1.1.8. Transfer V4

Transfer V4 Integration Data

Transfer V4 URL

The End point ID is an entry point for incoming Merchant’s transactions and is the only Elecsnet object which is exposed via API.

Deposit to card transactions are initiated through HTTPS POST request by using URL in the following format:
https://pay.elecsnet.ru/paynet/api/v4/transfer/ENDPOINTID – to use v4 transfer.
https://pay.elecsnet.ru/paynet/api/v4/transfer-form/ENDPOINTID – to use v4 transfer-form.
for integration purposes use staging environment sandbox.elecsnet.ru instead of production pay.elecsnet.ru

3D redirect

If your gate supports 3D Secure you need to send status request and process html return parameter to send customer to 3D Secure Authorisation. The simplified schema looks like:

Customer -> Merchant: Initiate transaction
activate Merchant

Merchant -> "Elecsnet": transfer-by-ref
activate "Elecsnet"
"Elecsnet" --> Merchant: async-response
Merchant -> "Elecsnet": status
"Elecsnet" --> Merchant: html
deactivate "Elecsnet"
Merchant --> Customer: urldecode(html)
deactivate Merchant

Sender card data

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in Elecsnet.

Money transfer request parameter Length/Type Comment
credit_card_number 19/Numeric Sender: customer credit card number.
cvv2 3-4/String Sender: the customer’s CVV2 code. CVV2 (Card Verification Value) is the three of four digit number farthest to the right on the flip side of a credit card.
expire_month 2/String Sender: the credit card’s month of expiration.
expire_year 2-4/String Sender: the credit card’s year of expiration
card_printed_name 128/String Sender: card printed name.
card_recurring_payment_id Long Sender: recurring payment id.

Receiver card data

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in Elecsnet.

Money transfer request parameter Length/Type Comment
destination-card-no 19/Numberic Receiver: card PAN.
destination_card_recurring_payment_id Long Receiver: recurring payment id.

Sender customer data

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in Elecsnet.

Money transfer request parameter Length/Type Comment
sender_first_name 128/String Sender: customer’s first name.
sender_last_name 128/String Sender: customer’s last name.
sender_middle_name 128/String Sender: customer’s middle name/patronym.
sender_ssn 11/String Sender: the Social Security number is a nine-digit number in the format AAA-GG-SSSS. The last four digits of the customer’s social security number.
sender_birth_place 128/String Sender: birth place.
sender_birthday 30/String Sender: customer’s birthday.
sender_address1 256/String Sender: customer’s address.
sender_city 128/String Sender: customer’s city.
sender_state 4/String Sender: the customer’s US states (two letter abbreviation). Not applicable outside the US.
sender_zip_code 32/String Sender: zip code
sender_citizenship 128/String Sender: citizenship, гражданство.
sender_country_code 3/String Sender: the customer’s country(two letter abbreviation)
sender_phone 128/String Sender: the customer’s full international phone number, including country suffix.
sender_cell_phone 128/String Sender: the customer’s full international cell phone number, including country suffix.
sender_email 128/String Sender: the customer’s email address.
sender_resident Boolean Sender: resident, является ли резидентом.
sender_identity_document_id 128/String Sender: identity document name, идентификатор ДУДЛ.
sender_identity_document_series 12/String Sender: identity document series, серия ДУДЛ.
sender_identity_document_number 16/String Sender: identity document number, номер ДУДЛ.
sender_identity_document_issuer_name 128/String Sender: identity document issuer, кем выдан ДУДЛ.
sender_identity_document_issuer_department_code 32/String Sender: identity document issuer department code, код подразделения.
sender_identity_document_issue_date Date Sender: identity document issue date, дата выдачи ДУДЛ.

Receiver customer data

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in Elecsnet.

Money transfer request parameter Length/Type Comment
receiver_first_name 128/String Receiver: customer’s first name.
receiver_last_name 128/String Receiver: customer’s last name.
receiver_middle_name 128/String Receiver: customer’s middle name/patronym.
receiver_birth_place 11/String Receiver: birth place, место рождения.
receiver_birthday 128/String Receiver: customer’s birthday.
receiver_address1 256/String Receiver: customer’s address.
receiver_city 128/String Receiver: customer’s city.
receiver_zip_code 32/String Receiver: zip code
receiver_region 30/String Receiver: region
receiver_area 50/String Receiver: area.
receiver_citizenship 128/String Receiver: citizenship, гражданство.
receiver_country_code 3/String Receiver: the customer’s country(two letter abbreviation)
receiver_phone 128/String Receiver: the customer’s full international phone number, including country suffix.
receiver_resident Boolean Receiver: resident, является ли резидентом.
receiver_identity_document_id 128/String Receiver: identity document name, идентификатор ДУДЛ.
receiver_identity_document_series 12/String Receiver: identity document series, серия ДУДЛ.
receiver_identity_document_number 16/String Receiver: identity document number, номер ДУДЛ.
receiver_identity_document_issuer_name 128/String Receiver: identity document issuer, кем выдан ДУДЛ.
receiver_identity_document_issuer_department_code 32/String Receiver: identity document issuer department code, код подразделения.
receiver_identity_document_issue_date Date Receiver: identity document issue date, дата выдачи ДУДЛ.

Sender anti-fraud data

Money transfer request parameter Length/Type Comment
customer_user_agent 512/String Customer User Agent Info
customer_localtime 128/String Customer Localtime
customer_screen_size 32/String Customer Screen Size.
customer_accept_language 128/String Customer browser accept language
customer_accept 128/String Customer Browser Accept Header
ipaddress 7-45/String The customer’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101

Transfer Response

Transfer response parameter Description
type The type of response. May be async-response, validation-error, error. If type equals validation-error or error, error-message and error-code parameters contain error details.
paynet-order-id Order id assigned to the order by Elecsnet
merchant-order-id Merchant order id
serial-number Unique number assigned by Elecsnet server to particular request from the Merchant.
error-message If status is error this parameter contains the reason for decline or error details
error-code The error code is case of error status
end-point-id Endpoint id used for the transaction

Mandatory fields

Parameter name Description
ipaddress The customer’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101
client_orderid Customer order ID.
currency Currency the transaction is charged in (three-letter currency code). Example of  valid parameter values are: USD for US Dollar EUR for European Euro.
amount Amount to be transfered. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents
redirect_url URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration(non-form) deposit2card.
order_desc Order description
Parameters, which will define the type of transaction are listed below.

Transfer v4 fill rules

Transaction type Parameters to send
PAN —> PAN cvv2,expire_month,expire_year,card_printed_name,credit_card_number,destination-card-no + mandatory fields
PAN —> RPI cvv2,expire_month,expire_year,card_printed_name,credit_card_number,destination_card_recurring_payment_id + mandatory fields
RPI —> PAN card_recurring_payment_id, expire_month,expire_year,card_printed_name, destination-card-no + mandatory fields
RPI —> RPI card_recurring_payment_id, expire_month,expire_year,card_printed_name, destination_card_recurring_payment_id + mandatory fields
0 —> PAN (deposit2card) destination-card-no, deposit2card = true + mandatory fields
0 —> RPI (deposit2card) destination_card_recurring_payment_id, deposit2card = true + mandatory fields

Transfer-form v4 fill rules

Transaction type Parameters to send
form —> PAN destination-card-no + mandatory fields
form —> RPI destination_card_recurring_payment_id + mandatory fields
PAN —> form credit_card_number, cvv2,expire_month,expire_year,card_printed_name + mandatory fields
RPI —> form card_recurring_payment_id, cvv2,expire_month,expire_year,card_printed_name, + mandatory fields
form —> form mandatory fields
0 —> form(deposit2card) deposit2card = true + mandatory fields
In case of transfer-form transaction, you will receive a response with redirect_url, which contains URL of the form to fill in the remaining parameters.

Transfer Request V4 debug

To reproduce your API call, input all of the data from your original request, including the authentication tokens. Don’t forget to set the nonce and timestamp to the values you used. An OAuth signed URL should match regardless of the generating library. If the signatures differ, you know there is a bug in your OAuth signature code. Due to current PCI DSS restrictions only OAuth 1.0a RSA-SHA256 signature is allowed. Other signature methods are restricted. So to send command to the server your request should be: sent as POST, contains OAuth 1.0a headers, signed with RSA-SHA256.

Generate Public and Private key pair

You need only private and public key to authorize your transaction. To generate it please got to https://www.openssl.org/ download latest version of openssl and run following commands:

openssl genpkey -algorithm RSA -out private_key_pkcs_8.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -pubout -in private_key_pkcs_8.pem -out public_key.pem

Share your Private key with no one, you should be the only person to know it. Your Public key, on the contrary, should be sent to your manager, so he can register it in the system. Use different keys for production and for testing purposes to avoid its comprometation.

Private key

For using this demo you need private key in PKCS#1 container. The format of the key should be PKCS#1 PEM text formatted and unencrypted RSA private key. To get it use the following command

openssl rsa -in private_key_pkcs_8.pem -out private_key_pkcs_1.pem

As a result you will get a key starting with -----BEGIN RSA PRIVATE KEY-----. For production purposes you can use key in any format supported by your software. This demo supports key length up to 4096. Insert your RSA Private key for sandbox environment below.

Debug form
URL input URL(use /v4/transfer-form/ENDPOINTID for transfer-form)
endpointid or endpointgroupid input your ENDPOINTID or ENDPOINTGROUPID
login your login should be used as Consumer Public for OAuth
destination-card-no enter the beginning of the sequence, and then "i".
credit_card_number enter the beginning of the sequence, and then "i".
destination_card_recurring_payment_id use either RPI or card number, not both
card_recurring_payment_id use either RPI or card number, not both
amount
currency
cvv2
card_printed_name
expire_month
expire_year
ipaddress
order_desc
redirect_url
client_orderid
deposit2card boolean used only to determine if transaction type is deposit2card

Normalized parameters string to sign, according to OAuth 1.0a rules
POST body parameters to submit
OAuth 1.0a headers to submit.
HEX Encoded Signature
* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.
Base64 Encoded Signature
* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.

Order status V4 debug

To reproduce your API call, input all of the data from your original request, including the authentication tokens. Don’t forget to set the nonce and timestamp to the values you used. An OAuth signed URL should match regardless of the generating library. If the signatures differ, you know there is a bug in your OAuth signature code. Due to current PCI DSS restrictions only OAuth 1.0a RSA-SHA256 signature is allowed. Other signature methods are restricted. So to send command to the server your request should be: sent as POST, contains OAuth 1.0a headers, signed with RSA-SHA256.

Generate Public and Private key pair

You need only private and public key to authorize your transaction. To generate it please got to https://www.openssl.org/ download latest version of openssl and run following commands:

openssl genpkey -algorithm RSA -out private_key_pkcs_8.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -pubout -in private_key_pkcs_8.pem -out public_key.pem

Share your Private key with no one, you should be the only person to know it. Your Public key, on the contrary, should be sent to your manager, so he can register it in the system. Use different keys for production and for testing purposes to avoid its comprometation.

Private key

For using this demo you need private key in PKCS#1 container. The format of the key should be PKCS#1 PEM text formatted and unencrypted RSA private key. To get it use the following command

openssl rsa -in private_key_pkcs_8.pem -out private_key_pkcs_1.pem

As a result you will get a key starting with -----BEGIN RSA PRIVATE KEY-----. For production purposes you can use key in any format supported by your software. This demo supports key length up to 4096. Insert your RSA Private key for sandbox environment below.

Order status form
URL input URL
endpointid or groupid input your ENDPOINTID or ENDPOINTGROUPID
login
client_orderid input your Invoice Number
order_id
by-request-sn

Normalized parameters string to sign, according to OAuth 1.0a rules
POST body parameters to submit
OAuth 1.0a headers to submit.
HEX Encoded Signature
* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.
Base64 Encoded Signature
* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.

Payment Form Template Sample

<html>
<head>
    <script type="text/javascript">
    function isCCValid(r){var n=r.length;if(n>19||13>n)return!1;
        for(i=0,s=0,m=1,l=n;i<l;i++)d=parseInt(r.substring(l-i-1,l-i),10)*m,s+=d>=10?d%10+1:d,1==m?m++:m--;
        return s%10==0?!0:!1}
    </script>
</head>
<body>
<h3>Order #$!MERCHANT_ORDER_ID - $!ORDERDESCRIPTION</h3>
<h3>Total amount: $!AMOUNT $!CURRENCY to $!MERCHANT</h3>

<form action="${ACTION}" method="post">
    <div>Destination card number: <input id="cardnumber" name="${CARDNO}" type="text" maxlength="19" autocomplete="off"/></div>

    $!{INTERNAL_SECTION}
    #if($!card_error)
    <div style="color: red;">$!card_error</div>
    #end
    <input name="submit" onclick="return isCCValid(document.getElementById('cardnumber').value);" type="submit" value="Pay"/>
</form>
</body>
</html>