🔙Postback
Communication takes place with the help of postback requests (postbacks). After each Client request for input or output, a postback is sent to the Client with the result of the operation.
Receiving the postback
To accept postbacks, you need to implement a separate path that you can use to receive postbacks. They are sent via a POST request in JSON format.
The A-pay server is waiting for a response in json
Response code 200, otherwise, when receiving a different response, A-pay will forward the postback with a certain frequency.
Deposit
Client-side signature generation
When sending webhooks, A-Pay also sends a signature: a specifically generated hash string that is created using a private key.
The signature itself is calculated as follows:
a string of three parameters is passed to the sha1 function:
Parameter | Description |
---|---|
$access_key | The public key is specified in the settings of the A-Pay technical support personal account |
$private_key | The private key is specified in the settings of the A-Pay technical support personal account |
md5(...) | Hash from the MD5 function of the entire array of transactions in JSON format |
As a result of executing this code, a string is obtained that cannot be faked without having a private key that is not passed in webhooks.
The client can compare the generated signature with the received signature from the webhook and thereby make sure that the data that came was actually sent and not faked by a scammer.
Postback of transactions for deposit
Request body schema:
Name | Type | Description |
---|---|---|
access_key | string | The access key is specified in the settings of the A-Pay technical support personal account |
signature | string
| The signature was used to verify the validity of the postback. Concept of generation in the description of the deposit webhook |
transactions | Array of objects below | Information about the deposits made (one or more) is passed |
List of transactions:
order_id | string | Deposit ID in the A-Pay system |
status | string | Enum: Deposit status, if the deposit was successful, the status will be |
amount | number >= 0 | Deposit amount |
currency | string [ 3 .. 3 ] | Currency name |
payment_system | string | Enum: The payment system from which the deposit was made |
custom_transaction_id | string | Transaction ID in the client's system |
custom_user_id | string | User ID in the client's system |
created_at | integer | Deposit creation time, in timestamp UTC format |
activated_at | integer | Deposit activation date, in timestamp UTC format |
Example of a postback sent by a POST request in JSON format:
Responses:
If {"status":"OK"}
was passed, we consider the webhook successfully delivered.
Example of a response:
Withdrawal
Client-side signature generation
When sending webhooks, A-Pay also sends a signature: a specifically generated hash string that is created using a private key.
The signature itself is calculated as follows:
a string of three parameters is passed to the sha1 function:
Parameter | Description |
---|---|
$access_key | The public key is specified in the settings of the A-Pay technical support personal account |
$private_key | The private key is specified in the settings of the A-Pay technical support personal account |
md5(...) | Hash from the MD5 function of the entire array of transactions in JSON format |
As a result of executing this code, a string is obtained that cannot be faked without having a private key that is not passed in webhooks.
The client can compare the generated signature with the received signature from the webhook and thereby make sure that the data that came was actually sent, and not faked by a scammer.
Postback of transactions for deposit
Request body schema:
Name | Type | Description |
---|---|---|
access_key | string | The access key is specified in the settings of the A-Pay technical support personal account |
signature | string
| The signature was used to verify the validity of the postback. Concept of generation in the description of the deposit webhook |
transactions | Array of objects below | Information about the deposits made (one or more) is passed |
List of transactions:
order_id | string | Withdrawal ID in the A-Pay system |
status | string | Enum: Withdrawal status, if the deposit was successful, the status will be |
amount | number >= 0 | Withdrawal amount |
currency | string [ 3 .. 3 ] | Currency name |
payment_system | string | Enum: The payment system from which the deposit was made |
custom_transaction_id | string | Transaction ID in the client's system |
custom_user_id | string | User ID in the client's system |
created_at | integer | Deposit creation time, in timestamp UTC format |
activated_at | integer | Deposit activation date, in timestamp UTC format |
Example of a postback sent by a POST request in JSON format:
Responses:
If {"status":"OK"}
was passed, we consider the webhook successfully delivered.
Example of a response:
Expected responses to postbacks from a client:
Сode | Message |
---|---|
200 | Ok |
400 | error receiving |
401 | error validation |
404 | not found http exception |
500 | not enough fields |
501 | empty postback |
502 | incorrect signature |
503 | data integrity error |
If successful, expect the client to have http status - 2XX.
All 200th codes should be accompanied by "status" = "ok"
In case of failure, expect from the client http status other than 2XX (depending on the error) and an error message. For example, "error validation" or "not enough fields".
Last updated