NAV Navbar

For any question, we are one click away

Contact us

Test cards

For testing purposes you can use the following test cards.

Card number (SSL) 4444 5555 1111 3333
Expiry 12/24
CVC 123
Card number (3DS1) 4012 0010 3816 6662
Expiry 12/24
CVC 123
3-D Secure verification code 12345678
Card number (3DS2) 5555 5555 5555 5599
Expiry 12/24
CVC 123

Merchant authentication

For merchant authentication in the payment gateway two methods can be used.

Mandatory Name Type Description
See description

userName String Merchant 's API account login. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
See description

password String Merchant's API account password. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
Mandatory Name Type Description
See description

token String Value that is used for merchant authentication when requests are sent to the payment gateway. If you pass this parameter do not pass userName and password.

Using REST protocol send requests with application/x-www-form-urlencoded type, not multipart/form-data type.

Connection strings

Requests must meet the following requirements:

The table below contains the URL addresses for accessing REST requests.

Request URL

Order registration

https://ecommerce.radarpayments.com/payment/rest/register.do

Order registration with pre-authorization

https://ecommerce.radarpayments.com/payment/rest/registerPreAuth.do

Order deposit request

https://ecommerce.radarpayments.com/payment/rest/deposit.do

Refund request

https://ecommerce.radarpayments.com/payment/rest/refund.do

Order status request

https://ecommerce.radarpayments.com/payment/rest/getOrderStatusExtended.do

Payment by binding

https://ecommerce.radarpayments.com/payment/rest/paymentOrderBinding.do

Payment order (Card data is collected on merchant's side - validation)

https://ecommerce.radarpayments.com/payment/rest/paymentOrder.do

Payment order request (card data is collected on merchant's side)

https://ecommerce.radarpayments.com/payment/rest/paymentOrder.do

Payment order request (card data is collected on merchant's side)

https://ecommerce.radarpayments.com/payment/rest/paymentOrder.do

If you test REST requests in the same browser that you accessed the payment gateway merchant console, then, executing any REST request will lead to an error in the payment gateway merchant console. To restore the session with the payment gateway merchant console:

This situation can be avoided in one of the following ways:

Integration scheme

Payment when card data is entered on the payment page of the payment gateway

One-phase payment Two-phase payment
1 A buyer selects items or services to purchase and selects payment card as a payment method. A buyer selects items or services to purchase and selects payment card as a payment method.
2 Merchant sends to the payment gateway a request for order registration:
register.do.
Passing, among other parameters, the following parameters:
  • returnUrl - URL address the customer will be redirected to if the payment is successful;
  • failUrl - URL address the customer will be redirected to if the payment fails.
Merchant sends to the payment gateway a request for order registration with pre-authorization:
registerPreAuth.do.
Passing, among other parameters, the following parameters:
  • amount - amount to charge;
  • orderNumber - order number in the merchant's system;
  • returnUrl - URL address the customer will be redirected to if the payment is successful;
  • failUrl - URL address the customer will be redirected to if the payment fails.
3 The payment gateway among other parameters returns the following parameters:
  • orderId - unique order number in the payment gateway;
  • formUrl - URL address of the payment form.
The payment gateway among other parameters returns the following parameters:
  • orderId - unique order number in the payment gateway;
  • formUrl - URL address of the payment form.
4 The merchant redirects the customer to the formUrl returned in the response. The merchant redirects the customer to the URL address received in the formUrl parameter of the request.
5 A form for entering payment card data is displayed to the customer. The customer fills in the received form and sends the data to the payment gateway server. 5
6 Further actions depend on whether the customer's card supports 3-D Secure:
  • No 3-D Secure - go to the next step of the procedure;
  • 3-D Secure enabled - the payment gateway redirects the customer to the authentication form (in most cases it is SMS authentication) at the issuing bank ACS - if the authentication is successful, the procedure continues.
Further actions depend on whether the customer's card supports 3-D Secure:
  • No 3-D Secure - go to the next step of the procedure;
  • 3-D Secure enabled - the payment gateway redirects the customer to the authentication form (in most cases it is SMS authentication) at the issuing bank ACS - if the authentication is successful, the procedure continues.
7 The payment gateway charges the registered amount.
8 After the payment is processed the payment gateway redirects the customer to returnUrl. After the payment is processed the payment gateway redirects the customer to returnUrl.
9 The customer's browser requests the payment results page from the merchant. The customer's browser requests the payment results page from the merchant.
10 The merchant requests the payment gateway the order status using unique identifier received during order registration (orderId):
getOrderStatusExtended.do.
The merchant requests the payment gateway the order status using unique identifier received during order registration (orderId):
getOrderStatusExtended.do.
11 The payment gateway returns payment status, and the merchant passes the resulting page to the customer's browser. The payment gateway returns payment status, and the merchant passes the resulting page to the customer's browser.
12 N/A To charge the customer the merchant must send a deposit request:
deposit.do.
13 N/A The payment gateway responses. The order status is not returned. To get the order status send getOrderStatusExtended request to the payment gateway:
getOrderStatusExtended.do.

To get the order status you can also use callback notifications instead of getOrderStatusExtended request. These notifications will be sent to you automatically after order status is changed.

Refund

The payment gateway allows full or partial refund. Refund is allowed for orders that are Deposited. The table below contains the interaction scheme in case of a refund.

Action
1 The merchant requests a refund (refund):
refund.do.
2 After a successful response the merchant requests order status:
getOrderStatusExtended.do.

To get the order status you can also use callback notifications instead of getOrderStatusExtended request. These notifications will be sent to you automatically after order status is changed.

REST API reference

You can download Postman collection of API requests to test some basic eCommerce functions.

Download Postman collection

Order registration

To register an order, use register.do request.

Request parameters

Mandatory Name Type Description
See description

userName String Merchant 's API account login. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
See description

password String Merchant's API account password. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
See description

token String Value that is used for merchant authentication when requests are sent to the payment gateway. If you pass this parameter do not pass userName and password.
See description

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant.
Yes

amount Integer Payment amount in minor currency units (e.g. in cents etc.).
No

currency Integer SO 4217 encoded currency key. If not specified, the default value is used.
Yes

returnUrl String The address to which the user will be redirected if the payment is successful. The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type http://<payment_gateway_address>/<merchant_address>.
No

failUrl String The address to which the user is to be redirected in case of a failed payment. The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type http://<payment_gateway_address>/<merchant_address>.
No

dynamicCallbackUrl String This parameter allows you to use the functionality of sending callback notifications dynamically. Here you can pass the address to which all "payment" callback notifications, activated for the merchant, will be sent. "Payment" notifications are callback notifications related to the following events: successful hold, payment declined by timeout, cardpresent payment is declined, successful debit, refund, cancellation. At the same time, callback notifications activated for the merchant that are not related to payments (enabling/disabling a binding, creating a binding) will be sent to a static address for callbacks. Mandatory use depends on the merchant configuration on Payment Gateway side.
No

description String Order description in any format.
To enable sending this field to the processing system, contact the technical support service.
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
No

pageView String By the value of this parameter, it is defined what pages of the payment interface are to be loaded for the customer. The following values are allowed.
  • DESKTOP – for loading pages for PC (in the archive that contains pages of the payment interface the following pages will be searched: payment_<locale>.html and errors_<locale>.html).
  • MOBILE – for loading pages for mobile devices (in the archive that contains pages of the payment interface the following pages will be searched: mobile_payment_<locale>.html and mobile_errors_<locale>.html).
  • If a merchant created payment pages and added their own prefixes, pass the created prefixes in pageView parameter to load the corresponding page. For example, when passing iphone value, pages with iphone_payment_<locale>.html and iphone_error_<locale>.htm will be searched

Where:
  • locale is the ISO 639-1 language key. For example, fr for French or en for English.

If this parameter is missing or does not match the format, it is considered that by default pageView=DESKTOP.
No

clientId Alphanumeric Customer number (ID) in the merchant's system — up to 255 characters . Used to implement the functionality of bindings. Can be returned in the response if the merchant is allowed to create bindings.
Specifying this parameter when processing payments via bindings is mandatory. Otherwise, a payment will be unsuccessful.
No

merchantLogin String To register an order on behalf of a child merchant, specify the merchant login in this parameter.
No

jsonParams String Block for passing additional merchant parameters. Fields containing additional info for further storage are pased as follows.
{name1:value1,…,nameN:valueN}
These fields can be transferred to the processing bank for further display in the bank registers.
Contact your bank to enable this functionality.
If customer notifications are configured for the merchant, then, customer's email must be passed in this block in the email parameter.
By default, the followng parameters are passed to the processing bank:
  • orderNumber – order number in the merchant's system;
  • description – order description (up to 99 characters, the following characters are forbidden^ %, +, end of line \r, and line break \n).

If you pass merchantOrderId parameter, then, its value will be passed to the processing bank as order number (instead of orderNumber parameter).
No

sessionTimeoutSecs Integer Order lifetime in seconds. If the parameter is not specified, the value specified in the merchant settings or the default value (1200 seconds = 20 minutes) will be used. If the request contains expirationDate, the value of sessionTimeoutSecs is not taken into account.
No

expirationDate String Data and time of the order expiry. Format used: yyyy-MM-ddTHH:mm:ss.
If this parameter is not passed in the request, sessionTimeoutSecs is used to define the expiry of the order.
No

bindingId String Identifier of a binding created earlier. It can be used only if the merchant has the permission to work with bindings.
No

features String Below are the allowed values.
  • AUTO_PAYMENT - Payment is processed without cardholder authentication (without CVC or 3-D Secure). To process these payments merchant must have sufficient permissions in the payment gateway.
  • VERIFY - If you specify this value in the order registration request, cardholder will be verified (they will have to go through 3-D Secure procedure) however they will not be charged any amount, so in this case amount parameter can be 0. Verification allows to make sure that a payment card is used by its legitimate owner, and further you can charge them without authentication (CVC, 3D-Secure). Even if some amount is passed in the request, the customer will not be charged if VERIFY feature is used. After a successful registration order status is changed to REVERSED (canceled).
  • FORCE_TDS - Force 3-D Secure payment. If a payment card does not support 3-D Secure, the transaction will fail.
  • FORCE_SSL - Force SSL payment (without 3-D Secure).
  • FORCE_FULL_TDS - After 3-D Secure authentication, PaRes status must be Y, which guarantees successful user authentication. Otherwise, the transaction will fail.
No

phone Integer Customer's phone number. It is always necessary to specify the country code, but you can specify or omit the + sign. Thus, the following options are valid:
  • +79998887766;
  • 79998887766.Allowed digits number: from 7 to 15.
No

email String Customer's email address.
See description

billingPayerData Object A block with the client's registration data (address, postal code) necessary for passing the address verification within the AVS/AVV services. Mandatory if the feature is enabled for the merchant on Payment Gateway side.

Below are the parameters of the billingPayerData block (data about the client registration address).

Mandatory Name Type Description
No

billingCity String The city registered on a specific card of the Issuing Bank.
No

billingCountry String The country registered on a specific card of the Issuing Bank ( ISO 3166-1, numeric).
No

billingAddressLine1 String The address registered on a specific card of the Issuing Bank. Line 1. Mandatory to be passed in order AVS verification works.
No

billingAddressLine2 String The address registered on a specific card of the Issuing Bank. Line 2.
No

billingAddressLine3 String The address registered on a specific card of the Issuing Bank. Line 3.
No

billingPostalCode String Postal code registered on a specific card of the Issuing Bank. Mandatory to be passed in order AVS verification works.
No

billingState String The state registered on a specific card of the Issuing Bank (ISO 3166-2).

Using jsonParams

You can use jsonParams to pass additional order information for further usage and storage. You can view additional parameters in the merchant console of the payment gateway.

Additional parameters are passed as follows {"<name1>":"<value1>",...,"<nameN>":"<valueN>"} These fields can be passed to the bank registries.

As additional parameters you can, in particular, pass the following:

Name
Data type
Mandatory
Description Example
email
ANS..255
Conditional
Email to be displayed on the payment page. Customer's email must be passed if client notification is configured for the merchant {"email": "client_mail@email.com"}
phone
AN..11
Mandatory)
Customer's phone number - it will be displayed on the payment page {"phone": "9001234567"}
backToShopUrl
ANS..255
Optional)
To display a button tha would allow a customer to return to the online store the address of the store must be specified in this parameter {"backToShopUrl": "http://shop.com"}
backToShopName
ANS..255
Conditional
Name of the button that would allow a customer to return back to the online store (if backToShopUrl parameter is used) {"backToShopName": "Cancel"}

Response parameters

Mandatory Name Type Description
No

formUrl String URL of the payment form, to which a customer will be redirected The URL is not returned if the registration of the order fails due to an error specified in errorCode.
No

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

orderId String Order number in the payment gateway. Unique within the payment gateway.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.

Error codes

Error code Error message
0 Request processing took place without system errors.
1 Order with given order number is processed already.
1 Order number is invalid
3 Unknown currency.
4 Order number is empty.
4 Empty merchant user name.
4 Empty amount.
4 Empty return URL.
4 Password cannot be empty.
5 Access denied.
5 The user must change his password.
5 [jsonParams] is invalid.
7 System error.
13 Merchant doesn't have the permission to verify payments.
14 Features are invalid.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/register.do \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data amount=2000 \
  --data userName=test_user \
  --data password=test_user_password \
  --data returnUrl=finish.html \
  --data failUrl=errors_ru.html \
  --data email=test@test.ru \
  --data clientId=259753456 \
  --data language=en

Response example

{
  "orderId": "01491d0b-c848-7dd6-a20d-e96900a7d8c0",
  "formUrl": "https://ecommerce.radarpayments.com/payment/merchants/rbs/payment_en.html?mdOrder=01491d0b-c848-7dd6-a20d-e96900a7d8c0"
}

Order pre-authorization

To request registration of an order with preauthorization registerPreAuth.do method is used.

Request parameters

Mandatory Name Type Description
See description

userName String Merchant 's API account login. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
See description

password String Merchant's API account password. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
See description

token String Value that is used for merchant authentication when requests are sent to the payment gateway. If you pass this parameter do not pass userName and password.
Yes

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant.
Yes

amount Integer Payment amount in minor currency units (e.g. in cents etc.).
No

currency Integer SO 4217 encoded currency key. If not specified, the default value is used.
Yes

returnUrl String The address to which the user will be redirected if the payment is successful. The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type http://<payment_gateway_address>/<merchant_address>.
No

failUrl String The address to which the user is to be redirected in case of a failed payment. The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type http://<payment_gateway_address>/<merchant_address>.
No

dynamicCallbackUrl String This parameter allows you to use the functionality of sending callback notifications dynamically. Here you can pass the address to which all "payment" callback notifications, activated for the merchant, will be sent. "Payment" notifications are callback notifications related to the following events: successful hold, payment declined by timeout, cardpresent payment is declined, successful debit, refund, cancellation. At the same time, callback notifications activated for the merchant that are not related to payments (enabling/disabling a binding, creating a binding) will be sent to a static address for callbacks. Mandatory use depends on the merchant configuration on Payment Gateway side.
No

description String Order description in any format.
To enable sending this field to the processing system, contact the technical support service.
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
No

pageView String By the value of this parameter, it is defined what pages of the payment interface are to be loaded for the customer. The following values are allowed.
  • DESKTOP – for loading pages for PC (in the archive that contains pages of the payment interface the following pages will be searched: payment_<locale>.html and errors_<locale>.html).
  • MOBILE – for loading pages for mobile devices (in the archive that contains pages of the payment interface the following pages will be searched: mobile_payment_<locale>.html and mobile_errors_<locale>.html).
  • If a merchant created payment pages and added their own prefixes, pass the created prefixes in pageView parameter to load the corresponding page. For example, when passing iphone value, pages with iphone_payment_<locale>.html and iphone_error_<locale>.htm will be searched

Where:
  • locale is the ISO 639-1 language key. For example, fr for French or en for English.

If this parameter is missing or does not match the format, it is considered that by default pageView=DESKTOP.
No

clientId Alphanumeric Customer number (ID) in the merchant's system — up to 255 characters . Used to implement the functionality of bindings. Can be returned in the response if the merchant is allowed to create bindings.
Specifying this parameter when processing payments via bindings is mandatory. Otherwise, a payment will be unsuccessful.
No

merchantLogin String To register an order on behalf of a child merchant, specify the merchant login in this parameter.
No

jsonParams String Block for passing additional merchant parameters. Fields containing additional info for further storage are pased as follows.
{name1:value1,…,nameN:valueN}
These fields can be transferred to the processing bank for further display in the bank registers.
Contact your bank to enable this functionality.
If customer notifications are configured for the merchant, then, customer's email must be passed in this block in the email parameter.
By default, the followng parameters are passed to the processing bank:
  • orderNumber – order number in the merchant's system;
  • description – order description (up to 99 characters, the following characters are forbidden^ %, +, end of line \r, and line break \n).

If you pass merchantOrderId parameter, then, its value will be passed to the processing bank as order number (instead of orderNumber parameter).
No

sessionTimeoutSecs Integer Order lifetime in seconds. If the parameter is not specified, the value specified in the merchant settings or the default value (1200 seconds = 20 minutes) will be used. If the request contains expirationDate, the value of sessionTimeoutSecs is not taken into account.
No

expirationDate String Data and time of the order expiry. Format used: yyyy-MM-ddTHH:mm:ss.
If this parameter is not passed in the request, sessionTimeoutSecs is used to define the expiry of the order.
No

bindingId String Identifier of a binding created earlier. It can be used only if the merchant has the permission to work with bindings.
No

features String Below are the allowed values.
  • AUTO_PAYMENT - Payment is processed without cardholder authentication (without CVC or 3-D Secure). To process these payments merchant must have sufficient permissions in the payment gateway.
  • VERIFY - If you specify this value in the order registration request, cardholder will be verified (they will have to go through 3-D Secure procedure) however they will not be charged any amount, so in this case amount parameter can be 0. Verification allows to make sure that a payment card is used by its legitimate owner, and further you can charge them without authentication (CVC, 3D-Secure). Even if some amount is passed in the request, the customer will not be charged if VERIFY feature is used. After a successful registration order status is changed to REVERSED (canceled).
  • FORCE_TDS - Force 3-D Secure payment. If a payment card does not support 3-D Secure, the transaction will fail.
  • FORCE_SSL - Force SSL payment (without 3-D Secure).
  • FORCE_FULL_TDS - After 3-D Secure authentication, PaRes status must be Y, which guarantees successful user authentication. Otherwise, the transaction will fail.
No

autocompletionDate String The date and time when the two-stage payment was completed automatically in the following format: 2017-12-29T13:02:51. To enable sending this field to the processing system, contact your technical support service.
No

email String Customer's email address.
No

phone Integer Customer's phone number. It is always necessary to specify the country code, but you can specify or omit the + sign. Thus, the following options are valid:
  • +79998887766;
  • 79998887766.Allowed digits number: from 7 to 15.
See description

billingPayerData Object A block with the client's registration data (address, postal code) necessary for passing the address verification within the AVS/AVV services. Mandatory if the feature is enabled for the merchant on Payment Gateway side.

Below are the parameters of the billingPayerData block (data about the client registration address).

Mandatory Name Type Description
No

billingCity String The city registered on a specific card of the Issuing Bank.
No

billingCountry String The country registered on a specific card of the Issuing Bank ( ISO 3166-1, numeric).
No

billingAddressLine1 String The address registered on a specific card of the Issuing Bank. Line 1. Mandatory to be passed in order AVS verification works.
No

billingAddressLine2 String The address registered on a specific card of the Issuing Bank. Line 2.
No

billingAddressLine3 String The address registered on a specific card of the Issuing Bank. Line 3.
No

billingPostalCode String Postal code registered on a specific card of the Issuing Bank. Mandatory to be passed in order AVS verification works.
No

billingState String The state registered on a specific card of the Issuing Bank (ISO 3166-2).

Response parameters

Mandatory Name Type Description
No

orderId String Order number in the payment gateway. Unique within the payment gateway.
No

formUrl String URL of the payment form, to which a customer will be redirected The URL is not returned if the registration of the order fails due to an error specified in errorCode.
No

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.

Error codes

Error code Error message
0 Request processing took place without system errors.
1 Order with given order number is processed already.
1 Order number is invalid
3 Unknown currency.
4 Order number is empty.
4 Empty merchant user name.
4 Empty amount.
4 Empty return URL.
4 Password cannot be empty.
5 Wrong amount.
5 Invalid merchant language.
5 Merchant login is invalid.
5 Access denied.
5 The user must change his password.
5 [jsonParams] is invalid.
7 System error.
13 Merchant doesn't have the permission to verify payments.
14 Features are invalid.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/registerPreAuth.do \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data amount=2000 \
  --data userName=test_user \
  --data password=test_user_password \
  --data returnUrl=finish.html \
  --data orderNumber=1255555555555 \
  --data clientId=259753456 \
  --data language=en

Response example

{
  "orderId": "01492437-d2fb-77fa-8db7-9e2900a7d8c0",
  "formUrl": "https://ecommerce.radarpayments.com/payment/merchants/rbs/payment_en.html?mdOrder=01492437-d2fb-77fa-8db7-9e2900a7d8c0"
}

Deposit order

To complete a pre-authorized order use deposit.do request.

Request parameters

Mandatory Name Type Description
Yes

userName String Merchant's API account login.
Yes

password String Merchant's API account password.
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.
Yes

amount Integer Payment amount in minor currency units (e.g. in cents etc.).

Response parameters

Mandatory Name Type Description
No

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.

Error codes

Error code Error message
5 Access denied.
5 The user must change his password.
5 Wrong amount.
5 Deposit amount must be at least 1 ruble or equal to zero.
6 Unknown order id.
7 Payment must be in the correct state.
7 System error.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/deposit.do \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data userName=test_user \
  --data password=test_user_password \
  --data amount=2000 \
  --data orderId=01492437-d2fb-77fa-8db7-9e2900a7d8c0 \
  --data language=en

Response example

{
  "errorCode": 0,
  "errorMessage":"Success"
}

Payment reversal

The request used for reversing an order payment is reverse.do. Reversals can be done only within a specific time frame after the payment. Contact your bank to know the exact period, as it varies.

The payment can be reversed only once. If it ends with an error, then subsequent payment reversal operations will not work.

Availability of this feature is subject to agreement by the Bank. Reversals can be done only by users to whom the appropriate system permissions have been granted.

Request parameters

Mandatory Name Type Description
Yes

userName String Merchant 's API account login. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.
No

jsonParams String Block for passing additional merchant parameters. Fields containing additional info for further storage are pased as follows.
{name1:value1,…,nameN:valueN}
These fields can be transferred to the processing bank for further display in the bank registers.
Contact your bank to enable this functionality.
If customer notifications are configured for the merchant, then, customer's email must be passed in this block in the email parameter.
By default, the followng parameters are passed to the processing bank:
  • orderNumber – order number in the merchant's system;
  • description – order description (up to 99 characters, the following characters are forbidden^ %, +, end of line \r, and line break \n).

If you pass merchantOrderId parameter, then, its value will be passed to the processing bank as order number (instead of orderNumber parameter).
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.

Response parameters

Mandatory Name Type Description
Mandatory Name Type Description
No

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.

Error codes

Error code Message
0 Request processing took place without system errors
5 Access denied
5 The user must change their password
5 [orderId] not set
5 Unsuccessful
6 Unknown order ID
7 Invalid operation for the current order status
7 System error
7 Reversal not possible. Hold amount and deposit amount must be equal
7 Transaction is being processed now. Please try again later
7 The order is in an incorrect state
7 Reversal not possible. Check the hold amount and the deposit amount.
7 Reversal not possible. The chargeback flag is set for this payment
7 This type of payment does not support reversal

Examples

POST request example

    language=ru&orderId=9231a838-ac68-4a3e-bddb-d9781433d852

Response example

    {"errorCode":"0","errorMessage":"Success"}

Refund

Use refund.do to make refund requests.

You cannot refund orders that initialize recurrent payments, as no money are actually charged.

Upon this request, the funds for the specified order are to be returned to the payer. The request will end with an error if the funds have not been debited for this order. The system permits returning funds more than once, but for a total amount not exceeding the initial debit amount.

Request parameters

Mandatory Name Type Description
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.
Yes

amount Integer Payment amount in minor currency units (e.g. in cents etc.).
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.

Response parameters

Mandatory Name Type Description
No

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.

Error codes

Error code Error message
0 Request processing took place without system errors.
5 Access denied.
5 The user must change his password.
5 [orderId] is empty.
5 Wrong amount.
6 Unknown order id.
7 Payment must be in the correct state.
7 Refund amount exceeds deposited amount.
7 System error.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/refund.do \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data userName=test_user \
  --data password=test_user_password \
  --data orderId=01491d0b-c848-7dd6-a20d-e96900a7d8c0 \
  --data amount=2000 \
  --data language=en

Response example

{
  "errorCode": 0,
  "errorMessage":"Success"
}

Order status

The request used to get the order status is getOrderStatusExtended.do.

Request parameters

Mandatory Name Type Description
No

userName String Merchant 's API account login. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
No

password String Merchant's API account password. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
No

token String Value that is used for merchant authentication when requests are sent to the payment gateway. If you pass this parameter do not pass userName and password.
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.
Yes

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant.
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.

Response parameters

There are several sets of the response parameters. Which set of parameters is returned in the response, depends on the version of getOrderStatusExtended specified in the merchant's settings in the payment gateway.

Version Mandatory Name Type Description
All versions. See description

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant registered in the payment gateway — up to 30 characters. If the Order number is generated on the Payment Gateway side, this parameter is not mandatory.
All versions. No

orderStatus Integer The value of this parameter specifies the status of the order in the payment gateway. It is missing if the order has not been found. Below is the list of available values:
  • 0 - order was registered but not paid;
  • 1 - pre-authorized amount is on hold on the buyer's account (for two-phase payments);
  • 2 - order amount is fully authorized;
  • 3 - authorization canceled;
  • 4 - transaction was refunded;
  • 5 - access control server of the issuing bank initiated authorization procedure;
  • 6 - authorization declined.
All versions. Yes

actionCode Integer Response code from the processing bank.
All versions. Yes

actionCodeDescription String actionCode description returned from the processing bank.
All versions. No

errorCode Integer Error code. Can be missing if the result has not caused an error.
All versions. No

errorMessage String Error description. Language of the description is set in language parameter of the request.
All versions. Yes

amount Integer Payment amount in minor currency units (e.g. in cents etc.).
All versions. No

currency Integer SO 4217 encoded currency key. If not specified, the default value is used.
All versions. Yes

date String Order registration date.
All versions. No

orderDescription String Order description passed to the payment gateway during the registration.
All versions. Yes

ip String Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters).
09 and later. Yes

paymentWay String Payment method (a payment with entering card data, a payment using a binding, etc.).
19 and later. No

avsCode Alphabetic A code of the AVS verification response (checking the address and postal code of the cardholder). Possible values:
  • A – postal code and address are the same.
  • B – address matches, postal code doesn't match.
  • C - postal code matches, address doesn't match.
  • D - postal code and address don't match.
  • E - data validation is requested, but the result is unsuccessful.
  • F - invalid format of the AVS/AVV verification request.

attributes block contains information on the order number in the payment gateway. name parameter contains the word mdOrder, and value parameter contains the actual order number in the payment gateway.

Version Name Type Mandatory Description
All versions. No

name Numeric Name of an additional parameter.
All versions. No

value Numeric Value of an additional parameter - up to 1024 characters.

merchantOrderParams block is passed in the response, if the order contains merchant additional parameters. Each additional parameter is passed in a separate merchantOrderParams element.

Version Name Type Mandatory Description
All versions. No

name Numeric Name of an additional parameter.
All versions. No

value Numeric Value of an additional parameter - up to 1024 characters.

cardAuthInfo element contains a structure consisting of secureAuthInfo element list and the following parameters.

Version Name Type Mandatory Description
All versions. No

maskedPan String Masked number of the card used for the payment. This parameter is to be specified only after the order has been paid.
All versions. No

expiration Integer Card expiration in the following format: YYYYMM. This parameter is to be specified only after the order has been paid.
All versions. No

cardholderName Alphabetic Cardholder's name in Latin characters. This parameter is passed only after an order is paid.
All versions. No

approvalCode String IPS authorization code. This field has a fixed length (six symbols) and can contain digits and Latin letters.
06 and later. No

refund Boolean Whether the funds was forcibly returned to the buyer by the bank. The possible values are:
  • true - funds were reversed;
  • false - funds were not reversed.
08 and later. Yes

paymentSystem String Payment system name. The following variants are possible:
  • VISA;
  • MASTERCARD;
  • AMEX;
  • JCB;
  • CUP;
  • MIR.
08 and later. Yes

product String Additional details on corporate cards. These details are filled in by the technical support service. If such details are missing, an empty value is returned.

secureAuthInfo element consists of eci element and threeDSInfo element that is a list of cavv and xid parameters).

Version Name Type Mandatory Description
All versions. No

eci Integer Electronic commerce indicator. The indicator is specified only after an order has been paid and in case the corresponding permission is present. Below is the explanation of ECI codes.
  • ECI=1 or ECI=6 - merchant supports 3-D Secure, payment card does not support 3-D Secure, payment is processed based on CVV2/CVC code.
  • ECI=2 or ECI=5 - both merchant and payment card support 3-D Secure;
  • ECI=7 - merchant does not support 3-D Secure, payment is processed based on CVV2/CVC code.
All versions. No

cavv String Cardholder authentication value. The indicator is specified only after an order is paid and if the corresponding permission is enabled.
All versions. No

xid String Electronic commerce indicator of the transaction. The indicator is specified only after an order has been paid and in case the corresponding permission is present.

bindingInfo element contains the following parameters.

Version Name Type Mandatory Description
All versions. No

clientId Alphanumeric Customer number (ID) in the merchant's system — up to 255 characters . Used to implement the functionality of bindings. Can be returned in the response if the merchant is allowed to create bindings.
Specifying this parameter when processing payments via bindings is mandatory. Otherwise, a payment will be unsuccessful.
All versions. No

bindingId String Identifier of a binding created earlier. It can be used only if the merchant has the permission to work with bindings.
02 and later. No

authDateTime String Authorization date and time, shown as the amount of milliseconds passed from 00:00 January 1, 1970 (GMT).
02 and later. No

authRefNum String Registration number of the payment authorization that has been assigned to it on the payment registration.
02 and later. No

terminalId String Terminal identifier.

paymentAmountInfo element contains the following parameters.

Version Name Type Mandatory Description
03 and later. No

approvedAmount Integer Amount in minimum currency units (e.g. cents) that was put on hold on buyer's account. Used in two-phase payments only.
03 and later. No

depositedAmount Integer Charged amount in minimum currency units (e.g. in cents).
03 and later. No

refundedAmount Integer Refunded amount in minimum currency units.
03 and later. No

paymentState String Order status, this parameter can have the following values:
  • CREATED - order created (but not paid);
  • APPROVED - order approved (funds are on hold on buyer's account);
  • DEPOSITED - order deposited (buyer is charged);
  • DECLINED - order declined;
  • REVERSED - order canceled;
  • REFUNDED - refund.
11 and later. No

feeAmount Integer Fee amount.

bankInfo element contains the following parameters.

Version Name Type Mandatory Description
03 and later. No

bankName String Issuing bank name.
03 and later. No

bankCountryCode String Country code of the issuing bank.
03 and later. No

bankCountryName String Country of the issuing bank.

Error codes

Error code Error message
0 Request processing took place without system errors.
5 Access denied.
5 The user must change his password.
5 [orderId] is empty.
6 Unregistered orderId.
7 System error.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/getOrderStatusExtended.do \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data userName=test_user \
  --data password=test_user_password \
  --data orderId=01491d0b-c848-7dd6-a20d-e96900a7d8c0 \
  --data language=en

Response example

{
  "errorCode": "0",
  "errorMessage": "Success",
  "orderNumber": "7005",
  "orderStatus": 2,
  "actionCode": 0,
  "actionCodeDescription": "",
  "amount": 2000,
  "currency": "978",
  "date": 1617972915659,
  "orderDescription": "",
  "merchantOrderParams": [],
  "transactionAttributes": [],
  "attributes": [
    {
      "name": "mdOrder",
      "value": "01491d0b-c848-7dd6-a20d-e96900a7d8c0"
    }
  ],
  "cardAuthInfo": {
    "maskedPan": "555555**5599",
    "expiration": "202412",
    "cardholderName": "TEST CARDHOLDER",
    "approvalCode": "123456",
    "pan": "555555**5599"
  },
  "bindingInfo": {
    "clientId": "259753456",
    "bindingId": "01491394-63a6-7d45-a88f-7bce00a7d8c0"
  },
  "authDateTime": 1617973059029,
  "terminalId": "123456",
  "authRefNum": "714105591198",
  "paymentAmountInfo": {
    "paymentState": "DEPOSITED",
    "approvedAmount": 2000,
    "depositedAmount": 2000,
    "refundedAmount": 0
  },
  "bankInfo": {
    "bankCountryCode": "UNKNOWN",
    "bankCountryName": "&ltUnknown&gt"
  }
}

Payment by binding

The request used to make a payment by binding is paymentOrderBinding.do.

Request parameters

Mandatory Name Type Description
Yes

userName String Merchant's API account login.
Yes

password String Merchant's API account password.
Yes

mdOrder String Order number in the payment gateway. Unique within the payment gateway.
Yes

bindingId String Identifier of a binding created earlier. It can be used only if the merchant has the permission to work with bindings.
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
Yes

ip String Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters).
No

cvc Integer This parameter is mandatory if permission Can process payments without confirmation of CVC is not enabled.
No

email String Customer's email address.
No

threeDSSDK String Possible values: true or false. Flag showing that payment comes from 3DS SDK.
No

tii String Transaction initiator ID. A parameter indicating what type of operation will be carried out by the initiator (Merchant). Possible values

Possible values of tii:

tii value Transaction type Transaction initiator Card data for transaction Card data saved after transaction Note
Empty Regular Customer Entered by Customer No An e-commerce transaction, binding is not saved.
CI (initiating transaction, binding saved for ad-hoc payments) Initiating Customer Entered by Customer Yes
II (initiating transaction, binding saved for installment payments) Initiating Customer Entered by Customer Yes An e-commerce transaction, binding is saved.
RI (initiating transaction, binding saved for recurrent payments) Initiating Customer Entered by Customer Yes An e-commerce transaction, binding is saved.
F (subsequent CIT CoF operation) Subsequent Customer Customer selects card instead of manual entry No An e-commerce transaction that uses a previously saved binding.
U (ad-hoc MIT CoF operation) Subsequent Merchant No manual entry, Merchant passes the data No An e-commerce transaction that uses a previously saved binding.
R (recurrent operation) Subsequent Merchant No manual entry, Merchant passes the data No A recurrent transaction that uses a previously saved binding.
I (installment payment) Subsequent Merchant No manual entry, Merchant passes the data No An installment transaction that uses a previously saved binding.

Response parameters

Mandatory Name Type Description
No

redirect String This parameter is returned if the payment is successful and that payment did not include check for 3-D Secure involvement. URL to which a customer is redirected after their payment.
No

info String If response is successful. Result of a payment attempt. Below are the possible values.
  • Your payment has been processed, redirecting...
  • Operation declined. Check the entered data and that there are enough funds on the card and repeat the operation. Redirecting...
  • Sorry, payment cannot be completed. Redirecting...
  • Operation declined. Contact the merchant. Redirecting...
  • Operation declined. Contact the bank that issued the card. Redirecting...
  • Impossible operation. Cardholder authentication completed unsuccessfully. Redirecting...
  • No connection with bank. Try again later. Redirecting...
  • Input time expired. Redirecting...
  • No response from bank received. Try again later. Redirecting...
Yes

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.
No

error String Error message (if response returned an error) in the language passed in the request.
No

acsUrl String On a successful response in case of a 3D-Secure payment. URL address for redirecting to ACS.
No

paReq String On a successful response in case of a 3D-Secure payment. Payment Authentication Request.
No

termUrl String In a successful response in case of a 3D-Secure payment. URL address for redirecting to ACS.

Error codes

Error code Error message
0 Request processing took place without system errors.
1 [cvc] is empty.
2 Binding not found.
2 Order not found.
5 Access denied.
5 The user must change his password.
7 System error.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/paymentOrderBinding.do \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data userName=test_user \
  --data password=test_user_password \
  --data mdOrder=01491d0b-c848-7dd6-a20d-e96900a7d8c0 \
  --data bindingId=01491394-63a6-7d45-a88f-7bce00a7d8c0 \
  --data clientId=259753456 \
  --data ip=1d0d:db8:6:1::77 \
  --data cvc=123 \
  --data language=en

Example of a success response for an SSL-payment (no 3-D Secure)

{
  "redirect": "https://ecommerce.radarpayments.com/payment/merchants/temp/finish.html?orderId=01491d0b-c848-7dd6-a20d-e96900a7d8c0&lang=en",
  "info": "Your order is proceeded, redirecting...",
  "errorCode": 0
}

An example of a success response for a 3D-Secure payment

{
  "info": "Your order is proceeded, redirecting...",
  "errorCode": 0,
  "acsUrl": "https://web.rbsuat.com/acs/auth/start.do",
  "paReq": "eJxVUu9vgjAQ/VcM37FQKqI5a9zUjEWI2TDZt6VCBxj5IRSj/vVrEab70OTe3fW967vC/JIdB2de1WmRzzRzaGgDnodFlObxTNsFa93R5hSCpOJ8+cnDpuIUPF7XLOaDNJpp2B79OJYz0e2ITXTCTaI7Y2bpeDwyrYkVhXuHaRS2iw9+otAJUakzxIB6KBmrMGG5oMDC04vrU4LHtmEA6iBkvHKXdEQsbBFAdwQ5yzitWR7ti8t31lEAatMQFk0uqiu1iQWoB9BUR5oIUU4RErwWw7DIAKkkoMcM20ZFtSS5pBH1b/HVv3mGF6ywF8SGd9jd/IMnTzwDpDogYoJTbGDTICYZmM7UsqeGlG3zwDKlLuvtg+4ASqWxeK48Z0AaXck99OP3CPilLHKu7gD6iwE9Jn59Ux6GQvpzLlfBpEwcX3ibrVuwdbrelOv3OvpaucrZtkkxptIZTMw7pQKAFA3qloa6fcvo3z/4BaHYvAI=",
  "termUrl": "https://ecommerce.radarpayments.com/payment/rest/finish3ds.do?lang=en"
}

Example of a response with an error

{
  "error": "Access denied",
  "errorCode": 5,
  "errorMessage": "Access denied"
}

Get Bindings

The request used to get the list of client bindings is getBindings.do.

Request parameters

Mandatory Name Type Description
Yes

clientId Alphanumeric Customer number (ID) in the merchant's system — up to 255 characters . Used to implement the functionality of bindings. Can be returned in the response if the merchant is allowed to create bindings.
Specifying this parameter when processing payments via bindings is mandatory. Otherwise, a payment will be unsuccessful.

Response parameters

Mandatory Name Type Description
Yes

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.
No

error String Error message (if response returned an error) in the language passed in the request.
No

maskedPan String Masked number of the card used for the payment. This parameter is to be specified only after the order has been paid.
No

paymentWay String Payment method (a payment with entering card data, a payment using a binding, etc.).
Yes

bindingId String Identifier of a binding created earlier. It can be used only if the merchant has the permission to work with bindings.
Yes

expiryDate Integer Card expiration in the following format: YYYYMM. This parameter is to be specified only after the order has been paid.

Error codes

Error code Error message
0 Request processing took place without system errors.
1 [cvc] is empty.
2 Binding not found.
2 Order not found.
5 Access denied.
5 The user must change his password.
7 System error.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/getBindings.do \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data userName=ik_bindings-api \
  --data password=Ik_pass1 \
  --data clientId=dos-clientos \
  --data bindingType=C

Example of a success response

{
"errorCode":"0",
"errorMessage":"Success",
"bindings": [
    {
        "bindingId":"69d6a793-afb5-79be-8ce7-63ff00a8656a",
        "maskedPan":"444455**3333",
        "expiryDate":"202412",
        "paymentWay":"CARD",
        "displayLabel":"XXXXXXXXXXXX3333"
        }
    ]
 }

Card data validation

Payment card validation is done as shown in the table below.

Parameter Description Validation

PAN

Full payment card number Luhn validation (if payment card number is real), number of digits in a card number is from 13 to 20

CVC

CVC code 3 digits

YYYY, MM

Year, Month Present or future date. If card expiry is current year and month payment is possible only until the end of the current calendar month.

TEXT

Cardholder Not verified.

Payment order, card data is collected on merchant's side (internal MPI)

To make a payment paymentOrder.do request is used.

Request parameters

Mandatory Name Type Description
Yes

userName String Merchant's API account login.
Yes

password String Merchant's API account password. If you pass your login and password to authenticate in the payment gateway, do not pass token parameter.
Yes

MDORDER String Order number in the payment gateway.
Yes

$PAN Numeric Payment card number.
Yes

$CVC Numeric CVC/CVV2 code on the back of a payment card.
Yes

YYYY Numeric Payment card expiry year.
Yes

MM Numeric Payment card expiry month.
Yes

seToken String Encrypted card data that replaces $PAN, $CVC, YYYY and MM mandatory parameters. Usually used in SDKs
Yes

TEXT Alphabetic Cardholder name.
Yes

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
No

ip String Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters).
No

email String Customer's email address.
No

bindingNotNeeded Boolean Allowed values:
  • true – binding creation after the payment is made disabled (binding is a customer identifier passed in order registration request — after paymentOrder request it will be deleted from order details);
  • false – if payment is successful a binding can be created (if the necessary conditions are met). This is the default value.
No

jsonParams String Block for passing additional merchant parameters. Fields containing additional info for further storage are pased as follows.
{name1:value1,…,nameN:valueN}
These fields can be transferred to the processing bank for further display in the bank registers.
Contact your bank to enable this functionality.
If customer notifications are configured for the merchant, then, customer's email must be passed in this block in the email parameter.
By default, the followng parameters are passed to the processing bank:
  • orderNumber – order number in the merchant's system;
  • description – order description (up to 99 characters, the following characters are forbidden^ %, +, end of line \r, and line break \n).

If you pass merchantOrderId parameter, then, its value will be passed to the processing bank as order number (instead of orderNumber parameter).
No

threeDSSDK String Possible values: true or false. Flag showing that payment comes from 3DS SDK.
See description

billingPayerData Object A block with the client's registration data (address, postal code) necessary for passing the address verification within the AVS/AVV services. Mandatory if the feature is enabled for the merchant on Payment Gateway side.
No

tii String Transaction initiator ID. A parameter indicating what type of operation will be carried out by the initiator (Merchant). Possible values

Below are the parameters of the billingPayerData block (data about the client registration address).

Mandatory Name Type Description
No

billingCity String The city registered on a specific card of the Issuing Bank.
No

billingCountry String The country registered on a specific card of the Issuing Bank ( ISO 3166-1, numeric).
No

billingAddressLine1 String The address registered on a specific card of the Issuing Bank. Line 1. Mandatory to be passed in order AVS verification works.
No

billingAddressLine2 String The address registered on a specific card of the Issuing Bank. Line 2.
No

billingAddressLine3 String The address registered on a specific card of the Issuing Bank. Line 3.
No

billingPostalCode String Postal code registered on a specific card of the Issuing Bank. Mandatory to be passed in order AVS verification works.
No

billingState String The state registered on a specific card of the Issuing Bank (ISO 3166-2).

Possible values of tii:

tii value Transaction type Transaction initiator Card data for transaction Card data saved after transaction Note
Empty Regular Customer Entered by Customer No An e-commerce transaction, binding is not saved.
CI (initiating transaction, binding saved for ad-hoc payments) Initiating Customer Entered by Customer Yes
II (initiating transaction, binding saved for installment payments) Initiating Customer Entered by Customer Yes An e-commerce transaction, binding is saved.
RI (initiating transaction, binding saved for recurrent payments) Initiating Customer Entered by Customer Yes An e-commerce transaction, binding is saved.
F (subsequent CIT CoF operation) Subsequent Customer Customer selects card instead of manual entry No An e-commerce transaction that uses a previously saved binding.
U (ad-hoc MIT CoF operation) Subsequent Merchant No manual entry, Merchant passes the data No An e-commerce transaction that uses a previously saved binding.
R (recurrent operation) Subsequent Merchant No manual entry, Merchant passes the data No A recurrent transaction that uses a previously saved binding.
I (installment payment) Subsequent Merchant No manual entry, Merchant passes the data No An installment transaction that uses a previously saved binding.

Response parameters

Mandatory Name Type Description
Yes

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.
No

info String If response is successful. Result of a payment attempt. Below are the possible values.
  • Your payment has been processed, redirecting...
  • Operation declined. Check the entered data and that there are enough funds on the card and repeat the operation. Redirecting...
  • Sorry, payment cannot be completed. Redirecting...
  • Operation declined. Contact the merchant. Redirecting...
  • Operation declined. Contact the bank that issued the card. Redirecting...
  • Impossible operation. Cardholder authentication completed unsuccessfully. Redirecting...
  • No connection with bank. Try again later. Redirecting...
  • Input time expired. Redirecting...
  • No response from bank received. Try again later. Redirecting...
No

redirect String This parameter is returned if the payment is successful and that payment did not include check for 3-D Secure involvement. URL to which a customer is redirected after their payment.
No

termUrl String In a successful response in case of a 3D-Secure payment. URL address for redirecting to ACS.
No

acsUrl String On a successful response in case of a 3D-Secure payment. URL address for redirecting to ACS.
No

paReq String On a successful response in case of a 3D-Secure payment. Payment Authentication Request.

Error codes (errorCode parameter):

Value Description
0 Request processing took place without system errors.
5 Payments attempts exceeded.
5 System or internal error.

Examples

Request example

curl --request POST \
  --url https://ecommerce.radarpayments.com/payment/rest/paymentorder.do \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data userName=test_user \
  --data password=test_user_password \
  --data MDORDER=014932b6-9dc7-7782-aeec-a07500a7d8c0 \
  --data '$PAN=5555555555555599' \
  --data '$CVC=123' \
  --data YYYY=2024 \
  --data MM=12 \
  --data 'TEXT=TEST CARDHOLDER' \
  --data language=en

Response examples

Response example when 3-D Secure authentication is not required.

{
  "redirect": "https://ecommerce.radarpayments.com/payment/merchants/temp/finish.html?orderId=014932b6-9dc7-7782-aeec-a07500a7d8c0&lang=en",
  "info": "Your order is proceeded, redirecting...",
  "errorCode": 0
}

Response example when 3-D Secure authentication is required.

{
  "info": "Your order is proceeded, redirecting...",
  "errorCode": 0,
  "acsUrl": "https://web.rbsuat.com/acs/auth/start.do",
  "paReq": "eJxVUsFWwjAQ/BVe7yVNmrbIW+JDQOFAVawHvfhKu5QKTaENvsrXm0ARve3MJjOb2cBtU2w7X1jVeSkHFu06VgdlUqa5zAbWa3Rv96xbAdG6Qhy/YHKoUMAc6zrOsJOnA6sXBMFq5fn2kiO1OcOl3XN7nr2M0VkFbnrjUd8S8DRc4F5AayS0T5cBuUCtWCXrWCoBcbK/m4WCs8B3HCAthAKr2Vh43GUuB3JGIOMCRR3LdFk2H0UrAeREQ1IepKq+hc9dIBcAh2or1krt+oQorFU3KQsghgRyneHpYKpaizR5KsLjjIfjZ3d+nLB5lDnh54aG0eR7ftwMgJgTkMYKBXMYdTj1Oo7f91jfpUBOPMSFcdf904POAHbGY/i385cBHXSl93AZ/4IAm10p0dwB8lsDuU48mpoME6XzkYutGr5Pm8fR5G5fUF4c3yI2XT1kb5lvkj0dMoq5ToZxepY0AIiRIe3SSLtvXf37Bz+jLruc",
  "termUrl": "https://ecommerce.radarpayments.com/payment/rest/finish3ds.do?lang=en"
}

If 3-D Secure is required, then, after receiving a paymentOrder response, the customer must be redirected to ACS. There are two ways to do that: regular and simplified (see the table below).

Redirection method Description
Regular If a payment is made with 3-D Secure, merchants must redirect their customers to ACS using the address specified in acsUrl, the request body must be MD=mdorder&PaReq=pareq&TermUrl=termUrl, where:
  • mdorder - unique order ID in the payment gateway;
  • pareq - parameter received from the paymentOrder response;
  • termUrl - parameter received from the paymentOrder response.

  • It must be a POST request.
    Depending on the configuration agreed with your bank, the customer after ACS authentication will be redirected either to the store or to the payment gateway. Variants of payment completion are described below.
Simplified For customers to access the ACS authentication page, the merchant redirects them to the payment gateway page at the following URL:
<payment gateway address>/acsRedirect.do?orderId=<order number>
where:
  • <payment gateway address> - server and context used to connect to the payment gateway;
  • <order number> - customer's unique order number.

Then, without other actions required from customer, the payment gateway redirects them to the ACS page, where customer authenticates.
If payments attempts are exceeded, the last payment attempts receives the following response.
{"redirect":"false.html?login=test&orderId=85eb9a84-2a47-7cca-b0ae-662c000016d1&lang=ru","info":"Operation declined. Check the entered data, amount available on your payment card, and try again.<br>Redirecting...","errorCode":0}
Redirect URL in this case is the value passed in failUrl parameter (or returnUrl if failUrl was not passed).
All further attempts will receive the following response.
{"redirect":"false.html?login=test&orderId=85eb9a84-2a47-7cca-b0ae-662c000016d1&lang=ru","info":"Redirecting...","errorCode":0}
Redirect URL in this case is the value passed in failUrl parameter (or returnUrl if failUrl was not passed).
The payment gateway will not return error in this case.

Payment order, card data is collected on merchant's side (external MPI)

Request parameters

Mandatory Name Type Description
Yes

userName String Merchant's API account login.
Yes

password String Merchant's API account password.
Yes

MDORDER String Order number in the payment gateway.
Yes

$PAN Numeric Payment card number.
Yes

$CVC Numeric CVC/CVV2 code on the back of a payment card.
Yes

YYYY Numeric Payment card expiry year.
Yes

MM Numeric Payment card expiry month.
Yes

seToken String Encrypted card data that replaces $PAN, $CVC, YYYY and MM mandatory parameters. Usually used in SDKs
Yes

TEXT Alphabetic Cardholder name.
Yes

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
No

ip String Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters).
No

email String Customer's email address.
No

bindingNotNeeded Boolean Allowed values:
  • true – binding creation after the payment is made disabled (binding is a customer identifier passed in order registration request — after paymentOrder request it will be deleted from order details);
  • false – if payment is successful a binding can be created (if the necessary conditions are met). This is the default value.
No

jsonParams Alphanumeric Fileds for storing additional data, must be passed as follows {"param":"value","param2":"value2"}.
These fields can be passed to the processing bank for further display in the bank registries.
By default orderNumber (order number) and description (order description) are passed. description must not exceed 99 characters, do not use the following characters: %, +, end of line \r and line break \n).
To enable this functionality contact your bank.
If you use external MPI the payment gateway expects that every paymentOrder request will include eci parameter. If eci value differs from the ones used for SSL authorizations it is also necessary to pass xid and cavv parameters.
See description

billingPayerData Object A block with the client's registration data (address, postal code) necessary for passing the address verification within the AVS/AVV services. Mandatory if the feature is enabled for the merchant on Payment Gateway side.
No

tii String Transaction initiator ID. A parameter indicating what type of operation will be carried out by the initiator (Merchant). Possible values

Below are the parameters of the billingPayerData block (data about the client registration address).

Mandatory Name Type Description
No

billingCity String The city registered on a specific card of the Issuing Bank.
No

billingCountry String The country registered on a specific card of the Issuing Bank ( ISO 3166-1, numeric).
No

billingAddressLine1 String The address registered on a specific card of the Issuing Bank. Line 1. Mandatory to be passed in order AVS verification works.
No

billingAddressLine2 String The address registered on a specific card of the Issuing Bank. Line 2.
No

billingAddressLine3 String The address registered on a specific card of the Issuing Bank. Line 3.
No

billingPostalCode String Postal code registered on a specific card of the Issuing Bank. Mandatory to be passed in order AVS verification works.
No

billingState String The state registered on a specific card of the Issuing Bank (ISO 3166-2).

Possible values of tii:

tii value Transaction type Transaction initiator Card data for transaction Card data saved after transaction Note
Empty Regular Customer Entered by Customer No An e-commerce transaction, binding is not saved.
CI (initiating transaction, binding saved for ad-hoc payments) Initiating Customer Entered by Customer Yes
II (initiating transaction, binding saved for installment payments) Initiating Customer Entered by Customer Yes An e-commerce transaction, binding is saved.
RI (initiating transaction, binding saved for recurrent payments) Initiating Customer Entered by Customer Yes An e-commerce transaction, binding is saved.
F (subsequent CIT CoF operation) Subsequent Customer Customer selects card instead of manual entry No An e-commerce transaction that uses a previously saved binding.
U (ad-hoc MIT CoF operation) Subsequent Merchant No manual entry, Merchant passes the data No An e-commerce transaction that uses a previously saved binding.
R (recurrent operation) Subsequent Merchant No manual entry, Merchant passes the data No A recurrent transaction that uses a previously saved binding.
I (installment payment) Subsequent Merchant No manual entry, Merchant passes the data No An installment transaction that uses a previously saved binding.

Response parameters

Mandatory Name Type Description
Yes

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

errorMessage String Error description. Language of the description is set in language parameter of the request.
No

info String If response is successful. Result of a payment attempt. Below are the possible values.
  • Your payment has been processed, redirecting...
  • Operation declined. Check the entered data and that there are enough funds on the card and repeat the operation. Redirecting...
  • Sorry, payment cannot be completed. Redirecting...
  • Operation declined. Contact the merchant. Redirecting...
  • Operation declined. Contact the bank that issued the card. Redirecting...
  • Impossible operation. Cardholder authentication completed unsuccessfully. Redirecting...
  • No connection with bank. Try again later. Redirecting...
  • Input time expired. Redirecting...
  • No response from bank received. Try again later. Redirecting...

If errorCode = 0 and info = "Your order is proceeded, redirecting", then payment processed successfully. In other cases an error occurred, see errorMessage.

Error codes (errorCode parameter):

Value Description
0 The requests has been processed without system errors..
5 Payment attempts exceeded.
5 System or internal error.

Examples

Request example

curl --request POST \\
  --url https://ecommerce.radarpayments.com/payment/rest/paymentorder.do \\
  --header 'content-type: application/x-www-form-urlencoded' \\
  --data userName=test_user \\
  --data password=test_user_password \\
  --data MDORDER=0140dda0-71ed-7706-a61f-36bd00a7d8c0 \\
  --data '$PAN=5555555555555599' \\
  --data '$CVC=123' \\
  --data YYYY=2024 \\
  --data MM=12 \\
  --data 'TEXT=TEST CARDHOLDER' \\
  --data language=en \\
  --data 'xid=MDAwMDAwMDEzMzkyMjg5ODExNTc=' \\
  --data 'cavv=AAABCpEChRM5IomAKFAAAAAAAAA=' \\
  --data eci=05

Response example

{
  "redirect": "https://ecommerce.radarpayments.com/payment/merchants/temp/finish.html?orderId=01493844-d4d3-703f-9f7e-a73900a7d8c0&lang=en",
  "info": "Your order is proceeded, redirecting...",
  "errorCode": 0
}

Apple Pay order registration

The request used for order registration ispayment.do.

Request parameters

Mandatory Name Type Description
Yes

merchant String Merchant login in the payment gateway.
Yes

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant.
No

description String Order description in any format.
To enable sending this field to the processing system, contact the technical support service.
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
No

additionalParameters See description Additional parameters of the order that are stored in the merchant personal area for the subsequent viewing. Each new pair of a parameter name and its value must be separated by a comma. Below is a usage example.
{ "firstParamName": "firstParamValue", "secondParamName": "secondParamValue"}
No

preAuth String Parameter that defines the necessity of a pre-authorization (putting the amount on hold on the customer's account until its debiting). The following values are available:
  • true - two-phase payment enabled;
  • false - one-phase payments enabled (money are charged right away).
If the parameter is missing, one-phase payment is made.
Yes

paymentToken String The paymentToken parameter must contain a Base64 encoded value of the paymentData property that was received in PKPaymentToken Object from the Apple Pay system (see https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html). Thus, to make a request to the payment gateway, the merchant must:
  1. get PKPaymentToken Object containing paymentData from Apple Pay;
  2. extract paymentData value and encode it in Base64;
  3. include the encoded value of the paymentData property as the value of the paymentToken parameter in the payment request that the merchant sends to the payment gateway.

Response parameters

Mandatory Name Type Description
Yes

success String Indicates that the request was successful. The following values are available:
  • true - request processed successfully;
  • false - request failed.
See description data N/A This parameter is returned only if the payment is processed successfully. See the description below.
See description error N/A This parameter is returned only if the payment failed. See the description below.
See description orderStatus N/A Contains order status parameters and is returned only if the payment gateway has recognized all request parameters as correct. See the description below.

data block contains the following elements.

Mandatory Name Type Description
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.

error block contains the following elements.

Mandatory Name Type Description

code Integer Error code.

description String A detailed technical explanation of the error - the contents of this parameter should not to be displayed to the customer.

message String Error description to be displayed to the user.

orderStatus block contains the following elements.

Mandatory Name Type Description
No

errorCode Integer Error code. Can be missing if the result has not caused an error.
No

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant.
No

orderStatus Integer The value of this parameter specifies the status of the order in the payment gateway. It is missing if the order has not been found. Below is the list of available values:
  • 0 - order was registered but not paid;
  • 1 - pre-authorized amount is on hold on the buyer's account (for two-phase payments);
  • 2 - order amount is fully authorized;
  • 3 - authorization canceled;
  • 4 - transaction was refunded;
  • 5 - access control server of the issuing bank initiated authorization procedure;
  • 6 - authorization declined.
No

actionCode Integer Response code from the processing bank.
No

actionCodeDescription String actionCode description returned from the processing bank.
No

amount Integer Payment amount in minor currency units (e.g. in cents etc.).
No

currency Integer SO 4217 encoded currency key. If not specified, the default value is used.
No

date String Order registration date.
No

ip String Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters).
See description merchantOrderParams N/A Section with attributes in which the merchant's additional parameters are transmitted. See the description below.
See description attributes N/A Attributes of the order in the payment system (order number). See the description below.
See description cardAuthInfo N/A Information about the buyer's payment card. See the description below.
No

authDateTime String Authorization date and time, shown as the amount of milliseconds passed from 00:00 January 1, 1970 (GMT).
No

terminalId String Terminal identifier.
No

authRefNum String Registration number of the payment authorization that has been assigned to it on the payment registration.
See description paymentAmountInfo N/A A parameter containing embedded parameters with information about confirmation, debiting and refund amounts. See the description below.
See description bankInfo N/A Contains the embedded bankCountryName parameter. See the description below.

merchantOrderParams block contains the following elements.

Mandatory Name Type Description
Yes

name Alphanumeric Name of the merchant's additional parameter.
Yes

value Alphanumeric The value of the merchant's additional parameter - up to 1024 characters.

attributes block contains the following elements.

Mandatory Name Type Description
Yes

name Alphanumeric Name of an additional parameter.
Yes

value Alphanumeric Value of an additional parameter - up to 1024 characters.

cardAuthInfo block contains the following elements.

Mandatory Name Type Description
Yes

expiration Integer Card expiration in the following format: YYYYMM. This parameter is to be specified only after the order has been paid.
Yes

cardholderName Alphabetic Cardholder's name in Latin characters. This parameter is passed only after an order is paid.
Yes

approvalCode String IPS authorization code. This field has a fixed length (six symbols) and can contain digits and Latin letters.
Yes

pan String Masked DPAN: a number that is linked to the customer's mobile device and functions as a payment card number in the Apple Pay system.

paymentAmountInfo block contains the following elements.

Mandatory Name Type Description
Yes

paymentState String Order status, this parameter can have the following values:
  • CREATED - order created (but not paid);
  • APPROVED - order approved (funds are on hold on buyer's account);
  • DEPOSITED - order deposited (buyer is charged);
  • DECLINED - order declined;
  • REVERSED - order canceled;
  • REFUNDED - refund.
Yes

approvedAmount Integer Amount in minimum currency units (e.g. cents) that was put on hold on buyer's account. Used in two-phase payments only.
Yes

depositedAmount Integer Charged amount in minimum currency units (e.g. in cents).
Yes

refundedAmount Integer Refunded amount in minimum currency units.

bankInfo block contains the following elements.

Mandatory Name Type Description
Yes

bankCountryName String Country of the issuing bank.

Error codes

Error code Error message
1 Invalid payment parameters
4 Incorrect value of the [paymentToken.signature] parameter, the check failed
5 Incorrect value of the [validationUrl] parameter
5 Order creation error
5 Payment is declined
6 Incorrect value of the [mdorder] parameter
6 Order is not found
7 System error
9 Invalid order status
10 Incorrect value of the [merchant] parameter
10 Incorrect value of the [paymentToken.signature] parameter, the check failed
10 Invalid value of the [amount] parameter
10 Param [paymentToken.data] is invalid, error decode
10 Incorrect value of the [paymentToken.data] parameter
10 Incorrect value of the [orderNumber] parameter
10 Incorrect value of the [paymentToken] parameter
10 Incorrect value of the [paymentToken.version] parameter
10 Incorrect value of the [paymentToken.header] parameter
10 Incorrect value of the [paymentToken.signature] parameter
10 Incorrect value of the [paymentToken.header.transactionId] parameter
10 Incorrect value of the [paymentToken.header.wrappedKey] parameter
10 Incorrect value of the [paymentToken.header.publicKeyHash] parameter
10 Incorrect value of the [currencyCode] parameter
10 Incorrect value of the [amount] parameter
10 Incorrect value of the [ip] parameter
10 The merchant does not have permission to [VERIFY]
10 There is no private key to decrypt
10 Two-phase payments are not allowed
10 Unknown currency
10 Duplicate order number
10 The amounts in the order and in the shopping cart differ
10 The currencies in the order and in the shopping cart differ
10 Incorrect value of the ofd additional parameter
10 Encryption of the data passed in unsuccessful
10 Merchant hasn't private key
10 Return URL cannot empty
10 Authorization is invalid

Examples

Request example

{
    "merchant": "merchant_name",
    "orderNumber": "applepay123456794",
    "description": "descritpion_text",
    "paymentToken": "eyJ2ZXJza...iM2RlMDVlYjE5In19",
    "language": "en",
    "additionalParameters": {},
    "preAuth": "false"
}

Response in case of a successful payment

{
    "success": true,
    "data": {
        "orderId": "b926351f-a634-49cf-9484-ccb0a3b8cfad"
    },
    "orderStatus": {
        "errorCode": "0",
        "orderNumber": "229",
        "orderStatus": 1,
        "actionCode": 0,
        "actionCodeDescription": "",
        "amount": 960000,
        "currency": "978",
        "date": 1478682458102,
        "ip": "81.18.144.51",
        "merchantOrderParams": [
            {
                "name": "param2",
                "value": "param2"
            },
            {
                "name": "param1",
                "value": "param1"
            }
        ],
        "attributes": [
            {
                "name": "mdOrder",
                "value": "b926351f-a634-49cf-9484-ccb0a3b8cfad"
            }
        ],
        "cardAuthInfo": {
            "expiration": "201907",
            "cardholderName": "CARD HOLDER",
            "approvalCode": "123456",
            "pan": "520424**0010"
        },
        "authDateTime": 1478682459082,
        "terminalId": "12345678",
        "authRefNum": "111111111111",
        "paymentAmountInfo": {
            "paymentState": "APPROVED",
            "approvedAmount": 960000,
            "depositedAmount": 0,
            "refundedAmount": 0
        },
        "bankInfo": {
            "bankCountryName": "<UNKNOWN>"
        }
    }
}

Response in case of a failed payment

{
  "error": {
    "code": 10,
    "description": "Processing Error",
    "message": "Auth is invalid"
  },
  "success": false
}

Google Pay order registration

Request parameters

The payment.do request is used to register an order.

Mandatory Name Type Description
Yes

merchant String Merchant login in the payment gateway.
Yes

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant.
No

description String Order description in any format.
To enable sending this field to the processing system, contact the technical support service.
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
No

additionalParameters See description Additional parameters of the order that are stored in the merchant personal area for the subsequent viewing. Each new pair of a parameter name and its value must be separated by a comma. Below is a usage example.
{ "firstParamName": "firstParamValue", "secondParamName": "secondParamValue"}
No

preAuth String Parameter that defines the necessity of a pre-authorization (putting the amount on hold on the customer's account until its debiting). The following values are available:
  • true - two-phase payment enabled;
  • false - one-phase payments enabled (money are charged right away).
If the parameter is missing, one-phase payment is made.
No

clientId Alphanumeric Customer number (ID) in the merchant's system — up to 255 characters . Used to implement the functionality of bindings. Can be returned in the response if the merchant is allowed to create bindings.
Specifying this parameter when processing payments via bindings is mandatory. Otherwise, a payment will be unsuccessful.
Yes

paymentToken String A token obtained from Google Pay and encoded in Base64.
Yes

ip String Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters).
Yes

amount Integer Payment amount in minor currency units (e.g. in cents etc.).
No

currencyCode String Numeric ISO 4217 code of the payment currency. If this parameter is not specified, it is considered to be equal to the default currency code.
See description

email String Customer's email address.
See description

phone Integer Customer's phone number. It is always necessary to specify the country code, but you can specify or omit the + sign. Thus, the following options are valid:
  • +79998887766;
  • 79998887766.Allowed digits number: from 7 to 15.
Yes

returnUrl String The address to which the user will be redirected if the payment is successful. The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type http://<payment_gateway_address>/<merchant_address>.
No

failUrl String The address to which the user is to be redirected in case of a failed payment. The address must be specified in full including the protocol used (for example, https://test.ru instead of test.ru). Otherwise, the user will be redirected to the address of the following type http://<payment_gateway_address>/<merchant_address>.
No

threeDSSDK String Possible values: true or false. Flag showing that payment comes from 3DS SDK.

Response parameters

Mandatory Name Type Description
Yes

success String Indicates that the request was successful. The following values are available:
  • true - request processed successfully;
  • false - request failed.
See description data N/A This parameter is returned only if the payment is processed successfully. See the description below.
See description error N/A This parameter is returned only if the payment failed. See the description below.
See description orderStatus N/A Contains order status parameters and is returned only if the payment gateway has recognized all request parameters as correct. See the description below.

data block contains the following elements.

Mandatory Name Type Description
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.
Only if additional authentication is used on the issuing bank's ACS

termUrl String In a successful response in case of a 3D-Secure payment. URL address for redirecting to ACS.
Only if additional authentication is used on the issuing bank's ACS

acsUrl String On a successful response in case of a 3D-Secure payment. URL address for redirecting to ACS.
Only if additional authentication is used on the issuing bank's ACS

paReq String On a successful response in case of a 3D-Secure payment. Payment Authentication Request.
The parameter is returned if the bindings are used

bindingId String Identifier of a binding created earlier. It can be used only if the merchant has the permission to work with bindings.

error block contains the following elements.

Mandatory Name Type Description

code Integer Error code.

description String A detailed technical explanation of the error - the contents of this parameter should not to be displayed to the customer.

message String Error description to be displayed to the user.

Error codes

Error code Error message
0 The request has been processed without system errors.
1 The funds on the card are not sufficient.
5 Access denied.
10 Incorrect value of the paymentToken parameter.
10 Incorrect value of the orderNumber parameter.
10 Incorrect value of the merchant parameter.
10 Incorrect value of the ip parameter.
10 Encryption of the data passed in unsuccessful.
10 Merchant hasn't private key.

Examples

Request example

{
    "merchant": "OurBestMerchantLogin",
    "orderNumber": "UAF-203974-DE",
    "language": "EN",
    "preAuth": true,
    "description" : "Test description",
    "additionalParameters": 
    {
        "firstParamName": "firstParamValue",
        "secondParamName": "secondParamValue"
    },
    "paymentToken": "eyJt....J9In0=",
    "ip" : "127.0.0.1",
    "amount" : "230000",
    "currencyCode" : 978,
    "failUrl" : "https://est.com",
    "returnUrl" : "https://test_return.com"
  }

Response in case of a successful payment

{
"success":true,
"data": {
 "orderId": "12312312123"
 }
}

Example of the response to the request with the non-tokenized card and redirect to ACS

{"success":true,"data":{"orderId":"e757d0cf-a028-7bdc-acb9-44480008afa2","acsUrl":"https://test.ru/acs/auth/start.do","paReq":"eJxV....DOm3R/rFG/TvQ/wAgGS/bg==","termUrl":"https://ecommerce.radarpayments.com/payment/rest/finish3ds.do"}

Response in case of a failed payment

{
  "error": {
    "code": 1,
    "description":
"Processing Error",
    "message":
"The funds on the card are not sufficient"
  },
  "success": false
}

Samsung Pay order registration

The payment.do request is used to register an order in Samsung Pay. See Connection coordinates. This request is only used when paying from the mobile application.

Below an example of a request for a payment through Samsung Pay is given.

Request parameters

Mandatory Name Type Description
Yes

merchant String Merchant login in the payment gateway.
Yes

orderNumber Alphanumeric Order number (ID) in the merchant's system, must be unique for each merchant.
No

description String Order description in any format.
To enable sending this field to the processing system, contact the technical support service.
No

language Alphabetic ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used.
No

additionalParameters See description Additional parameters of the order that are stored in the merchant personal area for the subsequent viewing. Each new pair of a parameter name and its value must be separated by a comma. Below is a usage example.
{ "firstParamName": "firstParamValue", "secondParamName": "secondParamValue"}

preAuth String Parameter that defines the necessity of a pre-authorization (putting the amount on hold on the customer's account until its debiting). The following values are available:
  • true - two-phase payment enabled;
  • false - one-phase payments enabled (money are charged right away).
If the parameter is missing, one-phase payment is made.
No

preAuth String Parameter that defines the necessity of a pre-authorization (putting the amount on hold on the customer's account until its debiting). The following values are available:
  • true - two-phase payment enabled;
  • false - one-phase payments enabled (money are charged right away).
If the parameter is missing, one-phase payment is made.
No

clientId Alphanumeric Customer number (ID) in the merchant's system — up to 255 characters . Used to implement the functionality of bindings. Can be returned in the response if the merchant is allowed to create bindings.
Specifying this parameter when processing payments via bindings is mandatory. Otherwise, a payment will be unsuccessful.
Yes

paymentToken String The contents of the 3ds.data parameter from the response received from Samsung Pay.
Yes

ip String Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters).
No

currencyCode String Numeric ISO 4217 code of the payment currency. If this parameter is not specified, it is considered to be equal to the default currency code.

Response parameters

Mandatory Name Type Description
Yes

success String Indicates that the request was successful. The following values are available:
  • true - request processed successfully;
  • false - request failed.
See description data N/A This parameter is returned only if the payment is processed successfully. See the description below.
See description error N/A This parameter is returned only if the payment failed. See the description below.

data block contains the following elements.

Mandatory Name Type Description
Yes

orderId String Order number in the payment gateway. Unique within the payment gateway.

error block contains the following elements.

Mandatory Name Type Description

code Integer Error code.

description String A detailed technical explanation of the error - the contents of this parameter should not to be displayed to the customer.

message String Error description to be displayed to the user.

Error codes

Error code Error message
0 The request has been processed without system errors.
1 The funds on the card are not sufficient.
5 Access denied.
7 System error.
10 Incorrect value of the paymentToken parameter.
10 Incorrect value of the orderNumber parameter.
10 Incorrect value of the merchant parameter.
10 Incorrect value of the ip parameter.
10 Incorrect value of the paymentToken.header.alg parameter .
10 Incorrect value of the paymentToken.header.enc parameter.
10 Incorrect value of the paymentToken.header.typ parameter .
10 Incorrect value of the paymentToken.header.channelSecurityContext parameter.
10 Incorrect value of the paymentToken.header.kid parameter.
10 Encryption of the data passed in unsuccessful.

Examples

Request example

{
    "merchant": "OurBestMerchantLogin",
    "orderNumber": "UAF-203974-DE",
    "language": "EN",
    "preAuth": true,
    "description" : "Test description",
    "additionalParameters":
    {
        "firstParamName": "firstParamValue",
        "secondParamName": "secondParamValue"
    },
    "paymentToken": "ew0K...DQp9",
    "ip" : "127.0.0.1"
}

Response in case of a successful payment

{
"success":true,
"data": {
    "orderId": "12312312123"
  }
}

Response in case of a failed payment

{
  "error": {
    "code": 1,
    "description": "Processing Error",
    "message": "Not enough money"
  },
  "success": false
}

Samsung Pay web order registration

The payment.do request is used to register an order (see «Connection coordinates» section). This request is used for payment via the website when the payment form is on the merchant 's page.

Request parameters

Mandatory Name Type Description
Yes

mdOrder String Order number in the payment gateway. Unique within the payment gateway.
Yes

onFailedPaymentBackUrl String The URL to which the customer will be redirected if an error occurs or the waiting period is exceeded.

Response parameters

Mandatory Name Type Description
Yes

successful Boolean Indicates that the operation was successfully processed, the available values are:
  • 1 (success);
  • 0 (fail).
Yes

transactionId String Value that must be passed to Samsung Pay by calling the connect function.
Yes

href String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

mod String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

exp String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

keyId String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

serviceId String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

callbackUrl String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

cancelUrl String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

countryCode String Value that must be passed to to Samsung Pay by calling the connect function .
Yes

resultType String Value that must be passed to to Samsung Pay by calling the connect function .

Callback notifications

The payment gateway API allows you to receive callback notifications on changes of payment statuses.

General information

Events that can trigger notifications

Merchants can receive notifications on events related to payment orders that are presented in the table below.

Event Payment type
Funds are put on hold on buyer's account. Only two-phase payments.
Funds are deposited to merchant's account. One-phase and two-phase payments.
Order was canceled. One-phase and two-phase payments.
Refund. One-phase and two-phase payments.

Types of notifications

Notifications can be of two types (see the table below).

Type of notification Description
Notifications without checksums These notifications contain only information about the order, so potentially, the merchant risks accepting a notification sent by an attacker as genuine.
Notifications with checksums These notifications contain an authentication code in addition to order information. The authentication code is a checksum of order data. This checksum allows to make sure that the callback notification is genuine and was sent by the payment gateway.
There are two methods of implementing callback notifications with checksums:
  • using symmetric cryptography — same (symmetric) cryptographic key is used by the payment gateway to create a checksum and by a merchant to validate it;
  • using asymmetric cryptography — to create a checksum the payment gateway uses its private key known only to the payment gateway, while for validation of the created checksum the corresponding public key is used, this public key can be distributed openly.

The public key can be downloaded from the payment gate Web console. For more security, it is recommended to use asymmetric cryptography.
To enable notifications with checksums as well as to get the relevant cryptographic key, please, contact our technical support.

Requirements for SSL certificates on the store's website

If an HTTPS connection is used to access a store that receives callback notifications, the certificate of the site where the store is located must meet the following requirements (see the table below).

Requirement Description
Signature algorithm. Not lower than SHA-256..
Supported certification authorities.. Below are examples of organizations that register digital certificates:
  • Thawte Consulting cc – https://www.thawte.com/;
  • VeriSign – https://www.verisign.com/;
  • DigiCert Inc – https://www.digicert.com/;
  • COMODO CA Limited – https://www.comodo.com/;
  • GeoTrust Inc. – https://www.geotrust.com/;
  • GlobalSign – https://www.globalsign.com/;
  • Trustis Limited – http://www.trustis.com/;
  • UniTrust – http://www.unitrust.co.uk/.

There are also an opportunities to register digital certificates via providers
Self signed certificates are not allowed. The certificate must be signed by a trusted certification authority (see. above).

URL format for callback notifications

Notification without a checksum

{merchant-url}?={mdOrdermdOrder}&orderNumber={orderNumber}&operation={operation}&status={status}

Notification with a checksum

{merchant-url}?mdOrder={mdOrder}&orderNumber={orderNumber}&checksum={checksum}&operation={operation}&status={status}

The passed parameters are shown in the table below.

The table contains only basic parameters. You can add other parameters you want to receive in your personal cabinet.

Parameter Description
mdOrder Unique order number stored in the payment gateway.
orderNumber Unique order number (identifier) in merchant's system.
checksum Authentication code (checksum) resulting from received parameters.
operation Type of event that triggered notification:
  • approved - funds are put on hold on buyer's account;
  • deposited - order deposited;
  • reversed - order canceled;
  • refunded - order refund.
status Indicates if an operation was successfully processed:
  • 1 - success;
  • 0 - fail.

Examples

Example of a notification URL without a checksum

https://myshop.ru/callback/?mdOrder=1234567890-098776-234-522&orderNumber=0987&operation=deposited&status=0

Example of a notification URL with a checksum

https://myshop.ru/callback/?mdOrder=1234567890-098776-234-522&orderNumber=0987&checksum=DBBE9E54D42072D8CAF32C7F660DEB82086A25C14FD813888E231A99E1220AB3&operation=deposited&status=0

Algorithm for processing callback notifications

Sections below contain notification processing algorithms depending on notification type.

Notification without a checksum

  1. The payment gateway sends to the merchant's server the following request.
    https://myshop.ru/callback/?mdOrder=1234567890-098776-234-522&orderNumber=0987&operation=deposited&status=0
  2. The merchant's server returns HTTP 200 OK to the payment gateway.

Notification with a checksum

  1. The payment gateway sends the following HTTP request to the merchant's server - please, note that:
    • when using symmetric cryptography, the checksum is generated using a key common for the payment gateway and the merchant;
    • when using asymmetric cryptography, the checksum is generated using a private key known only to the payment gateway.
      http://site.ru/path?amount=123456&orderNumber=10747&checksum=DBBE9E54D42072D8CAF32C7F660DEB82086A25C14FD813888E231A99E1220AB3&mdOrder=3ff6962a-7dcc-4283-ab50-a6d7dd3386fe&operation=deposited&status=1
      The order of the parameters in a notification can be arbitrary.
  2. On the merchant's side checksum parameter is removed from the notification parameter string, and the value of this parameter (checksum) is saved for verifying the notification's authenticity.
  3. The parameters and their values that are left are used for creating the following string.
    parameter_name1;paramenter_value1;parameter_name2;paramenter_value2;…;parameter_nameN;paramenter_valueN;
    In this case pairs name_parameter;value_parameter must be sorted in direct alphabetical order (ascending) by parameter names.
    Here is an example of a generated parameter string
    <li>amount;123456;mdOrder;3ff6962a-7dcc-4283-ab50-a6d7dd3386fe;operation;deposited;orderNumber;10747;status;1;
  4. The checksum is calculated on the merchant's side, the method of calculation depends on the method of its formation:
    • when using symmetric cryptography - with the help of HMAC-SHA256 algorithm and a private key shared with the payment gateway;
    • when using asymmetric cryptography - with the help of a hashing algorithm that depends on how the key pair is created and a public key that is associated with a private key located in the payment gateway.
  5. In the resulting checksum string, all lower-case letters are replaced by upper-case letters.
  6. The resulting value must be compared with the checksum extracted earlier from checksum parameter.
  7. If the checksums match, the server sends an HTTP code 200 OK to the payment gateway.

If the checksums match, this notification is authentic and was sent by the payment gateway. Otherwise, it is likely that the attacker is trying to pass off his notification as a payment gateway notification.

When notifications fail

If a response other than 200 OK is returned to the payment gateway, notification is considered unsuccessful. In this case, the payment gateway repeats the notification at intervals of 10*A minutes (where A is the sequence number of the notification attempt, for example, after the second attempt, the interval will be 20 minutes, after the third - 30 minutes, and so on) until one of the following conditions is met:

When one of the above conditions is met, attempts to send a callback notification about an event stop.

Code examples

Asymmetric cryptography

Java

package ru.bpc.test;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Comparator;
import java.util.Map;
import java.util.stream.Collector;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class App99 {
    public static void main(String[] args) throws Exception {
        String callbackParamsString = "amount=35000099, sign_alias=SHA-256 with RSA, checksum=163BD9FAE437B5DCDAAC4EB5ECEE5E533DAC7BD2C8947B0719F7A8BD17C101EBDBEACDB295C10BF041E903AF3FF1E6101FF7DB9BD024C6272912D86382090D5A7614E174DC034EBBB541435C80869CEED1F1E1710B71D6EE7F52AE354505A83A1E279FBA02572DC4661C1D75ABF5A7130B70306CAFA69DABC2F6200A698198F8, mdOrder=12b59da8-f68f-7c8d-12b5-9da8000826ea, operation=deposited, status=1";

        Map<String, String> callbackParamsMap = Stream.of(callbackParamsString.split(","))
                .map(String::trim)
                .map(s -> s.split("="))
                .collect(Collectors.toMap(s -> s[0].trim(), s -> s[1].trim()));

        String checksum = callbackParamsMap.get("checksum");

        callbackParamsMap.remove("checksum");
        callbackParamsMap.remove("sign_alias");

        String signString = callbackParamsMap.entrySet().stream()
                .sorted(Map.Entry.comparingByKey(Comparator.naturalOrder()))
                .collect(Collector.of(
                        StringBuilder::new,
                        (accumulator, element) -> accumulator
                                .append(element.getKey()).append(";")
                                .append(element.getValue()).append(";"),
                        StringBuilder::append,
                        StringBuilder::toString
                ));

        String cert = "MIICcTC...G4Bkjre\n" +
                "gUA=";

        byte[] b = Base64.decodeBase64(cert);
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        InputStream in = new ByteArrayInputStream(b);
        X509Certificate x509Cert = (X509Certificate)certFactory.generateCertificate(in);

        Signature sig = Signature.getInstance("SHA512withRSA");
        sig.initVerify(x509Cert.getPublicKey());
        sig.update(signString.getBytes());
        boolean verifies = sig.verify(Hex.decodeHex(checksum.toLowerCase().toCharArray()));
        System.out.println("signature verifies: " + verifies);
    }

}

Symmetric cryptography

Java

import org.apache.commons.codec.binary.Hex;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

public class Example {

    public static String generateHMacSHA256(final String key, final String data) throws InvalidKeyException, NoSuchAlgorithmException {    

        final Mac hMacSHA256 = Mac.getInstance("HmacSHA256");    
        byte[] hmacKeyBytes = key.getBytes(StandardCharsets.UTF_8);    

        final SecretKeySpec secretKey = new SecretKeySpec(hmacKeyBytes, "HmacSHA256");    
        hMacSHA256.init(secretKey);    

        byte[] dataBytes = data.getBytes(StandardCharsets.UTF_8);    
        byte[] res = hMacSHA256.doFinal(dataBytes);    

        return new String(Hex.encodeHex(res));    
    }    

    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {    
        String secretToken = "123";    
        String message = "amount;1500;mdOrder;ed6f3abf-cea0-427e-afdf-0ba43ead124f;operation;deposited;orderNumber;89312;status;1;";    

        String signature = Expample.generateHMacSHA256(secretToken, message).toUpperCase();    
        System.out.println(signature);    
    }    

Symmetric cryptography

PHP

<?php

$data = 'amount;123456;mdOrder;3ff6962a-7dcc-4283-ab50-a6d7dd3386fe;operation;deposited;orderNumber;10747;status;1;';
$key = 'yourSecretToken';
$hmac = hash_hmac ( 'sha256' , $data , $key);

echo "[$hmac]\n";
?>
  1. Assign the string value to data variable.
  2. Assign the private key value to the key variable.
  3. hash_hmac function ( 'sha256', $data, $key) calculates the checksum o the passed string using the private key and SHA-256 algorithm.
  4. Save the function output in hmac variable.
  5. Use echo function to create an output.
  6. Compare this value with the one passed in the callback notification.

Asymmetric cryptography

PHP

<?php
// data from response
$data = 'amount;35000099;mdOrder;12b59da8-f68f-7c8d-12b5-9da8000826ea;operation;deposited;status;1;';
$checksum = '9524FD765FB1BABFB1F42E4BC6EF5A4B07BAA3F9C809098ACBB462618A9327539F975FEDB4CF6EC1556FF88BA74774342AF4F5B51BA63903BE9647C670EBD962467282955BD1D57B16935C956864526810870CD32967845EBABE1C6565C03F94FF66907CEDB54669A1C74AC1AD6E39B67FA7EF6D305A007A474F03B80FD6C965656BEAA74E09BB1189F4B32E622C903DC52843C454B7ACF76D6F76324C27767DE2FF6E7217716C19C530CA7551DB58268CC815638C30F3BCA3270E1FD44F63C14974B108E65C20638ECE2F2D752F32742FFC5077415102706FA5235D310D4948A780B08D1B75C8983F22F211DFCBF14435F262ADDA6A97BFEB6D332C3D51010B';

// your public key (e.g. SHA-512 with RSA)
// if you have a CERT, please see openssl_get_publickey()
$publicKey = <<<EOD
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtuGKbQ4WmfdV1gjWWys
5jyHKTWXnxX3zVa5/Cx5aKwJpOsjrXnHh6l8bOPQ6Sgj3iSeKJ9plZ3i7rPjkfmw
qUOJ1eLU5NvGkVjOgyi11aUKgEKwS5Iq5HZvXmPLzu+U22EUCTQwjBqnE/Wf0hnI
wYABDgc0fJeJJAHYHMBcJXTuxF8DmDf4DpbLrQ2bpGaCPKcX+04POS4zVLVCHF6N
6gYtM7U2QXYcTMTGsAvmIqSj1vddGwvNGeeUVoPbo6enMBbvZgjN5p6j3ItTziMb
Vba3m/u7bU1dOG2/79UpGAGR10qEFHiOqS6WpO7CuIR2tL9EznXRc7D9JZKwGfoY
/QIDAQAB
-----END PUBLIC KEY-----
EOD;

$binarySignature = hex2bin(strtolower($checksum));
$isVerify = openssl_verify($data, $binarySignature, $publicKey, OPENSSL_ALGO_SHA512);
if ($isVerify == 1) {
    echo "signature ok\n";
} elseif ($isVerify == 0) {
    echo "bad (there's something wrong)\n";
} else {
    echo "error checking signature\n";
}
?>