ly88Q09OT1RPWElBX0FQUFJPVkFMX0hPU1Q-L2FwcHJvdmUiLCJ0b2tlbiI6ImRHQmNFTVFveWZmNk9DUVk1bDFyZWhYQXdnQ0RuRXdodHA1NzNQMUVKeXN3R0JKNzlHIn0.KD3zD9f_xOuhVZXAMt3fyVpYlXx48rHLqNIEwGKAjHyd84_-j7oowPw8IIWZI3qdx33Z5woLMmyetH6SQpJJXjB4em826Ihg7JaZoQ0eAVez9CY0E83x51SpIwUIeKJ5I-m1-VT87dnP8yMwwD0TE212PTRjY3eNTVC3uTtu1vlYyL8fhfa3FvmjLqmCpHEEIHuJSBCsKH95mOhJlM-OgREtNX043RPyiCxl2p88lpMtOjoLYYwAIOYsVqqpylaey8xeY3kuseAIfxiPJzNIz0LJ9NdzDzWTcDUW-fVtNhG6sQXfulEazFd4qYbATimQ7Jf9Ld50LW5qHCsM-fCacA
Enables setting up a payment transaction.
Resource
POST <CONOTOXIA_PAY_HOST>/payments
See server addresses
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json or for signed form application/jose+json |
YES | |
Accept-Language |
<language> | NO | A header that sets one of the two payment interface domains. For pl, it is <CINKCIARZ_PAY_WEB_HOST> , and for other languages (or no header setting), it is <CONOTOXIA_PAY_WEB_HOST> . It must comply with the RFC 7231 specification. |
User-Accept-Language |
<language> | NO | A header that sets the language of the notifications. It must comply with the RFC 7231 specification. |
Request body
PaymentData object containing payment data
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
totalAmount | Amount | YES | Payment amount with the currency. | |
notificationUrl | String | NO | min. 1 character max. 2048 characters | A URL to which payment status notifications will be sent. As a default, the URL provided by the Partner in the configuration of the point of sale is used. |
returnUrl | String | NO | min. 1 character max. 2048 characters | The URL to which the redirection will be made after payment. As a default, the URL provided by the Partner in the configuration of the point of sale is used. |
errorUrl | String | NO | min. 1 character max. 2048 characters | A URL to which a redirection will be made after an unsuccessful payment attempt. As a default, the URL provided by the Partner in the configuration of the point of sale is used. |
notificationUrlParameters | Object | NO | max. 1024 characters | Additional parameters, which are sent in URL payment status notifications. |
pointOfSaleId | String | YES | 18 characters | Point of sale identifier. |
externalPaymentId | String | YES | min. 1 character max. 64 characters | Payment identifier on the Partner's side. |
storeCustomer | StoreCustomer | NO | Store customer data which are used for reducing payment process by automatic payer data filling. | |
description | String | YES | min. 1 character max. 128 characters | Payment description. |
category | String | YES | min. 1 character max. 20 characters | Payment category. Default value should be E_COMMERCE . |
disablePayLater | Boolean | NO | Flag specifying whether the functionality should be activated for Pay Later. | |
selectedPaymentMethod | SelectedPaymentMethod | NO | It allows to redirect the customer directly to the selected payment method after redirecting him to the approveUrl address. |
|
retryEnabled | Boolean | NO | Flag specifying whether the payment should have the payment retry functionality enabled. |
Amount object containing payment amount
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
value | Number | YES | Amount. Max. 19 characters with support for 2 places after the decimal separator (a dot (.) is used as the decimal separator). The number of places after the decimal separator depends on the currency and is given in the List of supported currencies. | |
currency | String | YES | 3 characters | Currency code according to ISO 4217. Allowed currency codes are defined in the List of supported currencies. |
StoreCustomer object containing store customer data
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
firstName | String | NO | max. 100 characters | Store customer first name. |
lastName | String | NO | max. 100 characters | Store customer last name. |
String | NO | max. 250 characters | Store customer email address. |
Payment category
Defines the method of accounting with the Partner.
Value | Description |
---|---|
MWF | Fixed commission. |
E_COMMERCE | Percentage of commission based on the transaction value (default value). |
Selected payment method
Field name | Type | Required | Description |
---|---|---|---|
type | String | YES | The available values are below. |
issuer | String | NO | The available values are below. The field can be completed only for the PAY_BY_LINK payment method. |
The type
field can take the following values:
Value | Description |
---|---|
BLIK | BLIK payment method |
PAY_BY_LINK | In this case, field issuer should be also completed |
The issuer
field can take the following values:
Value | Description |
---|---|
MTRANSFER | Mbank |
ALIOR | Alior Bank |
BNP_PARIBAS | BNP Paribas |
IPKO | PKO BP |
PEKAO24 | Bank Pekao SA |
INTELIGO | Inteligo |
IDEA_BANK | Idea Bank |
SANTANDER | Santander Bank Polska |
GETIN | Getin Bank |
NOBLE | Noble Bank |
CREDIT_AGRICOLE | Credit Agricole |
BANK_NOWY_BFG | Bank Nowy BFG |
MILLENNIUM | Milennium |
CITI_HANDLOWY | Citi Handlowy |
BOS | Bank Ochrony Środowiska |
POCZTOWY24 | Bank Pocztowy |
PLUS_BANK | Plus Bank |
BANK_SPOLDZIELCZY | SGB-Bank |
BANK_SPOLDZIELCZY_W_BRODNICY | Bank Spółdzielczy w Brodnicy |
NEST | Nest Bank |
ENVELO | Envelo Bank |
ING | ING Bank Śląski |
Response body
PaymentInfo object containing the identifier of the created payment, the URL to accept the payment and the payment token.
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
paymentId | String | YES | max. 40 characters | Payment identifier in the Conotoxia Pay system. |
approveUrl | String | YES | max. 256 characters | The URL to which the Partner redirects the customer in order to accept the created payment. |
token | String | YES | max. 50 characters | Unique token for payment confirmation. |
API errors
The POST /payments method can return following business errors:
- invalid-jws
- public-key-already-revoked
- point-of-sale-not-found
- store-not-found
- contract-category-not-supported
- payment-method-not-available
- transaction-below-limit
- point-of-sale-forbidden-error-url
- point-of-sale-forbidden-notification-url
- point-of-sale-forbidden-return-url
- point-of-sale-not-active
- currency-unavailable
List of payments
curl -X GET \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
"<CONOTOXIA_PAY_HOST>/payments?paymentIds=PAY772237692548117&paymentIds=PAY815576576741391"
Response headers:
HTTP/1.1 200 Success
Content-Type: application/json
HTTP/1.1 200 Success
Content-Type: application/jose+json
Response body:
{
"data": [
{
"paymentId": "PAY772237692548117",
"externalPaymentId": "128/06/2018",
"status": "PROCESSING",
"amount": {
"value": 153.13,
"currency": "EUR"
},
"description": "Order 000000001",
"partner": {
"commission": {
"fee": {
"value": 1.25,
"currency": "EUR"
}
}
},
"type": "ONLINE_PAYMENT",
"createdDate": "2021-02-17T11:36:15.367Z"
},
{
"paymentId": "PAY815576576741391",
"externalPaymentId": "121/06/2018",
"status": "BOOKED",
"amount": {
"value": 23.52,
"currency": "EUR"
},
"description": "Order 000000002",
"type": "ONLINE_PAYMENT",
"createdDate": "2021-01-11T07:26:33.302Z",
"bookedDate": "2021-01-11T07:29:36.468Z"
}
],
"pagination": {
"first": true,
"last": true,
"currentPageNumber": 1,
"currentPageElementsCount": 2,
"pageSize": 10,
"totalPages": 1,
"totalElements": 2,
"pageLimitExceeded": true
}
}
eyJhbGciOiJSUzI1NiIsImtpZCI6Il8yNzVUd3dYOVhtaVotak1wLTJwNDZ0SUsyZE0tR2xWM3dYTU1GUTM5UUEifQ.ewogICAiZGF0YSI6WwogICAgICB7CiAgICAgICAgICJwYXltZW50SWQiOiJQQVk3NzIyMzc2OTI1NDgxMTciLAogICAgICAgICAiZXh0ZXJuYWxQYXltZW50SWQiOiIxMjgvMDYvMjAxOCIsCiAgICAgICAgICJzdGF0dXMiOiJQUk9DRVNTSU5HIiwKICAgICAgICAgImFtb3VudCI6ewogICAgICAgICAgICAidmFsdWUiOjE1My4xMywKICAgICAgICAgICAgImN1cnJlbmN5IjoiRVVSIgogICAgICAgICB9LAogICAgICAgICAiZGVzY3JpcHRpb24iOiJPcmRlciAwMDAwMDAwMDEiLAogICAgICAgICAicGFydG5lciI6ewogICAgICAgICAgICAiY29tbWlzc2lvbiI6ewogICAgICAgICAgICAgICAiZmVlIjp7CiAgICAgICAgICAgICAgICAgICJ2YWx1ZSI6MS4yNSwKICAgICAgICAgICAgICAgICAgImN1cnJlbmN5IjoiRVVSIgogICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICAgfSwKICAgICAgICAgInR5cGUiOiJPTkxJTkVfUEFZTUVOVCIsCiAgICAgICAgICJjcmVhdGVkRGF0ZSI6IjIwMjEtMDItMTdUMTE6MzY6MTUuMzY3WiIKICAgICAgfSwKICAgICAgewogICAgICAgICAicGF5bWVudElkIjoiUEFZODE1NTc2NTc2NzQxMzkxIiwKICAgICAgICAgImV4dGVybmFsUGF5bWVudElkIjoiMTIxLzA2LzIwMTgiLAogICAgICAgICAic3RhdHVzIjoiQk9PS0VEIiwKICAgICAgICAgImFtb3VudCI6ewogICAgICAgICAgICAidmFsdWUiOjIzLjUyLAogICAgICAgICAgICAiY3VycmVuY3kiOiJFVVIiCiAgICAgICAgIH0sCiAgICAgICAgICJkZXNjcmlwdGlvbiI6Ik9yZGVyIDAwMDAwMDAwMiIsCiAgICAgICAgICJ0eXBlIjoiT05MSU5FX1BBWU1FTlQiLAogICAgICAgICAiY3JlYXRlZERhdGUiOiIyMDIxLTAxLTExVDA3OjI2OjMzLjMwMloiLAogICAgICAgICAiYm9va2VkRGF0ZSI6IjIwMjEtMDEtMTFUMDc6Mjk6MzYuNDY4WiIKICAgICAgfQogICBdLAogICAicGFnaW5hdGlvbiI6ewogICAgICAiZmlyc3QiOnRydWUsCiAgICAgICJsYXN0Ijp0cnVlLAogICAgICAiY3VycmVudFBhZ2VOdW1iZXIiOjEsCiAgICAgICJjdXJyZW50UGFnZUVsZW1lbnRzQ291bnQiOjIsCiAgICAgICJwYWdlU2l6ZSI6MTAsCiAgICAgICJ0b3RhbFBhZ2VzIjoxLAogICAgICAidG90YWxFbGVtZW50cyI6MiwKICAgICAgInBhZ2VMaW1pdEV4Y2VlZGVkIjp0cnVlCiAgIH0KfQ.EuuDkfr9rv90nlZ0hbjTGa014qw_oB8EDTy1DEwfpgeFuEOK7yeEJztPX07jhT3pwdIB7Dc8c9sbSCgKMCvIjoXReNicw6LyJxQwyTs9tR8BEF-UWoLKxSqUP1h_T4jpPw9YH8GMGa1UZI9nktICNezbz35fAk5UH5RhMtIbvrpxVyz4AgBGv5oxqOOS2tXj1vIjZnJ8Vu46LkLKhUZ7RyHjJxUrf5UjkghwMY4URqkKD7jX7-YENfNy5tnH1kfyvtn1osxRfjDGY1wX4JbFUlVFJdkHed0WhcEIIoqYf4MUZ6yD5XvUu1784V3Gq2VVmvoVZiawAU-nUZtbmskr4w
The payment list can be viewed in the Merchant's panel on the payments page or can be get using the resource below.
Resource
GET <CONOTOXIA_PAY_HOST>/payments
See server addresses
Request headers
Name | Value | Remarks |
---|---|---|
Authorization | Bearer <access_token> |
It must contain a Bearer access token. For more information, see Generating access token. |
Query parameters
Field name | Type | Required | Description |
---|---|---|---|
paymentIds | String | NO | Payment identifiers (the paymentIds parameter must be duplicated in the request e.g. /payments?paymentIds=PAY772237692548117&paymentIds=PAY815576576741391 ). |
externalPaymentId | String | NO | External payment identifier. |
createdDateFrom | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of payment creation from. |
createdDateTo | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of payment creation to. |
bookedDateFrom | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of payment accounting from. |
bookedDateTo | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of payment accounting to. |
pageNumber | Number | NO | Page number. |
pageSize | Number | NO | Number of elements per page. |
sort | String | NO | Sorting criteria. |
Sort field value for payments
You can sort the following fields:
- createdDate
- bookedDate
- amount
To sort in descending order by the payment creation date, enter a value: paymentDate,DESC
.
Response body
Response object containing payment data
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
data | Array | YES | max. 100 elements | A list with elements of the Payment type. |
pagination | Pagination | YES | Metadata of the returned page. |
Payment object containing payment details
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
paymentId | String | YES | max. 40 characters | Payment identifier in the Conotoxia Pay system. |
externalPaymentId | String | YES | max. 64 characters | Payment identifier in the Partner system. |
status | String | YES | max. 14 characters | Payment status. Values according to the life cycle of the payment. |
amount | Amount | YES | Payment amount with the currency. | |
description | String | YES | min. 1 character max. 128 characters | Payment description. |
partner | Partner | NO | Partner details. | |
type | String | YES | max. 20 characters | Payment type. |
createdDate | String | YES | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of created payment. |
cancelledDate | String | NO | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of cancelled payment. |
bookedDate | String | NO | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of booked payment. |
The type
field can take the following values:
Value | Description |
---|---|
ONLINE_PAYMENT | Online payment |
PAYMENT_LINK_PARTNER | Payment by link |
Partner object containing partner information
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
commission | Commission | NO | Fees incurred by the Partner. |
Amount object including payment amount and payment currency
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
value | Number | YES | Amount. Max. 19 characters with support for 2 places after the decimal separator (a dot (.) is used as the decimal separator). The number of places after the decimal separator depends on the currency and is given in the List of supported currencies. | |
currency | String | YES | 3 characters | Currency code according to ISO 4217. Allowed currency codes are defined in the List of supported currencies. |
Commission object including information about payment fees charged
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
fee | Fee | YES | Fee amount with the currency. |
Fee object containing the payment fee value
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
value | Number | YES | Amount. Max. 19 characters with support for 2 places after the decimal separator (a dot (.) is used as the decimal separator). The number of places after the decimal separator depends on the currency and is given in the List of supported currencies. | |
currency | String | YES | 3 characters | Currency code according to ISO 4217. Allowed currency codes are defined in the List of supported currencies. |
Pagination object containing metadata of the returned payment data page
Field name | Type | Required | Description |
---|---|---|---|
first | Boolean | YES | Defines whether the returned data are on the first page. |
last | Boolean | YES | Defines whether the returned data are on the last page. |
currentPageNumber | Number | YES | Defines the number of the returned page. |
currentPageElementsCount | Number | YES | Defines the number of elements on the returned page. |
pageSize | Number | YES | Defines the page size. |
totalPages | Number | YES | Defines the number of available pages. |
totalElements | Number | YES | Defines the number of available elements. |
pageLimitExceeded | Boolean | YES | Defines whether the page limit has been reached. |
API errors
The GET /payments method can only return technical errors.
Payment notifications
Object sent to the notificationUrl address provided by the Partner:
{
"paymentId": "PAY815576576741391",
"externalPaymentId": "121/06/2018",
"code": "COMPLETED",
"type": "PAYMENT"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVk4MTU1NzY1NzY3NDEzOTEiLCJleHRlcm5hbFBheW1lbnRJZCI6IjEyMS8wNi8yMDE4IiwiY29kZSI6IkNPTVBMRVRFRCIsInR5cGUiOiJQQVlNRU5UIn0.OvFeZeef4wWRMV5uLTlYwKXnSKGDbNLXJ1FpHiRHLQ5fxLcNMibMdYX8sXsvBsBWcjOrZOj4GKSBG1HGu9HLpdRJOE0WtL4P6CMV0_blzfXAwI_Pf6EIR0Iv84PmT2RBeUKn12ndLEirSoeap3PGeSo6z1-58mRGStZ9juSLP27MzKWb_l93FgVh5TNH3BWFsmXY2AOE9s1epZidLoGgB-XFuC6rLDA34FuC1Ao3BbLYSoo1DMxd6_TWVCO-jnPsIeofZdfbDkY1rV1SEeqxcQscsy1HHMZB02rehXI-8V4l4K2OhSXLY0Nhq7Qe3_KSWVVXTQCZmoROz6KAAdxTfA
Request headers:
Content-Type: application/json
Content-Type: application/jose+json
After the customer executes the action, an asynchronous payment process is carried out on the payment approval page. As part of the process, notifications about the change of payment status are sent to the notificationUrl address provided by the Partner when creating the payment or when configuring the point of sale. Notifications are sent by POST method and may be delivered to the Partner's system in a random order. This is due to the fact that there may be delays between the Conotoxia Pay system and the Partner's system or the system may be unavailable at the time of sending the notification. If the Partner receives one of the notifications ending the payment process, he should not respond to other notifications, which will be delivered to his system for a given payment.
Below is a description of the message parameters, which is sent to the Partner.
PaymentStatus object
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
paymentId | String | YES | max. 40 characters | Payment identifier in the Conotoxia Pay system. |
externalPaymentId | String | YES | max. 64 characters | Payment identifier in the Partner system. |
code | String | YES | max. 14 characters | Payment status. |
type | String | YES | max. 7 characters | Notification type. Value for payment PAYMENT . |
description | String | NO | max. 512 characters | Description of the payment status. Can be sent for REJECTED status. |
completedDate | String | NO | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of completed payment. Always sent for the COMPLETED status. |
cancelledDate | String | NO | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of cancelled payment. Always sent for the CANCELLED status. |
rejectedDate | String | NO | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of rejected payment. Always sent for the REJECTED status. |
paymentMethod | String | NO | max. 15 characters | Payment method chosen by the customer. A value is always sent for the COMPLETED status and can be sent for CANCELLED and REJECTED statuses. |
reasonType | String | NO | max. 32 characters | Reason for the cancellation. The value is always sent for the CANCELLED status. |
paymentMethodProviderTransactionId | String | NO | max. 36 characters | Payment method provider transaction identifier. |
additionalParameters | Object | NO | max. 1024 characters | Additional parameters defined in create payment request. |
The code field can take values from the table below:
Status | Description |
---|---|
PROCESSING | The payment has been approved by the customer. |
COMPLETED | The payment was successfully completed. |
BOOKED | Funds are available to the partner. |
CANCELLED | The payment has been cancelled by the system. |
REJECTED | The payment has been rejected by the customer. |
The paymentMethod field can take values from the table below:
Payment method | Description |
---|---|
CURRENCY_WALLET | Currency wallet |
CREDIT_CARD | Payment card |
IDEAL | iDEAL |
EPS | EPS |
UNIONPAY | UnionPay |
BLIK | BLIK |
TRUSTLY | Trustly |
PAY_BY_LINK | Online transfer |
GOOGLE_PAY | Google Pay |
PAYPAL | PayPal |
SKRILL_WALLET | Skrill |
APPLE_PAY | Apple Pay |
RAPID_TRANSFER | Rapid Transfer |
VIPPS | Vipps |
The reasonType field can take values from the table below:
Reason type | Description |
---|---|
TOKEN_EXPIRED | The time to pay for the payment transaction is over |
PAY_LATER_EXPIRED | The time to pay for the deferred transaction has expired |
NOT_AVAILABLE | Payment transaction not permitted |
PROCESS_EXPIRED | Payment transaction expired |
AUTHENTICATION_FAILED_3_DS | 3D Secure authentication was not executed, or it did not execute successfully |
BLOCKED_CARD | The card used for the transaction is blocked |
EXPIRED_CARD | The card used for the transaction has expired |
INVALID_CARD_NUMBER | The specified card number is incorrect or invalid |
CVC_DECLINED | The specified card security code is invalid |
NOT_ENOUGH_BALANCE | The card does not have enough money to cover the payable amount |
WITHDRAWAL_COUNT_EXCEEDED | The number of withdrawals permitted for the shopper's card has exceeded |
WITHDRAWAL_AMOUNT_EXCEEDED | The withdrawal amount permitted for the shopper's card has exceeded |
TRANSACTION_NOT_PERMITTED | Payment transaction not permitted |
CVC_LENGTH_INVALID | CVC is not the right length |
EXPIRY_DATE_INVALID | Expiry date invalid |
INVALID_CVC | Invalid CVC |
NOT_SUPPORTED | The recipient's bank does not support or does not allow this type of transaction |
RESTRICTED_CARD | The card is restricted |
UNSUPPORTED_CURRENCY_SPECIFIED | Unsupported currency specified |
OTHER | Payment cancelled |
Redirection parameters
Decoded data parameter:
{
"paymentId": "PAY893669703633781",
"externalPaymentId": "464/46846/45",
"result": "SUCCESS"
}
After the customer executes the action on the payment approval page, redirection to the Partner's website is carried out. If the customer has successfully completed the action, it will be redirected to the returnUrl address given in the payment settings or configured by default in the point of sale. In case of technical problems, the customer is redirected to the errorUrl address (it is configured in the same way as the returnUrl address).
To the returnUrl address provided by the Partner, the Conotoxia Pay system attaches information about the payment status in the data parameter:
https://shop.com/success?data=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVk4OTM2Njk3MDM2MzM3ODEiLCJleHRlcm5hbFBheW1lbnRJZCI6IjQ2NC80Njg0Ni80NSIsInJlc3VsdCI6IlNVQ0NFU1MifQ.S83VbMBroVHrAVfXs-tk_Q3BdulpAj3lni0vdegxZ7zCQHhJuIU_DYCFQ3OTG5-EHTJ6zzsmLjjzTw5S8XVy96MXQfHbJKY-jVWEAEB5mRiLgJMn4PssQRLgaGwWbhbFbvD5qqPCFpIz96-FWnkvoxuPaa86Ywfdhd-aPAZ43m3afIAXaKOt9Iy5A0fmsbtZsiwAtrFYMmPoNZcEl02NZ9paIaJ8RXaoU4oTKgMEVjZECQ4smqfnpVg7UD1UIw54F_NaTppx0fAAIZYp5n9lzT9-DwXMe875AbH0ZzRq6-500fSCmJQc3_ym9bM8Xa5gbKSlNQrw2t4pjxJkXbPOGw
The JWS Payload section contains data saved in JSON format.
AdditionalParameters object
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
paymentId | String | YES | max. 40 characters | Payment identifier in the Conotoxia Pay system. |
externalPaymentId | String | YES | max. 64 characters | Payment identifier in the Partner system. |
result | String | YES | max. 50 characters | Payment status. The permitted values are described below. |
Permitted values of the result field:
Value | Description |
---|---|
SUCCESS | Payment correctly approved. |
SUCCESS_WITH_PAY_LATER | Payment correctly approved using the Pay Later functionality. |
REJECTED | Customer resigned from payment approval. |
ERROR | A problem occurred while accepting the payment (the customer can pay again if he has a link). |
PENDING | The payment is processed. |
BLIK Level 0
After creating the payment, BLIK payment approval can be done in two ways:
- Redirection to the Conotoxia Pay payment page (
approveUrl
). - Bypassing the Conotoxia Pay payment interface.
In the second case, the partner system must be integrated with the resources described below to initiate confirmation of BLIK Level 0 payments.
Example of usage:
Payment confirmation
Enables confirmation of payment transactions for the BLIK Level 0 method. In this case, the transaction is confirmed in the same currency as provided in the payment creation step.
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-H "Accept-Language: pl,cs;q=0.9,en;q=0.8,pl-PL;q=0.7" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)" \
-H "User-Real-Ip: 64.233.160.25" \
-H "User-Real-Port: 45688" \
-H "User-Screen-Resolution: 1920x1080" \
-H "fingerprint: {"some.domain":"1df8g16161f8we81sfwe8"}" \
-d "@data.json" \
"<CONOTOXIA_PAY_HOST>/payments/token/BernF3Ix5ozjyOBkePeiMkZNgideCMkvUox7bn8Povvq8CXYkv/confirmations"
data.json
{
"type": "BLIK",
"blikCode": "123456",
"additionalData": {
"email": "[email protected]",
"firstName": "John",
"lastName": "Kowalski"
},
"notificationsLocale": "en-GB"
}
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-H "Accept-Language: pl,cs;q=0.9,en;q=0.8,pl-PL;q=0.7" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)" \
-H "User-Real-Ip: 64.233.160.25" \
-H "User-Real-Port: 45688" \
-H "User-Screen-Resolution: 1920x1080" \
-H "fingerprint: {"some.domain":"1df8g16161f8we81sfwe8"}" \
-d "@data.jws" \
"<CONOTOXIA_PAY_HOST>/payments/token/BernF3Ix5ozjyOBkePeiMkZNgideCMkvUox7bn8Povvq8CXYkv/confirmations"
data.jws
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiQkxJSyIsImJsaWtDb2RlIjoiMTIzNDU2IiwiYWRkaXRpb25hbERhdGEiOnsiZW1haWwiOiJqLmtvd2Fsc2tpQGNvbm90b3hpYS5jb20iLCJmaXJzdE5hbWUiOiJKb2huIiwibGFzdE5hbWUiOiJLb3dhbHNraSJ9LCJub3RpZmljYXRpb25zTG9jYWxlIjoiZW4tR0IifQ.dJAliOmP8hOThHP73JfPoMgTA1TKktTgnTyj9idzJhTWMyy_St5GgfobWtX85y0SZmohEfm4SOgoBQbArvJFmbTmhJJjpXi5EnTqWL-HFF1i0OoHCD3Em3RBEDtSnVTIVTKyWKshl1puM-LbYdRr02iHlALrM7r72Snc8KrFfYM2_t5kvTzvlNFvMo_TLu_45F-n-2VR8GeyP6bjT9pZm3v1wjbSZbVXYpFXPmJgbAhECng4jEIguE9OQaeP8kKG6_NYYZR5GW72S0zDAjCMCy5bdLWXbe8mr8Ohj6Sf8xAPoSX3vKHyrElO9G4R0CvFUNE7d2V4pNaGtlus4MjXKg
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
{
"paymentStatus": "WAITING_FOR_NOTIFICATION"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50U3RhdHVzIjoiV0FJVElOR19GT1JfTk9USUZJQ0FUSU9OIn0.Up-KrFC3ikd3W88C7-vUu5sJFFva-p34p4kgHpaF0yTF3IKuOUc6fSivleWwZy6pV5mGvYR2_nzdMs3xH5nfHrzj4Cwws9Mi0ZwxWy9Zm-fcnmbMsPBQ1NbsuTIvC8SmZccmJHdVR8wxAtXVkFKiDGJ66_h0UdrUWKijhlpoZ-B_WULd8tSP5iOnAyamohx7_JwAKAapLxagZdexi_Fmoh3IYyzzVe8gEjR3g7upWJ5NU_8AK_6e17aiSskXnEe9-lMrcShG3M2FwU7qvCGrAN6QYxq5g-n0-RbG-wkzX6GSQMQUJcAcy5r5sP6t7ZxwBZ36BNOBYBxWNwLjCoIXxQ
Resource
POST <CONOTOXIA_PAY_HOST>/payments/token/{token}/confirmations
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json or for signed form application/jose+json |
YES | |
Accept-Language |
<language> | YES | The header sets the appropriate language for the email notifications with the payment status that the customer will receive. Provided value will override the User-Accept-Language header set during payment creation. It must comply with the RFC 7231 specification. |
User-Agent | User-Agent header value from user browser. |
YES | |
User-Real-Ip | User IP. | YES | |
User-Real-Port | User port. | YES | |
User-Screen-Resolution | User screen resolution (eg. 1920x1080 ). |
YES | |
fingerprint | Hash of user session identifier. | YES |
Path parameters
Name | Type | Required | Description |
---|---|---|---|
token | String | YES | Payment token from the token field in the PaymentInfo object. |
Request body
Name | Type | Required | Description |
---|---|---|---|
type | String | YES | Payment method type. |
blikCode | String | YES | T6 Code from the BLIK system. |
customerId | String | NO | The ID of the logged in customer in the partner's system. Parameter required for the BLIK OneClick method. |
additionalData | AdditionalData | YES | Additional information about Customer. |
notificationsLocale | String | NO | A parameter that overrides the Accept-Language header, which sets the appropriate language for email notifications with the payment status that the customer will receive. It must comply with the BCP 47 standard. |
The notificationsLocale
field can take the following values:
Value | Description |
---|---|
en-GB | English |
pl-PL | Polish |
AdditionalData object containing customer's data
Name | Type | Required | Description |
---|---|---|---|
String | YES | Customer's e-mail. | |
firstName | String | YES | Customer's first name. |
lastName | String | YES | Customer's last name. |
Response body
Name | Type | Required | Description |
---|---|---|---|
paymentStatus | String | YES | Payment status. |
reason | String | NO | Refusal reason. |
The paymentStatus
field can take the following values:
Value | Description |
---|---|
INITIATED | Payment initiated. |
WAITING_FOR_NOTIFICATION | Payment is waiting for confirmation from external payment provider. |
AUTHORIZATION_REQUESTED | Payment requires authorization in external payment provider. |
CANCELLED | Payment cancelled. |
CONFIRMED | Payment confirmed. |
The reason
field can take the following values:
Value | Description |
---|---|
ER_WRONG_TICKET | Incorrect BLIK code. |
ER_TIC_EXPIRED | Expired BLIK code. |
ER_TIC_STS | Canceled BLIK code. |
ER_TIC_USED | Already used BLIK code. |
INSUFFICIENT_FUNDS | Insufficient funds in the bank account. |
LIMIT_EXCEEDED | Bank account limit exceeded. |
ER_BAD_PIN | The wrong pin was entered several times in the application. |
USER_DECLINED | Transaction declined in the application. |
USER_TIMEOUT | The time has passed for accepting transaction in the application. |
TIMEOUT | There was a communication timeout in the publisher's system. |
AM_TIMEOUT | There was a communication timeout in communicating with the mobile application. |
ER_DATAAMT_HUGE | The transaction value exceeds the limit. |
ALIAS_DECLINED | Alias declined. |
ALIAS_NOT_FOUND | Alias not found. |
OTHER | Other. |
API errors
The POST /payments/token/{token}/confirmations method can return following business errors:
- payment-not-found
- payment-expired
- point-of-sale-not-found
- point-of-sale-not-active
- payment-method-not-available
- transaction-below-limit
- transaction-above-limit
BLIK OneClick
After creating the payment, the transaction can be approved bypassing the Conotoxia Pay payment service. The resources below allow you to initiate payment confirmation on the partner's system side, when the user has remembered the system/store in the bank's mobile application, having previously paid using the BLIK Level 0 method.
To use the BLIK OneClick method:
- The partner must first integrate with the resources described for the BLIK Level 0 method.
- The partner must complete the certification process (UX certification) related to the integration of the BLIK OneClick method.
- The customer must be logged in on the partner's system.
- The customer has previously made a payment using the BLIK Level 0 method while being logged in to the partner's system and has remembered system/store in the bank's mobile application.
Example of usage:
Get customer profile
In order to initiate a BLIK OneClick payment, partner's system must get a customer profile containing aliases (mobile applications) that have been previously remembered. If the resource returns aliases, then these should be presented to the customer on the first place before BLIK Level 0 payment method.
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-d "@data.json" \
"<CINKCIARZ_PAY_HOST>/profiles/POS2239342415401088/blik"
data.json
{
"customerId": "324235632463"
}
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-d "@data.jws" \
"<CINKCIARZ_PAY_HOST>/profiles/POS2239342415401088/blik"
data.jws
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJjdXN0b21lcklkIjoiMzI0MjM1NjMyNDYzIn0.Zr31GV-PY0GgrHxHRoC2hKC_mVHXbtTLpJnQiz0JjbKUQ8cMu32ffErIrlbCAYsO6u9lD1GcKGN8KyAXwN8aZHShe0e6goJwGiYjq40o9TQhyPzsnfGhqTSm3jlKJSM0cPTvO9225ZA1WdQiIvE_e-QFUYXQBHxMP3Khz4pgCpEIlTwTsPSLRc5eTt2x8mPEJDJI0kcpW8gPsbTCcxRv-hWM4F7XysRAkbd6bYf_6FKhMP1yjed6h9-ywtlS9FU3DHYivOSROYbz-GlZij9kI1qb29vH0qLBenxW1IjTfGCJx8UPRa4880G9I-Cr8tQKxbW0gqfIyuNU5YAgpP3yHQ
Response headers:
HTTP/1.1 200 OK
Content-Type: application/json
HTTP/1.1 200 OK
Content-Type: application/jose+json
Response body:
{
"aliases": [
{
"aliasName": "XYZ John Kowalski",
"aliasKey": "455332"
},
{
"aliasName": "DDD John Kowalski",
"aliasKey": "775986"
}
]
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJhbGlhc2VzIjpbeyJhbGlhc05hbWUiOiJYWVogSm9obiBLb3dhbHNraSIsImFsaWFzS2V5IjoiNDU1MzMyIn0seyJhbGlhc05hbWUiOiJEREQgSm9obiBLb3dhbHNraSIsImFsaWFzS2V5IjoiNzc1OTg2In1dfQ.WJ-tEz01Kk2ZL_uUAalPeb3nXbUZIFg8KLqcInEuAc7M_AxLcAHLR7QCZEiydrwDogc44ZpJ6bH5i9Z__gT087GD22VFsz2sKmfhCmWUpqsdvHQ6pJw7j1N4nNQ613MDKeS9G4GzL5UnzDJcjEIG9eCKIvI50IAEQeQIfPzgh4CPAGlCVat90Fn14dRaqYHLTh04hRDYuW2e0wiW6a3_QuNSzC0p44hB88-ofe7F5Qm2BniEkg5MJ1GqPiNe8DvNeIIQ5peVWYqGV8_u6Ez6tAlOFlVL_xGHhtaul7VEPzTWdiFepVtyE3eSRTrejYh05I8e07UwC2x2HB33KaQE_w
Resource
POST <CINKCIARZ_PAY_HOST>/profiles/{pointOfSaleId}/blik
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json or for signed form application/jose+json |
YES |
Path parameters
Name | Type | Required | Description |
---|---|---|---|
pointOfSaleId | String | YES | Point of sale identifier. |
Request body
Name | Type | Required | Description |
---|---|---|---|
customerId | String | YES | The ID of the logged in customer in the partner's system. |
Response body
Name | Type | Required | Description |
---|---|---|---|
aliases | Array | YES | A list with elements of type Alias. |
An Alias object containing information about the alias
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
aliasName | String | YES | max. 35 characters | Alias name. |
aliasKey | String | YES | max. 19 characters | Alias key. |
Payment confirmation
Enables confirmation of payment transactions for the BLIK OneClick method. In this case, the transaction is confirmed in the same currency as provided in the payment creation step.
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-H "Accept-Language: pl,cs;q=0.9,en;q=0.8,pl-PL;q=0.7" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)" \
-H "User-Real-Ip: 64.233.160.25" \
-H "User-Real-Port: 45688" \
-H "User-Screen-Resolution: 1920x1080" \
-H "fingerprint: {"some.domain":"1df8g16161f8we81sfwe8"}" \
-d "@data.json" \
"<CINKCIARZ_PAY_HOST>/payments/token/BernF3Ix5ozjyOBkePeiMkZNgideCMkvUox7bn8Povvq8CXYkv/confirmations"
data.json
{
"type": "BLIK",
"aliasKey": "455332",
"aliasName": "XYZ John Kowalski",
"customerId": "324235632463",
"additionalData": {
"email": "[email protected]",
"firstName": "John",
"lastName": "Kowalski"
},
"notificationsLocale": "en-GB"
}
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-H "Accept-Language: pl,cs;q=0.9,en;q=0.8,pl-PL;q=0.7" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)" \
-H "User-Real-Ip: 64.233.160.25" \
-H "User-Real-Port: 45688" \
-H "User-Screen-Resolution: 1920x1080" \
-H "fingerprint: {"some.domain":"1df8g16161f8we81sfwe8"}" \
-d "@data.jws" \
"<CINKCIARZ_PAY_HOST>/payments/token/BernF3Ix5ozjyOBkePeiMkZNgideCMkvUox7bn8Povvq8CXYkv/confirmations"
data.jws
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiQkxJSyIsImFsaWFzS2V5IjoiNDU1MzMyIiwiYWxpYXNOYW1lIjoiWFlaIEpvaG4gS293YWxza2kiLCJjdXN0b21lcklkIjoiMzI0MjM1NjMyNDYzIiwiYWRkaXRpb25hbERhdGEiOnsiZW1haWwiOiJqLmtvd2Fsc2tpQGNvbm90b3hpYS5jb20iLCJmaXJzdE5hbWUiOiJKb2huIiwibGFzdE5hbWUiOiJLb3dhbHNraSJ9LCJub3RpZmljYXRpb25zTG9jYWxlIjoiZW4tR0IifQ.PMqJe3r3eSMSewTSp1iFvP6w_tVQDTaHqEc8TxsAWlvmoLy4Q_usippg2gDMySAkT5rMhAjOroE2BhZEIJPnz0Wv3SJGjzwtu0KtddTEn9RNgPqgh6L6E_U6usLBmLI77ICgkEpl1EflAvfR1IQnL27U2T050Fku_QvWo-PgOkxyCW8ATpueamM0rmm3CaAOhX0h_iFq08WvlmlbDEY-dtX-Pz6bm5zcdPGmgZeq-lcb5r_RVcPVPcLsG0TTJIk56etwl-Q3dIhrGwMI8iASF7Vy3x0wtKFYmop7KBXDrs_jQ3fWMCDiWHJLMFf4bYC45GxXv7Mz385o8Z41xYAZKQ
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
{
"paymentStatus": "WAITING_FOR_NOTIFICATION"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50U3RhdHVzIjoiV0FJVElOR19GT1JfTk9USUZJQ0FUSU9OIn0.Up-KrFC3ikd3W88C7-vUu5sJFFva-p34p4kgHpaF0yTF3IKuOUc6fSivleWwZy6pV5mGvYR2_nzdMs3xH5nfHrzj4Cwws9Mi0ZwxWy9Zm-fcnmbMsPBQ1NbsuTIvC8SmZccmJHdVR8wxAtXVkFKiDGJ66_h0UdrUWKijhlpoZ-B_WULd8tSP5iOnAyamohx7_JwAKAapLxagZdexi_Fmoh3IYyzzVe8gEjR3g7upWJ5NU_8AK_6e17aiSskXnEe9-lMrcShG3M2FwU7qvCGrAN6QYxq5g-n0-RbG-wkzX6GSQMQUJcAcy5r5sP6t7ZxwBZ36BNOBYBxWNwLjCoIXxQ
Resource
POST <CINKCIARZ_PAY_HOST>/payments/token/{token}/confirmations
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json or for signed form application/jose+json |
YES | |
Accept-Language |
<language> | YES | The header sets the appropriate language for the email notifications with the payment status that the customer will receive. Provided value will override the User-Accept-Language header set during payment creation. It must comply with the RFC 7231 specification. |
User-Agent | User-Agent header value from user browser. |
YES | |
User-Real-Ip | User IP. | YES | |
User-Real-Port | User port. | YES | |
User-Screen-Resolution | User screen resolution (eg. 1920x1080 ). |
YES | |
fingerprint | Hash of user session identifier. | YES |
Path parameters
Name | Type | Required | Description |
---|---|---|---|
token | String | YES | Payment token from the token field in the PaymentInfo object. |
Request body
Name | Type | Required | Description |
---|---|---|---|
type | String | YES | Payment method type. |
aliasKey | String | YES | The ID of the alias selected by the client. The value can be retrieved from a resource that returns customer profile. |
aliasName | String | YES | The name of the alias selected by the client. The value can be retrieved from a resource that returns customer profile. |
customerId | String | YES | The ID of the logged in customer in the partner's system. Parameter required for the BLIK OneClick method. |
additionalData | AdditionalData | YES | Additional information about Customer. |
notificationsLocale | String | NO | A parameter that overrides the Accept-Language header, which sets the appropriate language for email notifications with the payment status that the customer will receive. It must comply with the BCP 47 standard. |
The notificationsLocale
field can take the following values:
Value | Description |
---|---|
en-GB | English |
pl-PL | Polish |
AdditionalData object containing customer's data
Name | Type | Required | Description |
---|---|---|---|
String | YES | Customer's e-mail. | |
firstName | String | YES | Customer's first name. |
lastName | String | YES | Customer's last name. |
Response body
Name | Type | Required | Description |
---|---|---|---|
paymentStatus | String | YES | Payment status. |
reason | String | NO | Refusal reason. |
The paymentStatus
field can take the following values:
Value | Description |
---|---|
INITIATED | Payment initiated. |
WAITING_FOR_NOTIFICATION | Payment is waiting for confirmation from external payment provider. |
AUTHORIZATION_REQUESTED | Payment requires authorization in external payment provider. |
CANCELLED | Payment cancelled. |
CONFIRMED | Payment confirmed. |
The reason
field can take the following values:
Value | Description |
---|---|
ER_WRONG_TICKET | Incorrect BLIK code. |
ER_TIC_EXPIRED | Expired BLIK code. |
ER_TIC_STS | Canceled BLIK code. |
ER_TIC_USED | Already used BLIK code. |
INSUFFICIENT_FUNDS | Insufficient funds in the bank account. |
LIMIT_EXCEEDED | Bank account limit exceeded. |
ER_BAD_PIN | The wrong pin was entered several times in the application. |
USER_DECLINED | Transaction declined in the application. |
USER_TIMEOUT | The time has passed for accepting transaction in the application. |
TIMEOUT | There was a communication timeout in the publisher's system. |
AM_TIMEOUT | There was a communication timeout in communicating with the mobile application. |
ER_DATAAMT_HUGE | The transaction value exceeds the limit. |
ALIAS_DECLINED | Alias declined. |
ALIAS_NOT_FOUND | Alias not found. |
OTHER | Other. |
API errors
The POST /payments/token/{token}/confirmations method can return following business errors:
- payment-not-found
- payment-expired
- point-of-sale-not-found
- point-of-sale-not-active
- payment-method-not-available
- transaction-below-limit
- transaction-above-limit
BLIK payment status
Allows to check the payment status after its confirmation. The resource can be used to update the status of the transaction confirmed with the BLIK Level 0 or BLIK OneClick payment method in the client's browser.
curl -X 'GET' \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
"<CONOTOXIA_PAY_HOST>/payments/status?paymentId=PAY445458962445154"
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
{
"paymentStatus": "CONFIRMED",
"paymentId": "PAY445458962445154"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50U3RhdHVzIjoiQ09ORklSTUVEIiwicGF5bWVudElkIjoiUEFZNDQ1NDU4OTYyNDQ1MTU0In0.HQHzzoMgBh-gjc1EFlpcSozMSG4HGCaO_U2kWrLLTIihyMLcv-_ySPCLguA8r4OKeXeQRzaX2rCPAVwUyA8Xyuhy9bHXgNHjURw_4OfZy1DvkJxLy6HujsrRixd8NjXKT23bsDSb0Wv_HPn6KL2ATF1vOH0TjNP0dkIe26gcBjPLfo7Sez22nHgjqhWZBIsaZBh9GRr3zURdyjAJkQAzeSPu93OGwPPGsqZVY2oELkXP7sP9iwOKe9BrR2hqskJsWC4PTY8JZvuWOlv8-ho8EZfgugwL6bMn0qh8XVa_Ld5uOuZo2wePhdvGPVrZi7pVWMCIu6iNj9V8tVA0okflOA
Resource
GET <CONOTOXIA_PAY_HOST>/payments/status?paymentId={paymentId}
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Query parameters
Name | Type | Required | Description |
---|---|---|---|
paymentId | String | Yes | Payment identifier from the paymentId field in the PaymentInfo object. |
Response body
Name | Type | Required | Description |
---|---|---|---|
paymentId | String | YES | Payment identifier. |
paymentStatus | String | YES | Payment status. |
reason | String | NO | Refusal reason. |
The paymentStatus
field can take the following values:
Value | Description |
---|---|
INITIATED | Payment initiated. |
WAITING_FOR_NOTIFICATION | Payment is waiting for confirmation from external payment provider. |
AUTHORIZATION_REQUESTED | Payment requires authorization in external payment provider. |
CANCELLED | Payment cancelled. |
CONFIRMED | Payment confirmed. |
The reason
field can take the following values:
Value | Description |
---|---|
ER_WRONG_TICKET | Incorrect BLIK code. |
ER_TIC_EXPIRED | Expired BLIK code. |
ER_TIC_STS | Canceled BLIK code. |
ER_TIC_USED | Already used BLIK code. |
INSUFFICIENT_FUNDS | Insufficient funds in the bank account. |
LIMIT_EXCEEDED | Bank account limit exceeded. |
ER_BAD_PIN | The wrong pin was entered several times in the application. |
USER_DECLINED | Transaction declined in the application. |
USER_TIMEOUT | The time has passed for accepting transaction in the application. |
TIMEOUT | There was a communication timeout in the publisher's system. |
AM_TIMEOUT | There was a communication timeout in communicating with the mobile application. |
ER_DATAAMT_HUGE | The transaction value exceeds the limit. |
ALIAS_DECLINED | Alias declined. |
ALIAS_NOT_FOUND | Alias not found. |
OTHER | Other. |
EPS
After creating the payment, the transaction can be approved bypassing the Conotoxia Pay payment interface for the EPS method. The provided resources will allow the payment to be made by directly redirecting the customer to the bank's website. Example sequence diagrams are provided in the chapter Payment process - EPS.
Example of usage:
Method availability
Before confirming a payment using the EPS method, partner system should check its availability and get the list of available banks using the resource described in chapter Payment method availability.
Bank icons
For each available bank represented by the Issuer object, you can retrieve the icon and present it to the customer.
Resource
GET <CONOTOXIA_PAY_HOST>/images/logos/eps/{issuerId}.svg
Path parameters
Name | Type | Required | Description |
---|---|---|---|
issuerId | String | YES | Bank identifier from the id field in the Issuer object. |
Payment confirmation
Enables confirmation of payment transactions for the EPS method. In this case, the transaction is confirmed in the same currency as provided in the payment creation step.
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-H "Accept-Language: pl,cs;q=0.9,en;q=0.8,pl-PL;q=0.7" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)" \
-H "User-Real-Ip: 64.233.160.25" \
-H "User-Real-Port: 45688" \
-H "User-Screen-Resolution: 1920x1080" \
-H "fingerprint: {"some.domain":"1df8g16161f8we81sfwe8"}" \
-d "@data.json" \
"<CONOTOXIA_PAY_HOST>/payments/token/BernF3Ix5ozjyOBkePeiMkZNgideCMkvUox7bn8Povvq8CXYkv/confirmations"
data.json
{
"type": "EPS",
"issuer": "6c48eff1-48be-4751-8eaa-71b96cc06b4d",
"issuerCode": "BANK_CODE",
"additionalData": {
"email": "[email protected]",
"firstName": "John",
"lastName": "Kowalski"
},
"notificationsLocale": "en-GB"
}
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-H "Accept-Language: pl,cs;q=0.9,en;q=0.8,pl-PL;q=0.7" \
-H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)" \
-H "User-Real-Ip: 64.233.160.25" \
-H "User-Real-Port: 45688" \
-H "User-Screen-Resolution: 1920x1080" \
-H "fingerprint: {"some.domain":"1df8g16161f8we81sfwe8"}" \
-d "@data.jws" \
"<CONOTOXIA_PAY_HOST>/payments/token/BernF3Ix5ozjyOBkePeiMkZNgideCMkvUox7bn8Povvq8CXYkv/confirmations"
data.jws
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiRVBTIiwiaXNzdWVyIjoiNmM0OGVmZjEtNDhiZS00NzUxLThlYWEtNzFiOTZjYzA2YjRkIiwiaXNzdWVyQ29kZSI6IkJBTktfQ09ERSIsImFkZGl0aW9uYWxEYXRhIjp7ImVtYWlsIjoiai5rb3dhbHNraUBjb25vdG94aWEuY29tIiwiZmlyc3ROYW1lIjoiSm9obiIsImxhc3ROYW1lIjoiS293YWxza2kifSwibm90aWZpY2F0aW9uc0xvY2FsZSI6ImVuLUdCIn0.SIocHLiz-_FTdoq2TF88wg9EbnTjJKBuc1T3tvAJLKnpylZBVS5Navck0qIBc-7Y28wyTdVYDg_zHkCoTbzFAB94WdRc0X4_gN55cx4QAxwgWaUmnmSy5BLAVu_Wwj2D9_QU7UMKT_EU5jAjSsm93GjAlXBxzmg-mJ6rsEzER2Tf2tosPPlBX4Vr25qteurcv5RpQSTcw3wZhw4TBtLpw--YfBBXcM9_g3jFKU5k4T0CEbZCzPciA7KDTMbPaz1phV97tcelcMJLDDMxfiew6gRgWftoGd0JqAd2dehhS3U2i7YbyhO62mccSBjxaOy4qS6J77OkbKJntReFW5RKuA
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
{
"redirectUrl": "https://www.example.com/redirect",
"redirectMethod": "GET"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJyZWRpcmVjdFVybCI6Imh0dHBzOi8vd3d3LmV4YW1wbGUuY29tL3JlZGlyZWN0IiwicmVkaXJlY3RNZXRob2QiOiJHRVQifQ.J5h5_dlyWEmLviMRGQaVMH-b7jBv5CwUQvMWAO51HERInNjqfDWkZdAjB56AARR6BK_FLN7UBPB9DFwtChoReR6xg20gOJld4Ctl00l2wvZ6lPRazIt4MA1Quo3pkM7p64vZQ6QX2mM8vVRqMjdGQc8HgEhHgnwgciU8w9rdxWbFxTWdZnalG2Fu9KXIKG5ZnWTmYO3L91HEWwL9SjI_lL_Os7r8V_ORPQPIX5-A3RUR3s1kTiI0gwPJzRlWzhVTIlRbnRBvj6m5GTJkK3ULug01k1O9UfWoaKNRgJ9TSMNgTi1PHdbm1P_rZRZ5FqMeTb2tWhcRBJquCTaHXF_BNQ
Resource
POST <CONOTOXIA_PAY_HOST>/payments/token/{token}/confirmations
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json or for signed form application/jose+json |
YES | |
Accept-Language |
<language> | YES | The header sets the appropriate language for the email notifications with the payment status that the customer will receive. Provided value will override the User-Accept-Language header set during payment creation. It must comply with the RFC 7231 specification. |
User-Agent | User-Agent header value from user browser. |
YES | |
User-Real-Ip | User IP. | YES | |
User-Real-Port | User port. | YES | |
User-Screen-Resolution | User screen resolution (eg. 1920x1080 ). |
YES | |
fingerprint | Hash of user session identifier. | YES |
Path parameters
Name | Type | Required | Description |
---|---|---|---|
token | String | YES | Payment token from the token field in the PaymentInfo object. |
Request body
Name | Type | Required | Description |
---|---|---|---|
type | String | YES | Payment method type. |
issuer | String | YES | Bank identifier from the id field in the Issuer object. |
issuerCode | String | YES | Bank code from the code field in the Issuer object. |
additionalData | AdditionalData | YES | Additional information about customer. |
notificationsLocale | String | NO | A parameter that overrides the Accept-Language header, which sets the appropriate language for email notifications with the payment status that the customer will receive. It must comply with the BCP 47 standard. |
The notificationsLocale
field can take the following values:
Value | Description |
---|---|
en-GB | English |
pl-PL | Polish |
AdditionalData object containing customer's data
Name | Type | Required | Description |
---|---|---|---|
String | YES | Customer's e-mail. | |
firstName | String | YES | Customer's first name. |
lastName | String | YES | Customer's last name. |
Response body
Name | Type | Required | Description |
---|---|---|---|
redirectUrl | String | YES | The bank's URL to which the customer should be redirected. |
redirectMethod | String | YES | The HTTP method that should be used for redirection. |
API errors
The POST /payments/token/{token}/confirmations method can return following business errors:
- payment-not-found
- payment-expired
- point-of-sale-not-found
- point-of-sale-not-active
- payment-method-not-available
- transaction-below-limit
- transaction-above-limit
Payment method availability
To check if your chosen payment method is available, please use the resource below. The resource returns a list of payments methods with status. Additionally, for some payment methods, additional data may be returned, such as: list of available banks (EPS).
curl -X GET \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
"<CONOTOXIA_PAY_HOST>/payments/methods?currency=EUR&pointOfSaleId=PAY815576576741391"
Response headers:
HTTP/1.1 200 Success
Content-Type: application/json
HTTP/1.1 200 Success
Content-Type: application/jose+json
Response body:
{
"data": [
{
"type": "BLIK",
"status": "UNAVAILABLE"
},
{
"type": "EPS",
"status": "ACTIVE",
"issuers": [
{
"id": "edc8afd1-6258-4982-b523-aab56e423c8a",
"name": "Bank name",
"code": "BANK_CODE"
}
]
}
]
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJkYXRhIjpbeyJ0eXBlIjoiQkxJSyIsInN0YXR1cyI6IlVOQVZBSUxBQkxFIn0seyJ0eXBlIjoiRVBTIiwic3RhdHVzIjoiQUNUSVZFIiwiaXNzdWVycyI6W3siaWQiOiJlZGM4YWZkMS02MjU4LTQ5ODItYjUyMy1hYWI1NmU0MjNjOGEiLCJuYW1lIjoiQmFuayBuYW1lIiwiY29kZSI6IkJBTktfQ09ERSJ9XX1dfQ.Z9U8MrbEXRukhRCE6LNyN3gzKwbJx6CRxi729XKU3epIjMPlFkG4OWd7JAfCgI8PnPu1po2ThWdmGASOEw0OKMkAB8V7XDmpwputhnElltVb2CR7lBcFouE8_gIdjtedE_4WfDmLaYYHJ00eHopNP3jYQYlW3l9ZY-no1cXKGFR5AoE_1V30BUXOcopLG8iaXCnyUv0Awnb6mjbtZhQG8lVeHzroA5HMGYTIMR-5B3CYaHok92xxO5tBG8ju42XcDH0xfFO5FkpQVc7AbUYloXYNErrRRekLX0bHec6g1UUan0W5KfaTlWIl_Q90Psv4ycZ5qQ5pR1Yhfwr5T-va2w
Resource
GET <CONOTOXIA_PAY_HOST>/payments/methods?currency={currency}&pointOfSaleId={pointOfSaleId}
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Query parameters
Name | Type | Required | Description |
---|---|---|---|
currency | String | YES | Currency code according to ISO 4217. Allowed currency codes are defined in the List of supported currencies. |
pointOfSaleId | String | YES | Point of sale identifier. |
Response body
Response object containing payment methods data
Name | Type | Required | Description |
---|---|---|---|
data | Array | YES | A list with elements of the PaymentMethod type. |
PaymentMethod object containing payment method details
Name | Type | Required | Description |
---|---|---|---|
type | String | YES | Payment method type. |
status | String | YES | Payment method status. |
issuers | Array | NO | A list with elements of the Issuer type. |
The status
field can take the following values:
Value | Description |
---|---|
ACTIVE | Payment method is available. |
UNAVAILABLE | Payment method is unavailable. |
Issuer object containing bank details
Name | Type | Required | Description |
---|---|---|---|
id | String | YES | Bank identifier. |
name | String | YES | Bank name. |
code | String | YES | Bank code. |
Retry payments
Enables setting up a payment transaction with parameters of an already existing transaction.
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-d "@data.json" \
"<CONOTOXIA_PAY_HOST>/payments/retry"
data.json
{
"paymentId": "PAY219171134105423"
}
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-d "@data.jws" \
"<CONOTOXIA_PAY_HOST>/payments/retry"
data.jws
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVkyMTkxNzExMzQxMDU0MjMifQ.KqU6VswZiaB071gKsCxlU2pc0UWxOofnedinH3z9rxpuxynceKIu3DtDlciK4larlxi9i_MzNUW1nRM3pmNucmXX8GVEtUBtiKNfo1Ktp9SvK8T-lViNx3w37kOuErL7qpolUWeYGjxxs9Wo-m1Ke51wUl0xnx859H9o8pAHlEmKRpVq8Gyjh3DxqCSTsAjB_PTRo4T988uWN-usiCOr22frfxpexsDEAurkXrjk4cXjyx1hNZbazw40JQD5rvWkKpwEFOmjFMQSQP9LhYP5iGmbgVDg91_oCg33idMxSXYke2FsCHtFTf1HTDD3krAvMUK0D9aXthF-jmqHpgv8xA
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
{
"paymentId": "PAY715037422182587",
"approveUrl": "https://<CONOTOXIA_APPROVAL_HOST>/approve",
"token": "dGBcEMQoyff6OCQY5l1rehXAwgCDnEwhtp573P1EJyswGBJ79G"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVk3MTUwMzc0MjIxODI1ODciLCJhcHByb3ZlVXJsIjoiaHR0cHM6Ly88Q0lOS0NJQVJaX0FQUFJPVkFMX0hPU1Q-L2FwcHJvdmUiLCJ0b2tlbiI6ImRHQmNFTVFveWZmNk9DUVk1bDFyZWhYQXdnQ0RuRXdodHA1NzNQMUVKeXN3R0JKNzlHIn0.CRTGAMRkd2kHey33ID65n0hrv_0L1NSv628HtKw7dMp8W5Lou1OsJyUkDYa3VfeHUf0V6j2YLJmOt8bU09I_8zpwQH1-5-JIFnmLkByqp_a0RDKnmslFwD9K4p__OE9QqpLta-u7u5h8v5zK0esQ0w2-9wcKzVfwUrhl8ZiTNxP3BZL5ZDAUoECK9MWmT_aYchc2RuuNcdXiGEh-t-ELM_MwxlRYI-ab1froAEFHkaxxZTbzAmJsbPcWBtTR-whWOLKVZV5eLTIV1Z-8-ZD7q-pCHqalbkN5H8czrBuXySb92pDf58iRUsm4lgXY17PmO51fwhlfQ-UtKpQBDWmtFQ
Resource
POST <CONOTOXIA_PAY_HOST>/payments/retry
Request headers
Name | Value | Required | Remarks |
---|---|---|---|
Authorization | Bearer <access_token> |
YES | It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json or for signed form application/jose+json |
YES |
Request body
PaymentRetryData object containing payment data
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
paymentId | String | YES | max. 40 characters | Repeated payment identifier. |
Response body
PaymentInfo object containing the identifier of the created payment, the URL to accept the payment and the payment token.
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
paymentId | String | YES | max. 40 characters | Payment identifier in the Conotoxia Pay system. |
approveUrl | String | YES | max. 256 characters | The URL to which the Partner redirects the customer in order to accept the created payment. |
token | String | YES | max. 50 characters | Unique token for payment confirmation. |
API errors
The POST /payments/retry method can return the following errors:
- illegal-payment-status
- invalid-jws
- public-key-already-revoked
- point-of-sale-not-found
- contract-category-not-supported
- payment-method-not-available
- transaction-below-limit
- point-of-sale-forbidden-error-url
- point-of-sale-forbidden-notification-url
- point-of-sale-forbidden-return-url
- point-of-sale-not-active
- currency-unavailable
Refunds
Setting up refunds
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-d "@data.json" \
"<CONOTOXIA_PAY_HOST>/refunds"
data.json
{
"paymentId": "PAY715037422182587",
"reason": "Damaged cover",
"amount": {
"currency": "PLN",
"value": 34.99
},
"externalRefundId": "234/03/2016",
"notificationUrl": "http://shop.com/notifications"
}
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-d "@data.jws" \
"<CONOTOXIA_PAY_HOST>/refunds"
data.jws
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVk3MTUwMzc0MjIxODI1ODciLCJyZWFzb24iOiJEYW1hZ2VkIGNvdmVyIiwiYW1vdW50Ijp7ImN1cnJlbmN5IjoiUExOIiwidmFsdWUiOjM0Ljk5fSwiZXh0ZXJuYWxSZWZ1bmRJZCI6IjIzNC8wMy8yMDE2Iiwibm90aWZpY2F0aW9uVXJsIjoiaHR0cDovL3Nob3AuY29tL25vdGlmaWNhdGlvbnMifQ.NacbH-nTXcqY8Yv7Ib1B2l2RUS-vRe8MTGauT_9wYEoGUdpZD8Pks8T2_dLVGxtO4An66VNHn61YYNY3XQCVAaeb2oQ_g1jXacTNIFIgoMCF8v6-nKu3sigYgvCntuM98XfRgLD-T7i6chR-TizggWhJ5dSpNRXwEpNfV9YGUgtroLb9Bt4H99Ys-S6Twzfg23Bj6JZEFb121Dsk7cZE2TEdwDjkiM3PUaWqIVbPDXP-N-kYx2ZZKrv4kIyLBa9990i4yn_KxCHcPSrPcyXE4cROTOSjunfCX_y-PfM96H7oR-5vI9cVnuPrSaF2kf6cHjtsUPnOHGqA7Owj7zfEvQ
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
{
"id": "REF505142910935123"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJpZCI6IlJFRjUwNTE0MjkxMDkzNTEyMyJ9.fNuI_zsMz8JPhAiQjpvcGYwiYGkFuR6LWdueA4RgU-GcCzH4RdZULnMg4V-hyu3Of0G6u9qaqVw8SSPRRy_O59CijaYLI6cMSzg2W5L-mMHVUveWTgI-DLQ1v0Jemx5sri27vsq7TDMcfDNnGigWFkmvJx1nYeWS_1lTzXdYrDHxldjJhGUbF2aLr_hzrn4SRqlTf0XYc8vVGm65OS64iowFn2osd-ByXAr9LOMUsSenW14qwBLwth9_BartZO_ce1j1sBlBTYGlgPpy6xVaQjbaUcJySEqVY0vwXpCGPygLyYqt0w55F82s2bW7Qg7QW4bUu5GNAVjTai4QKjUHSg
Allows to create a refund for payment transaction. The refund creation can be also made from the Merchant's panel on the payment details page.
Resource
POST <CONOTOXIA_PAY_HOST>/refunds
See server addresses
Request headers
Name | Value | Remarks |
---|---|---|
Authorization | Bearer <access_token> |
It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json or for signed form application/jose+json |
Request body
RefundData object containing refund data
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
paymentId | String | YES | max. 40 characters | Payment identifier in the Conotoxia Pay system. |
reason | String | YES | min. 5 characters max. 512 characters | Reason for which the refund is made. |
amount | Amount | NO | Refund amount. If the amount is not specified or if it is equal to the amount of the payment, a full refund will be created. The currency must always correspond to the currency in which the payment was made. | |
externalRefundId | String | NO | min. 1 character max. 64 characters | Refund identifier in the Partner system. |
notificationUrl | String | NO | min. 1 character max. 2048 characters | The URL to which the refund status notifications will be sent. As a default, the URL provided by the Partner in the configuration of the point of sale is used. |
notificationUrlParameters | Object | NO | max. 1024 characters | Additional parameters, which are sent in URL refund status notifications. |
Amount object containing refund amount
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
value | Number | YES | Amount. Max. 19 characters with support for 2 places after the decimal separator (a dot (.) is used as the decimal separator). The number of places after the decimal separator depends on the currency and is given in the List of supported currencies. | |
currency | String | YES | 3 characters | Currency code according to ISO 4217. Allowed currency codes are defined in the List of supported currencies. |
Response body
RefundInfo object containing the identifier of the refund created
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
id | String | YES | max. 40 characters | Refund identifier in the Conotoxia Pay system. |
API errors
The POST /refunds can return the following business errors:
- invalid-jws
- public-key-already-revoked
- payment-not-completed
- point-of-sale-forbidden-notification-url
- point-of-sale-not-active
- refund-amount-too-large
- refund-incorrect-currency-code
- max-refunds-reached
- other-refunds-not-completed
- refund-money-below-minimal-amount
- refund-not-allowed
- currency-unavailable
List of refunds
curl -X GET \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
"<CONOTOXIA_PAY_HOST>/refunds?refundIds=REF192843325139567&refundIds=REF942484723821414"
Response headers:
HTTP/1.1 200 Success
Content-Type: application/json
HTTP/1.1 200 Success
Content-Type: application/jose+json
Response body:
{
"data": [
{
"refundId": "REF192843325139567",
"externalRefundId": "128/06/2018",
"status": "NEW",
"amount": {
"value": 9.99,
"currency": "EUR"
},
"description": "Wrong order",
"type": "PARTIAL",
"createdDate": "2020-01-24T10:06:10.945Z"
},
{
"refundId": "REF942484723821414",
"externalRefundId": "121/06/2018",
"status": "COMPLETED",
"amount": {
"value": 109.99,
"currency": "EUR"
},
"description": "Wrong order",
"partner": {
"commission": {
"fee": {
"value": 1.25,
"currency": "EUR"
}
}
},
"type": "FULL",
"createdDate": "2020-11-25T15:14:38.226Z",
"bookedDate": "2020-11-25T15:15:50.140Z"
}
],
"pagination": {
"first": true,
"last": true,
"currentPageNumber": 1,
"currentPageElementsCount": 2,
"pageSize": 10,
"totalPages": 1,
"totalElements": 2,
"pageLimitExceeded": true
}
}
eyJhbGciOiJSUzI1NiIsImtpZCI6Il8yNzVUd3dYOVhtaVotak1wLTJwNDZ0SUsyZE0tR2xWM3dYTU1GUTM5UUEifQ.ewogICAiZGF0YSI6WwogICAgICB7CiAgICAgICAgICJyZWZ1bmRJZCI6IlJFRjE5Mjg0MzMyNTEzOTU2NyIsCiAgICAgICAgICJleHRlcm5hbFJlZnVuZElkIjoiMTI4LzA2LzIwMTgiLAogICAgICAgICAic3RhdHVzIjoiTkVXIiwKICAgICAgICAgImFtb3VudCI6ewogICAgICAgICAgICAidmFsdWUiOjkuOTksCiAgICAgICAgICAgICJjdXJyZW5jeSI6IkVVUiIKICAgICAgICAgfSwKICAgICAgICAgImRlc2NyaXB0aW9uIjoiV3Jvbmcgb3JkZXIiLAogICAgICAgICAidHlwZSI6IlBBUlRJQUwiLAogICAgICAgICAiY3JlYXRlZERhdGUiOiIyMDIwLTAxLTI0VDEwOjA2OjEwLjk0NVoiCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAgInJlZnVuZElkIjoiUkVGOTQyNDg0NzIzODIxNDE0IiwKICAgICAgICAgImV4dGVybmFsUmVmdW5kSWQiOiIxMjEvMDYvMjAxOCIsCiAgICAgICAgICJzdGF0dXMiOiJDT01QTEVURUQiLAogICAgICAgICAiYW1vdW50Ijp7CiAgICAgICAgICAgICJ2YWx1ZSI6MTA5Ljk5LAogICAgICAgICAgICAiY3VycmVuY3kiOiJFVVIiCiAgICAgICAgIH0sCiAgICAgICAgICJkZXNjcmlwdGlvbiI6Ildyb25nIG9yZGVyIiwKICAgICAgICAgInBhcnRuZXIiOnsKICAgICAgICAgICAgImNvbW1pc3Npb24iOnsKICAgICAgICAgICAgICAgImZlZSI6ewogICAgICAgICAgICAgICAgICAidmFsdWUiOjEuMjUsCiAgICAgICAgICAgICAgICAgICJjdXJyZW5jeSI6IkVVUiIKICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgIH0sCiAgICAgICAgICJ0eXBlIjoiRlVMTCIsCiAgICAgICAgICJjcmVhdGVkRGF0ZSI6IjIwMjAtMTEtMjVUMTU6MTQ6MzguMjI2WiIsCiAgICAgICAgICJib29rZWREYXRlIjoiMjAyMC0xMS0yNVQxNToxNTo1MC4xNDBaIgogICAgICB9CiAgIF0sCiAgICJwYWdpbmF0aW9uIjp7CiAgICAgICJmaXJzdCI6dHJ1ZSwKICAgICAgImxhc3QiOnRydWUsCiAgICAgICJjdXJyZW50UGFnZU51bWJlciI6MSwKICAgICAgImN1cnJlbnRQYWdlRWxlbWVudHNDb3VudCI6MiwKICAgICAgInBhZ2VTaXplIjoxMCwKICAgICAgInRvdGFsUGFnZXMiOjEsCiAgICAgICJ0b3RhbEVsZW1lbnRzIjoyLAogICAgICAicGFnZUxpbWl0RXhjZWVkZWQiOnRydWUKICAgfQp9.Q1ydhLIDwWM4WX_bISLiMvfSSvd7DtOvcXLhwFyygYs8vZVDVrTpGCZOHAY9wpfEc0DcAbPZfC-i3EX5hf7Z_D5RbmOzBV3oazWRKZNuf8WflGI2K8J--gJNwuJKUq01tqVab2WLKv_EF7_zybuP9SZmhgKYJnZbz0AIiDW3H4hmieRm6GLjImSXNphel-eg4q4dT83wRndnmxpFdu_lbUa5BiQn9MrEk0uHdOVVnqP8vtZcfvlfF8KGoEAyCn7vFZGMBNmyaUXtipd3PRiXyepgV4oKfUTUbpOYdSBrilUHvDrvhXHmX9Kx0g7SVOfHRrs3WDfXZe9telxnljARTg
The list of refunds can be viewed in the Merchant's panel on the refunds list or can be get using the resource below.
Resource
GET <CONOTOXIA_PAY_HOST>/refunds
See server addresses
Request headers
Name | Value | Remarks |
---|---|---|
Authorization | Bearer <access_token> |
It must contain a Bearer access token. For more information, see Generating access token. |
Query parameters
Field name | Type | Required | Description |
---|---|---|---|
paymentIds | String | NO | Payment identifiers (the paymentIds parameter must be duplicated in the request e.g. /payments?paymentIds=PAY772237692548117&paymentIds=PAY815576576741391 ) |
refundIds | String | NO | Refund identifiers (parameter refundIds must be duplicated in the request e.g. /payments?refundIds=REF192843325139567&refundIds=REF942484723821414 ). |
externalRefundId | String | NO | External payment identifier. |
createdDateFrom | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of refund creation from. |
createdDateTo | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of refund creation to. |
bookedDateFrom | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of refund booking from. |
bookedDateTo | String | NO | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of refund booking to. |
pageNumber | Number | NO | Page number. |
pageSize | Number | NO | Number of elements per page. |
sort | String | NO | Sorting criteria. |
Sort field value for refunds
You can sort the following fields:
- createdDate
- bookedDate
- amount
To sort in descending order by the refund creation date, enter a value: refundDate,DESC
.
Response body
Response object containing refund data
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
data | Array | YES | max. 100 elements | List with elements of the Refund type. |
pagination | Pagination | YES | Metadata of the returned page. |
A Refund object containing refund details
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
refundId | String | YES | max. 40 characters | Refund identifier in the Conotoxia Pay system. |
externalRefundId | String | NO | max. 64 characters | Refund identifier in the Partner system. |
status | String | YES | max. 20 characters | Refund status. Values according to the life cycle of the refund. |
amount | Amount | YES | Refund amount with the currency. | |
description | String | YES | min. 1 character max. 128 characters | Refund description. |
partner | Partner | NO | Partner details. | |
type | String | YES | max. 20 characters | Refund type. |
createdDate | String | YES | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of created refund. |
cancelledDate | String | NO | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of cancelled refund. |
bookedDate | String | NO | max. 128 characters | Date and time (according to ISO 8601 format YYYY-MM-ddTHH:mm:ss.fffZ) of booked refund. |
The type
field can take the following values:
Value | Description |
---|---|
PARTIAL | Partial refund |
FULL | Full refund |
Partner object containing partner information
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
commission | Commission | NO | Fees incurred by the Partner. |
Amount object including refund amount and refund currency
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
value | Number | YES | Amount. Max. 19 characters with support for 2 places after the decimal separator (a dot (.) is used as the decimal separator). The number of places after the decimal separator depends on the currency and is given in the List of supported currencies. | |
currency | String | YES | 3 characters | Currency code according to ISO 4217. Allowed currency codes are defined in the List of supported currencies. |
Commission object including information about refund fees charged
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
fee | Fee | YES | Fee amount with the currency. |
Fee object containing the refund fee value
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
value | Number | YES | Amount. Max. 19 characters with support for 2 places after the decimal separator (a dot (.) is used as the decimal separator). The number of places after the decimal separator depends on the currency and is given in the List of supported currencies. | |
currency | String | YES | 3 characters | Currency code according to ISO 4217. Allowed currency codes are defined in the List of supported currencies. |
Pagination object containing metadata of the returned page with refund data
Field name | Type | Required | Description |
---|---|---|---|
first | Boolean | YES | Defines whether the returned data are on the first page. |
last | Boolean | YES | Defines whether the returned data are on the last page. |
currentPageNumber | Number | YES | Defines the number of the returned page. |
currentPageElementsCount | Number | YES | Defines the number of elements on the returned page. |
pageSize | Number | YES | Defines the page size. |
totalPages | Number | YES | Defines the number of available pages. |
totalElements | Number | YES | Defines the number of available elements. |
pageLimitExceeded | Boolean | YES | Defines whether the page limit has been reached. |
API errors
The GET /refunds method can only return technical errors.
Refund notifications
Object sent to the notificationUrl address provided by the Partner:
{
"refundId": "REF4589632145896",
"paymentId": "PAY78349563479853",
"externalPaymentId": "121/06/2018",
"code": "COMPLETED",
"type": "REFUND"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJyZWZ1bmRJZCI6IlJFRjQ1ODk2MzIxNDU4OTYiLCJwYXltZW50SWQiOiJQQVk3ODM0OTU2MzQ3OTg1MyIsImV4dGVybmFsUGF5bWVudElkIjoiMTIxLzA2LzIwMTgiLCJjb2RlIjoiQ09NUExFVEVEIiwidHlwZSI6IlJFRlVORCJ9.Mv-U08X_UOtLzt6V5jrPDJWXXYH--H9K3jdjCg9gTAyqg3gDqAJtpe2J0DxvqjtY-qV4HjR94nmcAuVyeVTQMvD4jiBYERNkPH4kUVsZ7bGy9hkvUbFTb9ijD62ZYLQHwXERqUpcEHEX_v_RttvBjrBJ0rTbHoyv-0CMjE3pUl9Oy8tFY2btwcXDWjeQ3PUuBOefscf8-n12LR7BkDU_Alzv_ZI7L6cUMbRby5vkz-Lpi5-aQ7J1YMWthTkxSQc0lLfxBT6GatOiFx1rnH7CyKvDlrH_sCd_P9ggs-3JfqscIBMozvqkaWCgW9nAzfeLJKOylHYU51KYTc8H65nXtQ
Request headers:
Content-Type: application/json
Content-Type: application/jose+json
After ordering a refund by the Partner, an asynchronous refund process is carried out. As part of the process, notifications of status changes are sent to the notificationUrl address provided by the Partner when creating the refund or when configuring the point of sale. Notifications are sent by POST method and may be delivered to the Partner's system in a random order. This is due to the fact that there may be delays between the Conotoxia Pay system and the Partner's system or the system may be unavailable at the time of sending the notification. If the Partner receives one of the notifications ending the refund process, he should not react to other notifications that will be delivered to his system for a given refund.
Below is a description of the message parameters, which is sent to the Partner.
RefundStatus object
Field name | Type | Required | Limit | Description |
---|---|---|---|---|
refundId | String | YES | max. 40 characters | Refund identifier in the Conotoxia Pay system. |
externalRefundId | String | NO | max. 64 characters | Refund identifier in the Partner system. |
paymentId | String | YES | max. 40 characters | Related payment identifier in the Conotoxia Pay system. |
externalPaymentId | String | YES | max. 64 characters | Related payment identifier in the Partner system. |
code | String | YES | max. 14 characters | Refund status. |
type | String | YES | max. 7 characters | Notification type. Value for refund REFUND . |
maxRefundAchieved | Boolean | NO | Whether it is possible to create next refund for the same payment. | |
additionalParameters | Object | NO | max. 1024 characters | Additional parameters defined in create refund request. |
The code field can take values from the table below (corresponding to refund statuses):
Status | Description |
---|---|
NEW | The refund has been created. |
PROCESSING | The refund is processed. |
PENDING | The refund is awaiting cash. |
COMPLETED | The refund has been successfully completed. |
CANCELLED | The refund has been cancelled. |
API errors - technical
Description of errors returned by Conotoxia Pay API for all shared resources.
400 Bad Request
Response headers:
HTTP/1.1 400 Bad Request
Content-Type: application/problem+json
HTTP/1.1 400 Bad Request
Content-Type: application/jose+json
Response body:
{
"title": "Bad Request",
"status": 400,
"detail": "Unexpected character ('f' (code 102)): was expecting comma to separate Object entries"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0aXRsZSI6IkJhZCBSZXF1ZXN0Iiwic3RhdHVzIjo0MDAsImRldGFpbCI6IlVuZXhwZWN0ZWQgY2hhcmFjdGVyICgnZicgKGNvZGUgMTAyKSk6IHdhcyBleHBlY3RpbmcgY29tbWEgdG8gc2VwYXJhdGUgT2JqZWN0IGVudHJpZXMifQ.Ou8rJviQ9T2Ebj9Q7Wwza0T4G6EIFBRbWCIuEX8bBjVwW8OL_hvqYYC_4lbAMkp2Si6rlzp373Pj4wlkxxX0hkub91wsMDDUHDkEysOXJY9jOGoUOgHmZTP7JrvGdEZcN8DtUulTn55s_rNxSO66-IKYoOOcFwEAL_0zJ4aDb8mXdcY_gmgLyVnq4EKJL2lBai88UG63mRayWiiIWR5I-UFvsQ8X0wRSrEzJwzz7zOl-DeKoku5dZTIwqtPOksy4BMJXDFLlcDg5MvIFa40yO1M8Hn8SN2bxMCCgo3NkzXC4RZ3lgAHyyvpLdHsJdfiU1iqz8YhgeV1MuxqaJ-sCEQ
Returned when a request has an incorrect structure.
401 Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
Content-Type: application/problem+json
HTTP/1.1 401 Unauthorized
Content-Type: application/jose+json
Response body:
{
"title": "Unauthorized",
"status": 401,
}
eyJhbGciOiJSUzI1NiIsImtpZCI6Il8yNzVUd3dYOVhtaVotak1wLTJwNDZ0SUsyZE0tR2xWM3dYTU1GUTM5UUEifQ.ewogICAgInRpdGxlIjogIlVuYXV0aG9yaXplZCIsCiAgICAic3RhdHVzIjogNDAxCn0K.wvj-U9YSpJlo5bG35qnBW6N-EGMYw2kURvibSSJbpl3dtVhHlQCdQQ9vicDUhrhTXrLd39DHg-r1Zyhj6b6WFmQvteci-bRu-kU97K0tiTqbWY2TeK9BD9Zbf5pI0U4bFqBAddK4nm2WGYGwsDBO2qeFKSLcVL5UGHowGwortl7DCsscIBjtsjUq_eNClwXsAPPt9UaFLZSXNf4WIy62LOl3ZCvFx-lBzYaKxC4cCewIznFo33epLJxE35xoFGu_3lcI2u1JFG5PUi7W5RKHmEQhnGwaobRkJ0mdAG76Ut-X8c7WoEuCk7E5MDeEoDf-BcISgVfn-lIyY5eGsZs4nQ
Indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
403 Forbidden
Response headers:
HTTP/1.1 403 Forbidden
Content-Type: application/problem+json
HTTP/1.1 403 Forbidden
Content-Type: application/jose+json
Response body:
{
"title": "Forbidden",
"status": 403
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0aXRsZSI6IkZvcmJpZGRlbiIsInN0YXR1cyI6NDAzfQ.Wwp9fE54f3KclIVvGVdU3ZpUGZ4qZtC4PTyLXyAJRdqlDTcyDjIJ1ccGVKLv1YYdd_TZewiVqMR_iKCMeAoKlrFq8qsPH8NRXfJ4LCOopfF9i9zdfLkNXIVJkqm_1H-qsU9AvorPSB1mqNKy4MYfj5k-KWN559yFagBL4P2shwR3Ee0_cDy8A11fbR_8jzs5nU-hWOFR5qME7QG7leEM9ZRuna2ogRShEhXMqbThRnbDLU73uVWPmlj_5hJ8FBDjl_v5KrUBOKDFp2Hdq1t9sjzqvJPzuKYr_J6rWLa3FTlOv6ew4RuvWDgUTCJW_xaQMKSC181OgtSuYcUlH7XISg
Returned when the customer does not have access to requested resource.
405 Method Not Allowed
Response headers:
HTTP/1.1 405 Method Not Allowed
Content-Type: application/problem+json
HTTP/1.1 405 Method Not Allowed
Content-Type: application/jose+json
Response body:
{
"title": "Method Not Allowed",
"status": 405,
"detail": "Request method 'PUT' not supported"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0aXRsZSI6Ik1ldGhvZCBOb3QgQWxsb3dlZCIsInN0YXR1cyI6NDA1LCJkZXRhaWwiOiJSZXF1ZXN0IG1ldGhvZCAnUFVUJyBub3Qgc3VwcG9ydGVkIn0.HScFAydfT_EHZwvbkT_izwBUAlb3CCt_X6nhs_XQxkHrbpQL1hDg5JrcxYGsC5O14yXgnwUMxKlc7YO66X1j9CZAbRxL5Hi95NKMJZuh0BM1geweQYGvBbrRrd6GylK-4Me5Nllr-nJkry1h7yPlYrbVo1KBVA6gT88j9yJuWhr7OWfW0-2LbQlHEwYvhr9Df0b6Yr1noqOV7Wb7sO8yvqSi9S5oCqVbsFPqRr8Pz7H41m7qcVKM9sTUlN82F5AFMI-jk6gqu3zcvJPdXcQNmLVn7nVXIItfPfvr0wyGCKHECq--d5bhBjL-1ARUv4rz8A0FgsINqTyz25JqHwQ_YA
Returned when the method called on the resource is different than defined
409 Conflict
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"title": "Conflict",
"status": 409,
"detail": "Currency from paymentData.totalAmount is different than the currency from products"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0aXRsZSI6IkNvbmZsaWN0Iiwic3RhdHVzIjo0MDksImRldGFpbCI6IkN1cnJlbmN5IGZyb20gcGF5bWVudERhdGEudG90YWxBbW91bnQgaXMgZGlmZmVyZW50IHRoYW4gdGhlIGN1cnJlbmN5IGZyb20gcHJvZHVjdHMifQ.I9UnyltseJc-47VPDzwrRQ-i1rL1Y_y6mNAI7BEOEgkQ2rH8cKGE1oTeNI0wqbVaTCXYiCE95wDVFHJz4UGbwZWthMpHEt6IGcPj-OrxDREDnRgTPfyIRkTLIbud8BSHaQvdpSgJBneGe5BSIRDeu0Mo9h9ATo0b5lltQq_R4bb9zpAni6xQ2oO-XI2blPx2A2OvHr89D96gdMVUa6pWI_HIzixDsUMTXbDwO0DlC6jCLMv81_v4VWZuUMQ9dmiP0PsnodOKLZkxKc03X5Ymnfz6nrMdqZKiWdBK7StwReucW38itcxWsiKyZ3oMYzFKYWUdWQNH3pGoghzBZcbGNg
Returned when business validation errors occur.
415 Unsupported Media Type
Response headers:
HTTP/1.1 415 Unsupported Media Type
Content-Type: application/problem+json
HTTP/1.1 415 Unsupported Media Type
Content-Type: application/jose+json
Response body:
{
"title": "Unsupported Media Type",
"status": 415,
"detail": "Content type 'application/x-www-form-urlencoded' not supported"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0aXRsZSI6IlVuc3VwcG9ydGVkIE1lZGlhIFR5cGUiLCJzdGF0dXMiOjQxNSwiZGV0YWlsIjoiQ29udGVudCB0eXBlICdhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnIG5vdCBzdXBwb3J0ZWQifQ.Q7ri8IKmShewu9w2jNCZykGyP51lX-DoExwEbrcjwMjXrIwFRhiVNALRMySwULfoTOnIfk9fq7Je5Txuv-ftM-JSJ0Dif_rrRfcLigRUm0XBPzKLAl675uG4pRSvj5ZtJ9g98ti_zLbarSiYTjwouGqgKmsfz_K9ZwdNM8NCnB3X7G9z0CKchYRtFemprULYRYxBVymFr6on9mkeNsPc72q9TeQB0hXVmLTaNVGro_0yae7_avL0AOjKwY5AXrxCBRxuyhcYsSl_i2PJF5mGbitZFoPNidL16eL4xovVA-mMcuOKldEUpFilvAOCHrbCggAr3BQpauZVyiokRqi5Fw
The sent request body is of the wrong type.
500 Internal Server Error
Response headers:
HTTP/1.1 500 Internal Server Error
Content-Type: application/problem+json
HTTP/1.1 500 Internal Server Error
Content-Type: application/jose+json
Response body:
{
"title": "Internal Server Error",
"status": 500
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0aXRsZSI6IkludGVybmFsIFNlcnZlciBFcnJvciIsInN0YXR1cyI6NTAwfQ.Lm349V3_rGQ-iW0YnARC6BZxhP8duh2NurOR_fyEtOp4EIc70PGupAr_A81gerc85ixEtS3Ux0DVZPxWIjbA8l9VyUk48fhpLPvC6hYk5b79fZ4YmHtkDdICpP0OT9YKeZhx3Htrhmn7BsP-cFLNudV_shod0GtGHa-ONBx56J4iV37EzQH4atThkusHiRW4p8NzuwRch9I-hnS26aR3KhDmiWQl0xsKDYrPnOu3-45vufpfl4qZ0gPDhsKGgsts9zVI1GONskf5-GJSLYLRstq39dxNGv_ZLRQ3IU1kxQHW4S1CmN8fbchxeA619WCh9NUdZOacu3jTXpBZlICX9w
An unexpected error occured.
503 Service Unavailable
Response headers:
HTTP/1.1 503 Service Unavailable
Content-Type: application/problem+json
HTTP/1.1 503 Service Unavailable
Content-Type: application/jose+json
Response body:
{
"title": "Service Unavailable",
"status": 503
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0aXRsZSI6IlNlcnZpY2UgVW5hdmFpbGFibGUiLCJzdGF0dXMiOjUwM30.C2_7xbFp0VJu141nO0fr5cUHKOipLic6XzY7_7Jqu0G8UkyjdCq4W8spggDsLIycfoDpzeJYuGkuIEJEK6Rh2phPiCBaphDHYmTYJPhy3lTPlxElIPya4Ml8WCr9Hf3-zec5NlOzCZDJRUcysjQOo4eI15LB--0YU2Fo4au7metxuZ83N71j0o-DJha083Em3VnmWNH4QE92983EUYPnEP0Y2jBjI-cEEZHgGe1ADzon7wrY60WIOKvvZ2WlDiWb_-cs6aLtLcNYAs5Fw1IB9L6OlCKuTmWM0OFwpeTvpQUCt1UGT4GGZw2rYBsgxsSvyUJOPdyskrFrIzmK7ypJsA
Service is not available.
API errors - business
Description of errors returned by Conotoxia Pay API, whose type is defined by the type key.
invalid-jws
Response headers:
HTTP/1.1 400 Bad Request
Content-Type: application/problem+json
HTTP/1.1 400 Bad Request
Content-Type: application/jose+json
Response body:
{
"type": "invalid-jws",
"status": 400,
"title": "Invalid JWS",
"validation-errors": [
{
"message": "Header 'kid' is missing",
"message-key": "KidHeaderMissing",
"context-key": "jws"
}
]
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiaW52YWxpZC1qd3MiLCJzdGF0dXMiOjQwMCwidGl0bGUiOiJJbnZhbGlkIEpXUyIsInZhbGlkYXRpb24tZXJyb3JzIjpbeyJtZXNzYWdlIjoiSGVhZGVyICdraWQnIGlzIG1pc3NpbmciLCJtZXNzYWdlLWtleSI6IktpZEhlYWRlck1pc3NpbmciLCJjb250ZXh0LWtleSI6Imp3cyJ9XX0.ZiOPshS9m_DC_ZqKC-PZ-1EdCKcMXTtkuBzhTuCMKRBBLEMZ2B2e5kWxA2b8MLHrGOVeHfbePqFBozf9jLnoP7b0l_zSUrVcaMBvODwQ_jKjBai1GRH6vRDS16NHSFfnup0HTu2mX5RWF21FfFpoO3DDOGx17ngKPSte_5j1O3t-iZGvmZoxG1VDH3WCXmp0dPBmuq23Orsda-1hNcvM2Olz9sFFK7jQDWA9H-Pf0Su1XJrC9QnQCeHojlQZ0MsGAv0lQc59Pl7qUYgNCu3hIT7DwHvdaQwR2DETroEJuV7n4b6SiP5TLHbi94C7kMEwCB-T9WtERTsTojD4id0jPg
Returned when the format of the JWS request is incorrect:
- header
kid
is missing (message-key: KidHeaderMissing
), - header
alg
is missing (message-key: AlgHeaderMissing
), - header
alg
contains unsupported algorithm (message-key: UnsupportedAlgorithm
).
invalid-pem
Response headers:
HTTP/1.1 400 Bad Request
Content-Type: application/problem+json
HTTP/1.1 400 Bad Request
Content-Type: application/jose+json
Response body:
{
"type": "invalid-pem",
"status": 400,
"title": "Can not read public key from PEM",
"detail": "Can not read public key from PEM"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiaW52YWxpZC1wZW0iLCJzdGF0dXMiOjQwMCwidGl0bGUiOiJDYW4gbm90IHJlYWQgcHVibGljIGtleSBmcm9tIFBFTSIsImRldGFpbCI6IkNhbiBub3QgcmVhZCBwdWJsaWMga2V5IGZyb20gUEVNIn0.gD_vJFnDZOP3TyWrT7qZcTMlMMq4oExAsglE6gKwjmXdawHTYSatavxBW3Xw6P5w8JPCtyS_JtERg5gLPfrZiu3wfgxC27cLN33kIyfT4HH4OpuNTSpQyhmf7zYksIfXSsUFsFLX_FbFK9-hLbH8iUj6ryJOUj4hXHxSAUPtl45z5yqRyWADC_wQDmYzuoSW_ULzTEBYnQkt63950AODXtJHxDskaMIYFfzKoWIPiSRDdluPfTALua4iN8rKqNL9RSaMHx0UKX3wTJk1qaQDicpVkXvTydpgX5hnXwaPsd38lSSyMh1CR0Vn5aZmLssO21kwKhuyacmHOwU6imljdQ
Returned when the sent public key is incorrect.
invalid-public-key
Response headers:
HTTP/1.1 400 Bad Request
Content-Type: application/problem+json
HTTP/1.1 400 Bad Request
Content-Type: application/jose+json
Response body:
{
"type": "invalid-public-key",
"status": 400,
"title": "Invalid public key",
"detail": "Invalid public key"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiaW52YWxpZC1wdWJsaWMta2V5Iiwic3RhdHVzIjo0MDAsInRpdGxlIjoiSW52YWxpZCBwdWJsaWMga2V5IiwiZGV0YWlsIjoiSW52YWxpZCBwdWJsaWMga2V5In0.SIWrgXX6OuvFsjH-10ON59jO1X6SJrBKzyyJj0Qp_sN4tkHn2kP8PXKvIBJkxwyfAKvTtOinq5PwivEHP8oyVm_JpMUtgkGRHGzU91LGzn-SnbqT5oydzfBwQWgHevvgZ3bGeSo72F2L3Ahaq0UmtID9G-mx8otoW6iU2JArhV-0LfZn1bwzxJydiLie7AFBMi4ekJ6ksewL5RPZRgPEs_BR-sPapbym4eL51vr70n8Vbe3O_PJcEbrYml0yx4BXqdDI_0NDsU7JoV6aekOyoU_9s0PjRqtKqa-Oz5C-wyXwtr-4mIy23AtEZMi8AS0loWnoFpPbX7T4E6PM1PMC2A
Returned when adding a new public key, the key will be incorrect.
sample-text-signature-not-match
Response headers:
HTTP/1.1 400 Bad Request
Content-Type: application/problem+json
HTTP/1.1 400 Bad Request
Content-Type: application/jose+json
Response body:
{
"type": "sample-text-signature-not-match",
"status": 400,
"title": "Sample text signature not match",
"detail": "Sample decoded text must have signed with SHA-256 signature"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoic2FtcGxlLXRleHQtc2lnbmF0dXJlLW5vdC1tYXRjaCIsInN0YXR1cyI6NDAwLCJ0aXRsZSI6IlNhbXBsZSB0ZXh0IHNpZ25hdHVyZSBub3QgbWF0Y2giLCJkZXRhaWwiOiJTYW1wbGUgZGVjb2RlZCB0ZXh0IG11c3QgaGF2ZSBzaWduZWQgd2l0aCBTSEEtMjU2IHNpZ25hdHVyZSJ9.aBsf1MOmQc4eadXoaBQG7Pj2klmwNUfC1CFbBYc_1-krZOIXhBBff6lLa9ozDEqQeVh1CEnNPQ_ZxQzsfNYK4-wUIiE1F1ar1B29YQdb7YFqw9vAct3t8Tc5SfMO7LrbkpG6gSI1ox6tUFL9g6atwOwZF33kkPME4n5pKyxbBL2fK5hElcOqITJrmJnMxmZAOYPkgoj_dwtuK7PDREKO_E9YdXF8GBibCJnTJFnovXdfLIYfM4NS3pSgWUHFysLZS9Y4RxLJff9rGfXhX0i3KjxbLFhHgn_tBrKfgfCd7ysAb2aTMqAba15ULNPBNjRG8k4B-zpKGbVRRlSF5BFDhg
Returned when adding a new public key, an example message in the encodedText field was signed with a different signature than SHA-256.
validation-error
Response headers:
HTTP/1.1 400 Bad Request
Content-Type: application/problem+json
HTTP/1.1 400 Bad Request
Content-Type: application/jose+json
Response body:
{
"type": "validation-error",
"status": 400,
"title": "Request parameters are not valid",
"detail": "Property 'category1' with value 'E_COMMERCE' is unknown for object 'PaymentData'",
"validation-errors": [
{
"message-key": "unknown-property",
"context-key": "category1",
"message": "Unsupported 'category1' property"
}
]
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoidmFsaWRhdGlvbi1lcnJvciIsInN0YXR1cyI6NDAwLCJ0aXRsZSI6IlJlcXVlc3QgcGFyYW1ldGVycyBhcmUgbm90IHZhbGlkIiwiZGV0YWlsIjoiUHJvcGVydHkgJ2NhdGVnb3J5MScgd2l0aCB2YWx1ZSAnRV9DT01NRVJDRScgaXMgdW5rbm93biBmb3Igb2JqZWN0ICdQYXltZW50RGF0YSciLCJ2YWxpZGF0aW9uLWVycm9ycyI6W3sibWVzc2FnZS1rZXkiOiJ1bmtub3duLXByb3BlcnR5IiwiY29udGV4dC1rZXkiOiJjYXRlZ29yeTEiLCJtZXNzYWdlIjoiVW5zdXBwb3J0ZWQgJ2NhdGVnb3J5MScgcHJvcGVydHkifV19.FR68VXiW-UunA7ttQgb02acaB2Klk1nP6aTTstQ2ojJALbQZac7HcJdzhee0W7s3sUTIE-aUFz2mtaIQVtNX-wXGTZ_fBoORb8MGZiddeQAcq2AnCW1O8KX5R2hZzoj_25HzF3CLHHHOGKBHLPbVw0YIqMoCIXLJuNyP63zvLg8rJNUirnD-_Th_yiH4izEWZwsAlQlMW6AECIYfxjg7KEZHEdirtg5wzUZTFLHMIaO3PiJCcFxDx2kuSzGH7QhUv2YfRttsERmZWTTI-MEfmihyqNe_AWR9Eq6Pd4Pcg1sjwSNcpBkeRATg0P-GC63KoZADSi9e7pv5vJQSGKbpjw
Returned when specified request parameters are incorrect.
payment-not-found
Response headers:
HTTP/1.1 404 Not Found
Content-Type: application/problem+json
HTTP/1.1 404 Not Found
Content-Type: application/jose+json
Response body:
{
"type": "payment-not-found",
"title": "Payment not found",
"status": 404,
"detail": "Payment identified by myGr2rDrbreYhLwTxmZes1J6qTqXcVZsSeMB3elwovvscmnChm token not found"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicGF5bWVudC1ub3QtZm91bmQiLCJ0aXRsZSI6IlBheW1lbnQgbm90IGZvdW5kIiwic3RhdHVzIjo0MDQsImRldGFpbCI6IlBheW1lbnQgaWRlbnRpZmllZCBieSBteUdyMnJEcmJyZVloTHdUeG1aZXMxSjZxVHFYY1Zac1NlTUIzZWx3b3Z2c2NtbkNobSB0b2tlbiBub3QgZm91bmQifQ.TxMbv4nbfWRX5LrWOBCpTU7tHm-r5Hk2nzYL9MONAcPCPfYuO9MTr0dqdmCGy6W0fso7Ka_KFgFUDI5IMD6K_cu0fmQEfHsfXWrMTjENWbDmBS5varbrKtwRpjkHcND--Jegsgo5l6ToHC9beqY-DZn0hVg8dzAPS2y4J0e1UwEtUcAOQsCIM1ASrK-t0oO-j9Oi4K6-a1yEU9m_GmAIVV7hSG2xOmGQUwn6ATdPSRWn83mbnJbOqPESsn4Mqye4IM53i7aKgw5tOKvez3NgCJ20sQHraHAndfqoSc4vpRHqcGEvRcuMnknv2qaXvSvosERPxWocvH_YajqGj5C7CQ
The payment identifier is invalid.
payment-expired
Response headers:
HTTP/1.1 410 Gone
Content-Type: application/problem+json
HTTP/1.1 410 Gone
Content-Type: application/jose+json
Response body:
{
"type": "payment-expired",
"title": "Payment expired",
"status": 410,
"detail": "Payment with identifier PAY715037422182587 expired"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicGF5bWVudC1leHBpcmVkIiwidGl0bGUiOiJQYXltZW50IGV4cGlyZWQiLCJzdGF0dXMiOjQxMCwiZGV0YWlsIjoiUGF5bWVudCB3aXRoIGlkZW50aWZpZXIgUEFZNzE1MDM3NDIyMTgyNTg3IGV4cGlyZWQifQ.GCuNAcmY907pl4Q1ge629UencSPpTxrw_vDFnqwhhgJo46cuvX6YicEyrq5rtC-OBOvkb3S9ZKjFqerXRTFaMbJPKm6ip-1Xjqjc90xizFSu1hSNuJWSD9JrhqXyrKZWz9QHvHb5mQZW5tDItior_DekOtQzZzBSBEd1b403UG8aHHNbunlbwTM6IoXQbX8o1qXHfRqqqgKGumw1b6zprI1xG2rFD6CUMUAzhu6SGyk_8nx3euKG_EosVr-TQ_m42r9s6F1zL9l9l-TouHqe1Y0PkM1WZqmWnjtZZ7P0KfQf3mm6pNIBEYK_F2370lGNgSJe7RYsIxpRxr03VOy4SA
The payment token has expired or the payment has already been confirmed.
point-of-sale-not-found
Response headers:
HTTP/1.1 404 Not Found
Content-Type: application/problem+json
HTTP/1.1 404 Not Found
Content-Type: application/jose+json
Response body:
{
"type": "point-of-sale-not-found",
"title": "Point of sale not found",
"status": 404,
"detail": "Point of sale with identifier POS458963214589658 not found"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicG9pbnQtb2Ytc2FsZS1ub3QtZm91bmQiLCJ0aXRsZSI6IlBvaW50IG9mIHNhbGUgbm90IGZvdW5kIiwic3RhdHVzIjo0MDQsImRldGFpbCI6IlBvaW50IG9mIHNhbGUgd2l0aCBpZGVudGlmaWVyIFBPUzQ1ODk2MzIxNDU4OTY1OCBub3QgZm91bmQifQ.edVVxd62DAqXQp55GKTGQx1hIZQXvUhYBVVe_ADlruRnGKCPUDvu-LN3yit5QCuqauYN82Q4e60hiI3ImUxxIFboI56l4hf4r0hmgMSzljfbvpCHvtdfAAAPuf2NQgRtN8Ftxmnr2I21-OSiGv1pNjl0iT_FkkULws2MJKWZvPcWgFiEXiwPPcK9IIaIEVc-Wi-RnH1vYUzzC-EDXVexDUWOZ9wxon4pwKVj-drUC2jVDYmsUOm60uqFKMacIL_VozqlZni-InD-oZxbB4ZmwZm7qY0FMBjx7lhxv0NsRxvN7SXjqOOCoUKL-ZsL8t6wdBK056ymq13sFzdMtuv0iQ
The point of sale identifier is incorrect.
store-not-found
Response headers:
HTTP/1.1 404 Not Found
Content-Type: application/problem+json
HTTP/1.1 404 Not Found
Content-Type: application/jose+json
Response body:
{
"type": "store-not-found",
"title": "Store not found",
"status": 404,
"detail": "Store with identifier STR458963125698745 not found"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoic3RvcmUtbm90LWZvdW5kIiwidGl0bGUiOiJTdG9yZSBub3QgZm91bmQiLCJzdGF0dXMiOjQwNCwiZGV0YWlsIjoiU3RvcmUgd2l0aCBpZGVudGlmaWVyIFNUUjQ1ODk2MzEyNTY5ODc0NSBub3QgZm91bmQifQ.OPcCLDrHeWZmNRc5jbY0AW1vOrcuPWN4JHFOkJ_12pydWYlgQV4FWUkmvVIjSlGsIbUm1lcEUm2U0dKRNAYMwJStRLnG-UJkEOCogeHuPavElP0fg0tHbk-hxtxSaqqHndekjwni01aTwYepxG52OyPTJTDuUCVXASZy7LVl2zrzFIhZalnfbHBEDNrcsD0faMShmcSuB78ekIQwRYQpGguO_WhNd0E2gv6Txjh5QnpnE-FxHo4D14pZzF7HR5j1WZOBcaRj9qvPdtLhbbTqHicBfAmFnRC9uHEMjVSiRf3rJuzckvhjjz3lLoaC0XezZye7yP7-Lv2VGFxAU6WuGQ
The identifier of the shop linked to the point of sale is incorrect.
public-key-already-revoked
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "public-key-already-revoked",
"title": "Public key already revoked",
"status": 409,
"detail": "Client public key with kid lpSoenUSsyxPtZlkP3tGLH9iPLZn1L4zf0G9jUhX3zQ already revoked"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicHVibGljLWtleS1hbHJlYWR5LXJldm9rZWQiLCJ0aXRsZSI6IlB1YmxpYyBrZXkgYWxyZWFkeSByZXZva2VkIiwic3RhdHVzIjo0MDksImRldGFpbCI6IkNsaWVudCBwdWJsaWMga2V5IHdpdGgga2lkIGxwU29lblVTc3l4UHRabGtQM3RHTEg5aVBMWm4xTDR6ZjBHOWpVaFgzelEgYWxyZWFkeSByZXZva2VkIn0.b8ynD7Vp2ShxJf6O2LAgat5JhEa-mdk7t0bHxCnWCG2RBkdo2LGPjogKWk850X9RBAHzCISOHgOiRu8zOKJKd5DlblgJeYSWhvpYXnt2H0vNUXkMst10MaWm06K0KUAVHATrK9FR0aloqPqcTSeklLjyGrNu4sRG3G_dJWNYH_s_IUCwUH7fAK050sGwCxyybNHQ0rZ0O3sozxpMZaaF0tYc7nLgr6ZiyDeFIdd9eC6SyFGNcuzEFG1c4G9ZiYjiBwRMAwu75dmyN-cRM2nJvHMNJ16CK8C4fOcPwY2ZXrjutdBejDAjhiRuGcXXFcEA1ydAdX8oOhpJTKGw-21Y-A
Returned when the key used for verification has been revoked.
public-key-is-not-activated
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "public-key-is-not-activated",
"title": "Public key is not activated",
"status": 409,
"detail": "Client public key with kid lpSoenUSsyxPtZlkP3tGLH9iPLZn1L4zf0G9jUhX3zQ is not activated"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicHVibGljLWtleS1pcy1ub3QtYWN0aXZhdGVkIiwidGl0bGUiOiJQdWJsaWMga2V5IGFscmVhZHkgaXMgbm90IGFjdGl2YXRlZCIsInN0YXR1cyI6NDA5LCJkZXRhaWwiOiJDbGllbnQgcHVibGljIGtleSB3aXRoIGtpZCBscFNvZW5VU3N5eFB0WmxrUDN0R0xIOWlQTFpuMUw0emYwRzlqVWhYM3pRIGlzIG5vdCBhY3RpdmF0ZWQifQ.Mb_Naf5LCuvvUpEmCU1nt4sCT9KFnPZcwl3Zq1fnT0Zu0vOOqyOGhAiYA69VxwkhZ170FHA3L6a_56qNx4sNjL9V2oIVs4zLg0HI6jjrqZUWdGEPUgQO3Iq35J1f_afKi4GVaSw3-q0L9eIGyBcumTB1948IR0pNzAGtuR_8ep7wO536lJLJwJod9auS-XEtHba4d0zxiGHy-bqLTZKSOH_xwqWHpUSN3ZI0pD2fiz9HT8rv4_tsE0du-O79ykVdFnG-kWiNowC5ZNBG6wdNRBDAWW2-RHmXVsPaanPEcZ5zhfM9Q7Rw-zDH_21hQ4XSwtf32xu15Y5Ipa03bB_37g
Returned when the key used for verification is not activated.
contract-category-not-supported
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "contract-category-not-supported",
"title": "Category not supported",
"status": 409,
"detail": "Partner contract not support E_COMMERCE category"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiY29udHJhY3QtY2F0ZWdvcnktbm90LXN1cHBvcnRlZCIsInRpdGxlIjoiQ2F0ZWdvcnkgbm90IHN1cHBvcnRlZCIsInN0YXR1cyI6NDA5LCJkZXRhaWwiOiJQYXJ0bmVyIGNvbnRyYWN0IG5vdCBzdXBwb3J0IEVfQ09NTUVSQ0UgY2F0ZWdvcnkifQ.VlRf2_U17qrfbwmPX2G3c6PvPzrwjChhHbGKl4DTBywtlNJhQnV7WkGGI1KG_uKU8h3m3RAj0pXX7tWSo58Wyv0fCZJEmtRL8mOQTCXfMfFPEVqXIr5krTbHfJIA7cgE0X2ucknvRFBMdtrJC70wcxR_wbAgi4UnDBItgS0YT5vmVfrAgbBDj6_NLJ9vhupZ4G4aav7BwV3MG9sI1g1CIpR2k1x1z9p29T6MO27yUXejKp1vCxACy6kWF1F947uabpDpkgqUnW08hem3cfIoO7ZofIXlyXGKIcQAIhluTm46AgIEgcW9p7GCnN9xLNFgC-91iMQNJ78KZ1RfLvpwyw
The category specified in the payment order is different from that defined in the contract.
payment-method-not-available
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "payment-method-not-available",
"title": "Payment method is not available",
"status": 409,
"detail": "Payment method ANY is not available"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicGF5bWVudC1tZXRob2Qtbm90LWF2YWlsYWJsZSIsInRpdGxlIjoiUGF5bWVudCBtZXRob2QgaXMgbm90IGF2YWlsYWJsZSIsInN0YXR1cyI6NDA5LCJkZXRhaWwiOiJQYXltZW50IG1ldGhvZCBBTlkgaXMgbm90IGF2YWlsYWJsZSJ9.fckM8zBoxoFQkEV-6tl9U_2WaEwB8J-lEm1JvQUIsIOoianhyFiAdROgpCMNj1J4BP4i1BvgiRbQzPLIk83gZAIh5e5CRazC_ThzzzKDa-cgCRuZiAyJVDGcOiq9z94MJjYW0YPNnZaPvQ0cTw67M5csPtJrG2KUXgCopHXHLcW_C16nFRUm22clr4OXzTX0yUr8qUY3H4FdFI9q6LkzsnugwJzYRkkiBCMM-zrFdYcCTzGLQQjejeUT0QEaVSIAx2-IGyk2f--UGYn4hCp6pbIJDa-NDlwZzDFJK53_foiQk7acnsW3djd1HTjP4nY4SjiYJnG3GJmKtZNCNBIG_Q
The selected payment method is not available.
transaction-below-limit
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "transaction-below-limit",
"title": "Transaction below limit",
"status": 409,
"detail": "The 0.01 EUR transaction is below the 1.00 EUR limit",
"limitType": "CURRENCY",
"money": {
"value": 0.01,
"currency": "EUR"
},
"limit": {
"value": 1.00,
"currency": "EUR"
}
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoidHJhbnNhY3Rpb24tYmVsb3ctbGltaXQiLCJ0aXRsZSI6IlRyYW5zYWN0aW9uIGJlbG93IGxpbWl0Iiwic3RhdHVzIjo0MDksImRldGFpbCI6IlRoZSAwLjAxIEVVUiB0cmFuc2FjdGlvbiBpcyBiZWxvdyB0aGUgMS4wMCBFVVIgbGltaXQiLCJsaW1pdFR5cGUiOiJDVVJSRU5DWSIsIm1vbmV5Ijp7InZhbHVlIjowLjAxLCJjdXJyZW5jeSI6IkVVUiJ9LCJsaW1pdCI6eyJ2YWx1ZSI6MS4wLCJjdXJyZW5jeSI6IkVVUiJ9fQ.YHIf3PxPqdUlrCh68ycOTgaw01q5jbVfIrlHtfQv_dLbQpEYpXZdqTd8PUB5nZYCuFzhU88aC7TW0kdsAdFrRCUMjxAx5Gas2p2YtL4QGONdpUV-bi8jtOvk9zMnzZY5_j-fPZ4pkUYX3vTdFOJh2-S5CB8dYj0M4behdTwABxzwuVDpw2OMUiVXGA4QDfL-GBSOr3arEnCwqcbAhoq_ocszrP1rozALocGy7Q7Z2J8sP-I9DJEe2JDfslUo4R9SMqBNDYmXW_48FVK9XFWi5TliyIFGa-vnzxW6MvLtV-iRtFYsNZpMydkCRJs3Giw42PFvAZN-OpiEKdL2q1hKgg
The transaction amount is below the limit.
Possible limitType
field values:
Value | Description |
---|---|
CURRENCY | The indicated payment amount is below the defined value for a given currency. |
COMMISSION | For the selected payment method, the fees exceed the transaction amount. |
transaction-above-limit
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "transaction-above-limit",
"title": "Transaction above limit",
"status": 409,
"detail": "The 250000.00 EUR transaction exceeded the 200000.00 EUR limit",
"limitType": "PAYMENT_METHOD",
"money": {
"value": 250000.00,
"currency": "EUR"
},
"limit": {
"value": 200000.00,
"currency": "EUR"
}
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoidHJhbnNhY3Rpb24tYWJvdmUtbGltaXQiLCJ0aXRsZSI6IlRyYW5zYWN0aW9uIGFib3ZlIGxpbWl0Iiwic3RhdHVzIjo0MDksImRldGFpbCI6IlRoZSAyNTAwMDAuMDAgRVVSIHRyYW5zYWN0aW9uIGV4Y2VlZGVkIHRoZSAyMDAwMDAuMDAgRVVSIGxpbWl0IiwibGltaXRUeXBlIjoiUEFZTUVOVF9NRVRIT0QiLCJtb25leSI6eyJ2YWx1ZSI6MjUwMDAwLjAsImN1cnJlbmN5IjoiRVVSIn0sImxpbWl0Ijp7InZhbHVlIjoyMDAwMDAuMCwiY3VycmVuY3kiOiJFVVIifX0.dhQxLLsPdU2OLLaeC46wpk2FzG3pcSj1_WOLWqQxrvQqzSYv85k0Vu4u2KVxxuO6cnnDT-J73w1Z9yeocDV2Ic90RvKVlQDG9GGn0cfpoC4LrqWB8OfDXDbFxNyfEWnIx7T_7-qWrS_kF9ZdxkTPHenzU2rFK-L_Gf_ez973BWCPd2ewGtnTgpFldziwGWce54N1so-f6crsR4nY_4z0SztK-Blu9L6sBWLSlNw0HXc_Fu8pCW_ADAadAysuxvRlR2w7c2NdxeLz9qOB2E2T_pB1piEchHs456_q2oKR-lzYEUoBBgNt0Lk4giWSA8tAvBK44BoT3Jn2OOQBy5tELw
The transaction amount is above the limit.
Possible limitType
field values:
Value | Description |
---|---|
PAYMENT_METHOD | The limit applies to the selected payment method. |
POINT_OF_SALE | The limit applies to the point of sale. |
payment-not-completed
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "payment-not-completed",
"title": "Payment not completed",
"status": 409,
"detail": "Payment with identifier PAY219171134105423 is not completed"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicGF5bWVudC1ub3QtY29tcGxldGVkIiwidGl0bGUiOiJQYXltZW50IG5vdCBjb21wbGV0ZWQiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiUGF5bWVudCB3aXRoIGlkZW50aWZpZXIgUEFZMjE5MTcxMTM0MTA1NDIzIGlzIG5vdCBjb21wbGV0ZWQifQ.V1kAPtSnwLtNK14yPdnQlI__PUjgfgrG0a3munPpp8zZJuzu2BRYWTNX-rsPzVwnQbXvA6yCrm_wQJzhDffb2nbXqqUWqyim_mps7FTuw1oq_vWTNv_AKGvA_g4zLFlPOyCeEtlDe7706FScGrspG8LW8385nJm-LAlXZSHp-18lcMzDKlT10gWKVZZKeKBvaWjqVEMHCcAyOhbmo3WV_UjeNUVcKbmPKdiaNQSYayRbvRwIL2qNRPLVO73LYHP8KZW_BrkbTS4AoIysu6S80_RDSbkA5X7UzoxxsDYbqVyN4Bp5mlgONaCu1V64v1MddqPhKkdoqaoP4vLzZOh9Gw
The payment for which the refund is made is not completed.
point-of-sale-forbidden-error-url
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "point-of-sale-forbidden-error-url",
"title": "Forbidden error url",
"status": 409,
"detail": "Error url is not allowed in point of sale with identifier POS444785125632569"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicG9pbnQtb2Ytc2FsZS1mb3JiaWRkZW4tZXJyb3ItdXJsIiwidGl0bGUiOiJGb3JiaWRkZW4gZXJyb3IgdXJsIiwic3RhdHVzIjo0MDksImRldGFpbCI6IkVycm9yIHVybCBpcyBub3QgYWxsb3dlZCBpbiBwb2ludCBvZiBzYWxlIHdpdGggaWRlbnRpZmllciBQT1M0NDQ3ODUxMjU2MzI1NjkifQ.V5tMxdvMW1StIcEx0MK9WWl-mT4AOetKNSAdwuRFnErjrFF5mX1iDsJvSAEogKF_LPO5LIn6ANRzzms1EvmwOqAxyp6BAnln4fI6oYf8Je1sZoooL0cvGYn3PIp_cBbSqr8bRLfnVwsywEwBagb_WCL8_azwJbQF6UUQ8SpA8L-0wAwzlFbrU_27-OA46YPhArc3zm4HDKzWBGVjtffFCCakTSDCqTqiKiEMy6B4-6wLpo_-N7ov8o3hmy6ZWiDI9lNGKgYH2_EluNx08Iv8w_qqfSaGHQJCBJOqXgAWToCTWSMaWKp7XCTn-8_w_IAvmZBQv3XKqNR6sXysF8fKug
The given url used for redirecting the customer has not been defined in the point of sale.
point-of-sale-forbidden-notification-url
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "point-of-sale-forbidden-notification-url",
"title": "Forbidden notification url",
"status": 409,
"detail": "Notification url is not allowed in point of sale with identifier POS458963215697589"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicG9pbnQtb2Ytc2FsZS1mb3JiaWRkZW4tbm90aWZpY2F0aW9uLXVybCIsInRpdGxlIjoiRm9yYmlkZGVuIG5vdGlmaWNhdGlvbiB1cmwiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiTm90aWZpY2F0aW9uIHVybCBpcyBub3QgYWxsb3dlZCBpbiBwb2ludCBvZiBzYWxlIHdpdGggaWRlbnRpZmllciBQT1M0NTg5NjMyMTU2OTc1ODkifQ.W2LwMY38GsUYk1bgwOfaerd3rNk23__NDrLtcOhvw0crs7beC2ZC9uWj7kiKNwfhe87lr8eWpfoDU6Y1Fx9KBqBo5k702Vjo9FbRg4NkssKoefkeFcS0ZVA_OpfOdWS_7aalqfvnzJVgNKuyIme6PfCHVfGjYUNjrablAHSSY366HoQE6wciqbZwKSmqTcXnCV-wmNKhSZxsUbyD8ehKxQQF8wxVB0ahumCN_My9V93_QA5LhBoVOsEjxg2MhS0XMa4YF2586TurPr--Pul9Iv_sLaqkhkYcTimFlcMS59aPsrcgNlBLtHiXZ5TNnQNVDeglfW-F-pnhny51WzL3bw
The given url for receiving notifications has not been defined in the point of sale.
point-of-sale-forbidden-return-url
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "point-of-sale-forbidden-return-url",
"title": "Forbidden return url",
"status": 409,
"detail": "Return url is not allowed in point of sale with identifier POS444785125632569"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicG9pbnQtb2Ytc2FsZS1mb3JiaWRkZW4tcmV0dXJuLXVybCIsInRpdGxlIjoiRm9yYmlkZGVuIHJldHVybiB1cmwiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiUmV0dXJuIHVybCBpcyBub3QgYWxsb3dlZCBpbiBwb2ludCBvZiBzYWxlIHdpdGggaWRlbnRpZmllciBQT1M0NDQ3ODUxMjU2MzI1NjkifQ.VcazGlGDpKZe08L_tb0vR3agEggUm_SrJb2L_JJMvVt0ogL7aAxo74VYFakwrXDeMLorgQf--99kwYL5_VEEn0aPmlf6gDdKCaF7pZ7Kv3RRyVlkglUaOpE4sIca0QaYROJ8oetq1npbPyFclYSRUhsBdy5Ns42L3tARxfQvkzKgntDmsWLwZPcJqrE0-G1Yt3YEtAYbyW2pZWK1SVGbM2xraRoBECb9o4_NLiEez7nTryp1J_iwgihmj0FvTHF7GEjlmn19BWWTV_x8BUSZGHCtEyzdQnJXmPjXOEs7vv_A_SkJ1cZxXk5a6Tp8G6xao52CAf-Xc_4avjIbB88zfg
The given url used for redirecting the customer has not been defined in the point of sale.
point-of-sale-not-active
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "point-of-sale-not-active",
"title": "Point of sale not active",
"status": 409,
"detail": "Point of sale with identifier POS458963214589658 is not active"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicG9pbnQtb2Ytc2FsZS1ub3QtYWN0aXZlIiwidGl0bGUiOiJQb2ludCBvZiBzYWxlIG5vdCBhY3RpdmUiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiUG9pbnQgb2Ygc2FsZSB3aXRoIGlkZW50aWZpZXIgUE9TNDU4OTYzMjE0NTg5NjU4IGlzIG5vdCBhY3RpdmUifQ.D5QoiTItOt_TePiGbq-f0a-30pWm4Fhyr9ZSxWgj60skXri_NxcmP2AbwwHd-YO4i8LQGyzqrKUnGrCUlU2tJVfYGJCt_LCvkwa_TwnQ66O4Bsua1AaaIYzqlMxcCOGDusof4BRc6EvIXlQR6MmfbiBYWBlNhH1OipxmmJv0ToWXfvJXhgAHfMuGbbm_wzGYysDJNJpv8kg3KEyrd5cR9ocJpapHMYfAXu-HPLi60XlAQdRjeAoxypZcmFT5USUu26fjrB9rwC23EMeaiJVcaHt655c8xG6io2VB98l8pnRxu_ISbz1YlZMpHxXS_3dLAYSu1xwgI5EWM-2mVBHjXw
The point of sale is inactive.
refund-amount-too-large
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "refund-amount-too-large",
"title": "Refund amount too large",
"status": 409,
"detail": "Refund amount (or sum of the all partial refunds amount) is higher than payment amount"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicmVmdW5kLWFtb3VudC10b28tbGFyZ2UiLCJ0aXRsZSI6IlJlZnVuZCBhbW91bnQgdG9vIGxhcmdlIiwic3RhdHVzIjo0MDksImRldGFpbCI6IlJlZnVuZCBhbW91bnQgKG9yIHN1bSBvZiB0aGUgYWxsIHBhcnRpYWwgcmVmdW5kcyBhbW91bnQpIGlzIGhpZ2hlciB0aGFuIHBheW1lbnQgYW1vdW50In0.Y0LeMGM7_gh_SgX6jEW3UhWkKqYAAGXcpaF9IuzSCAjCcSZhyA2AQ88tZ0JJkQMnynENyvQ7AdNE4_TzrJOQC21YnfXHjYzTkGwHT6BoYdTIPWfN6Tzr55cjcXEFfEXNprV0NFGu-C6JjLDRmpdtkfZZgrilhsh5UpSFe5JsXcBWIAv1qGLKC3vBNETW4DQmOuNIxzJ5h4C6Q4bxQKV2RbVtOIT8OoB11AAu2CExBiHURDx-JJOscAyHBQdprEiyAU7sZDaQk-n5coCxXY8fjn6J1j_F3qP__AZ4Bl8UmOjfw8JDhtrpAUvqj1PqL78wLPv5NryOUdzERBtImq4jaA
The refund amount exceeds the payment amount. In the case of partial refunds, the sum of all partial refunds exceeds the amount of payment.
refund-incorrect-currency-code
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "refund-incorrect-currency-code",
"title": "Incorrect refund currency code",
"status": 409,
"detail": "Refund currency code not match with payment currency code"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicmVmdW5kLWluY29ycmVjdC1jdXJyZW5jeS1jb2RlIiwidGl0bGUiOiJJbmNvcnJlY3QgcmVmdW5kIGN1cnJlbmN5IGNvZGUiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiUmVmdW5kIGN1cnJlbmN5IGNvZGUgbm90IG1hdGNoIHdpdGggcGF5bWVudCBjdXJyZW5jeSBjb2RlIn0.CnZIXPicq85DcmHtXFFzAqkmdw1bg6CmRVHTrkD5ui4mrs82ncjchy4p5CALffpFLFfetMhddAcp6gpnxsWmPjyRTRAHoCk4-_PbZwdE6Nw1nH4lyeFqBHtx0XrA4HVnPHn3EyEIexJ74b2vq-vwJAHI2rODu_IMA9Wegn7efYhnyZtBCCflviLgimv1I8j5J2vomyHjHiOms4GEcV78zKndS3qnG_xBSklPfYcY7rv4zbnHtuZP4l1nL9FZ0DFIMu9oSwJEZRUimrHtP4gFTrJ2_Js0apUqLUTNPXw4tIfdlyFF4fxqjjuJOfzv6omq2Putp13o4Xn-BKaXT-SuuQ
The currency of the refund is different from the currency in which the payment was made.
max-refunds-reached
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "max-refunds-reached",
"title": "The maximum number of refunds for payment has been reached",
"status": 409,
"detail": "The maximum number of refunds for payment with identifier PAY445458962445154 has been reached"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoibWF4LXJlZnVuZHMtcmVhY2hlZCIsInRpdGxlIjoiVGhlIG1heGltdW0gbnVtYmVyIG9mIHJlZnVuZHMgZm9yIHBheW1lbnQgaGFzIGJlZW4gcmVhY2hlZCIsInN0YXR1cyI6NDA5LCJkZXRhaWwiOiJUaGUgbWF4aW11bSBudW1iZXIgb2YgcmVmdW5kcyBmb3IgcGF5bWVudCB3aXRoIGlkZW50aWZpZXIgUEFZNDQ1NDU4OTYyNDQ1MTU0IGhhcyBiZWVuIHJlYWNoZWQifQ.CG5b7j1H1NtjZTmJ17IEyzLBnHaePOUKiaTdwfZUYqIrhLObogufRc6Pz8xXh0VACZp4CLSsxneRaEPsCgc9eyjKHp-u-rh9FbSBrMM7QUd6uyS7-AUvuD_FDTSAt3Xd_JBFo0pEUJ4AqeQ7CZDoTOo_nYZT76CY56Q2iHl5gv49HnpdyBr_oq6aAHavqXArF7nst9P9k1ZqZGJJTwkGJ6Hz1FN2xGM8BWiDqwjBik4cSIahMigdA1zfpgrCL0jDPlzNfIvlqeAY1AVXIkCiu4DdueuUegTXSf-HP3VePhJ9nnUJB7QZAUpGUxB_Jq1XHUnWsrW8hQi6ju-nuEvKIg
The maximum number of refunds for payment has been reached.
other-refunds-not-completed
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "other-refunds-not-completed",
"title": "Not all refunds are completed for payment",
"status": 409,
"detail": "Not all refunds are completed for payment with identifier PAY382793112712843"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoib3RoZXItcmVmdW5kcy1ub3QtY29tcGxldGVkIiwidGl0bGUiOiJOb3QgYWxsIHJlZnVuZHMgYXJlIGNvbXBsZXRlZCBmb3IgcGF5bWVudCIsInN0YXR1cyI6NDA5LCJkZXRhaWwiOiJOb3QgYWxsIHJlZnVuZHMgYXJlIGNvbXBsZXRlZCBmb3IgcGF5bWVudCB3aXRoIGlkZW50aWZpZXIgUEFZMzgyNzkzMTEyNzEyODQzIn0.TC6S889u1aD8EHvMQxuMfp6_7ZuU1YfSeB5zdamuH91EHUmLdkohjHa6CYxxtFDAyTrjsuujg9Uxm-2oFuDqoTw4DyfBEMUtb0Znf9qlfSHuXJ_J6M92De6PoiEOdsRz22hR4K70l1R9dY_iZHbtFLhkL38NFJL5E3EmhrTvoapVG1QizuYgYOVXNXk1j6AHoYdXgvdPDl581qhJmFxnQkkKTcfQSoMjxuvREzbgXz5reAkWkQAUHQuIMOHUrhsk0WyV8tOy27DbSQ1-sK0FAZNuSe4fFZACWmbz1zFMRTy83Uuxl64OAluZXea04FG3thCwEpw0llPAXF-UmpUhYA
Other refunds are not completed for given payment.
sample-text-verification-failed
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "sample-text-verification-failed",
"title": "Sample text verification failed",
"status": 409,
"detail": "Signed text from encodedText not equals to unsigned text from decodedText"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoic2FtcGxlLXRleHQtdmVyaWZpY2F0aW9uLWZhaWxlZCIsInRpdGxlIjoiU2FtcGxlIHRleHQgdmVyaWZpY2F0aW9uIGZhaWxlZCIsInN0YXR1cyI6NDA5LCJkZXRhaWwiOiJTaWduZWQgdGV4dCBmcm9tIGVuY29kZWRUZXh0IG5vdCBlcXVhbHMgdG8gdW5zaWduZWQgdGV4dCBmcm9tIGRlY29kZWRUZXh0In0.bC1YhfaC5dukeaCFlsB-2SdllMsiOOkMCCjDpfauLthRu3RS-Ri_Lv0EH0D8dcE_Jr9Kaz9yUZlyTvs_Tbqy8clFRQLFvHB0TpOed4zt96ViY27Q9BLMmJS5HrlLSoAh4KG3I3ZkOKDQhyW1GJgFg98TKRox3bC9-xTpBedLkFOuVEbZsvQ7H2L5P3NU8nCbcvhguKCykcGkB_Misl5h7G_yrXk_vOZOKZSvFumUP-qjpBvSatXB7Sr7y-ca68RBu2smlPv8iDYwD61uPrrZZ5LOZvqUjJQEOBEzzCq4A2jTbQEZPeOVPvz4hdqYbCYlJysh5xNK2AnMZk2fzJ-bqw
Returned when the signed message in the encodedText field does not match the value given in decodedText.
public-key-has-wrong-length
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "public-key-has-wrong-length",
"title": "Public key has wrong bytes length",
"status": 409,
"detail": "Client public key must have a minimum of 2 048 bytes"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicHVibGljLWtleS1oYXMtd3JvbmctbGVuZ3RoIiwidGl0bGUiOiJQdWJsaWMga2V5IGhhcyB3cm9uZyBieXRlcyBsZW5ndGgiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiQ2xpZW50IHB1YmxpYyBrZXkgbXVzdCBoYXZlIGEgbWluaW11bSBvZiAywqAwNDggYnl0ZXMifQ.Vn0oLx-dZFMNfAKuyPXNNOo8gy2L8_gYkb1TkBYitHkcvS_jnFBuOEbq7LX-ah16NDSKQVO_rm5TVNzAMUqqe5fusek2zV_R8rDccDHuHWlk217BVWvBr9C6_W4VjNqjtOExpf8r7W5ycnvMLomKwIb1h-2cJTzjpB2nMW-PGSgMot-N2lnlu5EuXMmZ0jZ2d2sDoAcI9y6yeRPPt6cmtZ-a_PxJ2LNG_BL1av8Sht8qR9o46j4cHInIVabN5CdehaD7YDqRGT6GdAMVE4vme1ZOoE4xqBIHpszFXoDwFITLByOWY84D1QWfqKDSDaKlF_i0dfF1f2G3uDnE8fCBUA
Returned when the added public key is under 2048 bytes.
public-key-already-exist
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "public-key-already-exist",
"title": "Public key already exist",
"status": 409,
"detail": "Client public key with kid lpSoenUSsyxPtZlkP3tGLH9iPLZn1L4zf0G9jUhX3zQ already exist",
"kid": "lpSoenUSsyxPtZlkP3tGLH9iPLZn1L4zf0G9jUhX3zQ"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicHVibGljLWtleS1hbHJlYWR5LWV4aXN0IiwidGl0bGUiOiJQdWJsaWMga2V5IGFscmVhZHkgZXhpc3QiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiQ2xpZW50IHB1YmxpYyBrZXkgd2l0aCBraWQgbHBTb2VuVVNzeXhQdFpsa1AzdEdMSDlpUExabjFMNHpmMEc5alVoWDN6USBhbHJlYWR5IGV4aXN0Iiwia2lkIjoibHBTb2VuVVNzeXhQdFpsa1AzdEdMSDlpUExabjFMNHpmMEc5alVoWDN6USJ9.QxoW3-rftVjDcNOtreF9ttRLUriMat_xJzpRvM3vPf08TZDK5RHdR6idUti18dKzX78hmmHS-PWXRwT9maCREqZBguqJfzFGwyBs5ui5jKi4V_SsX8-irb8EB-EhznyXQ5FidrF75_Vc69u9HythdIrnj3OimAnmALVKs8uDvZ-m-dED3Ua3-lE1sBIWExJ5R7bzNkuvpIRpzkt5vrEfqmnAYjVkL1ceUBCBgiqPqdi38CoIL0YQFUBlESUGYmXggXXYQcETVlftiieS1D1CJvTlIL5TRUTNXmt98-uvQsNcIkpYwyrtwqCrCkJr4TUh8AwX0dHwW7ThGKk8W9MooA
The given public key has already exist.
refund-money-below-minimal-amount
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "refund-money-below-minimal-amount",
"title": "Refund money below minimal amount",
"status": 409,
"detail": "Refund money 0.01 PLN is below 1 PLN minimal amount for PLN currency",
"limit": {
"value": "1",
"currency": "PLN"
}
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicmVmdW5kLW1vbmV5LWJlbG93LW1pbmltYWwtYW1vdW50IiwidGl0bGUiOiJSZWZ1bmQgbW9uZXkgYmVsb3cgbWluaW1hbCBhbW91bnQiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiUmVmdW5kIG1vbmV5IDAuMDEgUExOIGlzIGJlbG93IDEgUExOIG1pbmltYWwgYW1vdW50IGZvciBQTE4gY3VycmVuY3kiLCJsaW1pdCI6eyJ2YWx1ZSI6IjEiLCJjdXJyZW5jeSI6IlBMTiJ9fQ.YE1dB6RJiXNu0t9gjKKEV4MaizlbSJm3Xo5VnZCOmKw4qy7LKEvmK2ggS21bTknzcUQA3n_jIqVzkoWfK52XXWUlINhWRWcmRnJ2Xukb280WYbg2xusBs1FGpdLAlrQ7nrbDVFZye7Q1Mhh8p_mh4r6-aWVe4vHpuj7lKQzYKAFa-aZ9AEnVw2PRXu1-jsbL4WcGhdnFYcTYLkO1jgg2WHes5zZNyKnPgf7mUVFpjN0rHl_gELzJL0JBjEw0MQw7txDb0qPr6kyfdN4lQfnJzY7vy3nWElTzyXL42n0C74QLV1oaKB0gJi0SZ4tyh4IxvjQjU90FD6Ib3kq0hxGjlQ
The refund value is below the minimum value.
refund-not-allowed
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "refund-not-allowed",
"title": "Refund cannot be executed for selected payment method",
"status": 409,
"detail": "Refund cannot be executed for POLI payment method"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicmVmdW5kLW5vdC1hbGxvd2VkIiwidGl0bGUiOiJSZWZ1bmQgY2Fubm90IGJlIGV4ZWN1dGVkIGZvciBzZWxlY3RlZCBwYXltZW50IG1ldGhvZCIsInN0YXR1cyI6NDA5LCJkZXRhaWwiOiJSZWZ1bmQgY2Fubm90IGJlIGV4ZWN1dGVkIGZvciBQT0xJIHBheW1lbnQgbWV0aG9kIn0.GsJDGxE6ywoU5l9BRdXiIQu3iQC-WlqzEeRCK2WVkM_4FxSQAlt35DkcQhhUC07xt5hoW39Q1jjZx5iXb9TFIWlvqBmyXyru6b-G35zuugmJ7KB2h7rtnwapuPs6jcoHciuzEWDCeCRz75Ln9E217uFSa4RkPjZ2scyEI9YRh3bjORhv3P9CzZ2zrpqhzjRcAdq1x9z1YZrKw-5sPaHKHVLDhw3VewiR89QJ0G90xvkd96aBktupuXaEWr8xblXYozGW2Hon7qnNhapH9oU5FCsuq3DnebUtal75fxRbFxOt9Juq2LTkt2bMCgVHQHXsveWF40UAsaVGm_P0ePJRxA
Refund cannot be ordered for the selected payment method.
currency-unavailable
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "currency-unavailable",
"title": "Currency is unavailable",
"status": 409,
"detail": "Currency HRK is unavailable"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiY3VycmVuY3ktdW5hdmFpbGFibGUiLCJ0aXRsZSI6IkN1cnJlbmN5IGlzIHVuYXZhaWxhYmxlIiwic3RhdHVzIjo0MDksImRldGFpbCI6IkN1cnJlbmN5IEhSSyBpcyB1bmF2YWlsYWJsZSJ9.VmM7LCkFQYuLESlnrL1MHkPxkR3ogCKJQmjfVTlnMiv2mbISaAD7qeFeHW3iCxSbmRpMqt-EzAIUuTKWSmEVovI-h7ORv1DD1OWCQEUpIkhcXXkyjZwuZC2o759vpJbHQDhBHkHvWrnVbXR7U86UAmMkxg337gU1rhP9IGhe3DhAhGD4HEe3o9idL9X9qw7yAtP3YpzJ05NNMmkQ8mOmIhXXqEttFiPyeGtagd6rCDKxwq3T5yIIPUMyRBJePzPugbeXdbWySbbK_0bisUF7DeSC0j0m-_dKjBbnFTWrfiGPjDJKVRpqzqi9_ZrYnlIaghNhhNKBjhw6k2SfHuCiSg
The selected currency is unavailable.
illegal-payment-status
Response headers:
HTTP/1.1 409 Conflict
Content-Type: application/problem+json
HTTP/1.1 409 Conflict
Content-Type: application/jose+json
Response body:
{
"type": "illegal-payment-status",
"title": "Payment has illegal status",
"status": 409,
"detail": "Payment with identifier PAY715037422182587 has illegal CANCELLED status"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoiaWxsZWdhbC1wYXltZW50LXN0YXR1cyIsInRpdGxlIjoiUGF5bWVudCBoYXMgaWxsZWdhbCBzdGF0dXMiLCJzdGF0dXMiOjQwOSwiZGV0YWlsIjoiUGF5bWVudCB3aXRoIGlkZW50aWZpZXIgUEFZNzE1MDM3NDIyMTgyNTg3IGhhcyBpbGxlZ2FsIENBTkNFTExFRCBzdGF0dXMifQ.SAye3kVEi2LClHU749i5CkWQG4vyVU7hUf-UFGLjisTe2GIW3abbUk5pNuOi2IFeX-DNuum6xzLQJdkb3hFszSDaUz5Nx8Yx-ZY-yo42fdAifoQIG6-QQf2dp_5YAzWB45dSKZCZQgTAak7YK0GAvrxSfRz6wDbAS50uIAniC68h7_-WXDI_BorjeknIIkiCXZZFWVkMEb0hBs2Y-fmg0fyJ3xw5vMAeqyyjNNGj7ty_6rXgxzUko6Epg0GZGAZbkVmuwKdQhd7tx3FvPff22uGW-dD02dqzAv74f8PbDD7uK_B7MtfenJZ4trxGM67rOMegDQr7Xtnaxw3GXZObpw
The payment is in illegal status for the context.
payment-confirmation-in-progress
Response headers:
HTTP/1.1 423 Locked
Content-Type: application/problem+json
HTTP/1.1 423 Locked
Content-Type: application/jose+json
Response body:
{
"type": "payment-confirmation-in-progress",
"title": "Payment confirmation in progress",
"status": 423,
"detail": "Payment with identifier PAY3478563249569345444 is being confirmed"
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicGF5bWVudC1jb25maXJtYXRpb24taW4tcHJvZ3Jlc3MiLCJ0aXRsZSI6IlBheW1lbnQgY29uZmlybWF0aW9uIGluIHByb2dyZXNzIiwic3RhdHVzIjo0MjMsImRldGFpbCI6IlBheW1lbnQgd2l0aCBpZGVudGlmaWVyIFBBWTM0Nzg1NjMyNDk1NjkzNDU0NDQgaXMgYmVpbmcgY29uZmlybWVkIn0.Rtg3ee1l8iF3lGw5xag19Cl5MWU0X8UsZ6PSMTcuBdxAu0HKx-vX3NuR9C3bNVHnxehxvT8IM_G465LB7GsVyzIk-2Yt5kpQ5fzKO5J3woQNck57M8mqsWj_eNlKr-efh51fbZiz6h2yEOFdk0EDHPxyDJ6ZDox3mRZ7TkxkSbYm26J4UjZTDalH4e-tM98LDzHmfppwaUpNsKgn9bUZSdCdE-zmSZZQ3EvWYax2V_BDWozdvWEvNqO5QYRnkpn3S1c0lKR6Zo9CntV6d2iwcbnOv-ppMV5uGRRAuQrUTa3I1BPMgTlD9igFNe3gDF2heOsQhV6YbbLuvNdQ-ugmxw
Transaction is being confirmed.
payment-confirmation-problem
Response headers:
HTTP/1.1 504 Gateway Timeout
Content-Type: application/problem+json
HTTP/1.1 504 Gateway Timeout
Content-Type: application/jose+json
Response body:
{
"type": "payment-confirmation-problem",
"title": "Payment confirmation problem",
"status": 504,
"detail": "There are temporary issues with payment confirmation. Please wait for payment status notifications in asynchronous process."
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJ0eXBlIjoicGF5bWVudC1jb25maXJtYXRpb24tcHJvYmxlbSIsInRpdGxlIjoiUGF5bWVudCBjb25maXJtYXRpb24gcHJvYmxlbSIsInN0YXR1cyI6NTA0LCJkZXRhaWwiOiJUaGVyZSBhcmUgdGVtcG9yYXJ5IGlzc3VlcyB3aXRoIHBheW1lbnQgY29uZmlybWF0aW9uLiBQbGVhc2Ugd2FpdCBmb3IgcGF5bWVudCBzdGF0dXMgbm90aWZpY2F0aW9ucyBpbiBhc3luY2hyb25vdXMgcHJvY2Vzcy4ifQ.ShMxFF0056m7dnvxS17GuhAquihrgqbLHawdIG9uN16wjiRD_MW4WMuV7weGd1Yzuc-EKANNfKgtyyTErmoPAf4mKtHlQN4Cuw5S5tPPojZ3hwp6GzWTERaUGOOeyb2mQ-QLs7EiodFe6yrfg0uFKMi3Zog3llbKIIvd0zh4BZU3O_IAor5W2tM6zDbIY2H15OzD2q1oaxByDXnJcm6Obd0DmLBu2XnU869HqkAYSAYB1d3vA19XHmsg4b_HsHrq0npS2YdekbCbynJ9xZ8sZIbNBMteWn-YB4PZ_M5Bnr3Pt1LEWQ0-mAUQnC4c_J_9tTzTQQbKZyu6RpUX7munrg
There are problems communicating with payment method provider. System must wait for payment status notifications.
Business processes
Payment process
The payment process is presented below. The scenario depicted only contains a positive case, which aims to present the logic of the whole process.
Preliminary requirements
The customer created, in the Merchant online store, a basket with a list of products to buy.
Scenario
- Customer has chosen the payment method provided by Merchant at the store's checkout, and then clicked the "Pay" button (Step 1).
- Merchant's server sends a PaymentData message to Conotoxia Pay server (Step 2).
- Conotoxia Pay server checks the correctness of the received message and creates a payment order (Step 3).
- Conotoxia Pay server sends a PaymentInfo response to Merchant's server (Step 4).
- Merchant's server saves the transaction status confirming acceptance of the order in Conotoxia Pay (Step 5.) and redirects customer to the address of approveUrl received in the PaymentInfo response (Step 6).
- The customer selects the payment method on the Conotoxia Pay website and clicks "pay" (Step 7).
- Conotoxia Pay server accepts the payment, which has been accepted by the customer for processing (Step 8).
- Conotoxia Pay server redirects to the Merchant's server - to the returnUrl address given at the time of setting up the payment order (usually to the page with "thanks for the purchase you have made") (Step 9).
After the payment is accepted for processing (Step 8), an asynchronous payment processing process is carried out:
- After completing the payment processing, the Conotoxia Pay server sends the PaymentStatus message with information about the transaction status (Step 11) to the Merchant's server at the notificationUrl address.
- Merchant's server saves the status of the completed transaction (Step 12) and sends the response code HTTP 200 OK, which means correct receipt of information about the transaction status (Step 13).
- Merchant's server accepts the completed payment transaction (Step 14).
Payment process - EPS
The payment process for the selected EPS payment method is presented below, where the Conotoxia Pay payment interface is omitted. The functionality of presenting a list of banks and selecting a bank by the user must be implemented on the Merchant server side. The scenario depicted only contains a positive case, which aims to present the logic of the whole process.
Payment life cycle
Refund process
Return of funds to the customer's wallet can be executed in two modes:
- full
- partial
Refunds are always carried out in the currency in which the payment was made. For a full refund, the amount and currency are not required, but for a partial refund, the currency must correspond to the currency in which the payment was made.
In the case of partial refunds, the sum of all individual partial refunds may not exceed the total amount of the payment for which the refund is being made.
A refund equal to the payment amount is considered to be a full refund. If there is a partial refund for payment, it is not possible to make a full refund.
The presented scenario only shows a positive case for a full refund, showing the logic of the whole process.
Preliminary requirements
In the Conotoxia Pay system there is a completed or booked payment for which the refund is to be made.
Scenario
- Partner's server sends a RefundData message to the Conotoxia Pay server (Step 1).
- Conotoxia Pay server creates a refund (Step 2).
- Conotoxia Pay server sends a RefundInfo response to the Partner (Step 3).
- Partner's server saves the information about the creation of the refund (Step 4).
Simultaneously with step 4, the refund process is carried out:
- After completing the processing of the refund, the Conotoxia Pay server sends a RefundStatus message with information about the refund status to the Partner's server to notificationUrl address (Step 5).
- The Partner's server saves the refund information (Step 6) and sends the HTTP 200 OK response code, which indicates that the refund status has been correctly received (Step 7).
Refund life cycle
PENDING status may occur in situations where the Partner's payment account does not contain enough funds to make a refund. Refunds are queued in such situations and await receipt of funds.
Security
The Conotoxia Pay system uses the following elements which ensure the security of communication with the Partner's system:
- all communication takes place with the use of HTTPS protocol
- it is required to send an authorization token in the Authorization header in order to use the API (more information in the Authentication section)
- all messages sent from the Partner's system must be signed (more information in the Communication with Conotoxia Pay section)
- all messages sent from the Conotoxia Pay system are signed (more information in the Communication with the Partner section)
- additional data that are attached to the URL parameters are signed by Conotoxia Pay when redirecting to the Partner's website (more information in the chapter Authenticity of URL parameters)
Message authenticity
The JSON Web Signature specification defines how messages can be signed. JWS is encoded using base64url and consists of three parts separated by dots (.). The structure of JWS is as follows:
base64url(utf8(header)).base64url(payload).base64url(signature)
Example of a minimum JWS header accepted by Conotoxia Pay:
{
"alg": "RS256",
"kid": "iQn7M-Eyzw5sde5GwaOu51Xzl8WFXJzNW3pmCBENhhk"
}
Header
The first part is a header, which contains, among other things, information about the algorithm used to calculate the signature - the parameter "alg". The possible values which can be taken by the parameter "alg" are given in the table below:
Identifier | Algorithm |
---|---|
RS256 | SHA256withRSA |
RS384 | SHA384withRSA |
RS512 | SHA512withRSA |
The minimal JWS header, in addition to the parameter "alg", must also contain the parameter "kid" identifying the public key that is used to verify the signature.
Payload
The second part of JWS is the so-called payload, which contains the message being sent. JWS specification does not define the type of sent message (it can be e.g. XML or String), but Conotoxia Pay requires that the message is sent in JSON format (UTF-8 encoding).
Signature
The third part of JWS is a digital signature, which is calculated using the algorithm given in the JWS header for a combined coded header and coded message, separated by a dot (.).
Communication with Conotoxia Pay
JWS Header
{
"alg": "RS256",
"typ": "JWT",
"cty": "application/json",
"kid": "DFDOlB7DU6-0hRYA5Uu4BbTG-qrecsKtBHSy3TjiIs8"
}
JWS Payload
{
"description": "Payment description",
"externalPaymentId": "342HHH88LKDJ89876767",
"category": "E_COMMERCE",
"pointOfSaleId": "POS45896321596547859",
"totalAmount": {
"currency": "USD",
"value": 19.99
}
}
Example of a payment order:
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/jose+json" \
-d "@data.jws" \
"<CONOTOXIA_PAY_HOST>/payments"
data.jws
eyJraWQiOiJERkRPbEI3RFU2LTBoUllBNVV1NEJiVEctcXJlY3NLdEJIU3kzVGppSXM4IiwiY3R5IjoiYXBwbGljYXRpb24vanNvbiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.ew0KICAiZGVzY3JpcHRpb24iOiAiUGF5bWVudCBkZXNjcmlwdGlvbiIsDQogICJleHRlcm5hbFBheW1lbnRJZCI6ICIzNDJISEg4OExLREo4OTg3Njc2NyIsDQogICJjYXRlZ29yeSI6ICJFX0NPTU1FUkNFIiwNCiAgInBvaW50T2ZTYWxlSWQiOiAiUE9TNDU4OTYzMjE1OTY1NDc4NTkiLA0KICAidG90YWxBbW91bnQiOiB7DQogICAgImN1cnJlbmN5IjogIlVTRCIsDQogICAgInZhbHVlIjogMTkuOTkNCiAgfQ0KfQ.J2uDZEZL_hlgLAscv3EMX8lKCPBOf1X3UoUEDGhBF0cKFSAvHaDAAtnyzacL53RWsaHmAfDTRHqqFuF6g6wBRStbWukC1pOqXNEYHTXgfHJ01Sh7JZr7IRuX92ol-OgiP7DK01wDnlZ80_wGnJUpWGQjiQEoUzJhOcFyZ44_jSKh7dwU7SWh9wj5FWmC1A8RlBXLpMf6QWCKlA1njw4r7RXUmbLLbdiA71Oiy1LN_Ezf8srYP5y_QhhtoyXxkLEe75YP5ky6d0UObrKpUVbhvj7lwnqMzZVBfD1aIL5F2s8gUg8nQeCUWPUYIRvDNQkmAFTSbqjD2sCG1ysm8JDspA
Response headers:
HTTP/1.1 201 Created
Content-Type: application/jose+json
Response body:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOCIsImtpZCI6InpDNGo0QWNoZHp3S1hTX01xc2g0QWZ3VnlTdUdzRmdnT18yeHY1dHVzemsifQ.eyJwYXltZW50SWQiOiAiUEFZNzE1MDM3NDIyMTgyNTg3IiwiYXBwcm92ZVVybCI6ICJodHRwczovLzxDSU5LQ0lBUlpfUEFZX0hPU1Q-L2FwcHJvdmUifQ.T8YBr9hhEjIEe2JtFEuVo0GAssd2-9ZL7IEGjMNoamqD6c9Ha1W6Nunlrs-CpYHUabejhcI6Z3EKzuA8Ra9YyKki_BOoK_oPAnKSJMaP6DgYeJ0cxqawqdMYkT0Ku3TpUwte-hwIoWVNFKqfjBncwNfhAXPyx4Ti6eqAQENpL8VmfvsrcmLn96BqbxYo1Hp07K_AmVulJs701a_s0BdSysLmAyhmLcQfVwSWCpTgMc7NXbe1R95T6xRYCsif2FvVZke4cM8f9zDZZI5-V7tgUhx8v3BVUEtanjPsPdDcTUs5ZLYl6EH8yCtWECGxbxxJbV2WDGJTPn6mbNRBtsjsNQ
All messages sent from the Partner's system to the Conotoxia Pay system must be sent in JWS format. Only in case of adding a public key it is not necessary to sign the message.
Below is an example of JWS (Compact Serialized), which can be sent to Conotoxia Pay:
eyJraWQiOiJERkRPbEI3RFU2LTBoUllBNVV1NEJiVEctcXJlY3NLdEJIU3kzVGppSXM4IiwiY3R5IjoiYXBwbGljYXRpb24vanNvbiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.ew0KICAiZGVzY3JpcHRpb24iOiAiUGF5bWVudCBkZXNjcmlwdGlvbiIsDQogICJleHRlcm5hbFBheW1lbnRJZCI6ICIzNDJISEg4OExLREo4OTg3Njc2NyIsDQogICJjYXRlZ29yeSI6ICJFX0NPTU1FUkNFIiwNCiAgInBvaW50T2ZTYWxlSWQiOiAiUE9TNDU4OTYzMjE1OTY1NDc4NTkiLA0KICAidG90YWxBbW91bnQiOiB7DQogICAgImN1cnJlbmN5IjogIlVTRCIsDQogICAgInZhbHVlIjogMTkuOTkNCiAgfQ0KfQ.J2uDZEZL_hlgLAscv3EMX8lKCPBOf1X3UoUEDGhBF0cKFSAvHaDAAtnyzacL53RWsaHmAfDTRHqqFuF6g6wBRStbWukC1pOqXNEYHTXgfHJ01Sh7JZr7IRuX92ol-OgiP7DK01wDnlZ80_wGnJUpWGQjiQEoUzJhOcFyZ44_jSKh7dwU7SWh9wj5FWmC1A8RlBXLpMf6QWCKlA1njw4r7RXUmbLLbdiA71Oiy1LN_Ezf8srYP5y_QhhtoyXxkLEe75YP5ky6d0UObrKpUVbhvj7lwnqMzZVBfD1aIL5F2s8gUg8nQeCUWPUYIRvDNQkmAFTSbqjD2sCG1ysm8JDspA
After decoding JWS, a JWS Header and JWS Payload containing the minimum PaymentData message are received. An asymmetric algorithm RSASSA-PKCS1-V1_5 with SHA-256 (RS256) is used for the signature. In order to verify the signature, a sample public key should be used:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbQuQMzUo5jTMLdq7Y0p
QuZbOwiAJ7Ty3oB3aww78wAEY8Irb+Ns9fkwRadUaKfkT9OMuj6EWos6QvxFXRAe
kxqMVoTnQaaZsAEA471ZBdt3sZxTxDQhf96I7JOTr1BA1J2fgQN1zRB8hnMotEF1
iaGTBtI1yN1RypSsL/mpdgF05E1Urh2OqMSDbv9Arl1cBqt79jJzAXi0uj2CyVp8
7ID0NruLSwD2zFRxW5/NAee1w4lAbuk7EBMCPLkrikW7xsKQyGIubMO4cpeCWZwU
FTnWOHgpft+HdQqnkaTCpWLIEFOG7DRh7h3kU6oHXIoH7KkhMBRNdw104ZNk1rQw
WwIDAQAB
-----END PUBLIC KEY-----
To verify the response received from Conotoxia Pay you need to use a public key provided by the API GET /jwks.
Communication with the Partner
Example API response body:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVk3MTUwMzc0MjIxODI1ODciLCJhcHByb3ZlVXJsIjoiaHR0cHM6Ly88Q09OT1RPWElBX0FQUFJPVkFMX0hPU1Q-L2FwcHJvdmUiLCJ0b2tlbiI6ImRHQmNFTVFveWZmNk9DUVk1bDFyZWhYQXdnQ0RuRXdodHA1NzNQMUVKeXN3R0JKNzlHIn0.KD3zD9f_xOuhVZXAMt3fyVpYlXx48rHLqNIEwGKAjHyd84_-j7oowPw8IIWZI3qdx33Z5woLMmyetH6SQpJJXjB4em826Ihg7JaZoQ0eAVez9CY0E83x51SpIwUIeKJ5I-m1-VT87dnP8yMwwD0TE212PTRjY3eNTVC3uTtu1vlYyL8fhfa3FvmjLqmCpHEEIHuJSBCsKH95mOhJlM-OgREtNX043RPyiCxl2p88lpMtOjoLYYwAIOYsVqqpylaey8xeY3kuseAIfxiPJzNIz0LJ9NdzDzWTcDUW-fVtNhG6sQXfulEazFd4qYbATimQ7Jf9Ld50LW5qHCsM-fCacA
Response headers
HTTP/1.1 201 Created
Content-Type: application/jose+json
JWS Header
{
"alg": "RS256",
"typ": "JWT",
"cty": "application/json",
"kid": "zC4j4AchdzwKXS_Mqsh4AfwVySuGsFggO_2xv5tuszk"
}
JWS Payload
{
"paymentId": "PAY715037422182587",
"approveUrl": "https://<CONOTOXIA_APPROVAL_HOST>/approve",
"token": "dGBcEMQoyff6OCQY5l1rehXAwgCDnEwhtp573P1EJyswGBJ79G"
}
All messages and answers sent from the Conotoxia Pay system to the Partner's system are sent in JWS format. Examples included in the documentation are provided in the decoded form for simplicity. In order to verify the received message, Conotoxia Pay's public key has to be got and the authenticity of the obtained data has to be confirmed using this key.
Authenticity of URL parameters
Decoded data parameter (JWS Payload section):
{
"paymentId": "PAY893669703633781",
"externalPaymentId": "464/46846/45",
"result": "SUCCESS"
}
After redirecting the User to the Partner's website, the Conotoxia Pay system places, within the configured URL, additional parameters defining the User's payment processing status. In order to ensure authenticity, these parameters are signed.
An example URL is presented below:
https://shop.com/success?data=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJwYXltZW50SWQiOiJQQVk4OTM2Njk3MDM2MzM3ODEiLCJleHRlcm5hbFBheW1lbnRJZCI6IjQ2NC80Njg0Ni80NSIsInJlc3VsdCI6IlNVQ0NFU1MifQ.S83VbMBroVHrAVfXs-tk_Q3BdulpAj3lni0vdegxZ7zCQHhJuIU_DYCFQ3OTG5-EHTJ6zzsmLjjzTw5S8XVy96MXQfHbJKY-jVWEAEB5mRiLgJMn4PssQRLgaGwWbhbFbvD5qqPCFpIz96-FWnkvoxuPaa86Ywfdhd-aPAZ43m3afIAXaKOt9Iy5A0fmsbtZsiwAtrFYMmPoNZcEl02NZ9paIaJ8RXaoU4oTKgMEVjZECQ4smqfnpVg7UD1UIw54F_NaTppx0fAAIZYp5n9lzT9-DwXMe875AbH0ZzRq6-500fSCmJQc3_ym9bM8Xa5gbKSlNQrw2t4pjxJkXbPOGw
Generating a public key
Linux
Installation of the required software
To generate the public key it is required to use openssl software.
The process of installing this software is described in the following steps:
- Open up console
- Depending on distribution, install openssl using package manager with given command:
Distributions based on Debian (Ubuntu, Parrot OS)
sudo apt install openssl
CentOS
sudo yum install openssl
Generating the key
- Open up console
- To generate key pair enter the following commands:
openssl genpkey -out "private-key.pem" -algorithm RSA -pkeyopt rsa_keygen_bits:2048
openssl rsa -in "private-key.pem" -out "public-key.pem" -outform PEM -pubout
- The public key is in "public-key.pem" file
macOS
Installation of the required software
To generate the public key it is required to use openssl software.
The process of installing this software is described in the following steps:
- Open up Terminal
- To install openssl it is required to install a package manager for macOS called homebrew:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
- To install openssl using package manager enter the following command:
brew install libressl
Generating the key
- Open up Terminal
- To generate key pair enter the following commands:
openssl genpkey -out “private-key.pem” -algorithm RSA -pkeyopt rsa_keygen_bits:2048
openssl rsa -in “private-key.pem” -out “public-key.pem” -outform PEM -pubout
- The public key is in "public-key.pem" file
Windows
Installation of the required software
To generate the public key it is required to use openssl software which is
part of a libressl software delivered by OpenBSD for Windows.
The process of installing this software is described in the following steps:
- Download libressl from official OpenBSD site:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.5-windows.zip - Extract libressl-2.5.5-windows.zip archive
Generating the key
- Navigate to extracted folder
libressl-2.5.5-windows/x86/
- Run openssl.exe
- To generate key pair enter the following commands:
genpkey -out “private-key.pem” -algorithm RSA -pkeyopt rsa_keygen_bits:2048
rsa -in “private-key.pem” -out “public-key.pem” -outform PEM -pubout
- The public key is in "public-key.pem" file in the current directory
Private key security
Store the private key in a secure location such as the HSM (Hardware Security Module). If a hardware-based protection method is not available, you should use an operating system secure private key store. Securely storing your private key will reduce the likelihood of its compromise.
Adding public key
curl -X POST \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
-H "Content-Type: application/json" \
-d "@public-key.json" \
"<CONOTOXIA_PAY_HOST>/public_keys"
public-key.json
{
"pem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIo4OMp7I5ugVgGQquUL\nFFdC0m1sL+1e7M1zX8lobKPJpQwApDKaEFTBWjrK5aXvzAsxqKzKzG3yUCSGqa/f\nhuzdzs3kBlvIFCPwk5dM5uc5v2+2W0SF0/8lF3NBUjK2jz8s3Nyb3cCWCfysRF+1\nKhF/4ushqX4spCraIU2GkavZ6ETn/Oyfu1fJnZSuH16fwj2OwGsFnTUHam5yrihn\nhtxIkp4eUbhBOkjMMwb4XLygD1dlcg61Pbe60dmuwV+ZWQzfoi4QzlZd9kpePEva\nbPar+AUItKilx5XvNm86PLGBbcsGIMhtew019UP0MrgF1S2/99ZsF2V76haipaXS\nkQIDAQAB\n-----END PUBLIC KEY-----"
}
Response headers:
HTTP/1.1 201 Created
Content-Type: application/json
Response body:
{
"kid": "lpSoenUSsyxPtZlkP3tGLH9iPLZn1L4zf0G9jUhX3zQ",
"status": "INACTIVE"
}
To enable secure communication between Conotoxia Pay and the Partner's system, it is important that the Partner provides a public key to verify the messages sent by the system. The public key in PEM format can be added to the Conotoxia Pay system in following methods:
- by the Merchant's panel or
- by calling POST /public_keys from Conotoxia Pay API, described below
Resource
POST <CONOTOXIA_PAY_HOST>/public_keys
See server addresses
Request headers
Name | Value | Remarks |
---|---|---|
Authorization | Bearer <access_token> |
It must contain a Bearer access token. For more information, see Generating access token. |
Content-Type | application/json |
Request body
PublicKey object containing data on the public key
Field name | Type | Required | Description |
---|---|---|---|
pem | String | YES | Partner’s public key. |
sampleData | SampleData | NO | Object containing sample texts for public key verification. |
Object SampleData containing sample texts for public key verification
Sample request with optional
sampleData
field:
curl -X POST \\
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \\
-H "Content-Type: application/json" \\
-d "@public-key.json" \\
"<CONOTOXIA_PAY_HOST>/public_keys"
public-key.json
{
"pem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIo4OMp7I5ugVgGQquUL\nFFdC0m1sL+1e7M1zX8lobKPJpQwApDKaEFTBWjrK5aXvzAsxqKzKzG3yUCSGqa/f\nhuzdzs3kBlvIFCPwk5dM5uc5v2+2W0SF0/8lF3NBUjK2jz8s3Nyb3cCWCfysRF+1\nKhF/4ushqX4spCraIU2GkavZ6ETn/Oyfu1fJnZSuH16fwj2OwGsFnTUHam5yrihn\nhtxIkp4eUbhBOkjMMwb4XLygD1dlcg61Pbe60dmuwV+ZWQzfoi4QzlZd9kpePEva\nbPar+AUItKilx5XvNm86PLGBbcsGIMhtew019UP0MrgF1S2/99ZsF2V76haipaXS\nkQIDAQAB\n-----END PUBLIC KEY-----",
"sampleData": {
"decodedText": "test",
"encodedText": "HHjI8WE+jlc/K7vgoYCAqe0NlIGpEHkIcx7iUze2T2hOMOpVogtAUq2XJLDWIkJ6kOIFAfYWrCfXullMIfRKix7ch9CHnBTGg0e0DHOZEw42C/50YhMzg1GpfLSJutQpOMU/KEjSXdvuJiKwngHWqpvJTxHTYJkPkLHzUzANz3iB1XB8KBepnHBW2WQ8SUBb8qw27AD1Gc6bySIgx8OoFSpZAsyDQanPtz/TkYBpakakRdw0ISc/cAM8KKTjOxTbHOwWcNDlwAmoBNS+eUGeH/yNBwjPnK1TS0yhmdgrerIrJ+yZm1VI5EHPbzWMBWx142LE/M9d9AEozAMYCUtOlg=="
}
}
Field name | Type | Required | Description |
---|---|---|---|
decodedText | String | YES | Sample text sent to verify the accuracy of the public key. |
encodedText | String | YES | Sample text from decodedText field signed by private key with SHA-256 signature. |
Response body
Field name | Type | Required | Description |
---|---|---|---|
kid | String | YES | Partner's public key identifier. |
status | String | TAK | Partner's public key status. |
The status
field can take the following values:
Value | Description |
---|---|
ACTIVATED | Public key is active. |
INACTIVE | Public key require activation. |
REVOKED | Public key has been revoked. |
API errors
The POST /public_keys method can return the following business errors:
- invalid-pem
- invalid-public-key
- sample-text-signature-not-match
- sample-text-verification-failed
- public-key-has-wrong-length
- public-key-already-exist
- public-key-is-not-activated
Getting public keys
curl -X GET \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
"<CONOTOXIA_PAY_HOST>/v2/public_keys"
Response headers:
HTTP/1.1 200 Success
Content-Type: application/json
HTTP/1.1 200 Success
Content-Type: application/jose+json
Response body:
{
"data": [
{
"kid": "chi09N6Bog_0IvtrahDhZRGF7kiHTAhQaIm4x_wdpQU",
"pem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPYw28jrN71VoWHfSkTR\nb4v8OdYMjwZRs2dg5vPZjv0xryNAqHpHYP5+SCpEz6YRFGzuCWhqkNgSKmZgLBxv\nBVJt8YqZOtbnB4as/4TI0dy73YUmw00LYXLTcrS6al6OFtC4SehUREgoVG9V8Hlf\nx9T0bnNOW5R0z3LvkC+Y8e1Gm+xtX+K5uX00md5TI1jk5GqoE9D7cuv5mBX50Igi\nzMqbZYttu/gdA3TWD6JnceMU2WPKJDLowGN4RnUtQJQiApfRQZDPblB+9AKJkiTy\n8N4g9hAVmKbwC3cehO1vMB7ujOlJrNAXjh1rO7B3OJQ0JXcpb2UhrPZ/DIuRdLvX\n6QIDAQAB\n-----END PUBLIC KEY-----",
"status": "ACTIVE"
}
],
"pagination": {
"first": true,
"last": true,
"currentPageNumber": 1,
"currentPageElementsCount": 2,
"pageSize": 10,
"totalPages": 1,
"totalElements": 2,
"pageLimitExceeded": false
}
}
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24iLCJraWQiOiJ6QzRqNEFjaGR6d0tYU19NcXNoNEFmd1Z5U3VHc0ZnZ09fMnh2NXR1c3prIn0.eyJkYXRhIjpbeyJraWQiOiJjaGkwOU42Qm9nXzBJdnRyYWhEaFpSR0Y3a2lIVEFoUWFJbTR4X3dkcFFVIiwicGVtIjoiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBb1BZdzI4anJONzFWb1dIZlNrVFJcbmI0djhPZFlNandaUnMyZGc1dlBaanYweHJ5TkFxSHBIWVA1K1NDcEV6NllSRkd6dUNXaHFrTmdTS21aZ0xCeHZcbkJWSnQ4WXFaT3RibkI0YXMvNFRJMGR5NzNZVW13MDBMWVhMVGNyUzZhbDZPRnRDNFNlaFVSRWdvVkc5VjhIbGZcbng5VDBibk5PVzVSMHozTHZrQytZOGUxR20reHRYK0s1dVgwMG1kNVRJMWprNUdxb0U5RDdjdXY1bUJYNTBJZ2lcbnpNcWJaWXR0dS9nZEEzVFdENkpuY2VNVTJXUEtKRExvd0dONFJuVXRRSlFpQXBmUlFaRFBibEIrOUFLSmtpVHlcbjhONGc5aEFWbUtid0MzY2VoTzF2TUI3dWpPbEpyTkFYamgxck83QjNPSlEwSlhjcGIyVWhyUFovREl1UmRMdlhcbjZRSURBUUFCXG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iLCJzdGF0dXMiOiJBQ1RJVkUifV0sInBhZ2luYXRpb24iOnsiZmlyc3QiOnRydWUsImxhc3QiOnRydWUsImN1cnJlbnRQYWdlTnVtYmVyIjoxLCJjdXJyZW50UGFnZUVsZW1lbnRzQ291bnQiOjIsInBhZ2VTaXplIjoxMCwidG90YWxQYWdlcyI6MSwidG90YWxFbGVtZW50cyI6MiwicGFnZUxpbWl0RXhjZWVkZWQiOmZhbHNlfX0.AVbO7pKOwd_wDBTuC9TriU4wafUxuXJ1G35REfhbgzSH0HvoIeymGsb5ItdUmFXzLnQqV5OsptawinIErNzx4DW-RUsheijJztenHHxOPlsE3m1LMfzJqg78qVYnzZatWRlNT86u0O-DIvfcdWcL0MGQDpTxs2V8IJCJWIZqEDm-V3WpUcjgMuqhj_jl-GL1TRhnLZjZkW8YwfvLNBXfpcvfyI58Q4mnhaMsmw6ikgjI3ocIhuGW-uXvA2E-gJxmaoN-O3BqG1u2XWKtWOA_sRf6-0P8PTI2JA-AToUjdK9yd-lcufIkyJvFUYf3XmzgV8uoCH11tCM3gd-Vp-_kfg
The added public keys can be verified in the Merchant's panel on the configuration page. Public keys can also be downloaded by calling the GET /v2/public_keys resource described below.
Resource
GET <CONOTOXIA_PAY_HOST>/v2/public_keys
See server addresses
Request headers
Name | Value | Remarks |
---|---|---|
Authorization | Bearer <access_token> |
It must contain a Bearer access token. For more information, see Generating access token. |
Query parameters
Field name | Type | Required | Description |
---|---|---|---|
pageNumber | Number | NO | Page number. |
inStatuses | String | NO | List of statuses that have to contain public keys status. |
notInStatuses | String | NO | List of statuses that cannot contain public keys status. |
Response body
Data object containing the list of added public keys
Field name | Type | Required | Description |
---|---|---|---|
data | Array | YES | List of objects of the PublicKey type. |
pagination | Pagination | YES | Metadata of the returned page. |
PublicKey object containing information about the public key of the Conotoxia Pay
Field name | Type | Required | Description |
---|---|---|---|
kid | String | YES | Public key identifier. |
pem | String | YES | Public key. |
status | String | YES | Public key status. |
The status
field can take the following values:
Value | Description |
---|---|
ACTIVATED | Public key is active. |
INACTIVE | Public key require activation. |
REVOKED | Public key has been revoked. |
Pagination object containing metadata of the returned page with public keys
Field name | Type | Required | Description |
---|---|---|---|
first | Boolean | YES | Defines whether the returned data are on the first page. |
last | Boolean | YES | Defines whether the returned data are on the last page. |
currentPageNumber | Number | YES | Defines the number of the returned page. |
currentPageElementsCount | Number | YES | Defines the number of elements on the returned page. |
pageSize | Number | YES | Defines the page size. |
totalPages | Number | YES | Defines the number of available pages. |
totalElements | Number | YES | Defines the number of available elements. |
pageLimitExceeded | Boolean | YES | Defines whether the page limit has been reached. |
API errors
The GET /v2/public_keys method can only return technical errors.
Getting Conotoxia Pay key
curl -X GET \
-H "Authorization: Bearer M1ODU2ZDI5NzU3ZWFkYTRjMjEyMTIwNmRiNmQ2MjdmM" \
"<CONOTOXIA_PAY_HOST>/jwks"
Response headers:
HTTP/1.1 200 Success
Content-Type: application/json
Response body:
{
"keys": [
{
"kty": "RSA",
"kid": "zC4j4AchdzwKXS_Mqsh4AfwVySuGsFggO_2xv5tuszk",
"use": "sig",
"n": "hFava6Gd2uyA9XHmD7IIxiKD-S2vBcJ0QtgjodtvDeI4y3r5Ab_s_XMvTvbdSkCf0nmK84UwWwayQwnTboafvktCRndfnvSXWCVClgiVWJmnNibPhtsMI_uelmc99OjtPM93UZ6_yiohi1mKpC_w8MygxHX7R3rFMxssO5h-qXPfjWYWAiC0-B_Vf592E52N-dOF_yUi5hAP14gFbPv_LSWn2dSWkg2i6n5lTL6QzNQueBw3Q04odYXrbALPm1M0ucwgDewWW8LTzRAsqKwIeY9iTblq9ywxnExbq5qORgtNVk3zunqEYRKQfJIINFZgJSmqxxAfvnzlJyvuih97zQ",
"e": "AQAB"
}
]
}
To verify messages received from the Conotoxia Pay system it is necessary to have a public key of the Conotoxia Pay system. In order to obtain the key, the GET /jwks resource should be used.
Resource
GET <CONOTOXIA_PAY_HOST>/jwks
See server addresses
Request headers
Name | Value | Remarks |
---|---|---|
Authorization | Bearer <access_token> |
It must contain a Bearer access token. For more information, see Generating access token. |
Response body
PublicKeys object containing the list of public keys of the Conotoxia Pay system
Field name | Type | Required | Description |
---|---|---|---|
keys | Array | YES | List of objects of the PublicKey type. |
PublicKey object containing information about the public key of the Conotoxia Pay
Field name | Type | Required | Description |
---|---|---|---|
kty | String | YES | Key type. |
kid | String | YES | Public key identifier. |
use | String | YES | Use of the key. |
n | String | YES | Standard PEM module. |
e | String | YES | Standard PEM exponent. |
API errors
The GET /jwks method can only return technical errors.
List of supported currencies
Currency | Currency code | Number of digits after the decimal separator | Minimum currency units for a transaction |
---|---|---|---|
United Arab Emirates Dirham | AED | 2 | 1 |
Australia Dollar | AUD | 2 | 1 |
Bulgaria Lev | BGN | 2 | 1 |
Canada Dollar | CAD | 2 | 1 |
Switzerland Franc | CHF | 2 | 1 |
China Yuan Renminbi | CNY | 2 | 1 |
Czech Republic Koruna | CZK | 2 | 10 |
Denmark Krone | DKK | 2 | 10 |
Euro | EUR | 2 | 1 |
United Kingdom Pound | GBP | 2 | 1 |
Hong Kong Dollar | HKD | 2 | 1 |
Hungary Forint | HUF | 0 | 100 |
Israeli New Sheqel | ILS | 2 | 1 |
Japan Yen | JPY | 0 | 100 |
Mexico Peso | MXN | 2 | 1 |
Norway Krone | NOK | 2 | 10 |
New Zealand Dollar | NZD | 2 | 1 |
Poland Zloty | PLN | 2 | 1 |
Romania New Leu | RON | 2 | 1 |
Sweden Krona | SEK | 2 | 10 |
Singapore Dollar | SGD | 2 | 1 |
Turkey Lira | TRY | 2 | 1 |
United States Dollar | USD | 2 | 1 |
South Africa Rand | ZAR | 2 | 1 |
Thailand Baht | THB | 2 | 100 |
Serbian dinar | RSD | 2 | 10 |
Algorithm for sending notifications
Unsuccessful attempts | Next attempt in |
---|---|
1 | 5 seconds |
2 - 11 | 10 seconds |
12 - 20 | 600 seconds |
21 - 110 | 1800 seconds |
> 110 | No more attempts |