Skip to main content

Paying via payment form, step by step

This scenario describes how to perform a payment to a bank card through the payment form. You should consider this option if you cannot collect bank card details and store them on your side (you do not have a PCI DSS certificate).

You can obtain tokenized card details using the payment form widget and then perform the payment securely.

The payment process described involves putting money on the card on hold and then debiting it.

Step 1. Create a payment session

Send a request for session creation (session/create). You will receive the payment session identifier in response.

More about request format

Creating a session 
curl -X POST \
https://demo.bank131.ru/api/v1/session/create \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-PROJECT: your_project_name' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "customer": {
    "reference": "user123",
    "contacts": [
      {
        "email": "user@gmail.com"
      }
    ]
  },
  "amount_details": {
    "amount": 10000,
    "currency": "rub"
  },
  "metadata": "order123"
}'

Step 2. Generate a public token

The token is needed to work with the widget. Send a request to create a token and use it to pass the session identifier and the type of the widget you are going to call. You will receive the token in response.

If you want to add the checkbox Enable Automatic Payments to the payment form, specify true in the show_recurrent_checkbox field. It's required to perform recurring debiting.

Request example 
curl -X POST \
http://demo.bank131.ru/api/v1/token \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-PROJECT: your_project_name' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "acquiring_widget": {
    "session_id": "ps_123456"
  }
}'

Step 3. Show the payment form to the recipient

To do this, you need to access our JavaScript library and add the payment form widget. The customer enters their card details and clicks Pay, and Bank 131 initiates the payment, without getting you involved.

How to add the payment form

Step 4. Wait for notification that the Bank is ready to perform the payment

Bank 131 will send you a ready_to_confirm webhook (using the webhooks address you provided to your Bank 131 manager previously). This means that the payment can be performed and the Bank is waiting for you to confirm (or cancel).

The webhook body will contain all the data needed for the payment, which you need to check.

You then reply with the 200 HTTP code.

Webhook example 
curl -X POST \
https://partner.ru \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "type": "ready_to_confirm",
  "session": {
    "id": "ps_3230",
    "status": "in_progress",
    "created_at": "2018-05-27T02:03:00.000000Z",
    "updated_at": "2018-05-27T02:03:00.000000Z",
    "acquiring_payments": [
      {
        "id": "pm_2018",
        "status": "pending",
        "created_at": "2018-05-27T02:03:00.000000Z",
        "customer": {
          "reference": "user123",
          "contacts": [
            {
              "email": "user@gmail.com"
            }
          ]
        },
        "payment_details": {
          "type": "card",
          "card": {
            "last4": "4242",
            "brand": "visa"
          }
        },
        "amount_details": {
          "amount": 10000,
          "currency": "rub"
        },
        "metadata": "good"
      }
    ]
  }
}'
Handling the webhook using SDK 
use Bank131\SDK\Client;
use Bank131\SDK\Config;
use Bank131\SDK\Services\WebHook\Hook\WebHookTypeEnum;

$config = new Config(
    'https://demo.bank131.ru',
    'your_project_name',
    file_get_contents('/path/to/your/private_key.pem'),
    file_get_contents('/path/to/bank131/public_key.pem')
);

$client = new Client($config);

$hook = $client->handleWebHook('sign from headers', 'request body');

if ($hook->getType() === WebHookTypeEnum::READY_TO_CONFIRM) {
    $session = $hook->getSession();
    //do your logic here
}

Step 5. Confirm or cancel the payment

Check the payment details and confirm that you are ready to perform the payment (using the session/confirm request) or cancel it (using the session/cancel request).

If you confirm the payment, Bank 131 will automatically redirect the user to the 3D Secure page (if their card requires it).

Confirming the session 
curl -X POST \
https://demo.bank131.ru/api/v1/session/confirm \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-PROJECT: your_project_name' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "session_id": "ps_3230"
}'
Canceling the session 
curl -X POST \
https://demo.bank131.ru/api/v1/session/cancel \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-PROJECT: your_project_name' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "session_id": "ps_3230"
}'

Step 6. Wait for a ready_to_capture webhook

Through the ready_to_capture, webhook, Bank 131 informs you that the payment amount has successfully been put on hold on the user's bank card.

Webhook example 
curl -X POST \
https://partner.ru \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "type": "ready_to_capture",
  "session": {
    "id": "ps_3230",
    "status": "in_progress",
    "created_at": "2018-05-27T02:03:00.000000Z",
    "updated_at": "2018-05-27T02:03:00.000000Z",
    "acquiring_payments": [
      {
        "id": "pm_2018",
        "status": "pending",
        "created_at": "2018-05-27T02:03:00.000000Z",
        "customer": {
          "reference": "user123",
          "contacts": [
            {
              "email": "user@gmail.com"
            }
          ]
        },
        "payment_details": {
          "type": "card",
          "card": {
            "last4": "4242",
            "brand": "visa"
          }
        },
        "amount_details": {
          "amount": 10000,
          "currency": "rub"
        },
        "metadata": "good"
      }
    ]
  }
}'
Handling the webhook using SDK 
use Bank131\SDK\Client;
use Bank131\SDK\Config;
use Bank131\SDK\Services\WebHook\Hook\WebHookTypeEnum;

$config = new Config(
    'https://demo.bank131.ru',
    'your_project_name',
    file_get_contents('/path/to/your/private_key.pem'),
    file_get_contents('/path/to/bank131/public_key.pem')
);

$client = new Client($config);

$hook = $client->handleWebHook('sign from headers', 'request body');

if ($hook->getType() === WebHookTypeEnum::READY_TO_CAPTURE) {
    $session = $hook->getSession();
    //do your logic here
}

Step 7. Proceed with debiting, or cancel

Debit the amount put on hold (session/capture) or cancel the capture (session/cancel).

Debiting the payment 
curl -X POST \
https://demo.bank131.ru/api/v1/session/capture \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-PROJECT: your_project_name' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "session_id": "ps_3230"
}'
Canceling the payment 

curl -X POST \
https://demo.bank131.ru/api/v1/session/cancel \
-H 'Content-Type: application/json' \
-H 'X-PARTNER-PROJECT: your_project_name' \
-H 'X-PARTNER-SIGN: signature' \
-d '{
  "session_id": "ps_3230"
}'

Step 8. Wait for notification of the successful payment

Bank 131 will send you a payment_finished webhook. The webhook body will contain all the details of the payment. The result of the payment can be found in the payment.status field.

If the status is succeeded, then the payment has been successful. If the status is failed, then the payment has not been completed because of an error.

More about payment statuses

All done, the payment has been performed.

Diagram for payment via payment form

Diagram for payment via payment form