The data field must contain the following xml, encrypted using the base64 algorithm (base64_encode in php, or encode_base64 in perl):

Field description:
type – his field specifies the protocol version. Currently set to 1.2
merchantid – MerchantID of online store received during registration as a Merchant.
amount – amount paid by the customer to online store. It is indicated in the currency in which you have opened the account in the payment system.
description – payment description, which will be displayed in the appropriate field while paying.
method – the payment type that will be enabled for the user by default. Possible types: bpay (bpay account), rbkrub (foreign bank cards), rbkusd (foreign bank cards), webmoneycat (webmoney WMZ), wmrcat (webmoney WMR) yandexmoney (Yandex Money), payeer and so forth. You can find out the full current list of payment methods from your manager.
order_id – this field allow you (online store) to identify the payer or payment after it is completed. For example: phone number, order number, account number. The value of this field may not be unique for each payment, such as: phone number, email and so on.
success_url – the page address to which the user will be redirected after the successful payment. This field is optional. In case of its absence, the default value will be taken from the settings of the merchant.
fail_url – the page address to which the user will be redirected in case of cancel invoice payment. This field is optional. In case of its absence, the default value will be taken from the settings of the merchant.
callback_url – merchant url address (url of online store), which will receive a notification of successful payment. After this notification, the merchant may send goods or provide services. This field is optional. In case of its absence, the default value will be taken from the settings of the merchant.
lang — payment form language. May contain values: ru, ro, en. This field is optional. It is used if the getUrl value is set to 0, or is not set at all.
advanced1, advanced2 – Optional, additional fields which are filled with arbitrary data. These data will be returned to the online store after payment. May contain any data.
istest 0 — if 0, the system automatically redirects the payer to the payment page. If 1 — return xml to the merchant (online store), which will contain the url link to the account. This link can then be send to the user via email, text messenger or printed as a QR code. This fiel is optional. By default it redirects to the payment system page.

Attention! You must escape the url which is inserted into xml. For example this url will throw an xml parsing error: http://testshop.com/succes?abc=1&bcd=2. Special characters must be replaced with html entities. In php, use the htmlspecialchars function.

Signature generation:
The signature is formed by concatenating the md5 strings of the hashes from the XML we formed and the Signature hash that was received on merchant registration MD5 (MD5(XMLDATA) + MD5 (Signature)): PHP example: md5(md5($xmldata) . md5($signature)) The md5 function retunrs a hash as a lowercase HEX string. For example: a4df226f5dca6c772c2686c81162c302 After that, the received signature is inserted into the form in the key field.

Sample PHP Code:

After clicking the Transfer button, the user will be redirected to the bpay.md payment form, where he makes the payment itself. After completion of the payment, the user will be redirect back to yours site page specified in the success_url. Within 15 seconds, the payment service will send a notification of the received payment by the method you specified.

After the user has paid your invoice, bpay.md payment system can automatically notify the online store information system about the received payment. In order to enable automatic notifications, when register a merchant you have to specify a merchant CALLBACK_URL — the address of the script that will be called by the payment system after the payment is made by the user.

On script calling the data will be transferred using the POST method. Data will consist of 2 fields — data field and key field. The data field will contain encrypted in BASE64 xml with payment data and the key field will contain the signature of this data. By checking this signature, you can verify that the data was sent by the Payment service bpay.md The data field is decrypted using base64_decode in PHP or decode_base64 in perl. Initially, it is necessary to check the correctness of the signature of the received data in order to be sure that they are sent by the bpay service. To achieve this, you need to re-create the signature and verify it with the one that was transferred to the key field. Signature generation occurs according to the following algorithm: MD5(MD5(XMLDATA) + MD5(SIGNATURE)). SIGNATURE — field that you specified when registered the merchant.

PHP example: $ourkey=md5(md5($xmldata) . md5($signature)) The md5 function returns a hash as a lowercase HEX string. For example: a4df226f5dca6c772c2686c81162c302

if the signature you have created corresponds to the one that is transferred in the key field, you can proceed to the process of crediting a payment. After decrypting the data field, it will contain the following xml:

type – this field specifies the protocol version. Currently set to 1.2
order_id – Returns the value of order_id you submitted when invoicing
amount – The amount that the client paid.
valute –currency code in which the payment amount is indicated. 498 – Moldovan lei
comand — if payment was made — pay is specified, if only the existence of the specified order_id is checked in the online store system, that will contain check
advanced1, advanced2 – fields that you submitted when you create an account.
transid – unique payment number in the bpay.md system
receipt – Unique check number assigned by bpay.md. Knowing this number, anyone can verify the existence of a payment, using this form: https://www.bpay.md/check
time – payment time (bpay payment server time) in format YYYYMMDD hhmmss
test – This tag contains 1 — if it is the test payment, 0, or empty if the payment is real.

Response of payment system

After processing the payment, you need to notify the payment system about the success or unsuccess of this process. To do this, you need to return the following xml:

code – Response code. 100 — if transfer was successful, 30 — there was a problem with transfer. e The bpay.md system will retry after a time interval. text — Text information, briefly describing the status. If the XML response was not properly compiled, notification would also repeat after a while. We strongly recommend checking the transid field, in order to avoid double processing of the same payment.

Sample PHP program:

This interface is designed to make automatic payments from your bpay account to the accounts of other users! In order to be able to use this service, you need to contact us by writing a letter indicating the IP address from which access will be made and the purpose for which this interface will be used. The Key value used to sign payment requests is also provided by our company employees.

The request is sent by the POST method to the address: https://www.bpay.md/user-api/transfer and should contain the following xml:

Field description:
login – Your account login
password – Password of your account
time – Current time in the format YYYYMMDD hhmmss Example: 20131225 135601
payer_account – your account number from which payment is made
account – account number of the recipient of funds
amount – The amount, in the currency of your account, that you want to transfer.
description — Description of payment
txnid — A unique digital identifier for a payment greater than zero generated on the sender’s side. It is not possible to re-pay with the same identifier.
test — 0 – real transaction, 1 – test transaction. With a test payment, money is not withdrawn from the user’s account. Optional field. Default payment is real
sign — the request signature formed by generating the md5 hash from concatenating all the values ​​in the transfer tag (in the same sequence as they follow in xml) and the key key. MD5 (TIME + YOUR_ACCOUNT + RECIPIENT_ACCOUNT + AMOUNT + TRANSACTION_DESCRIPTION + TXNID + IS_TEST + key);

In response you receive xml with the following content:

Answer Codes:
100 – successfully completed
-10 – operation is not allowed for your IP.
-20 – authorization error
-21 – the signature is incorrectly formed
-85 – cannot parse xml.

PHP code example

This request is used to obtain primary information about a payment using the specified transaction number transid or receipt number receipt.

The request is sent in XML format at https://www.bpay.md/user-api/checkstate1

Sent XML:

login — login specified during registration in the bpay.md system and used for login
password — password specified during registration in the bpay.md system and used for login
transid — id of the transaction for which information is requested. Instead of this field, the receipt field may be used.
receipt — the check number by which you need to receive payment information. Used instead of the transid tag

PHP code example:

In response, you get XML of the following form:

code — request status. 100 – request successful, -35 – payment does not exist, 40 – payment canceled
text — text description of the status
params/Recipient — payee service id
params/RcpAccount — order_id or payer identifier in the payee accounting system
params/SndAmount — the amount paid by the payer (including the commission taken from the payer)
params/SndValute — the currency in which the amount paid by the payer is indicated
params/RcptAmount — amount received by the payee
params/RcptValute — currency in which the amount of the payee is indicated
params/Description — textual description of the payment
params/State — notification status. 100 – the recipient received a notification of payment, 30 – the recipient did not receive a notification, 40 – the payment was canceled.
params/StateDescription — text description of the notification status
params/Receipt — check number in the Bpay Payment system

This request is used to receive an account statement for the specified account account.

The request is sent in XML format at https://www.bpay.md/user-api/getpaymentshistory

Sent XML:

login — login specified during registration in the bpay.md system and used for login
password — password specified during registration in the bpay.md system and used for login
account — bpay wallet number
date_start — date from
date_end — date by
state — payment status. 100-completed, 70-in processing, 40-canceled, 30-rejected. If there is no value, all available payments will be received.
service — service identifier in favor of which the payment was made. If the field is empty, then all available payments will be received in the response
date_type — if the field is empty, then the response will receive payments at the time of creation (addtime), if 1 is specified, then payments will be received at the time of the final status (statetime)

PHP code example:

In response, you get XML of the following form:

code —request status. 100 – the request was successful, -10 – the account statement request for the specified account is denied, -20 – authorization error, -26 – it is not possible to extract payments older than 40 days, -80 – database error, -85 – error in xml parsing
text — text description of the status
payment/trid — unique payment number
payment/addtime — date and time of payment
payment/statetime — date and time of the final status
payment/service — name of the paid service
payment/serviceaccount — account / invoice number indicated by the payer when paying
payment/amount — payment amount
payment/description — payment description
payment/receipt — receipt number
payment/balance — bpay wallet balance after the transaction
payment/guid — (Globally Unique Identifier) — statistically unique 128-bit identifier
total/total_sum — total amount of payments for the selected period
total/total_payments — the number of payments for the selected period

General description

On each payment slip that is issued to the client, a QR code is printed in which information about the merchant, the internal identifier of the check, and the amount of payment are sewn.
A client who wants to pay an invoice using Bpay, scans a QR in the BPAY application (or any program with a QR scanner) and makes a self-payment through BPAY, informing the waiter about the payment made through BPAY.
The waiter in the software tries to close the account using the BPAY payment method. At the same time, the restaurant software communicates via the Internet with the BPAY server and verifies the fact of payment. If the BPAY server confirms the payment, the order closes as paid BPAY and the receipt is printed, which is issued to the client. Otherwise, the waiter receives a notification that the payment failed.
As an additional confirmation, an SMS message with payment information comes to the restaurant’s mobile number: Order number, Amount
Information for integration to be issued by the BPAY administrator:
MERCHANTID for each restaurant branch, LOGIN, PASSWORD

QR code format description:

The following URL is sewn into the QR code on the check: https://bpay.md/r?p=MERCHANTID;AMOUNT;INVOICEID

• MERCHANTID – restaurant branch identifier, issued by the payment system administrator
• AMOUNT – amount
• INVOICEID – Invoice identifier within the restaurant branch. The restaurant software developer selects this identifier at his discretion. In the future, verification of payment of this invoice will occur by this identifier.

Example: https://bpay.md/r?p=retailtest;3000;123456

QR code for invoice payment with identifier 123456 of 30.00 MDL

Bill Payment Verification Request

URL for requests: https://www.bpay.md/user_api/checkOrderState

The request is transmitted using the POST method.

Request body:

Login, password issued by the BPAY administrator.

Example of a successful response to a request:

!!! It is imperative to verify that the payment amount that is returned in response to this request
corresponds to the amount of the check in the restaurant software. In order for the payment to be considered as implemented by the BPAY system,
The payment state must have one of the following values: [30, 70-79, 100]

An example of a response to a request if the payment was not found:

PHP request implementation example:

This interface is designed to receive information about accounts (account number, balance, currency code, currency).

Linking Example

URL for requests: https://bpay.md/user-api/getBalance

The request is sent by the POST method .

Request Formation Example

$xml = "
<request>
    <auth type=\"1\">
        <login>your login</login>
        <password>you password</password>
    </auth>
    <account>you account</account>
</request>";
$resp = request($xml, 'https://www.bpay.md/user-api/getBalance');

function request($xmlrequest, $address)
{
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_URL, $address);
    curl_setopt($curl, CURLOPT_USERAGENT, "User-Agent=Mozilla/5.0 Firefox/1.0.7");
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $xmlrequest);
    $_PROVIDER_ANSWER = curl_exec($curl);
    return $_PROVIDER_ANSWER;
}

FIELD DESCRIPTION:

RESPONSE TO REQUEST:

If there was a request to receive all accounts:

<result>
    <code>100</code>
    <accounts>
        <account>11861932</account>
        <sum>4533.63</sum>
        <valute>498</valute>
        <valutename>MDL</valutename>
    </accounts>
    <accounts>
        <account>11999019</account>
        <sum>49547.00</sum>
        <valute>498</valute>
        <valutename>MDL</valutename>
    </accounts>
</result>

If there was a request for a specific account:

<result>
    <code>100</code>
    <account>11861932</account>
    <sum>4533.63</sum>
    <valute>498</valute>
    <valutename>MDL</valutename>
</result>

REQUEST STATUS:

 Integration

Iframe