API FONDYVersion 1.0

Accept purchase (merchant payment page)

Only for PCIDSS compliant merchants.

  1. Request parameters(step 1)
  2. Parameters of response (step 1, card is enrolled in 3DSecure service)
  3. Parameters of response (step 1, card is not enrolled in 3DSecure service)
  4. Parameters of request (step 2)
  5. Parameters of response (step 2)
  6. Parameters of response in case of error
  7. Request generation

Request parameters (step 1)

ParameterTypeDescriptionSample
order_idstring(1024)Order ID which is generated by merchant.

mandatory
ID1234
merchant_idinteger(12)Merchant unique ID. Generated by FONDY during merchant registration.

mandatory
1
order_descstring(1024)Order description. Generated by merchant in UTF-8 always

mandatory
Hotel booking №1234 Antalia Resort
signaturestring(40)Order signature. Required to verify merchant request consistency and authenticity. Signature generation algorithm please see at Signature generation for request and response

mandatory
1773cf135bd89656131134b98637894dad42f808
amountinteger(12)Order amount in cents without a separator

mandatory
1020 (EUR) — means 10 euros and 20 cents
currencystring(3)Order currency. Supported values:
EUR — Euro USD — US Dollar
GBP — Pound sterling
UAH — Ukrainian Hryvnia
RUB — Russian Rouble

mandatory
USD
versionstring(10)Protocol version.

Default value: 1.0.1
1.0.1
server_callback_urlstring(2048)Merchant site URL, where host-to-host callback will be send after payment completion. See Receiving Callbacks for more details on callbacks.
http://site.com/callbackurl
lifetimeinteger(6)Order lifetime in seconds. After this time, the order will be given the status of expired if the client has not paid it

Default value: 600
600
merchant_datastring(2048)Any arbitrary set of data that a merchant wants to get back in the response to response_url or/and server_callback_url, and also in reports 
preauthstring(1)Parameter supported only for Visa/MasterCard payment method
N — amount is debited from the customer’s card immediately and settled to the merchant account, in accordance with the rules of settlements.
Y — amount held on the customer card and not charged until the merchant sends a ‘capture’ request to confirm

Default value: N
N
sender_emailstring(50)Customer email 
descriptorstring(21)Dynamic descriptor 
langstring(2)Payment page language. Supported values:
en – Russian
uk – Ukrainian
en – English
lv – Latvian
fr – French
cs – Czech
ro – Romanian
it – Italian
sk – Slovak
pl – Polish
es – Spanish
hu – Hungarian
de – German
 
product_idstring(1024)Merchant product or service ID 
verificationstring(1)If Y order will be automatically reversed by FONDY after successful approval

Default value: N
Y
card_numberstring(19)Visa/MC card number

mandatory
 
cvv2string(4)Card CVV2/CVC2 code

mandatory
 
expiry_dateinteger(4)Card expiry date in format MMYY

mandatory
 
client_ipinteger(15)Client IP

mandatory
 
containerstringGoogle/Apple Pay encrypted data in BASE64 encoding

optional
ewogICJhcGlWZXJzaW9uTWlub3IiOiAwLAogICJhcGlWZXJzaW9uIjogMiw
KICAicGF5bWVudE1ldGhvZERhdGEiOiB7CiAgICAiZGVzY3JpcHRpb24iOi
AiVmlzYSDigKLigKLigKLigKIgMTExMSIsCiAgICAidG9rZW5pemF0aW9uR
GF0YSI6IHsKICAgICAgInR5cGUiOiAiUEFZTUVOVF9HQVRFV0FZIiwKICAg
ICAgInRva2VuIjogIntcInNpZ25hdHVyZVwiOlwiTUVRQ0lIZ0tDT2hldFh
5dVl4VXl4cE80NDFab2llR3A3U3duQlVXMjc2Um55S0s4dVM2UVxcdTAwM2
RcXHUwMDNkXCIsXCJwcm90b2NvbFZlcnNpb25cIjpcIkVDdjFcIixcInNpZ
25lZE1lc3NhZ2VcIjpcIntcXFwiZW5jcnlwdGVkTWVzc2FnZVxcXCI6XFxc
IkZhbW9YZEhVZUdMNzUxRnFZbVJwVFNaeTN2aC9lQ1E0ZjNHckUvUFlJV3R
SUnFXVTJZRFg4d3F3OHVXMm1KSi9Yb2VtcmN2SkdlVFJZeFV5eDgvVWVFdn
pwQ0tsVnVqbDMrNHkrTEdmbGFFUWJZeFV5eFl4VXl4WXhVeXhZeFV5eFV5Z
WxBbFRPVXFBSHpwMm5rVEZFY3AvczR2a0tEWm9QVFRjYnBNbC9xaW5qNW1s
ai8ybEZtSmcyUTEydFNCREdaYXd0SG1KeitDNmxMUmZBdDhCOU15RDFJa0V
Nd3JxOTBqMk5GY0dnQ29RbEtaR3hzSUlNcG5GV082TDZxcUsvcGxXNnlYZG
taaDIrR09CREU3eHVSWlY2RkdtZGZ4eGVLWElWTFNsQ3AxdHRlUGR2VDZZT
0R5WXhVeXhZeFV5eFl4VXl4WXhVeXgvcUY0SUJZUTNqalBjRTM3d1h5UHhy
MVhheTJPS0hFZTV4MTZURWdDcTU2QWRYL3hVcDNhVk9SWXhVeXhZeFV5eFl
4VXl4WWxzdlJvazhnb2pER053S2dcXFxcdTAwM2RcXFxcdTAwM2RcXFwiLF
xcXCJlcGhlbWVyYWxQdWJsaWNLZXlcXFwiOlxcXCJCS3BjQWtNWTE1a1BuR
zEwS1V5aGtGbE1qbFVTMFgwMVJ1Z3U1dlR5N1l4VXl4WXhVeXhZeFV5eDJ0
WjdwOTNUV1RTd1pFMDg0VkhHTHZ5aWMyT1VXdGpJNFZUelo4OFxcXFx1MDA
zZFxcXCIsXFxcInRhZ1xcXCI6XFxcImU4Zk5ldVdIUGZiZ0U2dkdzTll4VX
l4WXhVeXhZeFV5eEk2QVU1THZINTcxYzZHZ3NVSFVCa1xcXFx1MDAzZFxcX
CJ9XCJ9IgogICAgfSwKICAgICJ0eXBlIjogIkNBUkQiLAogICAgImluZm8i
OiB7CiAgICAgICJjYXJkTmV0d29yayI6ICJWSVNBIiwKICAgICAgImNhcmR
EZXRhaWxzIjogIjExMTEiCiAgICB9CiAgfQp9

Parameters of response (step 1, card is enrolled in 3DSecure service)

If card is enrolled in 3DSecure, response will be returned in the following format:

ParameterTypeDescriptionSample
response_statusstring(50)if no error ocured always returned successsuccess
acs_urlstring(2048)URL of cardholder issuing bank Access Control Server where he must enter 3DSecure password
https://api.fondy.eu/checkout?token=e0a5d4f331806d1e2feb80353b4c44bf6751fc8c
pareqstring(20480)Parameter which must be submeted to acs_url 
mdstring(1024)Unique 3DSecure request ID. Generated by FONDY payment gateway 

A merchant receiving this response must build an HTML form and using it submit customer to acs_url. HTML form must be of the following content:

<form name="MPIform" action='${acs_url}' method="POST">
  <input type="hidden" name="PaReq" value='${pareq}'>
  <input type="hidden" name="MD" value='${md}'>
  <input type="hidden" name="TermUrl" value='${TempUrl}'>
</form>

where ${TempUrl} – is merchant URL where customer will be redirected after 3DSecure password verification

The following parameters are returned to URLTempUrl after cardholder password verification:

ParameterTypeDescription
paresstring(20480)Payer authentication result.
Is BASE64 string
mdstring(1024)Unique 3DSecure request ID.
Generated by FONDY payment gateway

Parameters of response (step 1, card is not enrolled in 3DSecure service)

If card is not enrolled response is returned in format 3.2 Parameters of final response

Parameters of request (step 2)

Parameters received in 4.2 Parameters of response (step 1, card is enrolled in 3DSecure service) must be sent to FONDY payment gateway in format:

ParameterTypeDescriptionSample
order_idstring(1024)Order ID which is generated by merchant.

mandatory
ID1234
merchant_idinteger(12)Merchant unique ID. Generated by FONDY during merchant registration.

mandatory
1
paresstring(20480)Parameter returned by issuing bank to URL TempUrl after password verification

mandatory
 
mdstring(1024)Unique 3DSecure request ID. Generated by FONDY payment gateway

mandatory
 
versionstring(10)Protocol version.

Default value: 1.0
1.0
signaturestring(40)Order signature. Required to verify merchant request consistency and authenticity. Signature generation algorithm please see at Signature generation for request and response

mandatory

Signature algorithm see Signature generation for request and response

1773cf135bd89656131134b98637894dad42f808

Parameters of response (step 2)

Response is returned in format 3.2 Parameters of final response

Parameters of response in case of error

Response is returned in format 3.4 Parameters of response in case of error

Request generation

Purchase request with card number in step 1 always generated by merchant using host-to-host request to URL https://api.fondy.eu/api/3dsecure_step1/

Purchase request in step 2 always generated by merchant using host-to-host request to URL https://api.fondy.eu/api/3dsecure_step2/

Host-to-host API supports the following text formats

Response is always returned in request context in the same content-type. So if request is sent in JSON, response will be sent in JSON format too.

Connect to FONDY and learn more!