After the payment is initiated it can be processed using the endpoint described below.
The processing works like a state machine, i.e your system needs to react based on content of the response (status and step fields). The order of steps in the flow is bank-specific.
Endpoint details (postman documentation): Process single payment
Request
PATCH {{everifin_api_url}}/v1/payments/single/{{payment_id}}
Headers
Request to Process Order Payment endpoint must contain following headers:
Header | Type | Optional | Description |
|---|---|---|---|
Authorization | Bearer token | no | Authorization token to access API. |
x-ef-sender-ip | IP address | no | IP address of your user. |
x-ef-sender-user-agent | text | no | Your user`s user agent identification. A valid user agent must be provided, i.e. containing operation system info etc. |
x-user-data-encryption-method | text | yes | Method of sensitive data encryption. Send this header, if you are encrypting e.g. user’s credentials. Currently, only supported method is RSAES-OAEP/SHA-256. |
Body
The set of required inputs (data that needs to be provided in body of this request) depends on the bank of the payment sender. Client of this API must react to requested inputs that are specified in the responses of this endpoint.
To protect sensitive user’s data from being misused, these user’s data must be sent in an encrypted form:
userId
userPassword
otp (one-time-password)
The data must be encrypted by client. At the moment, we also accept un-encrypted data during the transition period. For more instructions on how to encrypt data, see further.
Response
Field | Type | Optional | Description |
|---|---|---|---|
id | number, unique | no | Payment id, which will be used for the next communication |
status | enum | no | Status of the payment. |
type | enum | yes | Processing flow step type (given by specific bank):
|
redirectUrl | text | yes | The URL for redirect (only for REDIRECT response types) |
inputSet | InputObject[] | yes | Array of input objects required for next processing. Values from this set has to be displayed to the user, so he can enter or select required values. |
input | InputObject | yes | Input object required for next processing. Input has to be displayed to the user, so he can enter or select required value. Response might contain this field, if only one input is requested. If multiple inputs are requested, response, response contains inputSet field. |
inputsToEncrypt | string[] | yes | List of inputs to encrypt, if sensitive user’s data are required in input or inputSet. These inputs must be encrypted in the request body. |
inputEncryptionConfig | InputEncryptionConfig | yes | If response contains inputsToEncrypt, this field specifies encryption method and encryption key. |
Input Object | |||
type | enum | no | Type of the input:
Based on this field you can set the UI for the user like html input types and validation. |
name | text | no | Name of the input identifies it on your side. This name is returned back together with the value the user has provided. |
selectOptions | SelectObject[] | yes | Only for SELECT type. User has to select one of offered options. |
image |
| yes | Only for IMAGE_SCAN type. User has to scan the image into his mobile banking app. |
Select Object | |||
name | text | no | Name of the select option. |
value | text | no | Value of the select option. |
InputEncryptionConfig | |||
encryptionKey | string | no | Public key for data encryption. |
encryptionMethod | string | no | Method of data encryption. Currently, only supported value is RSAES-OAEP/SHA-256. |