P2P
Entering money by transfer from card to card
Integration consists in embedding the payment button into the partner's website. When clicking on this button, the following is done sending data to the GarryPay system address.
Information
To ensure security, the data sent must be cryptographically signed.
Rules for using the payment method
1) After the invoice is generated, the payer has 20 minutes to make a transfer of funds and click the "Payment completed" button. If the payer has transferred funds and:
- did not click the "Payment completed" button.
- pressed the "Cancel" button
- did not meet in 20 minutes
then you, as a merchant, need to inform GarryPay support about this.
2) When transferring funds, it is strictly prohibited to indicate any comments on the transfer (unless this is stipulated by the rules of the method). When sending a payment with a comment, it is possible to recalculate such an invoice with a fine deduction of up to 10%.
3) If the payer has sent a transfer for a smaller amount than was indicated in the invoice, he will be asked to pay extra. In case of refusal, we request from the payer supporting documents that the card is issued to him. And we make a refund to the same details minus a fine of 10%.
4) Sending of funds is carried out, if possible, by an intrabank payment. If the payer does not have accounts in the proposed banks, an interbank transfer is allowed (if there is a check).
5) Transfer of funds from electronic payment wallets Qiwi, Yoomoney and others is prohibited (unless it is stipulated by the rules of the method). Such payments will be submitted to arbitration and crediting for them is not guaranteed.
6) If you try to attach fake payment receipts, the payer's account must be blocked.
Integration via payment button
The payment button code should looks the same like:
<form action="https://merch-dev.garrypay.com/button" method="post">
<input
type="hidden"
name="data"
value="eyJtZXJjaGFudF9pZCI6IjE1YWU2Yzg4LWJiMGItNGY3Ny1hZjkxLTZhMGNkNWI0NGRlZCIsInB1cmNoYXNlX2lkIjozMTUsImFtb3VudCI6IjMzMTYuMDAiLCJjdXJyZW5jeSI6IlJVQiIsImxhbmciOiJydSIsInBheW1lbnRfbWV0aG9kIjoicDJwIiwiY2FsbGJhY2siOiJodHRwczpcL1wvbWVyY2hhbnQtc2l0ZS5jb21cL2NhbGxiYWNrX3VybCJ9"
>
<input
type="hidden"
name="sign"
value="YjNjOTNhOWE2ZmRlYjIyOTc5ZjMxMTdiMzQ1YmM3YmE2MGI1NjNhOTU0Zjc2NjcyNjc4ZTUzNmVmYjU4MWFjMQ=="
>
</form>
Info for the data field is preparing by following (a code example):
Base64.encode('{
"merchant_id": "ef73bed1-2591-4a91-a74e-fe68b4e2e4e0",
"lang": "ru",
"purchase_id": "1eas123",
"user_id": "122",
"amount": "3000",
"currency": "RUB",
"payment_method": "p2p"
}');
Thus the JSON object must translate in string and encode in Base64.
Permissed fields
| Name | Type | Default | Description |
|---|---|---|---|
| merchant_id | string | required | Your merchant's ID |
| purchase_id | string | required | Unique Purchase ID |
| amount | string | required | Amount in the specified currency (see the limits under the table) |
| currency | string | required | The currency in which pay INR / KZT / UAH / RUB / AZN |
| lang | string | en | Payment interface language, en / ru |
| callback | string | undefined | The URL of the page to which the user is redirected after making the payment |
Limits for the amount
INR: 500 - 167500
KZT: 10000 – 2000000
UAH: 100 - 50000
RUB: 1500 – 2000000
AZN: 36 – 900
Code example
- JS
- PHP
import crypto from "crypto";
const data = new Buffer(JSON.stringify({
merchant_id: "ef73bed1-2591-4a91-a74e-fe68b4e2e4e0"
purchase_id: "234-12",
amount: "3000",
currency: "RUB",
lang: 'en',
callback: 'https://merchant_site.com/callback_url'
})).toString("base64")
const hmac = crypto.createHmac("sha256", key);
hmac.update(data);
const sign = Buffer.from(hmac.digest("hex")).toString("base64");
$params = [
'merchant_id' => 'ef73bed1-2591-4a91-a74e-fe68b4e2e4e0',
'purchase_id' => '234-12',
'amount' => 3000,
'currency' => 'RUB',
'lang' => $lang,
'callback' => 'https://merchant_site.com/callback_url',
];
$data = base64_encode(json_encode($params));
$sign = base64_encode(hash_hmac('sha256', $data), $secret));
Callback
The data is sent by POST request to the URL specified in the merchant's settings
Server IP address, from which requests are received: 185.49.70.96
Request example
{
data: 'eyJhY3Rpb24iOiJwMnBfcHJkZXIiLCJkYXRhIjp7ImRhdGEiOnsiYWRfaWQiOjUyMSwiYW1vdW50IjoxMDAsImN1cnJlbmN5IjoiVVNEIiwibWVyY2hhbnRfaWQiOiI5MGYxZDE5OC05MjkzLTQwNjItYjc5NC05NDgxNmM3NWNjODYiLCJjb3VudHJ5IjoicnVzIn0sImVycm9yIjoiTUVSQ0hBTlRBQ0NPVU5UTk9URk9VTkQifX0=',
sign: 'MGM4NGIyZTY2OWMyNzYzNjFhODcyODdjZGViN2UxMWQ4MzY2ZmNiYmE4ZDRiOTVhMTU1ODMxYTZlYTMwYjJmZg=='
}
data - Base64 encoded JSON
sign - data signature
Data authentication
- Generate a signature using base64 encoded received data and your Secret Key
- Verify the generated signature with the one received from the request.
- If the signature matches, the data is authentic, they can be decoded and processed further
Sign generation based on the received data:
- JS
- PHP
//secretKey - Your merchant's secret key
const hmac = crypto.createHmac("sha256", secretKey);
//base64data - Encoded data from the request
hmac.update(base64data);
const sign = Buffer.from(hmac.digest("hex")).toString("base64");
//$secretKey - Your merchant's secret key
//$base64data - Encoded data from the request
$sign = base64_encode(hash_hmac('sha256', $base64data), $secretKey));
Operation stages
Each callback in the data object contains an action parameter. Thanks to this parameter, it is possible to determine at what stage the verification / payment process is
| p2p_order | creating an order (at the moment when the user has selected an offer) |
| p2p_completed | the provider confirmed the receipt of money |
| p2p_approved | the trader confirmed the deal |
| p2p_canceled | the order has been canceled |
Example of decoded data
{
"action":"p2p_order",
"data":{
"data": {....the initial data of the request API},
"result": {...query execution result},
"error": "error information, if any"
}
}