API docs by Redocly

RPay API gateway (0.0.1)

Download OpenAPI specification:Download

Introduction

API gateway is an entrypoint to setup online-payments with RozetkaPay.

Authorization

Main type of authorization is BasicAuth which is always required. To perform payment requests on behalf of another login, you have to provide it in onBehalfOf header. If you would like to receive customer's information with RID auth token - add customerAuth to your request.

BasicAuth

Basic Auth consists of login and password combined into a header field in the following form:

Authorization: Basic <credentials>

where <credentials> is the Base64 encoding of login and password joined by a single colon :.

You should be provided with login and password by our support team. Otherwise, if you have already been using other RozetkaPay online payments API, you can reuse previously provided API_KEY and API_SECRET for X-API-AUTH header as login and password respectively to authorize into API Gateway.

Security Scheme Type: basic

customerAuth

RID personal auth token to access customer's wallet

Security Scheme Type: API Key
Header parameter name: X-CUSTOMER-AUTH

onBehalfOf

Used for partnership mode, when one core account operates with several children

Security Scheme Type: API Key
Header parameter name: X-ON-BEHALF-OF

Apple Pay & Google Pay

If you wish to provide your customers a better experience, we support online payments with Apple Pay & Google Pay. You have two options to integrate those payment methods:

  1. Via our checkout (this way you only have to ask for the feature, and the buttons will appear to customers). Refer to Create payment operation for details.
  2. Embedding button into your website or mobile application - this requires some additional steps from you to generate Apple/Google Pay tokens and pass it to us via Create payment operation.

Apple Pay

To add the Apple Pay entitlement to your website or mobile application, you need to have:

To integrate Apple Pay to your mobile application, follow the instruction.

To integrate Apple Pay to your website, follow the instruction.

After you completed the integration with Apple Pay for any of your environment (mobile or web), you should receive the following kind of JSON object as a result of Apple Pay call:

{
  "version":              "EC_v1",
  "data":                 "zTMZDPumdE7h8oY/+31VMZd60dMaxB...",
  "signature":            "MIAGCSqGSIb3DQEHA...",
  "header": {
    "ephemeralPublicKey": "MFkwEwYHKoZIzj0C...",
    "publicKeyHash":      "3AKqH/wPWdQIBpGIv1PC4uDTbGouPgWbmUlFGiHopig=",
    "transactionId":      "d6e63976191fdf051f7cb95e0e5da70a19c99a5576ececbfc0fd65ad2a7f2f74"
  }
}

This payload should be encoded to Base64 and passed in customer.payment_method.apple_pay.token field on Create payment operation.

Google Pay

Firstly please review the following documentation in order to get familiar with the integration process:

The gateway parameter in the script should have the constant value of evopay.

The value of the gatewayMerchantId parameter should be a unique identifier which can be provided via our Support team.

In response, Google shall return the PaymentData item, and the field paymentMethodData.tokenizationData.token shall contain a safely encrypted Google Pay Token (a string of characters). This string should be encoded to Base64 and passed in customer.payment_method.google_pay.token field on Create payment operation.

Rate Limits

RozetkaPay applies rate limit for its APIs.

API client should handle rate limiting gracefully. It is recommended to watch for 429 status codes and build in a retry mechanism with an exponential backoff schedule. Some randomness could be added into the backoff to avoid a thundering herd effect. X-RATELIMIT-RESET header (time in seconds, after which requests are allowed again) could be used as a basis for retry mechanism.

Example of headers for 1000 requests/second rate limit (after first request):

Header field name Description Example
X-RATELIMIT-LIMIT Allowed requests per second X-RATELIMIT-LIMIT: 1000
X-RATELIMIT-RESET Time to reset in seconds X-RATELIMIT-RESET: 0
X-RATELIMIT-REMAINING Number of left requests X-RATELIMIT-REMAINING: 999

Widget

In order to smoothly collect customer's card details, you have to use our Widget Checkout. It might be embedded into your web page and should provide smooth and secure credit card tokenization flow.

Integration

Include script tag into your website: <script src="https://cdn.rozetkapay.com/widget.js" async></script>

The script is loaded asynchronously.

init() method receive parameters:

let initParams = {
 /* Widget token issued by RozetkaPay */
 key: 'hQ8aqcm/RG1RF7MaImmzZUsThYhAVDG6R7kazf9+r7zuoWo6',
 /* Optional amount */
 amount: 350.5,
 /* Currently, only 'inline' mode is supported */
 mode: 'inline',
 /* Optional user language */
 lang: 'uk',
 /* Optional predefined custom style */
 style: 'evo',
 /* Optional widget type */
 type: 'full_card',
 /* Optional customer ip */
 customer_ip: '127.0.0.1',
 /* Optional customer id */
 customer_id: '123',
 /* Optional customer email */
 customer_email: '[email protected]',
 /* Optional customer country */
 customer_country: 'UA',
 /* Optional customer city */
 customer_city: 'Kyiv',
 /* Identifier of HTML element (for 'inline' mode only) */
 selector: 'widget-checkout',
 /* Handler for receiving token data */
 onToken: function(tokenData) {
   /*
     It is guaranteed that`tokenData` will have the following fields:
     {
       "token": "String(<=128)",
       "expires_at": "ISO-8601 DateTime",
       "card_mask": "String(13-19)"
     }
   */
 }
};

let widget = RPayCardWidget.init(initParams)

RPayCardWidget#init parameters:

Parameter Type Required Description
key String API token issued by RozetkaPay.
mode String Should be equal to inline.
selector String Identifier of HTML element (e.g. div id={payform-holder}) where the widget will be mounted (for inline mode).
onToken Function Callback to invoke when the checkout process is complete.
amount Number Optional amount to be shown in widget for UX purposes.
locale Object Locale customization
lang String Preferred widget localization. Currently supported languages: en, uk, pl.
style String Optional predefined custom style
type String Optional widget type. Available options: full_card(default) - collect all card credentials (payments), pan_only - tokenize only card number (payouts).
template String Optional custom template. Currently supported templates: line
customer_ip String Optional customer IP address.
customer_id String Optional customer identifier in merchant's system (required in case of External tokenization).
customer_email String Optional customer email (required in case of External tokenization).
customer_country String Optional customer country.
customer_city String Optional customer city.
locale Object Optional object to set text for widget elements.

locale object example

{
  "uk": {
    "cardNumber": "Номер карти",
    "expiryDate": "Строк дії",
    "cvv": "CVV",
    "submit": "Сплатити",
    "yy": "ГГ",
    "mm": "ММ",
    "hints": {
      "cvvHint": "Код міститься на зворотній стороні карти"
    },
    "errors": {
      "cardnumber": "Неправильний номер карти",
      "expiryDate": "Строк дії карти закінчився",
      "cvv": "Некорректний CVV/CVC2 код"
    }
  }
}

#onToken parameters:

Parameter Type Required Description
token String(≤128) Token issued by RozetkaPay. Acceptable for payments via direct mode.
expires_at String(26) ISO-8601 timestamp (yyyy-mm-ddThh:mm:ss). End of token life. Example: 2099-12-31T00:00:00.
card_mask String(13-19) Mask of tokenized card. Example: 424242******4242.

Widget API

RPayCardWidget#init return special control object with the following API methods:

Method Parameter Description
widget.open() none Render widget
widget.close() none Force close widget

Integration examples

Eager widget loading:

// Eagerly initialize widget
function __onWidgetReady() {
  let widget = RPayCardWidget.init({
                    key: 'hQ8aqcm/RG1RF7MaImmzZUsThYhAVDG6R7kazf9+r7zuoWo6',
                    amount: 350.5,
                    mode: 'inline',
                    lang: 'uk',
                    selector: 'widget-checkout',
                    /* Handler for receiving token data */
                    onToken: function(tokenData) {
                      /* Handle token data. For example, create direct payment or add card to wallet */
                      backend.submitPayment(orderId, tokenData);
                    }
                  });
}

const payButton = document.getElementById('btn-pay');

// Open widget on action
payButton.addEventListener('click', function(e) {
  e.preventDefault();

  widget.open();
});

After internal form submission, RozetkaPay token token will be sent in response to onToken function.

If script was loaded asynchronously, you should wrap init() method in function wrapper: __onWidgetReady

Lazy widget loading

// Create widget entity on button click (for example, radio button option)
function __onWidgetReady() {
  document
    .getElementById('btn-pay')
    .addEventListener('click', function(e) {
        e.preventDefault();
        RPayCardWidget
          .init({
            key: 'hQ8aqcm/RG1RF7MaImmzZUsThYhAVDG6R7kazf9+r7zuoWo6',
            amount: 350.5,
            mode: 'inline',
            lang: 'uk',
            selector: 'widget-checkout',
            /* Handler for receiving token data */
            onToken: function(tokenData) {
              // Handle token data. For example, create direct payment or add card to wallet.
              backend.submitToken(orderId, tokenData);
            }
          })
          .open();
      }
    );
}

Initialize and open widget instantly

  function __onWidgetReady() {
    RPayCardWidget.init({ ... }).open();
  }

Widget Events

Example usage:

    document.addEventListener('widget-init-ready', () => {
      widget.open();
    })
    document.addEventListener('widget-init-error', (e) => {
      console.error('error', e.detail.id, e.detail.message)
    });

After widget is successfully initiated, widget-init-ready event is dispatched. Otherwise, in case of error, widget will dispatch widget-init-error error. You can add event listener to this events.

payments

Accept online payments using this methods

Create payment

Creates payment and performs desired operation. When mode is set to direct - customer field becomes required.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
Request Body schema: application/json
amount
required
number
callback_url
string <url>
result_url
string <url>
confirm
boolean
Default: true

If true - funds are transferred to recipient account. If false - you have to call POST /api/payments/v1/confirm for additional confirmation of funds transfer.

currency
required
string
object (CustomerRequestUserDetails)
description
string
external_id
required
string

You can use external_id to link the corresponding payment within your system. This could be order ID or any other logical identifier. You can pass same external ID on every payment attempt until you receive success one. At most one success payment is allowed with same external_id within single login. If such condition occurs, request will complete with corresponding error.

payload
string
Array of objects (Product)
object
object (RecipientRequestUserDetails)
mode
required
string (PaymentMode)
Enum: "direct" "hosted"

Describes the way of the integration:

  • hosted - returns checkout page, where user can enter his payment details.
  • direct - requires customer's payment details in request. Usually returns url for second factor (3DS or other).

Responses

Callbacks

Request samples

Content type
application/json
{
  • "amount": 0,
  • "callback_url": "string",
  • "result_url": "string",
  • "confirm": true,
  • "currency": "string",
  • "customer": {
    },
  • "description": "string",
  • "external_id": "string",
  • "payload": "string",
  • "products": [
    ],
  • "properties": {
    },
  • "recipient": {
    },
  • "mode": "direct"
}

Response samples

Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Callback payload samples

Callback
POST: Processing callback
Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Confirm payment

Confirm two-step payment.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
Request Body schema: application/json
external_id
required
string

External ID of a payment, passed from your side on create.

amount
number
callback_url
string <url>
currency
string
payload
string

Responses

Callbacks

Request samples

Content type
application/json
{
  • "external_id": "string",
  • "amount": 0,
  • "callback_url": "string",
  • "currency": "string",
  • "payload": "string"
}

Response samples

Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Callback payload samples

Callback
POST: Processing callback
Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Cancel payment

Cancel two-step payment

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
Request Body schema: application/json
external_id
required
string

External ID of a payment, passed from your side on create.

amount
number
callback_url
string <url>
currency
string
payload
string

Responses

Callbacks

Request samples

Content type
application/json
{
  • "external_id": "string",
  • "amount": 0,
  • "callback_url": "string",
  • "currency": "string",
  • "payload": "string"
}

Response samples

Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Callback payload samples

Callback
POST: Processing callback
Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Refund Payment

Refund one-step payment after withdrawal, or two-step payment after confirmation.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
Request Body schema: application/json
external_id
required
string

External ID of a payment, passed from your side on create.

amount
number
callback_url
string <url>
currency
string
payload
string

Responses

Callbacks

Request samples

Content type
application/json
{
  • "external_id": "string",
  • "amount": 0,
  • "callback_url": "string",
  • "currency": "string",
  • "payload": "string"
}

Response samples

Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Callback payload samples

Callback
POST: Processing callback
Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Payment info

Get payment info by id

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
query Parameters
external_id
required
any

External ID (unique identifier)

Responses

Response samples

Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "amount": 0,
  • "amount_canceled": 0,
  • "amount_confirmed": 0,
  • "amount_refunded": 0,
  • "canceled": true,
  • "cancellation_details": [
    ],
  • "confirmation_details": [
    ],
  • "confirmed": true,
  • "created_at": "2019-08-24T14:15:22Z",
  • "currency": "string",
  • "external_id": "string",
  • "id": "string",
  • "purchase_details": [
    ],
  • "purchased": true,
  • "receipt_url": "string",
  • "refund_details": [
    ],
  • "refunded": true,
  • "customer": {
    },
  • "partner_details": {
    }
}

Resend callback

Prepares the data about the specified payment of transaction and sends it into callback_url which was provided on the payment step. If the operation field is not provided the callback will be sent for the last operation.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
Request Body schema: application/json
external_id
required
string
operation
string (OperationType)
Enum: "payment" "confirm" "refund" "cancel"

Responses

Callbacks

Request samples

Content type
application/json
{
  • "external_id": "string",
  • "operation": "payment"
}

Response samples

Content type
application/json
{
  • "code": "authorization_failed",
  • "message": "string",
  • "param": "string",
  • "payment_id": "string",
  • "type": "invalid_request_error",
  • "error_id": "string"
}

Callback payload samples

Callback
POST: Processing callback
Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Card lookup

Starts card confirmation process that allows to use this card for future operations. Result of the confirmation will be sent via callback. When mode is set to direct - customer field becomes required.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
Request Body schema: application/json
callback_url
string <url>
result_url
string <url>
object (CustomerRequestUserDetails)
description
string
payload
string
object
mode
required
string (PaymentMode)
Enum: "direct" "hosted"

Describes the way of the integration:

  • hosted - returns checkout page, where user can enter his payment details.
  • direct - requires customer's payment details in request. Usually returns url for second factor (3DS or other).

Responses

Callbacks

Request samples

Content type
application/json
{
  • "callback_url": "string",
  • "result_url": "string",
  • "customer": {
    },
  • "description": "string",
  • "payload": "string",
  • "properties": {
    },
  • "mode": "direct"
}

Response samples

Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Callback payload samples

Callback
POST: Processing callback
Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "details": {
    },
  • "external_id": "string",
  • "id": "0",
  • "is_success": true,
  • "receipt_url": "string",
  • "payment_method": {
    },
  • "customer": {
    },
  • "operation": "create"
}

Payment Receipt

Get receipt url by id

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
query Parameters
external_id
required
any

External ID (unique identifier)

Responses

Response samples

Content type
application/json
{}

customers

Get information about your customers

Delete customer payment from wallet

Deletes customer payment method from wallet. Either X-CUSTOMER-AUTH header or external_id param is required.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
query Parameters
external_id
any

customer id in your platform

Request Body schema: application/json
option_id
required
string
type
required
string
Enum: "cc_token" "wallet" "google_pay" "apple_pay" "card"

Responses

Request samples

Content type
application/json
{
  • "option_id": "string",
  • "type": "card"
}

Response samples

Content type
application/json
{
  • "delete": true,
  • "option_id": "string",
  • "type": "cc_token"
}

Get customer information & wallet

Returns customer details including payment methods, if saved. Either X-CUSTOMER-AUTH header or external_id param is required.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
query Parameters
external_id
any

customer id in your platform

Responses

Response samples

Content type
application/json
{
  • "address": "string",
  • "city": "string",
  • "country": "string",
  • "email": "[email protected]",
  • "external_id": "string",
  • "first_name": "string",
  • "last_name": "string",
  • "patronym": "string",
  • "phone": "string",
  • "postal_code": "string",
  • "rid": "06367b17-91f0-49c2-b4f0-ec544c175798",
  • "wallet": [
    ]
}

Add customer payment to wallet

Adds new payment method to wallet. Either X-CUSTOMER-AUTH header or external_id param is required.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
query Parameters
external_id
any

customer id in your platform

Request Body schema: application/json
callback_url
string <url>
required
object

Based on your choice in type field, one of the fields becomes required too.

result_url
string <url>

Responses

Callbacks

Request samples

Content type
application/json
{
  • "callback_url": "string",
  • "payment_method": {
    },
  • "result_url": "string"
}

Response samples

Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "created_at": "2019-08-24T14:15:22Z",
  • "payment_method": {
    },
  • "status": "init",
  • "operation": "add_payment_method"
}

Callback payload samples

Callback
POST: Status callback after 3ds action
Content type
application/json
{
  • "action": {
    },
  • "action_required": true,
  • "created_at": "2019-08-24T14:15:22Z",
  • "payment_method": {
    },
  • "status": "init",
  • "operation": "add_payment_method"
}

reports

Different reports based on your activity

Get payments report

Receive a report for a desired period with paid-out payments. You can both receive payments only for current login or for all possible sources within single business.

Authorizations:
BasicAuth(BasicAuthcustomerAuth) (BasicAuthonBehalfOf) (BasicAuthonBehalfOfcustomerAuth)
Request Body schema: application/json
date_from
required
string <date>
date_to
required
string <date>
fields
Array of strings

By default, all available fields are returned. See response schema for available field names.

scope
string
Default: "current_login"
Enum: "current_login" "all_keys"

Regulate how many data you would like to receive.

Responses

Request samples

Content type
application/json
{
  • "date_from": "2019-08-24",
  • "date_to": "2019-08-24",
  • "fields": [
    ],
  • "scope": "current_login"
}

Response samples

Content type
application/json
{
  • "payments": [
    ]
}