1. RECEIVING PAYMENTS

There are two methods of accepting payments from customers. The first method (presented in subchapter Basic version) is intended for Sellers who do not have e-shops or services integrated with the Dotpay system.

The second method (presented in subchapter Advanced version) is designed for e-shops and services, at which the payment process begins (e.g. customer is ordering some item).

Dotpay payment gateway is located at:

  • production environment: https://ssl.dotpay.pl/t2/

  • test environment : https://ssl.dotpay.pl/test_payment/

Caution

Because of security policy, Dotpay payment gateway cannot be embedded in iframe (X-Frame-Options:SAMEORIGIN).

1.1. Basic version

To redirect the customer to payment, all data can be saved in the URL - link. In the example below, link_pre-id01| id sklepu, amount , currency and description is passed to the payment form:

https://ssl.dotpay.pl/t2/?id=123456&amount=123.00&currency=PLN&description=Test

The above address redirects by the method: GET.

Other parameters that can be passed in this way to Dotpay payment form are listed in Table 1 and Table 2 of this document.

After logging to My Dotpay panel you can use menu Tools –> Payment links generator. This menu allows to determine such data as: id , amount , currency , description and lang .. Generating a payment request means creating a special key which allows defining the given parameters thus prevent modification of payment data.

Links generated this way can be listed and modified (e.g. amount ), in the above mentioned menu.

Key example: rfhu4jb5ym657g3xluf4bbqfmbyj6t17

Using such a generated key you can elicit payment site from the link:

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17

In case payment language was NOT specified or defined language was removed, parameter lang allows you to determine language on payment page.

Example of payment page with added parameter lang = en to present payment form in English:

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17&lang=en

Additionally, you can attach the ignore_last_payment_channel = 1 parameter to the payment link in order to ignore the payment method recently chosen by the customer (stored in the browser’s memory), so that he will always see the full list of available payment methods.

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17&ignore_last_payment_channel=1&lang=pl

Such a prepared link with a key can be sent for example by e-mail to a buyer.

Generated payment link with a key can be used repeatedly until erased by the Merchant in My Dotpay panel (Tools –> Payment links generator –> delete).

Caution

By default for shop is also required sending the chk parameter. In the case of generating payment links from seller administration panel the chk parameter is automatically added to the link.

However for links generated manually or using seller administration panel API chk value has to be calculated and added separately.

Exemplary link is going to look like:

https://ssl.dotpay.pl/t2/?chk=c7dc9bb5d0c726a44cf478d3b78390011641f0f52c3db3c0ba6b9a658c6fb400&pid=poup7bulug5996r7fjc2jl056vfqbgp2

How to calculate chk has been described in Redirection parameters integrity protection (CHK) section. .

Note

If shop doesn’t use automatic notifications URLC and confirmation of each transaction is carried out after manual verification of correctness of booked amount and currency for a specific order, the maturity of the chk parameter may be disabled. For this purpose please contact us by email at the address administracja@dotpay.pl

1.1.1. Example forms of payments / donations

Caution

For proper functioning below forms require prior modification of parameters specified in section CONFIGURATION, for example inserting appropriate account id in which payment is to be made (id number can be found after logging in to the seller administration panel tab Settings,this is a 6-digit number placed after the sign # in column Shop). Otherwise, you will be redirected to the page with error message.

Customer after clicking button is redirected to the Dotpay payment form (https://ssl.dotpay.pl/t2/) to choose a payment method. Simultaneously with the POST method are sent the following parameters:

  1. seller’s ID (e.g. id = 123456)

  2. transaction’s amount (e.g. amount = 12.42)

  3. currency

  4. transaction’s description (e.g. description = Payment for invoice #12345/2014)

  5. redirection’s type (e.g. type = 0)

  6. return address after payment (e.g. url = https://www.example.com)

  7. return button text (e.g. buttontext = Return)

Caution

The following forms don’t include a function to calculate the mandatory chk parameter. This functionality should be completed on its own or contact Dotpay administration department (administracja@dotpay.pl) in order to disable the verification of chk . Please read the Security of payment integration chapter before.

The form may also send other, optional parameters of which description can be found in the tables in the further parts of documentation.

  1. Form with predefined and any amount

  1 <!DOCTYPE html>
  2 <html>
  3 
  4 <head>
  5     <meta charset="UTF-8">
  6 </head>
  7 
  8 <body>
  9     <!-----------------------------
 10   
 11     Górna część strony
 12   
 13   ------------------------------------->
 14 
 15     <!---  copy  start--->
 16     <style>
 17         div.dotpay_form_donation {
 18             font-family: sans-serif;
 19             text-align: center;
 20         }
 21 
 22 
 23         div.dp_temat {
 24             font-size: 1.5em;
 25             font-style: inherit;
 26             font-weight: bold;
 27             color: #334242;
 28         }
 29 
 30         input#dp_def_amount {
 31             border: 1px solid #bbb;
 32             border-radius: 3px;
 33             height: 50px;
 34             font-size: 1.3em;
 35             background: #dae6ff;
 36             text-align: center;
 37             font-weight: 500;
 38             cursor: pointer;
 39         }
 40 
 41         input#dp_kwota {
 42             border: 1px solid #bbb;
 43             border-radius: 3px;
 44             font-size: 1.2em;
 45             background: #f8f6fb;
 46             text-align: center;
 47 
 48         }
 49 
 50         input#dp_other_amount {
 51             font-size: 1em;
 52             background: #daedff;
 53             border: 1px solid #bbb;
 54             border-radius: 3px;
 55             padding: 5px;
 56             text-align: center;
 57             cursor: pointer;
 58         }
 59 
 60         button#dp_buttomDarowizna {
 61             font-size: 1.3em;
 62             background: #ae3131;
 63             border: 1px solid #bbb;
 64             border-radius: 3px;
 65             padding: 5px;
 66             text-align: center;
 67             cursor: pointer;
 68             color: #f3f0ed;
 69             letter-spacing: 0.1em;
 70         }
 71 
 72         table.tbl_center {
 73             margin-left: auto;
 74             margin-right: auto;
 75         }
 76     </style>
 77 
 78     <!-- poniżej wpisz prawdiłową ścieżkę do jquery -->
 79     <script type="text/javascript" src="http://code.jquery.com/jquery-3.5.1.min.js"></script>
 80 
 81     <script>
 82         $(document).ready(function () {
 83             $("#dp_buttomDarowizna").click(function () {
 84                 if ($('#dp_kwota').val().trim() === '') {
 85                     $("#dp_kwota_alert").text("Proszę wybrać lub wprowadzić kwotę darowizny.").show();
 86                     $('#dp_kwota_alert').css("display", "inline").fadeOut(5000);
 87                     return false;
 88                 }
 89             });
 90         });
 91     </script>
 92 
 93     <div class="dotpay_form_donation">
 94         <form action="https://ssl.dotpay.pl/t2/" method="post" target="_parent">
 95             <div class="dp_temat">Wybierz kwotę darowizny</div>
 96             <p>
 97                 <input type="button" id="dp_def_amount"
 98                     onClick="$('#dp_kwota').val('10'); $('#dp_kwota').prop('readonly', true);$('#dp_kwota').attr('style','color:blue');$('#dp_other_amount_txt').html('Wybrana Kwota')"
 99                     value="10.00 zł" />
100                 <input type="button" id="dp_def_amount"
101                     onClick="$('#dp_kwota').val('20'); $('#dp_kwota').prop('readonly', true);$('#dp_kwota').attr('style','color:blue');$('#dp_other_amount_txt').html('Wybrana Kwota')"
102                     value="20.00 zł" />
103                 <input type="button" id="dp_def_amount"
104                     onClick="$('#dp_kwota').val('50'); $('#dp_kwota').prop('readonly', true);$('#dp_kwota').attr('style','color:blue');$('#dp_other_amount_txt').html('Wybrana Kwota')"
105                     value="50.00 zł" />
106                 <input type="hidden" name="type" value="0" />
107                 <input type="hidden" name="currency" value="PLN" />
108 
109                 <table class="tbl_center">
110                     <tr>
111                         <td>
112                             <br><input type="button" id="dp_other_amount"
113                                 onClick="$('#dp_kwota').prop('readonly', false);$('#dp_kwota').attr('style','color:brown');$('#dp_other_amount_txt').html('<span style=\'color:brown\'>Wprowadź kwotę</span>')"
114                                 value="Inna kwota" />
115                         </td>
116                         <td>
117                             <br><span id="dp_other_amount_txt">Wybrana Kwota</span>:
118                             <input type="text" name="amount" id="dp_kwota" readonly
119                                 pattern="^([1-9])((\.\d{1,2})?)$|^((?!0)(\d){1,5})((\.\d{1,2})?)$|^(1(\d{5})(.\d{1,2})?)$|^(200000(.[0]{1,2})?)$"
120                                 placeholder="np. 100" maxlength="9" size="9"
121                                 title="Kwota powinna zawierać się w przedziale 1 - 200000 PLN. Dozwolony format to np: 100 lub 152.43"
122                                 oninput="this.value = this.value.replace(/[^0-9\.]/g, ''); this.value = this.value.replace(/(\..*)\./g, '$1');" />
123                             PLN
124                             <br />
125                         </td>
126                     </tr>
127                 </table>
128 
129                 <!--------------------------------- KONFIGURACJA --------------------------------------->
130 
131                 <!---- zamiast 000000 nalezy podstawic numer ID w Dotpay -->
132                 <input type="hidden" name="id" value="000000" />
133                 <!--- Tytuł transakcji --->
134                 <input type="hidden" name="description" value="Testowa płatność" />
135                 <!--- Ardes URL powrotu --->
136                 <input type="hidden" name="url" value="http://www.example.com" />
137                 <!-- Tekst przycisku powrotu do sklepu --->
138                 <input type="hidden" name="buttontext" id="buttontext" value="Powrót do sprzedawcy" />
139             </p>
140 
141             <!--------------------------------- KONIEC KONFIGURACJI --------------------------------------->
142 
143             <p><br><button class="dp_buttomDarowizna" id="dp_buttomDarowizna">Wpłać darowiznę</button></p>
144         </form>
145         <div id="dp_kwota_alert" style="color:red;"></div>
146     </div>
147 
148     <!---  copy  end--->
149 
150     <!-----------------------------
151   
152     Dolna część strony
153   
154   ------------------------------------->
155 </body>
156 
157 </html>
  1. Form only with predefined amounts

 1 <!DOCTYPE html>
 2 <html>
 3 
 4 <head>
 5   <meta charset="UTF-8">
 6 </head>
 7 
 8 <body>
 9   <!-----------------------------
10 
11 	Górna część strony
12 
13 ------------------------------------->
14 
15   <!---  copy  start--->
16 
17   <div style="text-align: center;">
18     <form action="https://ssl.dotpay.pl/t2/" method="post" target="_parent">
19       <p style="font-size: 18px">Wybierz kwotę darowizny</p>
20       <input type="radio" name="amount" value="10.00" />10.00 zł&nbsp;&nbsp;&nbsp;
21       <input type="radio" name="amount" value="20.00" />20.00 zł&nbsp;&nbsp;&nbsp;
22       <input type="radio" name="amount" value="50.00" checked />50.00 zł<br />
23       <input type="hidden" name="type" value="0" />
24       <input type="hidden" name="currency" value="PLN" />
25 
26       <!--------------------------------- KONFIGURACJA --------------------------------------->
27 
28       <!---- zamiast 000000 nalezy podstawic numer ID w Dotpay -->
29       <input type="hidden" name="id" value="000000" />
30       <!--- Tytuł transakcji --->
31       <input type="hidden" name="description" value="Testowa płatność" />
32       <!--- Ardes URL powrotu do sklepu--->
33       <input type="hidden" name="url" value="http://www.example.com" />
34       <!-- Tekst przycisku powrotu do sklepu --->
35       <input type="hidden" name="buttontext" value="Powrót do sprzedawcy" />
36 
37       <!--------------------------------- KONIEC KONFIGURACJI --------------------------------------->
38 
39       <p><br><button class="buttomDarowizna">Wpłać darowiznę</button></p>
40     </form>
41   </div>
42 
43   <!---  copy  end--->
44 
45   <!-----------------------------
46 
47 	Dolna część strony
48 
49 ------------------------------------->
50 </body>
51 
52 </html>
  1. Form with any description and amount

 1 <!DOCTYPE html>
 2 <html>
 3 
 4 <head>
 5   <meta charset="UTF-8">
 6 </head>
 7 
 8 <body>
 9   <!-----------------------------
10 
11 	Górna część strony
12 
13 ------------------------------------->
14 
15   <!---  copy  start--->
16 
17   <div style="text-align: center;">
18     <form action="https://ssl.dotpay.pl/t2/" method="post" target="_parent">
19       <p style="font-size: 18px">Wybierz kwotę darowizny</p>
20       <input name="description" value="Darowizna na cele statutowe" type="hidden">
21       <input name="amount" id="kwota" size="6" value="" type="text" required
22         pattern="^([1-9])((\.\d{1,2})?)$|^((?!0)(\d){1,5})((\.\d{1,2})?)$|^(1(\d{5})(.\d{1,2})?)$|^(200000(.[0]{1,2})?)$"
23         placeholder="np. 10" maxlength="9" size="9"
24         title="Kwota powinna mieścić się w przedziale 1 - 200 000 PLN. Dozwolony format to np: 10 lub 10.00">
25 
26       <input type="hidden" name="currency" value="PLN" /> PLN
27 
28       <!--------------------------------- KONFIGURACJA --------------------------------------->
29 
30       <!---- zamiast 000000 nalezy podstawic numer ID w Dotpay -->
31       <input name="id" value="000000" type="hidden">
32 
33       <!--------------------------------- KONIEC KONFIGURACJI ---------------------------------->
34 
35       <p><br><button class="buttomDarowizna">Wpłać darowiznę</button></p>
36     </form>
37     <br>
38   </div>
39 
40   <!---  copy  end--->
41 
42   <!-----------------------------
43 
44 	Dolna część strony
45 
46 ------------------------------------->
47 </body>
48 
49 </html>

1.2. Advanced version

Direct version is based on direct integration with Dotpay payment system. In this version a customer after making an order will be redirected from the seller’s web site to Dotpay payment form. Client located on the Seller’s web page, after clicking on the button to confirm payment (e.g. pay by Dotpay) should be redirected to https://ssl.dotpay.pl/t2/.

In the next step the customer makes the payment with use of selected payment channel. If there is a defined return address and right parameter value of type , on the payment confirmation page will be displayed a button to return to the seller web page.

A seller may also specify URLC address on which information about the status of the transaction will be sent via POST method. The address can be defined by logging into Dotpay (Settings –> Notifications –> URLC Configuration –> Edit) or sent when you initiate the payment as a parameter named urlc .

In the second case you should unlock for your store getting the urlc parameters from external sources, ie deselect the option: Block external urlc (Settings –> Notifications –> URLC Configuration –> Edit) . With such a configuration a seller can define other URLC addresses for each payment.

The principle of URLC operation notifications is described in chapter URLC CONFIRMATION

1.2.1. Diagram 1. Example of the payment process in the following diagram and description:

 skinparam monochrome false
 skinparam style strictuml
 autonumber

  skinparam note {
      BackgroundColor #F1FFFF
      BorderColor #2980B9
  }

  skinparam sequence {
      ArrowColor #f442a1
      LifeLineBorderColor blue
      LifeLineBackgroundColor #A9DCDF

  }


skinparam actorBackgroundColor #FEFECE
skinparam actorBorderColor    Maroon
skinparam ActorFontColor DarkRed
skinparam ActorFontSize 17
skinparam ActorFontName Aapex


 actor "Payer" as Payer
 participant "Shop" as Shop
 participant Dotpay
 participant Bank

 Payer -> Shop: place order
 Shop -> Dotpay: pay and direct
 Dotpay -> Payer: channel list
 Payer -> Dotpay: select payment method
 Dotpay -> Bank: redirect
 Bank -> Payer: login page
 Payer -> Bank: authenticate and confirm payment
 Bank -> Dotpay: logout and return

 loop
    Dotpay [#4468aa]-> Payer: wait
    Payer [#4468aa,dashed]--> Dotpay: final status?
  end

 Bank [#18a02c,dashed]--> Dotpay: payment completed
 Dotpay [#18a02c]-> Payer: payment completed

 opt
    Payer [#438ba9]-> Dotpay: click "return to shop"
    Dotpay [#438ba9]-> Shop: return
    loop wait for urlc
      Shop [#4468aa]-> Payer: wait
      Payer [#4468aa,dashed]--> Shop: final status?
    end
    Dotpay [#438ba9,dashed]--> Shop: urlc notification
    Shop [#438ba9]-> Payer: order paid
 end

  1. Buyer places an order in shop

  2. after completing shopping cart customer selects payment method with Dotpay and is redirected to the payment format

  3. where presented is channel list.

  4. Customer makes a choice

  5. and is redirected to the bank.

  6. The login page for banking is shown

  7. where he enters credentials and confirms the transfer.

  8. After logging out is following return to the Dotpay website.

  9. During waiting for confirmation

  10. the browser periodically inquires about the status of payment.

  11. Bank informs Dotpay about the final status of payment

  12. and this information is presented to payer.

Note

Steps 13 - 18 are optional (depending on the model of integration) and don’t have effect on payment process.

  1. Buyer clicks on return button

  2. and is redirected to the store

  3. During waiting for confirmation

  4. the browser periodically inquires about the status of payment.

  5. After receiving URLC notification

  6. shop confirms that customer has paid for order.

1.2.2. Table 1. (Basic parameters)

PARAMETER

MEANING / DESCRIPTION

api_version

Parameter required by default.

API version - according to which the system sends URLC confirmation (see chapter RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION)).

Sending parameter overrides default shop ( id ) configuration from seller administration panel in Settings –> Shop configuration –> Edit tab.

Available values:

next - the latest version of the API described in this manual.

dev - older version of API described in the manual v1.78.22.1 .

Important

If the configuration store (Settings –> Shop configuration –> Edit tab) indicates an API version other than next, than the checksum for the chk parameter will be treated as chk incorrectly calculated - in violation of this documentation. Thus, the request will be rejected, i.e. the system will respond with an error and will not further process such a request. In the logs available in the Dotpay seller administration panel, in the tab Logs for such an event, an entry with the content “Required Chk obtained, but hash not equal.” should appear.

This does not apply to situations where the store configuration allowed to overwrite api settings in the store configuration ( id ) by sending the parameter in the request api_version = next .

We recommend that you submit this parameter in each request.

Example:

api_version = next

id

Account ID for which payment is made.

ID can be found in the administration panel in Settings tab, it is a 6-digit number after # Shop. column.

type: integer

min value: 1

max value: 999999

Example:

id = 123456

amount

The amount of the transaction given with centesimal part (always two places after the separator). Centesimal separator is a dot (.)

type: string

min length: 1

max length: 10

examplary regular expression (for amount in the range 0.01 - 200000.00) :

^0\.(0)([1-9])$|^0\.(([1-9])(\d)?)$|^([1-9])((\.\d{1,2})?)$|^((?!0)(\d){1,5})((\.\d{1,2})?)$|^(1(\d{5})(.\d{1,2})?)$|^(200000(.[0]{1,2})?)$

Example:

amount = 42.82

currency

This parameter determines the currency in which the amount parameter is given. Format according to ISO 4217 standard.

Available values:

PLN, EUR, USD, GBP, JPY, CZK, SEK, UAH, RON, NOK, BGN, CHF, HRK, HUF, RUB

Example:

currency = EUR

description

Payment description.

type: string

min length: 1

max length: 255

Example:

description = Invoice 120/2018

chk

Checksum used to verify sent data integrity. The description of functionality and the method of calculating the checksum can be found in the chapter: Redirection parameters integrity protection (CHK) .

Important

Required by default. The recommended method of calculating the checksum requires use of the appropriate version of the API: api_version = next

Caution

If the store configuration forces sending the chk parameter in the request (default shop setting on the Dotpay system side) and if it is not sent, the request will be treated as incorrect. Thus, it will be rejected, i.e. the system will respond with an error and will not further process such a request.

In the logs available in the Dotpay seller administration panel, in the tab Logs for such an event, an entry with the text “Didn’t receive chk. Chk is required for api version next” should appear.

1.2.3. Table 2. (Additional parameters)

PARAMETER

MEANING / DESCRIPTION

channel

This parameter defines which payment channel will be selected after redirecting client to Dotpay payment form.

Numerical values only available (see ATTACHMENT 1 - PAYMENT CHANNELS)

Example: channel = 1

Seller wishes 1 to select a mTransfer channel by default.

List of available payment channels for given shop (id) might be downloaded using:

  • Seller administration panel API

  • Payment API (this mechanism is also used by widget, which is a tool to display available payment channels. Is has been described in administration panel in Tools –> Widget tab )

Resource addresses: https://ssl.dotpay.pl/t2/payment_api/channels/

Required parameters: id , amount , currency Optional parameters: lang , format (json lub xml)

Example:

https://ssl.dotpay.pl/t2/payment_api/channels/?id=123456&amount=301.00&currency=PLN&lang=pl&format=json

ch_lock

Forcing the channel specified in the channel parameter.

The parameter ch_lock with a value 1 does not allow the Buyer to choose another channel of payment than defined on the Seller web pages.

Available values:

0 - channel will not be forced (default)

1 – force the selected channel .

Example:

Sending parameters channel = 1 and ch_lock = 1 will not allow a customer to choose other payment method than mTransfer.

ignore_last_payment_channel

Sending parameter will cause Dotpay website to ignore last payment channel used by costomer (saved in their browser data), i.e. all available payment channels will be shown as if it was first payment.

By default for consecutive payments last used channel is shown with an option to choose another one.

Available values:

1– ignore last chosen channel

Example:

ignore_last_payment_channel = 1

channel_groups

This parameter defines which channel groups will be displayed after redirecting client to Dotpay payment form (by default all are presented).

When using this parameter it is recommended to use ignore_last_payment_channel described above.

Available values:

K – payment cards,

T – fast transfers,

P – transfers,

G – cash,

W – purses and vouchers,

R – installments,

M – mobile transfers (DCB),

O – postponed payments,

U – Payment Initation Service (PIS),

I – other.

Parameter can have more than one group as a value, in this case letters have to be separated with commas.

Example:

channel_groups = T

channel_groups = R,I

channel_groups = R,I,P

url

This parameter defines the Internet address (HTTP or HTTPS) to which buyer is expected to return after payment. Behavior of url parameter is determined by type parameter.

type: string

max length: 1000

Example:

url = https://www.example.com/thanks_page.php

url = http://195.150.9.55/thanks_page.php

When both url and type = 0 parameters are sent after completion of the payment process customer will see the return button to the site of the Seller. The use of the button will move the buyer to the address in the url parameter with the parameter status (submitted by the POST and GET), which contains information about the possible errors at the checkout pages ( OK or FAIL).

Important

Parameter status informs only about the payment process. Information about the current status of the transaction (new, completed, rejected, etc.) contains a variable operation_status sent to the address urlc .

Example:

url = https://www.example.com/thanks_page.php?status=OK

type

This parameter defines a method of redirection to the seller’s web page. Parameter value influences url parameter.

Available values:

0 – after the payment, the buyer will see a button to return to the seller’s web page,

2 – no reaction, lack of a button (default value).

4 – a direct redirection to the payment channel provider (e.g. bank) as well as after payment making and logging out of the service (called on-site / white label ). In order for functionality to fully work it is required to send necessary parameters needed for given payment channel. If any of them is NOT sent, seller is going to be redirected to Dotpay page to fill missing information, return process will be unchanged (redirection from channel provider to url will be automatic).

Important

If direct redirection mechanism (type = 4) is used it is necessary to add Dotpay Regulations of Payments (parameter bylaw ) and processing by PayPro S.A. payer’s personal data for the purposes of the payment proces (parameter personal_data ) agreement checkboxes.

Example:

After sending the given parameters set a button will be displayed allowing a Buyer to redirect to https://www.example.com/thanks_page.php:

type = 0

url = https://www.example.com/thanks_page.php

After sending the given parameters set and a full set of parameters required for payment process a buyer will be redirected directly (omitting Dotpay interface) to the payment channel provider (e.g. internet banking login form). After logging out from the payment provider service a buyer will be redirected to url address. Using the given value allows a scheme e.g. Shop –> Bank –> Shop:

type = 4

url = https://www.example.com/thanks_page.php

bylaw = 1

personal_data = 1

buttontext

The content that appears on a button to return to the seller website. Default text is Back to shop.

type: string

min length: 4

max length: 100

Example:

buttontext = Back to www.example.com

bylaw

Parameter informing that the customer has accepted the payment regulations and the cookies policy of PayPro S.A.

If this parameter is used, seller should display a checkbox to the client with information as follows.

Akceptuję <a title="regulamin płatności" target="_blank" href="https://ssl.dotpay.pl/t2/cloudfs1/magellan_media/regulamin_platnosci">Regulamin płatności</a> PayPro S.A..

Available values: 1 – payment regulations accepted

Example:

bylaw = 1

personal_data

Parameter informing about displaying to the Payer information on the processing of personal data by PayPro S.A..

If this parameter is used, seller should display content similar to the one below:

Przyjmuję do wiadomości, że w celu realizacji procesu płatności Administratorem moich danych osobowych jest PayPro S.A.. (KRS 0000347935), 60-327 Poznań (Polska), Kanclerska 15, +48126882600, <a href="mailto:bok@dotpay.pl">bok@dotpay.pl</a>, zobacz <a title="regulamin" target="_blank" href="https://ssl.dotpay.pl/t2/cloudfs1/magellan_media/rodo">pełną treść klauzuli informacyjnej</a>

Available values: 1 – information on hearing the clause information

Example:

personal_data = 1

urlc

Web address (HTTP or HTTPS) to receive parameters confirming or denying completion of the transaction. A detailed description of URLC confirmation is described further in chapter RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION).

It is recommended for the address to lead directly to the receiving file. If any 301 or 302 redirections occur in the way (which allow HTTP method to change), notification from Dotpay might be empty.

Another way is to use 307 / 308 redirections on the server, since they do not allow such behavior.

Sending parameter overrides default shop ( id ) configuration from seller administration panel in Settings –> Notifications –> Urlc configuration –> Edit tab .

Important

If option Block external urlc (menu Settings –> Notifications –> Urlc configuration –> Edit) is checked, urlc parameter will be ignored.

Important

If option HTTPS verify (menu Settings –> Notifications –> Urlc configuration –> Edit) is checked, address has to use HTTPS protocol.

type: string

max length: 1000

Example:

urlc = https://www.example.com/urlc_receiver.php

urlc = http://195.150.9.55/urlc_receiver.php

expiration_date

Payment request expiration date, according to the Europa / Warsaw time zone. When using this parameter it is recommended to sign the request sent to Dotpay. Description of signature creation can be found in Redirection parameters integrity protection (CHK) section.

Format: YYYY-MM-DD hh:mm:ss

Example:

expiration_date = 2019-06-01 12:06:37

control

Control parameter allows you to store sequence of data. Unchanged parameter is sent to the Merchant’s service in URLC confirmation.

type: string

max length: 1000

Example:

control = ec4bf09d3dbe0cb71e6abc3ea44a7273

firstname

This parameter identifies the first name of the person making the payment.

type: string

min length: 1

max length: 50

regular expression:

^[\p{L}0-9\s\-_]{1,50}$

Example:

firstname = John

lastname

This parameter identifies the surname of the person making the payment.

type: string

min length: 1

max length: 50

regular expression:

^[\p{L}0-9\s\-_]{1,50}$

Example:

lastname = Smith

email

E-mail address of a person making the payment. Payment confirmation will be sent at this address.

type: string

max length: 100

Example:

email = johnsmith@example.com

street

Street name. A part of the address of the buyer.

type: string

min length: 1

max length: 100

regular expression:

^[\p{L}0-9\.\s\-\'_,]{1,100}$

Example:

street = Wielicka

street_n1

Building number. A part of the address of the buyer.

type: string

min length: 1

max length: 30

regular expression:

^[\p{L}0-9\s\-_\/]{1,30}$

Example:

street_n1 = 4

street_n2

Flat number. A part of the address of the buyer.

type: string

max length: 30

regular expression:

^[\p{L}0-9\s\-_]{0,30}$

Example:

street_n2 = 18

state

Additional address data. A part of the address of the buyer.

type: string

max length: 50

Example:

state = NY

addr3

Additional address data. A part of the address of the buyer.

type: string

max length: 50

city

City name. A part of the address of the buyer.

type: string

min length: 1

max length: 50

regular expression:

^[\p{L}0-9\.\s\-\'_,]{1,50}$

Example:

city = Kraków

postcode

Postal code. A part of the address of the buyer.

type: string

max length: 20

regular expression:

^[\d\w\s\-]{0,20}$

Example:

postcode = 30-552

phone

Buyer’s phone number.

type: string

min length: 3

max length: 20

regular expression:

^[\+\s0-9\-_]{3,20}$

Example:

phone = +48 127654321

country

Country name. A part of the address of the buyer. The name should be given in accordance with the ISO 3166-1 (alfa-2 or alfa-3) or a text English short name (using title case).

type: string

max length: 50

Example:

country = PL

country = POL

country = Poland

lang

Defines the language of web page and payment forms.

If parameter is not sent, pages will be displayed based on browser language. If given language is not available, English will be used.

Available values:

cs – Czech,

de – German,

en – English,

es – Spanish,

fr – French,

hu – Hungarian,

it – Italian,

pl – Polish,

ro – Romanian,

ru – Russian,

uk – Ukrainian

lt – Lithuanian

lv – Latvian

sk – język słowacki

Example:

lang = en

customer

Recipient and shipping data. Parameter required for some channels (eg. 95 /PayPo/ ). This data should be in JSON a format and then encoded using Base64.

List of data for this parameter and it’s encoding has been described in Shipping and payer data section.

Value is not returned to merchant anywhere (e.g. in URLC notifications or administration panel).

Important

Using this parameter requires given account ( id ) to have enabled CHK verification.

type: string

Example:

customer = eyJyZWdpc3RlcmVkX3NpbmNlIjoiMjAxNy0xMi0zMSIsIm9yZGVyX2NvdW50IjoxMiwicGF5ZXIiOnsiZmlyc3RfbmFtZSI6IkphbiIsImxhc3RfbmFtZSI6Iktvd2FsIiwiZW1haWwiOiJqYW5AZXhhbXBsZS5jb20ifSwib3JkZXIiOnsiZGVsaXZlcnlfdHlwZSI6IkNPVVJJRVIiLCJkZWxpdmVyeV9hZGRyZXNzIjp7ImNpdHkiOiJLcmFrb3ciLCJzdHJlZXQiOiJXaWVsaWNrYSIsImJ1aWxkaW5nX251bWJlciI6IjExIiwiZmxhdF9udW1iZXIiOiI3IiwicG9zdGNvZGUiOiIzMC01NTMiLCJjb3VudHJ5IjoiUE9MIn19fQ==

deladdr

Delivery address. Parameter is used by Dotpay system only for informational purposes.

Value is not returned to merchant anywhere (e.g. in URLC notifications or administration panel).

type: string

max length: 500

Example:

deladdr = Delivery Point 3, Warszawa, ul. Ogonowa 14

p_info

With use of this parameter a seller can define the name of a payment receiver which will be displayed on the payment Dotpay website. In case the name is not provided the default name will be displayed.

Sending parameter overrides default shop ( id ) configuration from seller administration panel in Settings –> Shop configuration –> Edit tab

type: string

max length: 300

Example:

p_info = Sklep example.com

p_email

This parameter describes an e-mail address, which will be seen by a customer. It overwrites an email address provided during registration process.

Sending parameter overrides default shop ( id ) configuration from seller administration panel in Settings –> Shop configuration –> Edit tab.

type: string

max length: 100

Example:

p_email = office@example.com

pid

Payment link for a given store ( id ) generated via Dotpay Admin Panel (in the tab Tools –> Payment links generator –> Generate a payment link) or via the Seller administration panel API .

type: string

length: 32

Example:

pid = rfhu4jb5ym657g3xluf4bbqfmbyj6t17

The pid parameter can appear either alone in the payment link, e.g.

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17

or with additional parameters: lang , ignore_last_payment_channel , eg:

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17&ignore_last_payment_channel=1&lang=pl

Caution

By default, the store also requires the parameter link_pre-chk01| chk to be sent. In the case of generating payment links from the administration panel, the chk parameter is automatically added to the link. However, when the payment link is generated manually from parameters or using the administration panel API, it is necessary to generate the correct value chk and attaching it to the payment link.

blik_code

BLIK code confirming payment with given channel. In standard procedure the code is entered by customer on payment provider website after choosing BLIK channel.

Sending the parameter in redirection allows shortening payment process because code is entered on shop’s website with other order data.

type: string

min length: 6

max length: 6

regular expression:

^[\d]{6}$

Example:

blik_code = 264230

gp_token

Encoded using the Base64 function token received from Google Pay after the merchant’s implementation of the Google Pay API. It contains encrypted data of the tokenized pay card used to process the payment.

Sending the parameter in redirection allows shortening payment process because the authentication of the payer’s card data is already on the seller’s store page.

type: string

Example:

gp_token = eyJzaWduYXR1cmUiOiJNRVFDSUZDSm5MQWI1Rk50N3gwT0J1OHhPeVdRMisyanFBaGorbFAxdmhqYUpIVk5BaUJHRFRwMk9UOTNNYzFXNTJ6VVFhWitVUjBaYjQ0Kys5QTdzZ2E0YVFBSVZRPTRkIiwiaW50ZXJtZWRpYXRlU2lnbmluZ0tleSI6eyJzaWduZWRLZXkiOiJ7XCJrZXlWYWx1ZVwiOlwiTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFLzJ1NUpxRXIwUXFLU1IvbUFUcWVLa0xjVVZKVnVOOFQ5ZVBMOW5WS1hYRFNDa3NiZzVyN2pmMGI0cjVkQTMrMmxDUFV5M2xGTW9NSUx4WlYzYUd4SGdcXHUwMDNkXFx1MDAzZFwiLFwia2V5RXhwaXJhdGlvblwiOlwiMTU1MDkzNjQ3MjQ5OFwifSIsInNpZ25hdHVyZXMiOlsiTUVZQ0lRRHVPL09XZWY3eUhxUzdnaU55dEZQRXZPRlgxMkhGWHRCRFAxelRFViswaVFJaEFOMW90YnhZd2tqQXBEQlJBSDVNWmtwelhjS1lNQ01JSGhEMk9ubk9xQ21XIl19LCJwcm90b2NvbFZlcnNpb24iOiJFQ3YyIiwic2lnbmVkTWVzc2FnZSI6IntcImVuY3J5cHRlZE1lc3NhZ2VcIjpcImZGc2pkMlFCZzExTS9oOVpIUXRYZCt5aHNhYTNYWFBlWndZS0FGK1JGMnQ4RnZtUnZKMG8xc1ZtTHJ4TTc0M1VyY1p0aWhqaXV2TUdQMHBpYTBqcFo2cGxTaWlQUWZ5NmdYKy80MW1mVVloUTRJQ3BKYTVBWFp2QU40UTBidHdMZUNycGFCMGtmRjJQRkVGMmxVUnNNbHV5bU04ZGhadEdVZmZHUm5ocFpJUGF3dUgzUUhBYUpmYi9iZGpoaTV4S2JLSDlYK2FNTFlDN0M2Wmp0SG05QW5vL3BqcUV1ZmpiM2FHU29WYVhPQk55MXhZc3QrQ0xUT0xLdkxvOE81R252WklqeHc3dzV0TU90Ry8vWlczWGU0QlhXTzdLOXhGVmphRmwrNVMwcFpFY2c5YXV6OFVRSG1uVnU4dTBQdkp2UUpBMnRZOVBYU2VScmZRMU1PZUp1Z1c5d3VYWDhjVEQ0bHpEeTN5NE1GMkNuYXJSREQ4aUZsL0NkTXphNUVWOGRhN1o3NkFzQVc3eEpqbXZKNmd0bDJKLytyc01nK3dQV0d3UTA0NEhTUTNQVGduZFdCWVY0NVRPZ1d1YzI1R1Y5T204elhydERsWldrRGlLS1NkUmVyOU9SSnh0a0o1Y0Jhd2NcXHUwMDNkXCIsXCJlcGhlbWVyYWxQdWJsaWNLZXlcIjpcIkJESE81citMSlViMStkT20xeUdmbTR3MTlFQmFNWFFKSDVzbUZRd3ZWU21hV1dMYURlQlg5eFF1VXZDT21OQkhpMXpBMUFUYzFvUk9JVlg5QTFSa3Evd1xcdTAwM2RcIixcInRhZ1wiOlwiZnNQWG40dTNMMm5sY2VHN2ZQRzJmblh0UXdBVWdSNmxDNmJ0Qk12UjFMY1xcdTAwM2RcIn0ifQ==

ap_token

Encoded using the Base64 function token received from Apple Pay after the merchant’s implementation of the Apple Pay. It contains encrypted data of the tokenized pay card used to process the payment.

Sending the parameter in redirection allows shortening payment process because the authentication of the payer’s card data is already on the seller’s store page/payer device.

type: string

Example:

ap_token = eyJzacmUiOiJ … h0UXAwM2RcIn0ifQ==

2. RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION)

In order to inform the Seller about the executed operation (transaction) an URLC confirmation mechanism has been created (HTTP request asynchronous connection, callback) which is sent by POST method and fully independent from a buyer’s action.

Confirmations are directed to the seller’s address which can be set in settings of a given shop in Dotpay panel (menu Settings –> Notifications –> Urlc configuration –> Edit) or to the address read from urlc sent by the Seller’s system in redirection of a Buyer to the payment site (unless urlc parameter has been unblocked from external sources, i.e. uncheck Block external URLC option). If URLC notification address DON’T use HTTP secure protocol (i.e. HTTPS) remember to deactivate HTTPS verify and SSL certificate verify options in menu mentioned above.

Verifying whether transaction is unique in merchant’s system should NOT be based only on value of control == control parameter. If for some reason customer redirects multiple times between shop and Dotpay or Dotpay and bank, there is a possibility of receiving for example 2 notifications with contradicting status for the same control. Transaction should be identified by taking as well operation_number into account, transaction id given by Dotpay.

Caution

No verification of a amount == operation_original_amount , currency == operation_original_currency and signature parameters on a merchant’s site is unsecure and may cause financial loss.

Content and result of URLC notifications is available in Dotpay panel by showing given operation details (by clicking on its number) in Payments -> Operations list menu. In the same place there is also an option to resend those notifications.

Caution

For correctly received URLC confirmation by the Seller’s system Dotpay expects an answer

OK

(only two capital letters, nothing more – encoding UTF8 without BOM, HTTP response status code 200). OK is a correctly received and processed confirmation, for example:

echo "OK";

When a different answer than OK is reversed by the Seller’s system Dotpay system will repeat confirmations (every few, several minutes). The X-Dotpay-URLC-Number parameter may be passed in the notification header, which will be one value higher than the previous one, counting from ‘0’ as the first message.

Parameters and optional values sent in URLC confirmations to the Seller’s system have been presented in the table below.

Note

Optional parameters are not returned by default. To activate them contact Dotpay tech support ( tech@dotpay.pl ).

Note

By default system sends notifications URLC only for payment operations for completed and rejected status (listed in table below). To enable notifications for other operations and statuses contact Technical Support at tech@dotpay.pl .

2.1. Table 3. (Parameters sent by Dotpay back to merchant’s system)

PARAMETER

MEANING / DESCRIPTION

id

Account ID.

typ: integer

min value: 1

max value: 999999

Example:

id = 123456

operation_number

Transaction number.

Format according to regular expression:

^M\d{4,5}\-\d{4,5}$

Example:

operation_number = M1234-56789

operation_type

Transaction type.

Available values:

payment ,

payment_multimerchant_child ,

payment_multimerchant_parent ,

refund ,

payout ,

payout_any_amount ,

release_rollback ,

unidentified_payment

complaint

credit_card_registration

payout_commission - commission on payment

Example:

operation_type = payment

operation_status

Transaction status.

Available values:

new ,

processing ,

completed ,

rejected ,

processing_realization_waiting ,

processing_realization

Detailed description of operation statuses are presented in chapter ATTACHMENT II - OPERATION STATUSES DESCRIPTION

Note

completed and rejected status is final and will not change in the future.

Example:

operation_status = completed

operation_amount

Transaction amount.

The centesimal separator is a dot (.)

typ: string

min length: 1

max length: 10

Example:

operation_amount = 177.27

operation_currency

The currency in which the amount parameter is given. Format according to ISO 4217 standard.

Example:

operation_currency = PLN

operation_withdrawal_amount

Optional parameter indicating the operation withdrawal amount.

Example:

operation_withdrawal_amount = 176.00

operation_commission_amount

Optional parameter indicating the operation commission amount.

The parameter is presented as a negative amount, and therefore contains a - sign.

Example:

operation_commission_amount = -1.27

is_completed

Optional parameter indicating the transaction marked as completed in the seller’s panel.

Example:

is_completed = false

is_completed = true

operation_original_amount

The amount taken from amount parameter which has been sent by merchant’s system.

typ: string

min length: 1

max length: 10

Example:

operation_original_amount = 42.82

Important

No verification of a operation_original_amount parameter on a merchant’s site is unsecure and may cause financial loss.

operation_original_currency

The currency taken from currency parameter which has been sent by merchant’s system in redirecting buyer to the Dotpay website. Format compliant with standard ISO 4217 .

Example:

operation_original_currency = EUR

Important

No verification of a operation_original_currency parameter on a merchant’s site is unsecure and may cause financial loss.

operation_datetime

Date and time of transaction’s status change.

Format: YYYY-MM-DD hh:mm:ss

Example:

operation_datetime = 2014-06-01 12:06:37

operation_related_number

Number of related transaction, if any exists (e.g. in case of a refund).

Format according to regular expression:

^M\d{4,5}\-\d{4,5}$

Example:

operation_related_number = M1234-56789

If a confirmation regards refund number M9876-5432 executed for an original operation M1234-5678 the parameter will accept original transaction number value which is M1234-5678.

control

This value corresponds with control parameter which has been sent by merchant’s service in a redirection to Dotpay service while making the payment (see Table 2. (Additional parameters) ).

typ: string

max length: 1000

Example:

control = ec4bf09d3dbe0cb71e6abc3ea44a7273

description

This value corresponds with description parameter which has been sent by merchant’s service in a redirection to Dotpay service while making a payment (see Table 2. (Additional parameters) ).

typ: string

min length: 1

max length: 255

Example:

description = Invoice 20/2014

email

E-mail address of a person making the payment.

typ: string

max length: 100

Example:

email = johnsmith@example.com

p_info

Name of a payment receiver which was displayed on the Dotpay payment website during Customer payment making.

typ: string

max length: 300

Example:

p_info = Shop

p_email

E-mail address which was displayed for customer as contact to Seller.

typ: string

max length: 100

Example:

p_email = contact@shop.com

credit_card_issuer _identification_number

Optional parameter.

Masked payment card number with which payment has been made.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled.

Example:

credit_card_issuer_identification_number = 603753

credit_card_masked_number

Optional parameter.

Masked payment card number with which payment has been made.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled.

Example:

credit_card_masked_number = XXXX XXXX XXXX 6214

credit_card_expiration_year

Optional parameter.

Year expiration date of a payment card, which payment has been made.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled.

Example:

credit_card_expiration_year = 2019

credit_card_expiration_month

Optional parameter.

Month expiration date of a payment card, which payment has been made.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled.

Example:

credit_card_expiration_month = 01

credit_card_brand_codename

Optional parameter.

Payment card brand with which payment has been made.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled.

Example:

credit_card_brand_codename = visa

credit_card_brand_code

Optional parameter.

Payment card brand code with which payment has been made.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled.

Example:

credit_card_brand_code = Visa

credit_card_unique_identifier

Optional parameter.

The unique identifier of the card registered in Dotpay.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled.

Example:

credit_card_unique_identifier = 9b73chvjxofy4d9g…d78d7l53ju34po12

credit_card_id

Optional parameter.

Payment card ID given by Dotpay system.

Important

In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Additionally given account ( id ) has to be configured on Dotpay side so CHK validation is required.

Example:

credit_card_id = 59f92e2bf8bedc36…1369dvpa4b7ab02ae

channel

Payment channel (method) used by the buyer.

For available values see ATTACHMENT 1 - PAYMENT CHANNELS .

Example:

channel = 1

channel_country

Optional parameter.

Indicates the country of the payment instrument from which payment was made. Format: ISO 3166-1 (alpha-3).

Example:

channel_country = POL

geoip_country

Optional parameter.

Indicates the location of the country resulting from IP address from which the payment was made. Format: ISO 3166-1 (alpha-3).

Example:

geoip_country = POL

payer_bank_account_name

Optional parameter.

Account owner name registered in the bank.

Example:

payer_bank_account_name = JAN KOWALSKI

payer_bank_account

Optional parameter.

The bank account number from which the payment was made. Format compliant with the IBAN.

Example:

payer_bank_account = PL41 1050 1009 4448 5481 1411 1395

payer_transfer_title

Optional parameter.

The original title of the operation registered in the payer’s bank.

Example:

payer_transfer_title = Store Name M5223-2008 Operation title Transaction No.: M5223200800000000000000000000000

blik_voucher_pin

Optional parameter.

PIN for the issued BLIK vouchers.

Example:

blik_voucher_pin = 6365

blik_voucher_amount

Optional parameter.

The nominal value of issued voucher BLIK.

Example:

blik_voucher_amount = 100.00

blik_voucher_amount_used

Optional parameter.

Actual amount paid from the issued BLIK voucher. This amount may be equal to or less than the face value of the blik_voucher_amount voucher issued.

Example:

blik_voucher_amount_used = 60.00

channel_reference_id

Optional parameter.

Additional details of the operation, e.g. bank reference number.

Example:

channel_reference_id = CDEd3pis6offk708bac2070ebf478183ad91668fd495a9884

operation_seller_code

Optional parameter (only available by prior arrangement).

A reply code for a rejected transaction that describes the possible reason for a transaction being refused.

Sample codes are presented in table (equivalent to ‘seller_code’ in api seller).

Example:

operation_seller_code = CC_DO_NOT_HONOUR

signature

The checksum created by an acronym function SHA-256 being a concatenation of the above mentioned parameters according to the following formula:

PIN + id + operation_number + operation_type + operation_status + operation_amount + operation_currency + operation_withdrawal_amount + operation_commission_amount + is_completed + operation_original_amount + operation_original_currency + operation_datetime + operation_related_number + control + description + email + p_info + p_email + credit_card_issuer_identification_number + credit_card_masked_number + credit_card_expiration_year + credit_card_expiration_month + credit_card_brand_codename + credit_card_brand_code + credit_card_unique_identifier + credit_card_id + channel + channel_country + geoip_country + payer_bank_account_name + payer_bank_account + payer_transfer_title + blik_voucher_pin + blik_voucher_amount + blik_voucher_amount_used + channel_reference_id + operation_seller_code

Important

Sign + in the above formula has been used only for its readability. It is NOT used to calculate the checksum. If in sent notification some parameter is NOT present, should be considered as null value or omitted in the calculation.

Note

PIN used to calculate a signature parameter is a string of characters which should be generated by a Merchant ( id )in My Dotpay panel (menu Settings –> Notifications –> Urlc configuration).

It is only used to create the checksum and should NOT be sent along other payment data!

Important

No verification of a signature parameter on a merchant’s site is unsecure and may cause financial loss.

2.2. An example of calculating the signature parameter

An example of calculating parameter signature value is presented below in PHP.

 1 <?php
 2 
 3 $PIN = "Np3n4QmXxp6MOTrLCVs905fdrGf3QIGm";
 4 
 5 $sign =
 6         $PIN.
 7         $_POST['id'].
 8         $_POST['operation_number'].
 9         $_POST['operation_type'].
10         $_POST['operation_status'].
11         $_POST['operation_amount'].
12         $_POST['operation_currency'].
13         $_POST['operation_withdrawal_amount'].
14         $_POST['operation_commission_amount'].
15         $_POST['is_completed'].
16         $_POST['operation_original_amount'].
17         $_POST['operation_original_currency'].
18         $_POST['operation_datetime'].
19         $_POST['operation_related_number'].
20         $_POST['control'].
21         $_POST['description'].
22         $_POST['email'].
23         $_POST['p_info'].
24         $_POST['p_email'].
25         $_POST['credit_card_issuer_identification_number'].
26         $_POST['credit_card_masked_number'].
27         $_POST['credit_card_expiration_year'].
28         $_POST['credit_card_expiration_month'].
29         $_POST['credit_card_brand_codename'].
30         $_POST['credit_card_brand_code'].
31         $_POST['credit_card_unique_identifier'].
32         $_POST['credit_card_id'].
33         $_POST['channel'].
34         $_POST['channel_country'].
35         $_POST['geoip_country'].
36         $_POST['payer_bank_account_name'].
37         $_POST['payer_bank_account'].
38         $_POST['payer_transfer_title'].
39         $_POST['blik_voucher_pin'].
40         $_POST['blik_voucher_amount'].
41         $_POST['blik_voucher_amount_used'].
42         $_POST['channel_reference_id'].
43         $_POST['operation_seller_code'];
44 
45 $signature=hash('sha256', $sign);
46 
47 ?>

3. ADDITIONAL FEATURES

3.1. Redirection parameters integrity protection (CHK)

In order to protect redirection parameters integrity Dotpay system allows to sign their values.

The signature should be passed as an additional parameter chk (along with the rest of the parameters of the request directed to the Dotpay payment page).

Caution

All parameters used in the redirection to the Dotpay api must have exactly the name as described in this documentation. The use of alternative names for these parameters or a different case in the name will result in a mismatch in the calculated checksum.

The values of the parameters used should be treated as strings and UTF-8 encoded.

If the store configuration (Settings –> Shop configuration –> Edit) indicates an API version other than next, then the checksum calculated for the parameter chk It will be treated as incorrectly calculated - not in accordance with this documentation. Thus, the request will be rejected, i.e. the system will respond with an error and will not further process such a request. In the logs available in the Dotpay seller administration panel, in the tab Logs for such an event, an entry should appear with the following content “Required Chk obtained, but hash not equal.”

This does not apply to situations where the store configuration allowed to overwrite api settings in the store configuration ( id ) by sending a parameter in the request api_version = next .

The method of calculating the checksum is described in the following example:

  1. Examples of data collected in the process of creating a payment:

Sample array with parameters sent to Dotpay api
    Array
         (
              [id] => 123456
              [amount] => 98.53
              [currency] => PLN
              [description] => Order123
              [url] => https://www.example.com/thanks_page.php
              [type] => 0
         )
  1. To the parameter array we add an additional parameter named paramsList. The value of this parameter is determined as follows:

    1. We prepare a string of characters consisting of an alphabetically sorted list of the names of all parameters prepared in the process of creating the payment

    2. Separate the alphabetically sorted parameter names with a semicolon

We get the updated array:

Parameter array updated with additional parameter: paramsList
    Array
         (
              [amount] => 98.53
              [currency] => PLN
              [description] => Order123
              [id] => 123456
              [type] => 0
              [url] => https://www.example.com/thanks_page.php
              [paramsList] => amount;currency;description;id;type;url
         )

Caution

The paramsList parameter should not be added separately in a request sent directly to the dotpay api. The parameter paramsList is added only to the array built when creating the parameter itself chk and does not occur separately.

  1. Be sure to re-sort the list alphabetically the names of all the parameters involved in the new array:

    Sorted alphabetically updated array of parameters
       Array
            (
                 [amount] => 98.53
                 [currency] => PLN
                 [description] => Order123
                 [id] => 123456
                 [paramsList] => amount;currency;description;id;type;url
                 [type] => 0
                 [url] => https://www.example.com/thanks_page.php
            )
    
  2. We serialize the prepared array to JSON (UTF-8 encoding), without additional white characters. We treat all parameters in the array as strings. We recommend using character escaping (e.g. JSON_UNESCAPED_SLASHES in PHP).

    Array of data in JSON format
        {
             "amount": "98.53",
             "currency": "PLN",
             "description": "Order123",
             "id": "123456",
             "paramsList": "amount;currency;description;id;type;url",
             "type": "0",
             "url": "https://www.example.com/thanks_page.php"
        }
    
  3. We calculate the signature using the hmac algorithm with a unique key ( PIN ) to the Dotpay account (id) as the key, with the sha256 hash function. The result is a hexadecimal encoded string that should be entered as the value of the parameter chk

    Caution

    PIN is only used to calculate the checksum and should not be given as a separate parameter in requests sent to Dotpay!

    Function examples (in PHP) that generate the value of the parameter chk from the $ParametersArray array
            <?php
    
                 $DotpayPin = "POlj9b2xIl87u1hCauuT4SFw6RmF01Tuy";
    
                 function GenerateChk($DotpayPin, $ParametersArray)
    
                    {
                           //sorting the parameter list
                                ksort($ParametersArray);
    
                           // Display the semicolon separated list
                                $paramList = implode(';', array_keys($ParametersArray));
    
                           //adding the parameter 'paramList' with sorted list of parameters to the array
                                $ParametersArray['paramsList'] = $paramList;
    
                           //re-sorting the parameter list
                                ksort($ParametersArray);
    
                           //json encoding with JSON_UNESCAPED_SLASHES
                                $json = json_encode($ParametersArray, JSON_UNESCAPED_SLASHES);
    
                           // generate hash
                           return hash_hmac('sha256', $json, $DotpayPin, false);
                    }
    
                 // Source data array with parameters to be redirected to api dotpay:
                                     /*  Important!
    
                                             All values should be string.
                                             If you use a variable here, put a declaration (string) before the value.
                                             Other values should be enclosed in quotation marks, especially numerical ones.
                                     */
    
                                $ParametersArray = array(
                                          "id" => "123456",
                                          "amount" => "98.53",
                                          "currency" => "PLN",
                                          "description" => "Order123",
                                          "url" => "https://www.example.com/thanks_page.php",
                                          "type" => "0"
                                        );
    
                 //adding the chk parameter to the existing original array
                 $ParametersArray['chk'] = GenerateChk($DotpayPin, $ParametersArray);
    
                 //checking if everything works
                 print_r($ParametersArray);
    
            ?>
    
    The result of the above script is an updated parameter array with an additional checksum chk
       Array
            (
                 [id] => 123456
                 [amount] => 98.53
                 [currency] => PLN
                 [description] => Order123
                 [url] => https://www.example.com/thanks_page.php
                 [type] => 0
                 [chk] => 129db88a7f18bbb813a8c9c43a4bc5857fcb2d65d56c7f97dd77bd09d7e9ae73
            )
    

In case of links generated using seller administration panel ( pid ), calculation of chk to be used, which takes place only parameter pid (according to the above formula), the parameters that generated the same should not be taken into account pid .

Sorted array of data in JSON format for a single pid parameter
  {
       "paramsList": "pid",
       "pid": "Yhhu4jb5ym987g3xluf4bbqfmbyj6t87"
  }

If the redirection uses parameters other than pid, add them to the enumeration, e.g .:

Sorted data array in JSON format for the pid and lang parameters
  {
       "lang": "en",
       "paramsList": "lang;pid",
       "pid": "rfhu4jb5ym657g3xluf4bbqfmbyj6t17"
  }

Note

PIN used to calculate a chk parameter is a string of characters which should be generated by a Merchant ( id ) in My Dotpay panel (menu Settings –> Notifications –> Urlc configuration).

Caution

Default shop ( id ) configuration verifies chk parameter sent in payment request.

If it’s absent or its value is incorrect, error will be returned.

CHK verification isn’t the only payment security mechanism, in some cases it might prove to be unnecessary. chk verification allows to check parameters in the first step of payment: redirecting customer to Dotpay. The most important part is compare amount and currency from payment created in Dotpay with data saved in seller’s service - RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION).

If your shop doesn’t have chk verification enabled (it’s optional or completely disabled), ask Dotpay to change your account’s settings.

If you are not sure your integration supports chk, please contact your service provider / programmer responsible for the implementation, or Doptay Tech support (email: tech@dotpay.pl ).

In case you don’t want to use this security measure and are aware of possible implications, you can disable chk for your account ( id ). To do so, send an email to administracja@dotpay.pl .

Below are exemplary functions (PHP) generating POST / GET request with chk .

3.1.1. Basic Example

The data collected by the seller during the ordering process by the payer should be placed in the array $ParametersArray. You have to remember to make sure that the names of the parameters used are correct (use only the necessary and described in this documentation). In this example, the seller must ensure the correct validation of the value of the transferred data so that the payer filling in his data on the seller form does not use forbidden characters in individual parameters.

Download this example (change extension to .php): Download example

  1 <?php
  2 
  3 ################### https://www.dotpay.pl/developer/doc/api_payment/   ######################################################################
  4 #
  5 #    Exemplary function (PHP) generating  the correct payment redirection (POST / GET) to Dotpay payment api with parametr 'chk' (checksum).
  6 #    You enter the payment data in the parameter: $ParametersArray.
  7 #
  8 #
  9 #    PayPro S.A. 
 10 #    Tech Customer Service: tech@dotpay.pl
 11 #       Date: 2020-05-19
 12 #
 13 ##############################################################################################################################################
 14 
 15 
 16 /** ---------  BASE CONFIG  ---------  **/
 17 
 18 // Your Dotpay ID shop (6 digits)
 19 $DotpayId = "123456";
 20 
 21 // PIN for Your Dotpay ID (copy this from your dotpay panel carefully, without space)
 22 $DotpayPin = "MyDotpayPIN000000j7yytSgMPXlg200";
 23 
 24 // Dotpay Environment, available: "test" or "production"
 25 $Environment = "test";
 26 
 27 //Redirection method: POST or GET ; recommended method is "POST"
 28 $RedirectionMethod = "POST";
 29 
 30 // Auto submit form: available: true or false:
 31 // If true - you do not need to do a click to the form. Forwarding to the API will be automatically
 32 $autosubmit = true;
 33 
 34 /**  ---------  end config  ---------  **/
 35 
 36 
 37 
 38 // ** -----------------------   SAMPLE DATA ------------------------- **/
 39 
 40 /*  ## SAMPLE PAYMENT DATA IN ##  */
 41 // Note! You can use more parameters if You need
 42 // You must give at least: 'amount', 'currency', 'description' (and of course ID and PIN in the configuration of this script)
 43 // see more: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-1-podstawowe-parametry-przesylane-do-serwisu-dotpay
 44 // and: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-2-dodatkowe-parametry-przesylane-do-serwisu-dotpay
 45 
 46 
 47 /*  Important!
 48 
 49     All values should be string.
 50     If you use a variable here, put a declaration (string) before the value.
 51     Other values should be enclosed in quotation marks, especially numerical ones.
 52 */
 53 
 54 $ParametersArray = array(
 55     "id" => (string) $DotpayId,
 56     "api_version" => "next",
 57     "amount" => "78.00",
 58     "currency" => "PLN",
 59     "description" => "Order no. 577gj9",
 60     "url" => "https://www.example.com/thanks_page.php",
 61     "type" => "0",
 62     "urlc" => "https://www.example.com/urlc_receiver.php",
 63     "control" => "54f4g-dsgfdg-2342235",
 64     "firstname" => "Jan",
 65     "lastname" => "Nowak",
 66     "email" => "jan.nowak@example.com"
 67 );
 68 
 69 // ** -----------------------   SAMPLE DATA  end ------------------------- **/
 70 
 71 
 72 ## function: counts the checksum from the defined array of all parameters
 73 
 74 function GenerateChk($DotpayPin, $ParametersArray)
 75 {
 76     
 77     //sorting the parameter list
 78     ksort($ParametersArray);
 79     
 80     // Display the semicolon separated list
 81     $paramList = implode(';', array_keys($ParametersArray));
 82     
 83     //adding the parameter 'paramList' with sorted list of parameters to the array
 84     $ParametersArray['paramsList'] = $paramList;
 85     
 86     //re-sorting the parameter list
 87     ksort($ParametersArray);
 88     
 89     //json encoding  
 90     $json = json_encode($ParametersArray, JSON_UNESCAPED_SLASHES);
 91     
 92     
 93     return hash_hmac('sha256', $json, $DotpayPin, false);
 94     
 95 }
 96 
 97 
 98 ## Function: Generate simple FORM to DOTPAY
 99 
100 function GenerateChkDotpayRedirection($DotpayPin, $Environment, $RedirectionMethod, $ParametersArray, $next_chk, $autosubmit)
101 {       
102     
103     if ($Environment == 'production') {
104         $EnvironmentAddress = 'https://ssl.dotpay.pl/t2/';
105     } elseif ($Environment == 'test') {
106         $EnvironmentAddress = 'https://ssl.dotpay.pl/test_payment/';
107     }
108     
109     
110     
111     if ($RedirectionMethod == 'POST') {
112         $RedirectionCode = '<form action="' . $EnvironmentAddress . '" method="POST" id="dotpay_redirection_form" accept-charset="UTF-8">' . PHP_EOL;
113         
114         foreach ($ParametersArray as $key => $value) {
115             $RedirectionCode .= "\t" . '<input name="' . $key . '" value="' . $value . '" type="hidden"/>' . PHP_EOL;
116         }
117         $RedirectionCode .= "\t" . '<input name="chk" value="' . $next_chk . '" type="hidden"/>' . PHP_EOL;
118         $RedirectionCode .= '</form>' . PHP_EOL . '<button id="dotpay_redirection_button" type="submit" form="dotpay_redirection_form" value="Submit">Confirm and Pay</button>' . PHP_EOL;
119         
120         //auto submit form
121         if ($autosubmit == true) {
122             $RedirectionCode .= "<script type=\"text/javascript\">setTimeout(function(){document.getElementById('dotpay_redirection_form').submit();}, 10);</script>";
123         }
124         
125         return $RedirectionCode;
126         
127     } elseif ($RedirectionMethod == 'GET') {
128         $RedirectionCode = $EnvironmentAddress . '?';
129         
130         foreach ($ParametersArray as $key => $value) {
131             $RedirectionCode .= $key . '=' . rawurlencode($value) . '&';
132         }
133         
134         $RedirectionCode .= 'chk=' . $next_chk;
135         
136         return '<a href="' . $RedirectionCode . '">Link to Pay</a>';
137     } else {
138         return 'configuration error';
139         
140     }
141         
142 }
143 
144 
145 ####  
146 
147 // Calculate checksum for 'chk' parameter:
148 
149 $next_chk = GenerateChk($DotpayPin, $ParametersArray);
150 
151 /*   
152      Print the form according to the settings: 
153      get form (POST method) or payment link (GET method) 
154      ("account PIN","[test|production]","[POST|GET]","payment data","chk_value","[true|false]")
155 
156 */
157 
158 echo GenerateChkDotpayRedirection($DotpayPin, $Environment, $RedirectionMethod, $ParametersArray, $next_chk, $autosubmit);
159 
160 ?>

3.1.2. Example 2 expanded

The script includes a validation and “cleaning” mechanism for some data used in particular parameters.

The data collected by the seller during the ordering process by the payer should be assigned to the created variables (e.g. $order_amount, $payer_firstname, $payer_lastname, $dp_description, e.t.c.). The variables are then used in an array $ParametersArray after being filtered out. Validation applies to the payer’s data as: firstname , lastname , and data on the address of the payer, where most often forms may be incorrectly filled in by payers with forbidden characters in individual fields. Appropriate functions (eg. CheckPaymentLang(), CheckPaymentCurrency(), CheckStreet(), CheckStreetN1(), CheckStreetN2(), CheckCountry(), CheckPostcode(), CheckCity(), CheckPhone(), CheckLastname(), CheckFirstname()) remove illegal characters from such a string. When passed to a variable, the value for currency other than allowed (function getAcceptCurrency()) – the script will not generate the form, it will throw an exception. When passed to a variable, the value for lang other than allowed (function getAcceptLang()) – the script will set the value of this parameter to en (English).

Similarly, if customer is to be used among parameters, you can also use a similar solution as above by assigning data to variables and then to array $customer .

You have to remember to make sure that the names of the parameters used are correct (use only the necessary and described in this documentation).

Download this example (change extension to .php): Download example

  1 <?php
  2 
  3 ################### https://www.dotpay.pl/developer/doc/api_payment/   ######################################################################
  4 #
  5 #    Exemplary function (PHP) generating  the correct payment redirection (POST / GET) to Dotpay payment api with parametr 'chk' (checksum).
  6 #    You enter the payment data in the parameter: $ParametersArray (and $customer if you need)
  7 #    Added some functions that prevent certain parameters from passing invalid characters to api dotpay
  8 #
  9 #    PayPro S.A. 
 10 #    Tech Customer Service: tech@dotpay.pl
 11 #    Date: 2020-05-19
 12 #
 13 ##############################################################################################################################################
 14 
 15 
 16 /** ---------  BASE CONFIG  ---------  **/
 17 
 18 // Your Dotpay ID shop (6 digits)
 19 $DotpayId = "123456";
 20 
 21 // PIN for Your Dotpay ID (copy this from your dotpay panel carefully, without space)
 22 $DotpayPin = "MyDotpayPIN000000j4suuSgMPXlg100";
 23 
 24 // Dotpay Environment, available: "test" or "production"
 25 $Environment = "test";
 26 
 27 //Redirection method: POST or GET ; recommended method is "POST"
 28 $RedirectionMethod = "POST";
 29 
 30 // Auto submit form: available: true or false (only if $RedirectionMethod = "POST")
 31 // If true - you do not need to do a click to the form. Forwarding to the API will be automatically
 32 $autosubmit = false;
 33 
 34 ## ------------------------------------------------------------------------------------------------------------------------------------
 35 
 36 /** ---------  ORDER CONFIG  ---------  **/
 37 
 38 /* ## sample order details for payment, used in array: $ParametersArray ## */
 39 
 40 $order_amount    = "100.00";
 41 $order_currency  = "PLN";
 42 $dp_description  = "Order no. 567915976";
 43 $dp_url          = "https://www.example.com/thanks_page.php";
 44 $dp_type         = "0";
 45 $dp_urlc         = "https://www.example.com/urlc_receiver.php";
 46 $dp_control      = "M1231MzaUdLQWR3";
 47 $payer_firstname = "Jan";
 48 $payer_lastname  = "Nowak";
 49 $payer_email     = "jan.nowak@example.com";
 50 $payer_street    = "Zielona";
 51 $payer_street_n1 = "3b"; // Building number
 52 $payer_street_n2 = "16"; // Flat number
 53 $payer_city      = "Konin";
 54 $payer_postcode  = "12-345";
 55 $payer_phone     = "123456789";
 56 $payer_country   = "POL";
 57 $payer_lang      = "pl";
 58 $dp_last_channel = "1";
 59 
 60     /* 
 61         ... and other possible parameters if you need according to the documentation:
 62         https://www.dotpay.pl/developer/doc/api_payment/pl/index.html#tabela-2-dodatkowe-parametry-przesylane-do-serwisu-dotpay
 63 
 64     */
 65 
 66 
 67 
 68 /*  
 69     ###  SAMPLE CUSTOMER DATA IN with delivery address (optional), used in array: $customer ### You can remove it if You don't need it 
 70     manual: https://www.dotpay.pl/developer/doc/api_payment/pl/index.html#obsluga-danych-dostawy-oraz-placacego
 71 */
 72 
 73 $payer_first_name = "Adam";
 74 $payer_last_name  = "Kowal";
 75 $payer_email      = "mymail@example.com";
 76 $customer_city     = "Warszawa";
 77 $customer_street   = "Niebieska";
 78 $customer_building = "52";
 79 $customer_postcode = "00-953";
 80 
 81 
 82 
 83 /**  ---------  end config  ---------  **/
 84 
 85 
 86 ###  Below are some functions that prevent certain parameters from passing invalid characters to api dotpay ###
 87 
 88 /**
 89  *  checks and crops the size of a string
 90  *  the $special parameter means an estimate of how many urlencode characters can be used in a given field
 91  *  e.q. 'ż' (1 char) -> '%C5%BC' (6 chars)
 92  *  replacing removing double or more special characters that appear side by side by space from: firstname, lastname, city, street, p_info...
 93  */
 94 function encoded_substrParams($string, $from, $to, $special = 0)
 95 {
 96     $string2 = preg_replace('/(\s{2,}|\.{2,}|@{2,}|\-{2,}|\/{3,} | \'{2,}|\"{2,}|_{2,})/', ' ', $string);
 97     $s       = html_entity_decode($string2, ENT_QUOTES, 'UTF-8');
 98     $sub     = mb_substr($s, $from, $to, 'UTF-8');
 99     $sum     = strlen(urlencode($sub));
100     if ($sum > $to) {
101         $newsize = $to - $special;
102         $sub     = mb_substr($s, $from, $newsize, 'UTF-8');
103     }
104     return trim($sub);
105 }
106 
107 /**
108  * check, remove unnecessary characters and return customer firstname
109  * @return string
110  */
111 function CheckFirstname($firstName)
112 {
113     //allowed only: letters, digits, spaces, symbols _-.,'
114     $firstName  = preg_replace('/[^\w _-]/u', '', $firstName);
115     $firstName1 = html_entity_decode($firstName, ENT_QUOTES, 'UTF-8');
116     
117     
118     $NewPersonName1 = preg_replace('/[^\p{L}0-9\s\-_]/u', ' ', $firstName1);
119     return encoded_substrParams($NewPersonName1, 0, 49, 24);
120 }
121 
122 /**
123  * check, remove unnecessary characters and return customer lastname
124  * @return string
125  */
126 function CheckLastname($lastName)
127 {
128     
129     //allowed only: letters, digits, spaces, symbols _-.,'
130     $lastName  = preg_replace('/[^\w _-]/u', '', $lastName);
131     $lastName1 = html_entity_decode($lastName, ENT_QUOTES, 'UTF-8');
132     
133     $NewPersonName2 = preg_replace('/[^\p{L}0-9\s\-_]/u', ' ', $lastName1);
134     return encoded_substrParams($NewPersonName2, 0, 49, 24);
135 }
136 
137 /**
138  * check, remove unnecessary characters and return customer phone
139  * @return string
140  */
141 function CheckPhone($phone)
142 {
143     $phone = str_replace(' ', '', $phone);
144     $phone = str_replace('+', '', $phone);
145     
146     $NewPhone1 = preg_replace('/[^\+\s0-9\-_]/', '', $phone);
147     return encoded_substrParams($NewPhone1, 0, 19, 6);
148 }
149 
150 /**
151  * check, remove unnecessary characters and return customer city
152  * @return string
153  */
154 function CheckCity($city)
155 {
156     //allowed only: letters, digits, spaces, symbols _-.,'
157     $city  = preg_replace('/[^.\w \'_-]/u', '', $city);
158     $city1 = html_entity_decode($city, ENT_QUOTES, 'UTF-8');
159     
160     return encoded_substrParams($city1, 0, 49, 24);
161     
162 }
163 
164 /**
165  * check, remove unnecessary characters and return customer postcode
166  * @return string
167  */
168 function CheckPostcode($postcode, $country = null)
169 {
170     
171     if (empty($postcode)) {
172         return $postcode;
173     }
174     if (preg_match('/^\d{2}\-\d{3}$/', $postcode) == 0 && strtolower($country == 'pl')) {
175         $postcode = str_replace('-', '', $postcode);
176         $postcode = substr($postcode, 0, 2) . '-' . substr($postcode, 2, 3);
177     }
178     
179     $NewPostcode1 = preg_replace('/[^\d\w\s\-]/', '', $postcode);
180     return encoded_substrParams($NewPostcode1, 0, 19, 6);
181     
182 }
183 
184 
185 /**
186  * check, remove unnecessary characters and return customer country
187  * @return string
188  */
189 function CheckCountry($country)
190 {
191     
192     if (preg_match('/^[a-zA-Z]{2,3}$/', trim($country)) == 0) {
193         $country_check = null;
194     } else {
195         $country_check = trim($country);
196     }
197     
198     return strtoupper($country_check);
199 }
200 
201 
202 /**
203  * check, remove unnecessary characters and return customer street
204  * @return string
205  */
206 function CheckStreet($street)
207 {
208     
209     //allowed only: letters, digits, spaces, symbols _-.,'
210     $street  = preg_replace('/[^.\w \'_-]/u', '', $street);
211     $street1 = html_entity_decode($street, ENT_QUOTES, 'UTF-8');
212     
213     return encoded_substrParams($street1, 0, 99, 50);
214 }
215 
216 
217 /**
218  * check, remove unnecessary characters and return customer street_n1 - building number
219  * @return string
220  */
221 function CheckStreetN1($street_n1)
222 {
223     
224     //allowed only: letters, digits, spaces, symbols _-.,'
225     $street_n1  = preg_replace('/[^\p{L}0-9\s\-_\/]/u', '', $street_n1);
226     $street1_n1 = html_entity_decode($street_n1, ENT_QUOTES, 'UTF-8');
227     
228     return encoded_substrParams($street1_n1, 0, 29, 24);
229 }
230 
231 
232 /**
233  * check, remove unnecessary characters and return customer street_n2 - flat number.
234  * @return string
235  */
236 function CheckStreetN2($street_n2)
237 {
238     
239     //allowed only: letters, digits, spaces, symbols _-.,'
240     $street_n2  = preg_replace('/[^\p{L}0-9\s\-_]/u', '', $street_n2);
241     $street1_n2 = html_entity_decode($street_n2, ENT_QUOTES, 'UTF-8');
242     
243     return encoded_substrParams($street1_n2, 0, 29, 24);
244 }
245 
246 /**
247  * Return array of languages that are accepted by Dotpay
248  * @return array
249  */
250 function getAcceptLang()
251 {
252     return array(
253         'pl',
254         'en',
255         'de',
256         'it',
257         'fr',
258         'es',
259         'cz',
260         'cs',
261         'ru',
262         'hu',
263         'ro',
264         'uk',
265         'lt',
266         'lv',
267         'sk'
268     );
269 }
270 
271 
272 /**
273  * Return array of Curriences that are accepted by Dotpay
274  * @return array
275  */
276 function getAcceptCurrency()
277 {
278     return array(
279         'EUR',
280         'USD',
281         'GBP',
282         'JPY',
283         'CZK',
284         'SEK',
285         'UAH',
286         'RON',
287         'PLN',
288         'NOK',
289         'BGN',
290         'CHF',
291         'HRK',
292         'HUF',
293         'RUB'
294     );
295 }
296 
297 
298 
299 /**
300  * Return payment language name
301  * @return string
302  */
303 function CheckPaymentLang($language)
304 {
305     $f_dotpay_lang = '';
306     
307     if (is_string($language)) {
308         $languageArray = explode('-', $language);
309         if (isset($languageArray[0])) {
310             $languageLower = strtolower($languageArray[0]);
311             $f_dotpay_lang = $languageLower;
312         }
313     }
314     
315     if ($f_dotpay_lang == 'pl') {
316         $dotpay_lang = 'pl';
317     } elseif (!in_array($languageLower, getAcceptLang())) {
318         $dotpay_lang = 'en';
319     } else {
320         $dotpay_lang = $languageLower;
321     }
322     
323     return $dotpay_lang;
324 }
325 
326 
327 /**
328  * Check a currency code by comparing allowed ( getAcceptCurrency() function)
329  * @param string $currency Currency code
330  * return false when the given currency code is incorrect
331  */
332 function CheckPaymentCurrency($currency)
333 {
334     $currency = strtoupper($currency);
335     
336     if (!in_array($currency, getAcceptCurrency())) {
337         $dotpay_currency = false;
338     } else {
339         $dotpay_currency = (string) $currency;
340     }
341     
342     return $dotpay_currency;
343 }
344 
345 
346 
347 /**
348  * Convert original amount using a dot as a decimal place regardless of the locale.
349  * @param float $amount
350  * @return string
351  * 
352  */
353 
354 function normalizeDecimalAmount($val)
355 {
356     
357     $input  = str_replace(' ', '', $val);
358     $number = str_replace(',', '.', $input);
359     if (strpos($number, '.')) {
360         $groups    = explode('.', str_replace(',', '.', $number));
361         $lastGroup = array_pop($groups);
362         $number    = implode('', $groups) . '.' . $lastGroup;
363     }
364     return bcadd($number, 0, 2);
365 }
366 
367 
368 // ** -----------------------   SAMPLE DATA ------------------------- **/
369 
370 /*  ## SAMPLE PAYMENT DATA IN ## 
371 
372 Note! You can use more parameters if You need. Case sensitive in parameter names is important !
373 You must give at least: 'amount', 'currency', 'description' (and of course ID and PIN in the configuration of this script)
374 see more: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-1-podstawowe-parametry-przesylane-do-serwisu-dotpay
375 and: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-2-dodatkowe-parametry-przesylane-do-serwisu-dotpay
376 
377 Filters were used to remove forbidden characters entered e.g. in the address by the payer from specific parameters.
378 
379 */
380 
381 
382 /*  Important!
383 
384     All values should be string.
385     If you use a variable here, put a declaration (string) before the value.
386     Other values should be enclosed in quotation marks, especially numerical ones.
387 */
388 
389 $ParametersArray = array(
390     
391     "id" => (string) $DotpayId,
392     "api_version" => "next", // !important
393     "amount" => (string) normalizeDecimalAmount($order_amount),
394     "currency" => (string) CheckPaymentCurrency($order_currency),
395     "description" => (string) $dp_description,
396     "url" => (string) $dp_url,
397     "type" => (string) $dp_type,
398     "urlc" => (string) $dp_urlc,
399     "control" => (string) $dp_control,
400     "firstname" => (string) CheckFirstname($payer_firstname),
401     "lastname" => (string) CheckLastname($payer_lastname),
402     "email" => (string) $payer_email,
403     "street" => (string) CheckStreet($payer_street),
404     "street_n1" => (string) CheckStreetN1($payer_street_n1),
405     "street_n2" => (string) CheckStreetN2($payer_street_n2),
406     "city" => (string) CheckCity($payer_city),
407     "postcode" => (string) CheckPostcode($payer_postcode, strtolower($payer_lang)),
408     "phone" => (string) CheckPhone($payer_phone),
409     "country" => (string) CheckCountry($payer_country),
410     "lang" => (string) CheckPaymentLang($payer_lang),
411     "ignore_last_payment_channel" => (string) $dp_last_channel
412 );
413 
414 
415 
416 /*   ###  SAMPLE CUSTOMER DATA IN with delivery address (optional) ###
417 You can remove it if You don't need it
418 */
419 
420 // ------
421 $customer = array(
422     
423     "payer" => array(
424         "first_name" => CheckFirstname($payer_first_name),
425         "last_name" => CheckLastname($payer_last_name),
426         "email" => $payer_email
427     ),
428     "order" => array(
429         "delivery_address" => array(
430             "city" => CheckCity($customer_city),
431             "street" => (string) CheckStreet($customer_street),
432             "building_number" => (string) CheckStreetN1($customer_building),
433             "postcode" => (string) CheckPostcode($customer_postcode)
434         )
435     )
436 );
437 
438 
439 
440 if (empty($customer) || !isset($customer['payer']['first_name']) || !isset($customer['payer']['last_name']) || !isset($customer['payer']['email']) || !isset($customer['order']['delivery_address']['city']) || !isset($customer['order']['delivery_address']['street']) || !isset($customer['order']['delivery_address']['building_number']) || !isset($customer['order']['delivery_address']['postcode'])) {
441     $customer_base64 = null;
442 } else {
443     $customer_base64 = base64_encode(json_encode($customer, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
444 }
445 
446 
447 if ($customer_base64 != null) {
448     $ParametersArray["customer"] = $customer_base64;
449 }
450 
451 
452 
453 // ** -----------------------   SAMPLE DATA  end ------------------------- **/
454 
455 
456 
457 ## function: counts the checksum from the defined array of all parameters
458 
459 function GenerateChk($DotpayPin, $ParametersArray)
460 {
461     //sorting the parameter list
462     ksort($ParametersArray);
463     
464     // Display the semicolon separated list
465     $paramList = implode(';', array_keys($ParametersArray));
466     
467     //adding the parameter 'paramList' with sorted list of parameters to the array
468     $ParametersArray['paramsList'] = $paramList;
469     
470     //re-sorting the parameter list
471     ksort($ParametersArray);
472     
473     //json encoding  
474     $json = json_encode($ParametersArray, JSON_UNESCAPED_SLASHES);
475     
476     return hash_hmac('sha256', $json, $DotpayPin, false);
477     
478 }
479 
480 
481 
482 
483 ## Function: Generate simple FORM to DOTPAY
484 
485 function GenerateChkDotpayRedirection($DotpayPin, $Environment, $RedirectionMethod, $ParametersArray, $next_chk, $autosubmit)
486 {
487     
488     //$ParametersArray = array_change_key_case($ParametersArray, CASE_LOWER);
489     
490     
491     if ($Environment == 'production') {
492         $EnvironmentAddress = 'https://ssl.dotpay.pl/t2/';
493     } elseif ($Environment == 'test') {
494         $EnvironmentAddress = 'https://ssl.dotpay.pl/test_payment/';
495     }
496     
497     
498     
499     if ($RedirectionMethod == 'POST') {
500         $RedirectionCode = '<form action="' . $EnvironmentAddress . '" method="POST" id="dotpay_redirection_form" accept-charset="UTF-8">' . PHP_EOL;
501         
502         foreach ($ParametersArray as $key => $value) {
503             $RedirectionCode .= "\t" . '<input name="' . $key . '" value="' . $value . '" type="hidden"/>' . PHP_EOL;
504         }
505         $RedirectionCode .= "\t" . '<input name="chk" value="' . $next_chk . '" type="hidden"/>' . PHP_EOL;
506         $RedirectionCode .= '</form>' . PHP_EOL . '<button id="dotpay_redirection_button" type="submit" form="dotpay_redirection_form" value="Submit">Confirm and Pay</button>' . PHP_EOL;
507         
508         //auto submit form
509         if ($autosubmit == true) {
510             $RedirectionCode .= "<script type=\"text/javascript\">setTimeout(function(){document.getElementById('dotpay_redirection_form').submit();}, 10);</script>";
511         }
512         
513         return $RedirectionCode;
514         
515     } elseif ($RedirectionMethod == 'GET') {
516         $RedirectionCode = $EnvironmentAddress . '?';
517         
518         foreach ($ParametersArray as $key => $value) {
519             $RedirectionCode .= $key . '=' . rawurlencode($value) . '&';
520         }
521         
522         $RedirectionCode .= 'chk=' . $next_chk;
523         
524         return '<a href="' . $RedirectionCode . '">Link to Pay</a>';
525     } else {
526         return 'configuration error';
527         
528     }
529     
530     
531 }
532 
533 ####  
534 
535 // Calculate checksum for 'chk' parameter:
536 
537 $next_chk = GenerateChk($DotpayPin, $ParametersArray);
538 
539 
540 
541 /*   
542     Print the form according to the settings: 
543     get form (POST method) or payment link (GET method)
544     ("account PIN","[test|production]","[POST|GET]","payment data","chk_value","[true|false]")
545 */
546 if (CheckPaymentCurrency($order_currency) != false) {
547 
548     echo GenerateChkDotpayRedirection($DotpayPin, $Environment, $RedirectionMethod, $ParametersArray, $next_chk, $autosubmit);
549 
550 } else {
551     echo "The currency of the payment you want to use (" . $order_currency . ") is not allowed in the Dotpay system!";
552 }
553 
554 
555 ?>

3.2. One-click and recurring payments

Note

Functionality is only available for shops ( id ) which were adequately configured by Dotpay, what is dependent on signed agreement.

Functionality is only available for payment card channel (number 248), allowing client to realize payments without entering complete card data in future transactions made via Dotpay.

In order to use the functionality seller’s system has to send additional parameters (described below) in payment request and client should allow his card information to be stored by Dotpay (all data is stored according to highest security standards – PCI DSS Level 1).

When using described functionality it is recommended for request sent to Dotpay to be signed as well as signature verification to be required on given shop ( id ). Description of signature creation can be found in Redirection parameters integrity protection (CHK) section.

In order to register client’s card data in Dotpay system additional parameters have to be sent:

3.2.1. Table 4. (Parameters for card registration)

PARAMETER

MEANING / DESCRIPTION

credit_card_store

Parameter defining whether client card data should be stored by Dotpay.

Available values:

1 – Storing credit card data is accepted

Example:

credit_card_store = 1

credit_card_customer_id

Unique buyer ID generated and stored by seller’s system. Required for future payments

Important

Dotpay does NOT return this information anywhere (i.e. URLC or API).

type: string

min length: 4

max length 1024

Example:

credit_card_customer_id = f9c6a4-25473

credit_card_registration

Optional parameter.

Creates operation credit_card_registration instead of payment, what allows to register credit card without paying.

Instead of charge temporary funds blockade will be issued, which is lifted when registration process is completed.

Tip

For operation credit_card_registration it’s required to use an amount of value 1.00 ( amount = 1.00).

Available values:

true – registration without payment

Example:

credit_card_registration = true

In order to make payment with registered card additional parameters described below need to be sent:

3.2.2. Table 5. (Parameters for consecutive payments with previously registered card)

PARAMETER

MEANING / DESCRIPTION

credit_card_customer_id

Unique buyer ID generated by seller’s system described in table above.

credit_card_id

Buyer’s registered card ID

This information might be sent in URLC notification (special account configuration required, described in RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION) section). It also might be received via API from operation details.

Common parameters for both first and consecutive payments have been described in table below, all of them are optional. Standard account configuration doesn’t allow them to be used (default settings are applied, configurable by Dotpay), special agreement might be required in order to send them.

3.2.3. Table 6. (Common parameters for both first and consecutive payments)

PARAMETER

MEANING / DESCRIPTION

credit_card_operation_type

Optional parameter. Operation type.

Available values:

e_commerce – first and consecutive payment in one-click model (default value),

recurring_init – first transaction allowing later use of recurring payments,

recurring – recurring payment (customer doesn’t have to be present in order to charge the registered card),

Account ( id ) might be configured by Dotpay so recurring payments are default setting. In this case appropriate types recurring_init and recurring are going to be set automatically.

Parameter is required when one account ( id ) handles both e-commerce and recurring payments.

Tip

A card registered through e_commerce cannot be used directly to perform recurring. To make this possible, you must first perform a recurring initiation, i.e. an operation of the recurring_init.

If the card has already been registered in the e_commerce process, it is not necessary to provide full card details to perform the recurring_init, it is enough to enter the Card ID assigned by the Dotpay system ( credit_card_id )

Cards registered using recurring_init can be used for both recurring and e_commerce.

credit_card_security_code_required

Optional parameter. Allows to control whether CVV/CVV2 security code is required during payment. Applies only to consecutive e_commerce (one click).

Available values:

yes – required (default value),

no – not required,

option – field for security code will show up on payment form, but it won’t be mandatory.

credit_card_threeds

Optional parameter. Allows to control whether 3-D Secure authentication code is required during payment. Applies only to e_commerce model for enrolled cards.

Available values:

yes – required (default value, recommended for transaction security),

no – not required,

Tip

Operation type recurring_init requires and recurring doesn’t require 3-D Secure authentication code, ignoring account settings or sent parameters.

credit_card_avs

Optional parameter. Allows to control whether customer will be required to enter additional personal data on payment form (address and phone number).

Available values:

yes – required,

no – not required (default value).

3.2.4. Exemplary integration models and their corresponding requirements)

3.2.4.1. Integration model: 1 click

Table 7: Requirements for integration type 1 Click

Card registration

Consecutive payment

Required parameters:

- credit_card_customer_id

- credit_card_store = 1

Payment process:

- CVV - required

- 3DS – required*

Required parameters:

- credit_card_customer_id

- credit_card_id

Payment process:

- CVV - optional

- 3DS - required*

* - recommended for transaction security

3.2.4.2. Integration model: recurring

Table 8: Requirements for integration type recurring

Card registration

Consecutive payment

Required parameters:

- credit_card_customer_id

- credit_card_store = 1

Payment process:

- CVV - required

- 3DS - required

Required parameters:

- credit_card_customer_id

- credit_card_id

Payment process:

- CVV - not applicable

- 3DS - not applicable

* - recommended for transaction security

3.2.4.3. Mixed integration model: 1 click + recurring

Table 9: Requirements for integration type 1 click + recurring . Default account setting: e-commerce

Integration model

Card registration

Consecutive payment

1 click

Required parameters:

- credit_card_customer_id

- credit_card_store = 1

Payment process:

- CVV - required

- 3DS - required*

Required parameters:

- credit_card_customer_id

- credit_card_id

Payment process:

- CVV - optional

- 3DS - required*

recurring

Required parameters:

- credit_card_customer_id

- credit_card_store = 1

- credit_card_operation_type = recurring_init

Payment process:

- CVV - required

- 3DS - required

Required parameters:

- credit_card_customer_id

- credit_card_id

- credit_card_operation_type = recurring

Payment process:

- CVV - not applicable

- 3DS - not applicable

* - recommended for transaction security

Table 10: Requirements for integration type 1 click + recurring Default account setting: recurring

Integration model

Card registration

Consecutive payment

1 click

Required parameters:

- credit_card_customer_id

- credit_card_store = 1

- credit_card_operation_type = e_commerce

Payment process:

- CVV - required

- 3DS - required*

Required parameters:

- credit_card_customer_id

- credit_card_id

- credit_card_operation_type = e_commerce

Payment process:

- CVV - optional

- 3DS - required*

recurring

Required parameters:

- credit_card_customer_id

- credit_card_store = 1

Payment process:

- CVV - required

- 3DS - required

Required parameters:

- credit_card_customer_id

- credit_card_id

Payment process:

- CVV - not applicable

- 3DS - not applicable

* - recommended for transaction security

Below are exemplary redirection forms for one-click payment realization.

Exemplary payment request with card registration:

 1 <div>
 2 
 3   <form action="https://ssl.dotpay.pl/t2/" method="post" id="dotpay_redirection_form">
 4     <input name="api_version" value="next" type="hidden" />
 5     <input name="id" value="123456" type="hidden" />
 6     <input name="amount" value="320.00" type="hidden" />
 7     <input name="currency" value="PLN" type="hidden" />
 8     <input name="description" value="Płatność za 12345/2014" type="hidden" />
 9     <input name="control" value="202cb962ac590" type="hidden" />
10     <input name="channel" value="248" type="hidden" />
11     <input name="ch_lock" value="1" type="hidden" />
12     <input name="firstname" value="John" type="hidden" />
13     <input name="lastname" value="Smith" type="hidden" />
14     <input name="email" value="john.smith@example.com" type="hidden" />
15     <input name="type" value="0" type="hidden" />
16     <input name="url" value="https://www.example.com/thanks_page.php" type="hidden" />
17     <input name="urlc" value="https://www.example.com/urlc_receiver.php" type="hidden" />
18     <input name="credit_card_store" value="1" type="hidden" />
19     <input name="credit_card_customer_id" value="f9c6a4-25473" type="hidden" />
20     <input name="chk" value="11ac1938ac47ddd53815b4aeb6230ab9fe4554d82ee11e39c41b9055f38f5c08" type="hidden" />
21   </form>
22   <p>
23     <button type="submit" form="dotpay_redirection_form" value="Submit">
24       Potwierdź zamówienie i zapłać</button>
25   </p>
26 
27 </div>

Exemplary payment request using registered card data (one-click):

 1 <div>
 2   <form action="https://ssl.dotpay.pl/t2/" method="post" id="dotpay_redirection_form">
 3 
 4     <input name="api_version" value="next" type="hidden" />
 5     <input name="id" value="123456" type="hidden" />
 6     <input name="amount" value="410.00" type="hidden" />
 7     <input name="currency" value="PLN" type="hidden" />
 8     <input name="description" value="Płatność za 12346/2014" type="hidden" />
 9     <input name="control" value="31ee79b30dc39a9cbaa" type="hidden" />
10     <input name="channel" value="248" type="hidden" />
11     <input name="ch_lock" value="1" type="hidden" />
12     <input name="firstname" value="John" type="hidden" />
13     <input name="lastname" value="Smith" type="hidden" />
14     <input name="email" value="john.smith@example.com" type="hidden" />
15     <input name="type" value="4" type="hidden" />
16     <input name="url" value="https://www.example.com/thanks_page.php" type="hidden" />
17     <input name="urlc" value="https://www.example.com/urlc_receiver.php" type="hidden" />
18     <input name="credit_card_customer_id" value="f9c6a4-25473" type="hidden" />
19     <input name="credit_card_id" value="59f92e2bf8bedc36bec2219862448dd54d...1829a239eb7432d0easuxp2w158eb13d6333ce71369184eb7ab02ae" type="hidden" />
20     <input name="chk" value="ed0ef4e488ec2de3135b0a1ca226c31867f78bbcd8fe06506ae666210a78d68c" type="hidden" />
21 
22   </form>
23 
24   <p>
25     <button type="submit" form="dotpay_redirection_form" value="Submit">Potwierdź zamówienie i zapłać (płatność one-click)</button>
26   </p>
27 </div>

Note

For recurring payments it is recommended to use direct communication with Dotpay using REST API ( register order ).

Table below describes parameters which allow payment card data to be sent to Dotpay system if it is entered by client on seller’s website (for example on order summary page) instead of Dotpay.

Note

Processing payment card data by seller’s system requires – according to Payment Card Industry Data Security Standard (PCI DSS) – additional conditions to be met.

In order to receive more information about necessary formalities please contact Sales Department (handlowy@dotpay.pl).

Caution

Sending payment card data with parameters described below is only possible via POST method.

3.2.5. Table 11. (Parameters for credit card data)

PARAMETER

MEANING / DESCRIPTION

credit_card_number

Client’s payment card number.

type: credit_card_number

max length: 26

regular expression:

^[\d\s]{12,26}$

Example:

credit_card_number = 5500005555555559

credit_card_expiration_date_year

Year of client’s payment card expiration date.

length: 4

regular expression:

^(20)((19)|([2-9][0-9]))$

Example:

credit_card_expiration_date_year = 2019

credit_card_expiration_date_month

Month of client’s payment card expiration date.

length: 2

regular expression:

^(0[1-9])|(1[0-2])$

Example:

credit_card_expiration_date_month = 02

credit_card_security_code

Client’s payment card security code (CVV2/CVC2).

type: number

max length: 4

regular expression:

^\d{3,4}$

Example:

credit_card_security_code = 559

Deleting registered card might be realized with methods below:

  1. Client might use link given in payment confirmation emails.

  2. Deregistration request might be sent to Dotpay from seller’s system via API.

Request should be sent using DELETE method to the https://ssl.dotpay.pl/t2/payment_api/v1/cards/{credit_card_id}/ address where {credit_card_id} is card ID which should be removed.

Below is exemplary request (in PHP) and response of card deregistration. Authorization data (user, password) is adequate to seller GUI login credentials.

Request:

 1 <?php
 2 
 3 $ch = curl_init();
 4   curl_setopt($ch, CURLOPT_URL, "https://ssl.dotpay.pl/t2/payment_api/v1/cards/59f92e2bf8bedc36bec221...718c58eb13d6333ce71369184eb7ab02ae/");
 5   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
 6   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
 7   curl_setopt($ch, CURLOPT_CAINFO, "ca-bundle.crt"); //http://curl.haxx.se/docs/caextract.html
 8   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
 9   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
10   curl_setopt($ch, CURLOPT_TIMEOUT, 100);
11   curl_setopt($ch, CURLOPT_USERPWD, 'user:password');
12   curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");
13 
14   $response = curl_exec($ch); // API response
15   $curl_info = curl_getinfo($ch); //curl info
16   curl_close($ch);
17 
18   echo '<pre>';
19   echo 'HTTP status code: '.$curl_info[http_code];
20   echo PHP_EOL.'-------------------------'.PHP_EOL.PHP_EOL;
21     print_r(json_decode($response));
22     echo '</pre>';

Sample request to unregister the card:

DELETE /cards/(string: credit_card_id)/

Response:

HTTP/1.1 204 No Content

HTTP status code meaning:

CODE

MEANING / DESCRIPTION

204 No Content

Deleted

404 Not Found

Credit Card not found

400 Bad Request

Request processing error

3.3. Split payment (Multimerchant)

Note

Functionality is only available for shops ( id ) which were adequately configured by Dotpay, what is dependent on signed agreement.

Functionality allows to split one payment into multiple amounts to be accounted on given shops ( id ). Request has to contain additional parameters (required id(n) , amount(n) , and optional currency(n) , description(n) , control(n) , where (n) is a greater than 0 integer defining consecutive ID, amounts etc.) alongside standard parameters described in ADVANCED VERSION section.

Caution

It is not possible to make a Multimerchant payment with different currencies at once, value of each currency(n) parameter has to be the same as currency .

When using this functionality parameter id defines shop (called multimerchant parent) where operation payment_multimerchant_parent will be created, only as an information about full payment amount (sent in amount parameter). Meanwhile on shops id(n) (called multimerchant child) amounts amount1 - amount(n) will be accounted as payment_multimerchant_child operation.

Information sent is URLC notifications is adequate to given payment_multimerchant_parent or payment_multimerchant_child created on each shop ( id ).

Caution

In order for URLC notifications to be sent on multimerchant child accounts, an address has to be entered in each id(n) configuration (Settings –> Notifications –> Urlc configuration –> Edit) as there is no option to define parameter like urlc(n) .

Caution

It is only possible to refund payment_multimerchant_child operation accounted on given id(n) . It is NOT possible to refund whole payment using payment_multimerchant_parent .

Below is an exemplary split payment form.

 1 <div>
 2 
 3   <form action="https://ssl.dotpay.pl/t2/" id="dotpay_redirection_form" method="POST" enctype="application/x-www-form-urlencoded">
 4     <input type="hidden" name="api_version" value="next">
 5     
 6     <input type="hidden" name="id" value="123456">
 7     <input type="hidden" name="amount" value="320.00">
 8     <input type="hidden" name="currency" value="PLN">
 9     <input type="hidden" name="description" value="Płatność za zamówienie 01/2017 parent">
10     <input type="hidden" name="control" value="control_parent">
11 
12     <input type="hidden" name="id1" value="456123">
13     <input type="hidden" name="amount1" value="120.00">
14     <input type="hidden" name="currency1" value="PLN">
15     <input type="hidden" name="description1" value="Płatność za zamówienie 01/2017 child1">
16     <input type="hidden" name="control1" value="control_child1">
17 
18     <input type="hidden" name="id2" value="561423">
19     <input type="hidden" name="amount2" value="90.00">
20     <input type="hidden" name="currency2" value="PLN">
21     <input type="hidden" name="description2" value="Płatność za zamówienie 01/2017 child2">
22     <input type="hidden" name="control2" value="control_child2">
23 
24     <input type="hidden" name="id3" value="642513">
25     <input type="hidden" name="amount3" value="110.00">
26     <input type="hidden" name="currency3" value="PLN">
27     <input type="hidden" name="description3" value="Płatność za zamówienie 01/2017 child3">
28     <input type="hidden" name="control3" value="control_child3">
29   </form>
30 
31   <p>
32     <button type="submit" form="dotpay_redirection_form" value="Submit">
33       Potwierdź zamówienie i zapłać
34     </button>
35   </p>
36 
37 </div>

Important

Sum of amounts sent in parameters amount1, amount2, …, amount(n) has to be equal to the total amount of payment, defined in parameter amount .

3.4. Masscollect

Note

Functionality is only available for shops ( id ) which were adequately configured by Dotpay, what is dependent on signed agreement.

Functionality allows to send recipient bank account number in transaction request, which Is going to be used in payout, that is default account number defined is account ( id ) configuration will be overwritten.

Depending on account configuration, payouts created by automatic payouts mechanism will either be aggregated by bank account numbers or in 1:1 for where every payment creates separate payout. Payouts of any amount are always aggregated.

Caution

Using described functionality requires request sent to Dotpay to be signed as well as signature verification to be required on given shop ( id ). Description of signature creation can be found in Redirection parameters integrity protection (CHK) section.

In order to make Masscollect payments, additional parameters described in the table below should be sent in the order. Only the recipient_account_number parameter is required, however, it is also recommended to provide the recipient’s name using the parameter recipient_company or recipient_first_name and recipient_last_name .

3.4.1. Table 12. (Additional parameters used in the Masscollect service)

PARAMETER

MEANING / DESCRIPTION

recipient_account_number

Recipient account number in BBAN format.

type: string

max length: 26

Example:

recipient_account_number = 32249000896640389235035459

recipient_company

Recipient company name

type: string

max length: 50

Example:

recipient_company = My Company Inc.

recipient_first_name

Recipient first name

type: string

max length: 30

Example:

recipient_first_name = John

recipient_last_name

Recipient last name

type: string

max length: 30

Example:

recipient_last_name = Smith

recipient_address_street

Street – recipient address

type: string

max length: 40

Example:

recipient_address_street = Wielicka

recipient_address_building

Building number – recipient address

type: string

max length: 10

Example:

recipient_address_building = 72

recipient_address_apartment

Flat number – recipient address

type: string

max length: 10

Example:

recipient_address_apartment = 1

recipient_address_postcode

Postcode – recipient address

type: string

max length: 6

Example:

recipient_address_postcode = 30-552

recipient_address_city

City – recipient address

type: string

max length: 50

Example:

recipient_address_city = Cracow

Below is an exemplary Masscollect payment form.

 1 <div>
 2 
 3   <form action="https://ssl.dotpay.pl/t2/" id="dotpay_redirection_form" method="POST" enctype="application/x-www-form-urlencoded">
 4 
 5     <input type="hidden" name="id" value="123456">
 6     <input type="hidden" name="amount" value="123.45">
 7     <input type="hidden" name="currency" value="PLN">
 8     <input type="hidden" name="api_version" value="next">
 9     <input type="hidden" name="description" value="Płatność za zamówienie 07/2017">
10     <input type="hidden" name="recipient_account_number" value="32249000896640389235035459">
11     <input type="hidden" name="recipient_company" value="Moja Firma S.A.">
12     <input type="hidden" name="recipient_first_name" value="Jan">
13     <input type="hidden" name="recipient_last_name" value="Kowalski">
14     <input type="hidden" name="recipient_address_street" value="Wielicka">
15     <input type="hidden" name="recipient_address_building" value="72">
16     <input type="hidden" name="recipient_address_apartment" value="1">
17     <input type="hidden" name="recipient_address_postcode" value="30-552">
18     <input type="hidden" name="recipient_address_city" value="Kraków">
19     <input type="hidden" name="chk" value="3135b6debcd8fe4e488ec2easux506c31867f78bed0ef0a1ca2266210a78d68c" />
20   </form>
21 
22   <p>
23     <button type="submit" form="dotpay_redirection_form" value="Submit">
24       Potwierdź zamówienie i zapłać
25     </button>
26   </p>
27 
28 </div>

3.5. Shipping and payer data

In order for channel provider to evaluate customer’s credit score, new additional parameters have been added.

Below is the list of those parameters with their description and requirements.

Sending more data than just required minimum might have big impact on credit score. If it is possible, it’s recommended to send complete data.

In order to process a given payment method, a new customer parameter has been added for integration with Dotpay. This parameter should contain specific information according to the following Table 13. Some payment channels may require less data, such as PayPo or Raty Alior.

3.5.1. Table 13. (Data handled by customer parameter)

FIELD NAME

TYPE

DESCRIPTION

payer.first_name

string

Payer name

payer.last_name

string

Payer lastname

payer.email

string

Payer email address

payer.phone

string

Payer phone number

payer.address

-

Payer address

payer.address.city

string

Payer address: city

payer.address.street

string

Payer address: street

payer.address.building_number

string

Payer address: building number

payer.address.flat_number

string

Payer address: flat number

payer.address.postcode

string

Payer address: post code

payer.address.country

string

Payer address: (ISO 3166-1 alpha2) or (ISO 3166-1 alpha3) country code

is_logged_in

boolean

Whether payer has register an account before placing an order

registered_since

string

Payer’s registration date on the seller’s website, format YYYY-MM-DD or YYYY-MM-DD hh:mm:ss

Optional, if it’s sent, order_count is also required

registered_since_indicator

string (indicator)

Payer’s registration date on the seller’s website, indicator for the registered_since field

Optional, if it’s sent, order_count is also required

account_update

string

Date of last change of paying account on the seller’s website, format YYYY-MM-DD

account_update_indicator

string (indicator)

Date of last change of paying account on the seller’s website, indicator for the field account_update

password_change

string

Date of last password change for the paying account on the seller’s website, format YYYY-MM-DD

password_change_indicator

string (indicator)

Date of last change of password for the paying account on the seller’s website, indicator for the field password_change

shipping_address_since

string

Date from when the payer’s delivery address is used, format YYYY-MM-DD

shipping_address_since_indicator

string (indicator)

Date from which the payer’s delivery address is used, the indicator for the field shipping_address_since

order_count

int

How many orders the payer has made made since registration

Optional, if it’s sent, registered_since is also required

order_count_day

int

The number of orders placed by the paying seller on the same day

order_count_year

int

Number of orders placed by the paying seller in the same year

fraud_activity

boolean

Has the store ever seen suspicious activity on this buyer’s account

order_history

-

Current payer order history

order_history.date

string

n-order place date in YYYY-MM-DD format

order_history.amount

decimal (10,2)

Gross price of n-product

order

-

Order

order.total_amount

string

The value of the entire order

order.id

string

Order ID in the seller’s system. Corresponds to the ID number of the entire order in the store database

order.items

-

The contents of the shopping cart. We recommend that you do not exceed the number 100 articles in the list

order.items.id

string

ID of given shop product

order.items.name

string

The name of a single product in the seller’s system. Corresponds to the name of the product in the store database.

min length: 1

max length: 150

regular expression:

[\w\s\-_. ,'?@\\\/ąćęłńóśźżĄĆĘŁÓŃŚŹŻ]+$

order.items.quantity

int

Number of items in the customer’s order (n * Goods = total number of items)

min length: 1

max length: 1000

order.items.unit_type

string

Item measurement unit, eg. quantity, kg, liters, meters and so on.

order.items.gross_price

decimal(10,2)

Gross price of n-product. Corresponds to the price of the product in the store database.

order.items.type

string

Order type (eg. product, payment, delivery, discount)

order.items.is_virtual

boolean

Product is virtual (doesn’t require a delivery)

order.items.category

string

The category of a single product in the seller’s system. the category should match one of the elements listed in the dictionary. List of available categories: Dictionary of available sales categories

order.delivery_type

string

Delivery method

Available values:

  • COURIER - courier

  • POCZTA_POLSKA - Poczta Polska

  • PICKUP_POINT - pickup point like UPS Access point, DHL Parcel Shop

  • PACZKOMAT - parcel locker

  • PACZKA_W_RUCHU - paczka w ruchu

  • PICKUP_SHOP -pickup in shop (click&collect)

order.delivery_address

-

Delivery address If the package is delivered to a point / parcel locker / etc, such address and name should be given, not the details of the actual recipient.

order.delivery_address.city

string

Delivery address: city

order.delivery_address.street

string

Delivery address: street

order.delivery_address.building_number

string

Delivery address: building number

order.delivery_address.flat_number

string

Delivery address: flat number

order.delivery_address.postcode

string

Delivery address: post code

order.delivery_address.country

string

Delivery address: (ISO 3166-1 alpha2) or (ISO 3166-1 alpha3) country code

order.delivery_address.name

string

Name of recipient / collection point.

Examples:

order.delivery_address.name = D0B019A order.delivery_address.name = PPP:6252652

order.delivery_address.phone

string

Recipient’s phone number

order.delivery_address.is_verified

bool

Delivery address: Whether the delivery address is verified

Note

If the store does not want to provide the correct date, it is possible to use an indicator field of replacement type for selected parameters.

3.5.2. Values used for indicator field replacement for selected fields:

VALUE

DESCRIPTION

01

The payer’s account does not exist on the seller’s website

02

Date of the transaction just ordered

03

Date not older than 30 days ago

04

Date in the range 30 - 60 days ago

05

Date older than 60 days ago

Exemplary use of parameters described above:

Example in json format
 1 {
 2     "payer": {
 3         "first_name": "Jan",
 4         "last_name": "Kowal",
 5         "email": "jankowal@example.com",
 6         "phone": "123456789",
 7         "address": {
 8             "city": "Warszawa",
 9             "street": "Krucza",
10             "building_number": "1a",
11             "flat_number": "4",
12             "postcode": "00-950",
13             "country": "POL"
14         }
15     },
16     "is_logged_in": true,
17     "registered_since": "2017-02-11",
18     "order_count": 2,
19     "order_history": [
20         {
21             "date": "2017-02-11",
22             "amount": "456.21",
23             "delivery_type": "COURIER"
24         },
25         {
26             "date": "2018-05-21",
27             "amount": "879.67",
28             "delivery_type": "POCZTA_POLSKA"
29         }
30     ],
31     "order": {
32         "id": "MHH67HF8DS",
33         "items": [
34             {
35                 "id": "3245623",
36                 "name": "Super Phone 1",
37                 "quantity": 1,
38                 "unit_type": "szt.",
39                 "gross_price": "856.52",
40                 "type": "towar",
41                 "is_virtual": false
42             },
43             {
44                 "id": "3245625",
45                 "name": "Dostawa",
46                 "quantity": 1,
47                 "unit_type": "szt.",
48                 "gross_price": "15.00",
49                 "type": "dostawa",
50                 "is_virtual": false
51             }
52         ],
53         "delivery_type": "POCZTA_POLSKA",
54         "delivery_address": {
55             "city": "Kraków",
56             "street": "Wielicka",
57             "building_number": "28b",
58             "flat_number": "5",
59             "postcode": "30-552",
60             "country": "POL"
61         }
62     }
63 }

3.5.3. Dictionary of article categories for the parameter order.items.category

VALUE

DESCRIPTION

ART_ANTIQUES

Works of art, antiques

BOOKS_EDUCATIONAL

Books, educational materials

BUILDING_MATERIALS

Building Materials

CARS_MOTORBIKES_SCOOTERS

Cars, motorbikes, mopeds, scooters

CLOTHING_SHOES

Clothing, shoes

COMP_COMPONENTS

Computer components and accessories including monitors, printers and scanners

COMPUTERS

Computers

CONSOLES_GAMES

Consoles and games

DEVOTIONAL

Devotional articles

DOORS_WINDOWS

Windows and doors

ECO_SYSTEMS

Ecological systems

FOR_CHILDREN

Baby carriages, car seats and others

FUEL_COAL

Fuel and coal

FURNITURE

Furniture

GARDENING

Seeds, fertilizers, plants

GIFT_VOUCHERS

Gift vouchers, packages (other than medical)

HEATING

Central heating boilers, JUNKERS

HOME_FURNISHINGS

Home furnishings

HOME_TEXTILES

Home textiles, bedding and blankets

HOUSEHOLD_GOODS_BIG

Household appliances large

HOUSEHOLD_GOODS_SMALL

Household appliances small

INSURANCE

Insurance services

JEWELRY_WATCHES

Jewelry, watches

LAPTOPS_TABLETS

Laptops and tablets

MUSICAL_INSTRUMENTS

Musical instruments

OTHER_MOTORIZATION

Other motorization

PHONES_GPS

Telephones and GPS

PHOTO_CAMERA

Photo and Camera

RTV

RTV

SERVICES

Services

SOFTWARE

Software and other computer components

SPORTS_REHABILITATION

Sporting / rehabilitation / tourist articles

TOOLS_DEVICES

Tools and devices

VEHICLE_ACCESSORIES_EQUIPMENT

Vehicle accessories and equipment

3.5.4. Data required in customer parameter for PayPo channel

To make a payment with PayPo channel, specific data is required, which has been described in Table 13 :

Minimum data required for PayPo in json:
 1      {
 2        "payer": {
 3          "first_name": "Jan",
 4          "last_name": "Kowal",
 5          "email": "jankowal@example.com"
 6        },
 7        "order": {
 8          "delivery_address": {
 9            "city": "Kraków",
10            "street": "Wielicka",
11            "building_number": "28B",
12            "postcode": "30-552"
13          }
14        }
15      }
Complete data for PayPo in json:
 1      {
 2        "payer": {
 3          "first_name": "Jan",
 4          "last_name": "Kowal",
 5          "email": "jankowal@example.com",
 6          "phone": "+48126882600"
 7        },
 8        "registered_since": "2017-02-11",
 9        "order_count": 2,
10        "order": {
11          "id": "MHH67HF8DS",
12          "delivery_type": "POCZTA_POLSKA",
13          "delivery_address": {
14            "city": "Kraków",
15            "street": "Wielicka",
16            "building_number": "28b",
17            "flat_number": "5",
18            "postcode": "30-552",
19            "country": "POL"
20          }
21        }
22      }

Optional parameters for PayPo have been colored, their absence might negatively impact payer’s credit score.

In order for this information to be passed to Dotpay in customer parameter, it has to be formatted correctly. First it needs to be encoded in JSON format and then encoded using Base64.

Example for generating customer parameter value (minimum) for PayPo channel in PHP:
 1      <?php
 2 
 3              $customer = array (
 4 
 5                  "registered_since" => "2017-12-31",
 6                  "order_count" => 12,
 7 
 8 
 9                  "payer" => array(
10                          "first_name" => "Jan",
11                          "last_name" => "Kowal",
12                          "email" => "jan@example.com"
13                           ),
14                  "order" => array(
15                          "delivery_type" => "COURIER",
16                          "delivery_address" => array(
17 
18                                           "city" => "Krakow",
19                                           "street" => "Wielicka",
20                                           "building_number" => "11",
21                                           "flat_number" => "7",
22                                           "postcode" => "30-553",
23                                           "country" => "POL"
24                                                                      )
25                             )
26 
27                  );
28 
29 
30 
31              $customer_base64 = base64_encode(json_encode($customer));
32 
33      ?>

3.5.5. Data required in customer parameter for Raty Alior channel

To make a payment with Raty Alior channel, specific data is required, which has been described in Table 13 :

Minimum data required for Raty Alior in json:
 1              {
 2                      "payer":{
 3                              "first_name":"Jan",
 4                              "last_name":"Kowal",
 5                              "email":"jankowal@example.com"
 6                      },
 7                      "order":{
 8                              "items":[
 9                                      {
10                                              "name":"Super Phone 1",
11                                              "quantity":1,
12                                              "gross_price":"1200.00",
13                                              "category":"PHONES_GPS"
14                                      },
15                                      {
16                                              "name":"Pendrive 64GB",
17                                              "quantity":4,
18                                              "gross_price":"50.00",
19                                              "category":"COMP_COMPONENTS"
20                                      }
21                              ]
22                      }
23              }

The value of the order.items.category parameter should be filled in according to the category dictionary.

The number of products in the order.items parameter is limited and should not be more than 500 items.

In order for this information to be passed to Dotpay in customer parameter, it has to be formatted correctly. First it needs to be encoded in JSON format and then encoded using Base64.

Example for generating customer parameter value (minimum) for Raty Alior channel in PHP:
 1      <?php
 2 
 3     $customer = array(
 4                  "payer" => array(
 5                      "first_name" => "Jan",
 6                      "last_name" => "Kowal",
 7                      "email" => "jankowal@example.com",
 8                  ),
 9 
10                  "order" => array(
11                         "items" => [
12                                              array(
13                                                      "name" => "Super Phone 1",
14                                                      "quantity" => 1,
15                                                      "gross_price" => "1200.00",
16                                                      "category" => "PHONES_GPS"
17                                              ),
18 
19                                              array(
20                                                      "name" => "Pendrive 64GB",
21                                                      "quantity" => 4,
22                                                      "gross_price" => "50.00",
23                                                      "category" => "COMP_COMPONENTS"
24                                              )
25 
26                                      ],
27                  )
28 
29 
30              );
31 
32 
33              $customer_base64 = base64_encode(json_encode($customer));
34 
35      ?>

3.5.6. Data required in customer parameter for PayPal channel (only with PayPal SPP)

The technical requirements necessary to obtain the “Extended Seller Protection Policy (SPP)” from PayPal to buy online - shop or reception point.

If you use the seller protection program on your PayPal account and you have an appropriate agreement in this regard with PayPal, in integration with Dotpay it is necessary to send additional information.

To make a payment with PayPal in SPP channel, specific data is required, which has been described in Table 13 :

An example of using the minimum required data for a PayPal channel in SPP (json format):
 1              {
 2                 "payer":{
 3                    "first_name":"Jan",
 4                    "last_name":"Kowal",
 5                    "email":"jankowal@example.com"
 6                 },
 7                 "order":{
 8                    "delivery_address":{
 9                                      "name":"PPP:6252652",
10                                      "city":"Kraków",
11                                      "street":"Wielicka",
12                                      "building_number":"28B",
13                                      "postcode":"30-552",
14                                      "phone":"+48126880000",
15                                      "country":"PL"
16                    }
17                 }
18              }

In order for this information to be passed to Dotpay in customer parameter, it has to be formatted correctly. First it needs to be encoded in JSON format and then encoded using Base64.

Example for generating customer parameter value (minimum) for PayPal (SPP) channel in PHP:
 1      <?php
 2 
 3      $customer = array(
 4              "payer" => array(
 5                      "first_name" => "Jan",
 6                      "last_name" => "Kowal",
 7                      "email" => "jan@example.com"
 8              ) ,
 9              "order" => array(
10                      "delivery_address" => array(
11 
12                              "name" => "PPP:6252652",
13                              "city" => "Krakow",
14                              "street" => "Wielicka",
15                              "building_number" => "28B",
16                              "postcode" => "30-552",
17                              "phone" => "+48126880000",
18                              "country" => "PL"
19                      )
20              )
21 
22      );
23 
24      $customer_base64 = base64_encode(json_encode($customer));
25 
26      ?>

Note

In order for the sent data to be correctly interpreted and sent from Dotpay to PayPal, such fact must be reported to Dotpay (tech@dotpay.pl) in advance for the correct configuration of the account.

3.6. Faulty redirections from the merchant’s system

On Dotpay’s side a shop ( id ) may be configured in such a way that in case of a faulty redirection to Dotpay (caused by e.g. a faulty parameters passed by the merchant’s system) an automated redirection will be made to the address from the url parameter (sent by merchant’s system) along with a faulty code.

When an error occurs a redirection to the address from url parameter will be made error_code parameter with a proper value will be added.

Note

In order to activate functionality enable Handling error codes in URL option available in seller administration panel in Settings –> Shop configuration –> Edit tab.

For example, while redirecting from a merchant’s system to unknown payment channel number in Dotpay, for passed in the redirection parameter url : url = https://example.com/

redirection will be to: https://example.com/?error_code=UNKNOWN_CHANNEL

error_code values are listed below:

PAYMENT_EXPIRED - payment link expired or datetime defined in expiration_date parameter has been exceeded

UNKNOWN_CHANNEL – invalid value of parameter channel

DISABLED_CHANNEL – payment channel is unavailable

UNKNOWN_CURRENCY – currency code is invalid

BLOCKED_ACCOUNT – account ( id ) is blocked

INACTIVE_SELLER – account ( id ) is inactive

AMOUNT_TOO_LOW - amount is lower than minimum defined for shop

AMOUNT_TOO_HIGH - amount is higher than maximum defined for shop

BAD_DATA_FORMAT - invalid request data, e.g. invalid expiration_date format

URLC_INVALID - account ( id ) settings require the URLC to contain SSL (the address starts with: ‘https: // ‘)

REQUIRED_PARAMETERS_NOT_PRESENT – one of the required parameters is missing

MULTIMERCHANT_INVALID_ACCOUNT_CONFIGURATION – one of the accounts is not properly configured for Multimerchant payments

MULTIMERCHANT_INSUFFICIENT_AMOUNT – sum of amount(n) parameters is not equal to amount value

MULTIMERCHANT_WRONG_CURRENCY – values of parameters currency and currency(n) are not equal

CREDIT_CARD_NOT_ACCEPTED – credit card data has been sent, but account ( id ) configuration doesn’t allow processing it

CREDIT_CARD_OPERATION_TYPE_NOT_ACCEPTED_CODE – parameter sent credit_card_operation_type , but account serrings ( id ) does not allow its processing

CREDIT_CARD_SECURITY_CODE_REQUIRED_NOT_ACCEPTED_CODE – parameter sent credit_card_security_code_required , but account serrings ( id ) does not allow its processing

CREDIT_CARD_3DS_NOT_ACCEPTED_CODE – parameter sent credit_card_threeds , but account serrings ( id ) does not allow its processing

CREDIT_CARD_AVS_NOT_ACCEPTED_CODE – parameter sent credit_card_avs , but account serrings ( id ) does not allow its processing

UNKNOWN_ERROR - returned value in other case than the above mentioned

4. TEST ENVIRONMENT

It is possible to create a test environment (independently on production environment) which allows to make a simulation payment (transaction) in order to test the shop integration with Dotpay payment system.

Note

In order to receive Dotpay test environment access fill in registration form available at

The address of a test environment has been placed below. Any action which should be taken in order to integrate with Dotpay payment system is analogical to the above described.

https://ssl.dotpay.pl/test_payment/ - address of the payment form

https://ssl.dotpay.pl/test_seller/ - address of the administration panel

https://ssl.dotpay.pl/test_payment/payment_api/channels/ - payment API address (channel list)

Simulating card payment (channel 248) requires valid card data.

Table below contains few exemplary cards which might be used for that purpose. Expiration date is anything from current date to December 2030.

4.1. Table 14. (List of sample card numbers that can be used in the process of testing card payments)

TYPE

NUMBER

CVV2 / CVC2

3DS

Visa*

4916 9715 6289 1025

025

No

Visa*

4929 5320 2788 7670

670

Yes

MasterCard*

5498 5400 7907 4343

343

No

MasterCard*

5344 6642 8071 1026

026

Yes

Visa

4111 1111 1111 1111

111

No

Visa

4444 4444 4444 4448

448

Yes

MasterCard

5500 0055 5555 5559

559

No

* for One-click or recurring payment testing

5. ADDITIONAL INFORMATION

5.1. Verification of the IP address

Dotpay IP addresses:

195.150.9.37 and 91.216.191.181 – 91.216.191.185 and 5.252.202.255

Using the above-mentioned IP service Dotpay sends all confirmation to the merchant’s system. For proper communication, the merchant should accept connections from this addresses.

Caution

Merchant’s system should always verify IP address from which a confirmation has been sent for security reasons.

Because of PCI DSS requirement the only SSL version used by Dotpay server is TLSv1.2 and TLSv1.3, with other protocol versions encrypted connection with host ssl.dotpay.pl will not be possible.

5.2. Security of payment integration

In order to provide the highest security standards for your transactions we recommend using all available security mechanisms.

Note

Transaction security should be handled in two places:

5.2.1. Redirecting customer from shop to Dotpay

Redirecting customer to Dotpay involves sending parameters defining payment details. To prevent unauthorized data manipulation in this step we recommend using data integrity protection. Parameters can be signed, this signature is passed as an additional chk parameter along other standard parameters.

A description of this functionality can be found in the chapter Redirection parameters integrity protection (CHK).

If your service is ready to send chk parameter for all of the transactions please contact Dotpay to enforce its verification.

Caution

Keep in mind minimal amount of payment parameters sent to Dotpay is: id , amount , currency , description .

Please verify whether your integration send those parameters correctly, according to format defined in this payment implementation manual.

5.2.2. Receiving confirmation of the posted payment in Dotpay

In order to send operation (transaction) confirmation to shop URLC (HTTP request, callback), mechanism is used, which using POST method passes all parameters.

If you are using this automatic notifications URLC, please make sure for every order received data is verified, especially when it comes to operation type ( operation_type ), it’s status ( operation_status ) and: - operation_original_amount - The amount taken from amount parameter which has been sent by merchant’s system.- operation_original_currency - The currency taken from currency parameter which has been sent by merchant’s system. - signature - checksum created by SHA‑256 function from concatenated notification parameters

We also recommend to verify URLC notification origin, so in this case if IP belongs to Dotpay and is made using POST method. The IP address from which Dotpay sends notifications is listed in the chapter Verification of the IP address.

Caution

After receiving the confirmation of payment in the Dotpay service, the store should absolutely compare the value of the amount and currency paid with the expected amount registered when placing the order by the buyer in the store’s database.

The order should be processed by the store only when it checks whether the value due for the order stored in the store’s database is equal to the value posted in Dotpay assigned to the order!

6. ATTACHMENT I - PAYMENT CHANNELS

In the following table all channels which are available in Dotpay system are presented. Availability of payment method in a given account ( id ) depends on signed contract.

In the table the following are presented channel names, their providers and numbers, logotypes and remarks. Channel numbers are values which are accepted by channel parameter described in the above chapters.

6.1. Table 15. (Payment channels available in Dotpay system)

6.1.1. PAYMENT CARDS

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

71

MasterPass

-

_images/channel_71.png

24/7

Available only for business accounts.

246

Payment cards

-

_images/channel_246.png

24/7

Available only for business accounts.

248

Payment cards

-

_images/channel_248.png

24/7

Available only for business accounts.

Available for currency: PLN, EUR, USD, GBP

249

Visa SRC

-

_images/channel_249.png

24/7

Available only for business accounts.

260

Google Pay

Google LLC

_images/channel_260.png

24/7

Available only for business accounts. Required separate agreement.

262

Apple Pay

Apple Inc.

_images/channel_262.png

24/7

Available only for business accounts.

6.1.2. FAST TRANSFERS

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

1

mTransfer

mBank S.A.

_images/channel_1.png

24/7

2

Płacę z Inteligo

Bank PKO BP

_images/channel_2.png

24/7

4

Płacę z iPKO

Bank PKO BP

_images/channel_4.png

24/7

6

Przelew24

Santander Bank Polska SA (previously Bank Zachodni WBK SA)

_images/channel_6.png

24/7

36

Pekao24Przelew

Bank Pekao S.A.

_images/channel_36.png

24/7

38

Płać z ING

ING Bank Śląski S.A.

_images/channel_38.png

24/7

44

Millennium - Płatności Internetowe

Millennium Bank S.A.

_images/channel_44.png

24/7

45

Pay with Alior Bank

Alior Bank S.A.

_images/channel_45.png

24/7

46

Płacę z Citi Handlowy

Citi Bank Handlowy S.A.

_images/channel_46.png

24/7

50

Pay Way Toyota Bank

Toyota Bank Polska

_images/channel_50.png

24/7

51

Płać z BOŚ

BOŚ Bank S.A.

_images/channel_51.png

24/7

66

Bank Nowy S.A.

Bank Nowy Spółka Akcyjna z siedzibą w Poznaniu

_images/channel_66.png

24/7

70

Pocztowy24

Bank Pocztowy S.A.

_images/channel_70.png

24/7

73

BLIK

Polski Standard Płatności Sp. z o.o.

_images/channel_73.png

24/7

74

Banki Spółdzielcze

Krajowa Izba Rozliczeniowa S.A.

_images/channel_74.png

24/7

75

Płacę z Plus Bank

Krajowa Izba Rozliczeniowa S.A.

_images/channel_75.png

24/7

76

Getin Bank PBL

Krajowa Izba Rozliczeniowa S.A.

_images/channel_76.png

24/7

80

Noble Pay

Krajowa Izba Rozliczeniowa S.A.

_images/channel_80.png

24/7

86

TrustPay

Trust Pay

_images/channel_86.png

24/7

Available only for business accounts.

Available for currency: CZK, EUR

87

Credit Agricole PBL

Credit Agricole Bank Polska S.A.

_images/channel_87.png

24/7

Available only for business accounts.

90

BNP Paribas – płacę z Pl@net

Krajowa Izba Rozliczeniowa S.A.

_images/channel_90.png

24/7

Available only for business accounts.

91

Nest Bank

Krajowa Izba Rozliczeniowa S.A.

_images/channel_91.png

24/7

Available only for business accounts.

92

Bank Spółdzielczy w Brodnicy

Krajowa Izba Rozliczeniowa S.A.

_images/channel_92.png

24/7

Available only for business accounts.

93

Kasa Stefczyka

Spółdzielcza Kasa Oszczędnościowo-Kredytowa im. F. Stefczyka

_images/channel_93.png

24/7

6.1.3. TRANSFERS

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

7

ING Corporate customers

ING Bank Śląski S.A.

_images/channel_7.png

Mon - Sat

8:00am - 8:00pm

10

Millennium Corporate customers

Millennium Bank S.A.

_images/channel_10.png

Mon - Fri

8:00am - 8:00pm

15

iPKO

Bank PKO BP

_images/channel_15.png

0:00am – 11:00pm / 7

16

Credit Agricole

Credit Agricole Bank Polska S.A.

_images/channel_16.png

4:00am – 11:00pm / 7

32

BNP Paribas

BNP Paribas Bank Polska SA

_images/channel_32.png

Mon - Fri

8:00am – 9:00pm

89

Santander

Santander Bank Polska SA (previously Bank Zachodni WBK SA)

_images/channel_89.png

Mon - Fri

8:00am – 9:00pm

6.1.4. CASH

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

11

Bank transfer / postal

-

_images/channel_11.png

Mon - Fri

3 Elixir sessions

82

SEPA transfer

-

_images/channel_82.png

Mon - Fri

3 Elixir sessions

Available only for business accounts.

Available for currency: EUR

6.1.5. PURSES AND VOUCHERS

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

52

SkyCash

SkyCash Poland S.A.

_images/channel_52.png

24/7

59

CinkciarzPAY

Conotoxia Sp. z o.o.

_images/channel_59.png

24/7

218

paysafecard

Paysafecard

_images/channel_218.png

24/7

Available for currency: PLN

WARNING: refunds are not available on this channel

6.1.6. INSTALLMENTS

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

55

Raty z Alior Bankiem

Alior Bank S.A.

_images/channel_55.png

24/7

Available only for business accounts, for orders between 300.00 PLN and amount defined in the agreement.

68

mRaty

mBank S.A.

_images/channel_68.png

24/7

Available only for business accounts, for orders between 300.00 PLN and amount defined in the agreement.

6.1.7. OTHERS

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

212

PayPal

PayPal

_images/channel_212.png

24/7

Available for currency: PLN

Gateway model, Dotpay doesn’t send funds to the seller.

6.1.8. POSTPONED PAYMENTS

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

94

Kupuj teraz, zapłać później [Buy now, pay later]

Aiqlabs Sp. z o.o.

_images/channel_94.png

24/7

Available only for business accounts, for orders between 100.00 PLN and 2000.00 PLN or amount defined in the agreement.

92

PayPo

PayPo Sp. z o.o.

_images/channel_95.png

24/7

Available only for business accounts.

for orders between 10.00PLN and 2000.00PLN.

Required separate agreement.

Requires customer parameter.

6.1.9. MOBILE TRANSFERS - Direct Carrier Billing type

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

231

Orange

Orange Polska S.A.

_images/channel_231.png

24/7

Available only for business accounts.

Required separate agreement with Dotpay partner.

232

T-Mobile

T-Mobile Polska S.A.

_images/channel_232.png

24/7

Available only for business accounts.

Required separate agreement with Dotpay partner.

233

PLAY

P4 Sp. z o.o.

_images/channel_233.png

24/7

Available only for business accounts.

Required separate agreement with Dotpay partner.

234

Plus

Polkomtel Sp. z o.o.

_images/channel_234.png

24/7

Available only for business accounts.

Required separate agreement with Dotpay partner.

6.2. Payment Channel List - available for download

Note

Listed channels and their logos are available for download at:

7. ATTACHMENT II - OPERATION STATUSES DESCRIPTION

In the following table are presented description of operation statuses which are created in system.

7.1. Table 16. (Operation statuses created in the Dotpay system)

STATUS

MEANING / DESCRIPTION

new

(new)

A new operation. It means establishment of the operation.

processing

(waiting for deposit)

The operation is being processed, e.g. for payment type it means that a payer came back to Dotpay from a payment channel provider or a provider has informed Dotpay about this fact.

payment and payment_multimerchant_child operations don’t have the accounting in the processing state. Complaint operation in this state means that a complaint procedure has been started.

completed

(completed)

For payment, payment_multimerchant_child types it means that Dotpay has already had (or is sure to have) funds from the payment made by a customer.

For release_rollback type it means that locked funds from rollback were released to the shop’s account ( id ).

For payout, refund and complaint types it means that funds have been transferred to a merchant, to a payer or a payment channel provider. This is the final status which means the operation will not change its status.

For this operation additional accounting may be written but only those that are as a result of e.g. correction or correction incorrectly calculated.

rejected

(rejected)

For payment, payment_multimerchant_child types it means that Dotpay has NOT received funds from a payer and is sure that won’t receive those funds. This means that e.g. a payer has cancelled a payment or doesn’t have enough funds at a payment channel provider (e.g. bank) to execute the payment.

For payout, refund and complaint types it means that the operation was cancelled - funds were refunded to a shop’s account ( id ). This is the final status which means the operation will not change its status.

For this operation additional accounting may be written but only those that are as a result of e.g. correction or correction incorrectly calculated.

processing_realization_waiting

(waiting for realization)

Operation in this state expects execution, e.g. for payout operation it means a withdrawal request (manually by a merchant or by auto withdrawal mechanism).

Operation in this state expects execution in “n” business days where “n” is specified in the agreement signed by a merchant.

processing_realization

(realisation)

This status means start of withdrawal execution procedure, for payout type operation it means payout transfer to the merchant’s account, for refund type operation funds transfer to a payer’s account.

If possible (e.g. card payment channels), instead of funds transfer, a refund is executed on a given channel.

8. CHANGELOG

VERSION

DATE

CHANGES DESCRIPTION

1.87.9.1

2022-01-05

name and logo change for the channel: 66 (Bank Nowy S.A.)

1.86.1.1

2021-11-20

removed channel 81 ‘Idea Cloud’

1.84.3.1

2021-09-24

change of the amount range for the channel 95 ‘PayPo’

1.84.2.1

2021-09-17

removed channel 83 ‘EnveloBank’

1.81.8.1

2021-08-03

adding new IP addresses from which Dotpay can send notifications to merchants’ services

1.79.20.1

2021-05-25

adding a new api version api_version : next

Change in the method of calculating the checksum used to verify the correctness of the data sent - Redirection parameters integrity protection (CHK) : chk

changing the content of the displayed information using the parameters bylaw and personal_data

1.78.22.1

2021-04-26

adding an additional optional parameter to Receiving confirmation of the posted payment in Dotpay

updating the list of available payment channels

1.77.10.1

2021-02-22

changed channels logo: 71 ‘MasterPass’, 246, ‘Payment cards’, 248 (Payment cards)

removed channel 35 ‘Kantor Polski’

1.75.7.1

2020-11-30

logo change for the channel: 1 (mTransfer)

adding new values for lang = lt (Lithuanian) and lang = lv (Latvian)

removed channel 60 (Płacę z T-Mobile Usługi Bankowe’)

1.74.2.1

2020-11-16

adding an additional optional parameter to URLC notification: operation_seller_code

add new channel group in channel_groups

1.73.13.1

2020-10-16

logo change for the channel: 50 (Pay Way Toyota Bank)

1.72.3.1

2020-09-15

removed channel 21 ‘VIA - Moje Rachunki’

adding a new parameters order.delivery_address.name, order.delivery_address.phone, order.delivery_address.is_verified in Chapter Shipping and payer data

adding data requirements sent in the parameter customer for the channel PayPal - only for SPP (Seller Protection Policy)

1.71.10.1

2020-08-18

removed channel 84 ‘Volkswagen Bank direct’

adding an additional optional parameter to URLC notification: channel_reference_id

1.70.0.1

2020-07-27

logo change for the channel 55 (Raty z Alior Bankiem) and channel 249 (Visa SRC)

1.69.18.2

2020-06-26

changed channels logo and and provider name for 249 ‘Visa SRC’ (before: ‘Visa Checkout’)

1.69.18.1

2020-06-19

logo change for the channel: 94 (Kupuj teraz, zapłać później)

1.67.18.2

2020-04-22

removed channel 65 (Płacę z Idea Bank)

1.67.18.1

2020-04-22

adding a new parameter order.items.category in Chapter Shipping and payer data

adding data requirements sent in the parameter customer for the channel Raty Alior

adding additional optional parameters to URLC CONFIRMATION: payer_bank_account_name , payer_bank_account , payer_transfer_title , blik_voucher_pin , blik_voucher_amount , blik_voucher_amount_used

1.65.2.1

2020-02-11

changed channels logo and and provider name for 66 ‘Bank Nowy BFG S.A.’ (before: ‘Płacę z PBS’)

1.62.2.1

2019-11-08

remove channels 48 (BNP Paribas – Płacę z Żółty), 88 (BNP Paribas dawni Klienci Raiffeisen), 56 (eurobank - płatność online)

added channel 262 (Apple Pay)

logo change for the channel 90 (BNP Paribas – płacę z Pl@net)

extension of the customer parameter by additional fields in Shipping and payer data Chapter (account_update, account_update_indicator, fraud_activity, password_change, password_change_indicator, shipping_address_since_indicator)

added parameter ap_token

1.60.16.1

2019-09-19

removed channel 33 (Volkswagen Bank)

1.59.10.2

2019-08-12

adding a new parameter order.id in Chapter Shipping and payer data , adding parameter description pid typographic corrections

1.59.10.1

2019-07-12

logo change for the channel 51 (Płać z BOŚ) and channel 95 (PayPo)

1.58.2.1

2019-06-10

changed channels logo and and provider name for 55 ‘Raty z Alior Bankiem’ (before: ‘erata - raty z dotpay’)

1.58.0.2

2019-06-03

changed channels logo and and provider name for 93 ‘Kasa Stefczyka’ (before: ‘eSKOK’)

adding a new Chapter: Security of payment integration; typographical corrections

1.58.0.1

2019-05-23

typographical corrections

1.56.14.1

2019-04-24

added new value for parameter currency : BGN, CHF, HRK, HUF, RUB

1.56.11.3

2019-04-10

removed channel 72 (Płacę z Orange)

added parameter gp_token

1.56.11.2

2019-04-01

changed names and logos for channels: 32 (previously: BGŻ BNP Paribas), 48 (previously: R - Przelew), 88 (previously: Raiffeisen), 90 (previously: BGŻ BNP Paribas)

added parameter customer and corresponding Shipping and payer data section

1.56.11.1

2019-03-28

added channel 95 (PayPo)

added channel 260 (Google Pay)

added current channel list in xlsx file for download

changed names and logos for channels: 32 (previously: BGŻ BNP Paribas), 48 (previously: R - Przelew), 88 (previously: Raiffeisen), 90 (previously: BGŻ BNP Paribas)

1.55.8.1

2019-03-22

removed channel 31 (Zapłać w Żabce i we Freshmarket)

removed channel 24 (mPay)

1.55.7.1

2019-02-15

added new value for parameter operation_type = payout_commission

added new value for parameter lang = uk (Ukrainian)

added new value for parameter currency = NOK

removed alternative payment parameters names: kwota, waluta, opis, kanal, blokuj, grupykanalow, typ, txtguzik, data_waznosci, forename, imie, nazwisko, surname, ulica, budynek, lokal, mieszkanie, addr2, miasto, kod, telefon, kraj, jezyk

1.53.5.1

2018-12-10

typographical corrections

added parameter credit_card_unique_identifier in URLC notifications

1.52.6.1

2018-11-13

removed channel 58 („Szybkie Płatności Internetowe z Deutsche Bank PBC”)

added a regular expression for the parameter amount

1.51.0.1

2018-10-03

added parameters in URLC notifications: credit_card_expiration_year and credit_card_expiration_month

1.50.11.1

2018-09-27

added channel 59 („CinkciarzPAY”)

change of channel provider name from Volkswagen Bank Polska S.A. to Volkswagen Bank GmbH

1.50.8.2

2018-09-07

logo change for the channel 6 (Przelew24) and channel 89 (BZWBK)

1.50.8.1

2018-09-05

Newly created accounts now require chk parameter by default

changes in descriptions regarding verification of order amount and currency

1.49.11.1

2018-06-26

added values

O – Postponed Payments

M - Mobile Transfers (DCB)

for parameter channel_groups (grupykanalow)

added channel 231 (Orange)

added channel 232 (T-Mobile)

added channel 233 (PLAY)

added channel 234 (Plus)

added channel 94 (Kupuj teraz, zapłać później)

added information about TLSv1.2

1.45.2.1

2018-03-30

changed name of section One-click payments to One-click and recurring payments

added new parameters to the section mentioned above and included them in Redirection parameters integrity protection (CHK) section as well

added new values for error_code parameter described in “Faulty redirections from the merchant’s system” section

1.44.12.2

2018-03-08

added channel 93 (eSKOK)

1.44.12.1

2018-02-20

logo change for the channel 48 (R-Przelew) and 246, 248 (Payment cards)

1.44.10

2018-02-13

added new values for parameter currency (waluta)

added new values for parameter language (jezyk)

added exemplary cards to TEST ENVIRONMENT chapter

1.39.2.1

2017-09-03

added channel 83 (EnveloBank)

added channel 249 (Visa Checkout)

changed channels logo 246 (Payment cards via Payeezy) and 248 (Payment cards)

1.38.1.1

2017-08-21

added channel 15 (iPKO)

1.37.3.3

2017-07-10

added parameter in URLC notifications: is_completed

1.37.3.2

2017-06-28

added Masscollect subchapter

1.37.3.1

2017-06-27

added Split payment (Multimerchant) subchapter

added Multimerchant and Surcharge parameters to Redirection parameters integrity protection (CHK) subchapter

updated Faulty redirections from the merchant’s system subchapter

added parameter ignore_last_payment_channel

1.36.10.1

2017-06-12

logo change for the channel 36 („Pekao24Przelew”)

1.36.7.1

2017-06-01

added channel 90 (BGŻ BNP Paribas)

added channel 91 (Nest Bank)

added channel 92 (Bank Spółdzielczy w Brodnicy)

added information about dowloading payment channel list for given ID

1.35.4.2

2017-04-05

added value UAH for parameter currency (waluta)

added channel 88 (Raiffeisen)

added channel 89 (BZWBK)

1.35.4.1

2017-03-28

removed kanału 18 (Przelew z BPH)

1.34.9.3

2017-01-26

added parameter in URLC notifications: credit_card_registration

1.34.9.2

2017-01-11

added regular expressions

changed channels logo: 71 („MasterPass”), 246 („Payment cards via Payeezy”), 248 (Payment cards)

1.34.9.1

2017-01-02

removed channel 77 (FerBuy)

removed value O – postponed payments from parameter channel_groups (grupykanalow)

1.33.4.2

2016-12-06

added channel 218 (paysafecard)

1.33.4.1

2016-11-14

removed channel 27 (BGŻ)

1.32.6.2

2016-11-07

added credit_card_registration parameter

removed channel 63 (Płacę z IKO)

1.32.6.1

2016-09-23

added channel 84 (Volkswagen Bank direct)

added channel 86 (TrustPay)

added channel 87 (Credit Agricole PBL)

1.30.6.3

2016-06-22

added deladdr parameter

1.30.6.2

2016-06-17

typographical corrections

added bylaw, personal_data parameters

added credit_card_number, credit_card_expiration_date_year, credit_card_expiration_date_month, credit_card_security_code parameters

new way of receiving test environment access (added registration link)

1.30.6.1

2016-06-01

typographical corrections

added One-click payments section

added expiration_date parameter

added value HASH_NOT_EQUAL_CHK for parameter error_code described in Faulty redirections from the merchant’s system section

1.29.11.1

2016-03-21

added chapter ADDITIONAL FEATURES

added subchapter Redirection parameters integrity protection (CHK)

moved subchapter Faulty redirections from the merchant’s system to chapter ADDITIONAL FEATURES

1.29.8.1

2016-02-26

added parameter channel_groups

added information about HTTPS verify and SSL certificate verify in II. RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION) chapter

added channel 82 (Przelew SEPA)

added channel 248 (Payment cards)

removed channel 64 (PeoPay)

1.28.5.2

2016-01-07

added parameter blik_code

added chapter ATTACHMENT II - OPERATION STATUSES DESCRIPTION

1.28.5.1

2015-12-31

removed channel 79 (Open Pay)

1.27.0.1

2015-11-10

removed channel 25 (Plus Bank)

1.25.7.1

2015-10-30

removed channel 49 (MeritumBank)

1.25.3.1

2015-10-22

removed channel 22 (Ukash)

removed channel 43 (Bank Spółdzielczy we Wschowie)

removed channel 62 (DNB Nord)

1.25.1.1

2015-10-19

change of the main payment site (from https://ssl.dotpay.pl to https://ssl.dotpay.pl/t2/)

removed channel 3 (MultiTransfer)

1.24.9.1

2015-10-12

added channel 81 (Idea Cloud)

1.23.13.3

2015-09-24

typographical corrections

1.23.13.2

2015-08-20

removed channel 69 (V.me)

1.23.13.1

2015-08-12

added channel 79 (Open Pay)

added channel 80 (Noble Pay)

removed channel 15 (iPKO)

1.23.9.2

2015-07-30

removal of UNKNOWN_ACCOUNT value of error_code parameter described in FAULTY REDIRECTIONS FROM THE MERCHANT’S SYSTEM chapter

1.23.9.1

2015-07-20

added channel 77 (FerBuy)

1.22.9.1

2015-06-01

added channel 74 (Banki Spółdzielcze)

added channel 75 (Płacę z Plus Bank)

added channel 76 (Getin Bank PBL)

removed channel 17 (Płacę z iPKONET)

removed channel 57 (Getin Bank)

added parameters operation_withdrawal_amount, operation_commission_amount, channel_country, geoip_country in URLC notifications

1.20.9.2

2015-02-09

added channel 73 (BLIK)

1.20.9.1

2015-01-14

removed channel 245 (MasterCard Mobile)

added chapter CHANGE LOG.

1.19.15.2

2014-12-12

added channel 72 (Płacę z Orange)

1.19.15.1

2014-12-08

added channel 71 (MasterPass)

1.18.5.4

2014-11-04

added channel 69 (V.me)

1.18.5.3

2014-11-19

removed channels 14 (KB24) and 61 (Bank Pocztowy)

1.18.5.2

2014-10-28

added channels 66 (Płacę z PBS ) and 70 (Pocztowy24)

renamed channel 17 (from Płać z Nordea to Płacę z IPKOnet)

added https://ssl.dotpay.pl/test_seller/ address to TEST ENVIRONMENT chapter