1. RECEIVING PAYMENTS¶

There are two methods of accepting payments from customers. The first method (presented in subchapter Basic version) is intended for Sellers who do not have e-shops or services integrated with the Dotpay system.

The second method (presented in subchapter Advanced version) is designed for e-shops and services, at which the payment process begins (e.g. customer is ordering some item).

Dotpay payment gateway is located at:

production environment: https://ssl.dotpay.pl/t2/

test environment : https://ssl.dotpay.pl/test_payment/

Caution

Because of security policy, Dotpay payment gateway cannot be embedded in iframe (X-Frame-Options:SAMEORIGIN).

1.1. Basic version¶

To redirect the customer to payment, all data can be saved in the URL - link. In the example below, link_pre-id01| id sklepu, amount , currency and description is passed to the payment form:

https://ssl.dotpay.pl/t2/?id=123456&amount=123.00&currency=PLN&description=Test

The above address redirects by the method: GET.

Other parameters that can be passed in this way to Dotpay payment form are listed in Table 1 and Table 2 of this document.

After logging to My Dotpay panel you can use menu Tools –> Payment links generator. This menu allows to determine such data as: id , amount , currency , description and lang .. Generating a payment request means creating a special key which allows defining the given parameters thus prevent modification of payment data.

Links generated this way can be listed and modified (e.g. amount ), in the above mentioned menu.

Key example: rfhu4jb5ym657g3xluf4bbqfmbyj6t17

Using such a generated key you can elicit payment site from the link:

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17

In case payment language was NOT specified or defined language was removed, parameter lang allows you to determine language on payment page.

Example of payment page with added parameter lang = en to present payment form in English:

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17&lang=en

Additionally, you can attach the ignore_last_payment_channel = 1 parameter to the payment link in order to ignore the payment method recently chosen by the customer (stored in the browser’s memory), so that he will always see the full list of available payment methods.

https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17&ignore_last_payment_channel=1&lang=pl

Such a prepared link with a key can be sent for example by e-mail to a buyer.

Generated payment link with a key can be used repeatedly until erased by the Merchant in My Dotpay panel (Tools –> Payment links generator –> delete).

Caution

By default for shop is also required sending the chk parameter. In the case of generating payment links from seller administration panel the chk parameter is automatically added to the link.

However for links generated manually or using seller administration panel API chk value has to be calculated and added separately.

Exemplary link is going to look like:

https://ssl.dotpay.pl/t2/?chk=c7dc9bb5d0c726a44cf478d3b78390011641f0f52c3db3c0ba6b9a658c6fb400&pid=poup7bulug5996r7fjc2jl056vfqbgp2

How to calculate chk has been described in Redirection parameters integrity protection (CHK) section. .

Note

If shop doesn’t use automatic notifications URLC and confirmation of each transaction is carried out after manual verification of correctness of booked amount and currency for a specific order, the maturity of the chk parameter may be disabled. For this purpose please contact us by email at the address administracja@dotpay.pl

1.1.1. Example forms of payments / donations¶

Caution

For proper functioning below forms require prior modification of parameters specified in section CONFIGURATION, for example inserting appropriate account id in which payment is to be made (id number can be found after logging in to the seller administration panel tab Settings,this is a 6-digit number placed after the sign # in column Shop). Otherwise, you will be redirected to the page with error message.

Customer after clicking button is redirected to the Dotpay payment form (https://ssl.dotpay.pl/t2/) to choose a payment method. Simultaneously with the POST method are sent the following parameters:

seller’s ID (e.g. id = 123456)

transaction’s amount (e.g. amount = 12.42)

currency

transaction’s description (e.g. description = Payment for invoice #12345/2014)

redirection’s type (e.g. type = 0)

return address after payment (e.g. url = https://www.example.com)

return button text (e.g. buttontext = Return)

Caution

The following forms don’t include a function to calculate the mandatory chk parameter. This functionality should be completed on its own or contact Dotpay administration department (administracja@dotpay.pl) in order to disable the verification of chk . Please read the Security of payment integration chapter before.

The form may also send other, optional parameters of which description can be found in the tables in the further parts of documentation.

Form with predefined and any amount

<html>

  <head>
      <meta charset="UTF-8">
  </head>
  <!-----------------------------
  
    Górna część strony
  
  ------------------------------------->
  
  <!---  copy  start--->
  
  <script type="text/javascript" src="http://code.jquery.com/jquery-3.5.1.min.js"></script>
  
  <style>
      div.dotpay_form_donation {
      font-family: sans-serif;
      text-align: center;
      }


      div.dp_temat {
      font-size: 1.5em;
      font-style: inherit;
      font-weight: bold;
      color: #334242;
      }

      input#dp_def_amount {
      border: 1px solid #bbb;
      border-radius: 3px;
      height: 50px;
      font-size: 1.3em;
      background: #dae6ff;
      text-align: center;
      font-weight: 500;
      cursor: pointer;
      }

      input#dp_kwota {
      border: 1px solid #bbb;
      border-radius: 3px;
      font-size: 1.2em;
      background: #f8f6fb;
      text-align: center;

      }

      input#dp_other_amount {
      font-size: 1em;
      background: #daedff;
      border: 1px solid #bbb;
      border-radius: 3px;
      padding: 5px;
      text-align: center;
      cursor: pointer;
      }

      button#dp_buttomDarowizna {
      font-size: 1.3em;
      background: #ae3131;
      border: 1px solid #bbb;
      border-radius: 3px;
      padding: 5px;
      text-align: center;
      cursor: pointer;
      color: #f3f0ed;
      letter-spacing: 0.1em;
      }
      table.tbl_center{
      margin-left: auto;
      margin-right: auto;
      }

  </style>
  
  <script>
      $(document).ready(function () {
          $("#dp_buttomDarowizna").click(function () {
              if ($('#dp_kwota').val().trim() === '') {
                  $("#dp_kwota_alert").text("Proszę wybrać lub wprowadzić kwotę darowizny.").show();
                  $('#dp_kwota_alert').css("display", "inline").fadeOut(5000);
                  return false;
              }
          });
      });
  </script>
  
  <div class="dotpay_form_donation">
      <form action="https://ssl.dotpay.pl/t2/" method="post" target="_parent">
          <div class="dp_temat">Wybierz kwotę darowizny</div>
          <p>
              <input type="button" id="dp_def_amount"
                  onClick="$('#dp_kwota').val('10'); $('#dp_kwota').prop('readonly', true);$('#dp_kwota').attr('style','color:blue');$('#dp_other_amount_txt').html('Wybrana Kwota')"
                  value="10.00 zł" />
              <input type="button" id="dp_def_amount"
                  onClick="$('#dp_kwota').val('20'); $('#dp_kwota').prop('readonly', true);$('#dp_kwota').attr('style','color:blue');$('#dp_other_amount_txt').html('Wybrana Kwota')"
                  value="20.00 zł" />
              <input type="button" id="dp_def_amount"
                  onClick="$('#dp_kwota').val('50'); $('#dp_kwota').prop('readonly', true);$('#dp_kwota').attr('style','color:blue');$('#dp_other_amount_txt').html('Wybrana Kwota')"
                  value="50.00 zł" />
              <input type="hidden" name="type" value="0" />
              <input type="hidden" name="currency" value="PLN" />
  
              <table class="tbl_center">
                  <tr>
                      <td>
                          <br><input type="button" id="dp_other_amount"
                              onClick="$('#dp_kwota').prop('readonly', false);$('#dp_kwota').attr('style','color:brown');$('#dp_other_amount_txt').html('<span style=\'color:brown\'>Wprowadź kwotę</span>')"
                              value="Inna kwota" />
                      </td>
                      <td>
                          <br><span id="dp_other_amount_txt">Wybrana Kwota</span>:
                          <input type="text" name="amount" id="dp_kwota" size="5" readonly
                              pattern="^([1-9])((\.\d{1,2})?)$|^((?!0)(\d){1,5})((\.\d{1,2})?)$|^(1(\d{5})(.\d{1,2})?)$|^(200000(.[0]{1,2})?)$"
                              placeholder="np. 100" maxlength="9" size="9"
                              title="Kwota powinna zawierać się w przedziale 1 - 200000 PLN. Dozwolony format to np: 100 lub 152.43"
                              oninput="this.value = this.value.replace(/[^0-9\.]/g, ''); this.value = this.value.replace(/(\..*)\./g, '$1');" />
                          PLN<br />
  
                      </td>
                  </tr>
              </table>
  
              <!--------------------------------- KONFIGURACJA --------------------------------------->
  
              <!---- zamiast 000000 nalezy podstawic numer ID w Dotpay -->
              <input type="hidden" name="id" value="000000" />
              <!--- Tytuł transakcji --->
              <input type="hidden" name="description" value="Testowa płatność" />
              <!--- Ardes URL powrotu --->
              <input type="hidden" name="url" value="http://www.example.com" />
              <!-- Tekst przycisku powrotu do sklepu --->
              <input type="hidden" name="buttontext" id="buttontext" value="Powrót do sprzedawcy" />
          </p>
  
          <!--------------------------------- KONIEC KONFIGURACJI --------------------------------------->
  
          <p><br><button class="dp_buttomDarowizna" id="dp_buttomDarowizna">Wpłać darowiznę</button></p>
      </form>
      <div id="dp_kwota_alert" style="color:red;"></div>
  </div>
  
  <!---  copy  end--->
  
  <!-----------------------------
  
    Dolna część strony
  
  ------------------------------------->
  
  </html>

Form only with predefined amounts

<html>
<!-----------------------------

	Górna część strony

------------------------------------->


<div style="text-align: center;">
  <form action="https://ssl.dotpay.pl/t2/" method="post" target="_parent">
    <p style="font-size: 18px">Wybierz kwotę darowizny</p>
    <input type="radio" name="amount" value="10.00" />10.00 zł&nbsp;&nbsp;&nbsp;
    <input type="radio" name="amount" value="20.00" />20.00 zł&nbsp;&nbsp;&nbsp;
    <input type="radio" name="amount" value="50.00" checked />50.00 zł<br />
    <input type="hidden" name="type" value="0" />
    <input type="hidden" name="currency" value="PLN" />

    <!--------------------------------- KONFIGURACJA --------------------------------------->

    <!---- zamiast 000000 nalezy podstawic numer ID w Dotpay -->
    <input type="hidden" name="id" value="000000" />
    <!--- Tytuł transakcji --->
    <input type="hidden" name="description" value="Testowa płatność" />
    <!--- Ardes URL powrotu do sklepu--->
    <input type="hidden" name="url" value="http://www.example.com" />
    <!-- Tekst przycisku powrotu do sklepu --->
    <input type="hidden" name="buttontext" value="Powrót do sprzedawcy" />

    <!--------------------------------- KONIEC KONFIGURACJI --------------------------------------->

    <p><br><button class="buttomDarowizna">Wpłać darowiznę</button></p>
  </form>
</div>

<!-----------------------------

	Dolna część strony

------------------------------------->

</html>

Form with any description and amount

<html>
<meta charset="utf-8">
<!-----------------------------

	Górna część strony

------------------------------------->

<div style="text-align: center;">
  <form action="https://ssl.dotpay.pl/t2/" method="post" target="_parent">
    <p style="font-size: 18px">Wybierz kwotę darowizny</p>
    <input name="description" value="Darowizna na cele statutowe" type="hidden">
    <input name="amount" id="kwota" size="6" value="" type="text" required
      pattern="^([1-9])((\.\d{1,2})?)$|^((?!0)(\d){1,5})((\.\d{1,2})?)$|^(1(\d{5})(.\d{1,2})?)$|^(200000(.[0]{1,2})?)$"
      placeholder="np. 10" maxlength="9" size="9"
      title="Kwota powinna mieścić się w przedziale 1 - 200 000 PLN. Dozwolony format to np: 10 lub 10.00">PLN

    <!--------------------------------- KONFIGURACJA --------------------------------------->

    <!---- zamiast 000000 nalezy podstawic numer ID w Dotpay -->
    <input name="id" value="000000" type="hidden">

    <!--------------------------------- KONIEC KONFIGURACJI ---------------------------------->

    <p><br><button class="buttomDarowizna">Wpłać darowiznę</button></p>
  </form>
  <br>
</div>

<!-----------------------------

	Dolna część strony

------------------------------------->

</html>

1.2. Advanced version¶

Direct version is based on direct integration with Dotpay payment system. In this version a customer after making an order will be redirected from the seller’s web site to Dotpay payment form. Client located on the Seller’s web page, after clicking on the button to confirm payment (e.g. pay by Dotpay) should be redirected to https://ssl.dotpay.pl/t2/.

In the next step the customer makes the payment with use of selected payment channel. If there is a defined return address and right parameter value of type , on the payment confirmation page will be displayed a button to return to the seller web page.

A seller may also specify URLC address on which information about the status of the transaction will be sent via POST method. The address can be defined by logging into Dotpay (Settings –> Notifications –> URLC Configuration –> Edit) or sent when you initiate the payment as a parameter named urlc .

In the second case you should unlock for your store getting the urlc parameters from external sources, ie deselect the option: Block external urlc (Settings –> Notifications –> URLC Configuration –> Edit) . With such a configuration a seller can define other URLC addresses for each payment.

The principle of URLC operation notifications is described in chapter URLC CONFIRMATION

1.2.1. Diagram 1. Example of the payment process in the following diagram and description:¶

Buyer places an order in shop
after completing shopping cart customer selects payment method with Dotpay and is redirected to the payment format
where presented is channel list.
Customer makes a choice
and is redirected to the bank.
The login page for banking is shown
where he enters credentials and confirms the transfer.
After logging out is following return to the Dotpay website.
During waiting for confirmation
the browser periodically inquires about the status of payment.
Bank informs Dotpay about the final status of payment
and this information is presented to payer.

Note

Steps 13 - 18 are optional (depending on the model of integration) and don’t have effect on payment process.

Buyer clicks on return button
and is redirected to the store
During waiting for confirmation
the browser periodically inquires about the status of payment.
After receiving URLC notification
shop confirms that customer has paid for order.

1.2.2. Table 1. (Basic parameters)¶

PARAMETER	MEANING / DESCRIPTION
`api_version`	API version - according to which the system sends URLC confirmation (see chapter RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION)). Sending parameter overrides default shop ( `id` ) configuration from seller administration panel in Settings –> Shop configuration –> Edit tab. Available values: dev - API version described in this manual. Important If shop configuration (Settings –> Shop configuration –> Edit tab) has API version set to something else than `dev`, not sending this parameter will cause Dotpay system to send no longer developed version of URLC notification, which is not compliant with this documentation. Example: `api_version` = dev
`id`	Account ID for which payment is made. ID can be found in the administration panel in Settings tab, it is a 6-digit number after # Shop. column. type: integer min value: 1 max value: 999999 Example: `id` = 123456
`amount`	The amount of the transaction given with centesimal part (always two places after the separator). Centesimal separator is a dot (.) type: string min length: 1 max length: 10 examplary regular expression (for amount in the range 0.01 - 200000.00) : ^0\.(0)([1-9])$\|^0\.(([1-9])(\d)?)$\|^([1-9])((\.\d{1,2})?)$\|^((?!0)(\d){1,5})((\.\d{1,2})?)$\|^(1(\d{5})(.\d{1,2})?)$\|^(200000(.[0]{1,2})?)$ Example: `amount` = 42.82
`currency`	This parameter determines the currency in which the `amount` parameter is given. Format according to ISO 4217 standard. Available values: PLN, EUR, USD, GBP, JPY, CZK, SEK, UAH, RON, NOK, BGN, CHF, HRK, HUF, RUB Example: `currency` = EUR
`description`	Payment description. type: string min length: 1 max length: 255 Example: `description` = Invoice 120/2018
`chk`	Checksum used to verify sent data integrity. Description of functionality can be found in Redirection parameters integrity protection (CHK) section. Important Required by default.

1.2.3. Table 2. (Additional parameters)¶

PARAMETER	MEANING / DESCRIPTION
`channel`	This parameter defines which payment channel will be selected after redirecting client to Dotpay payment form. Numerical values only available (see ATTACHMENT 1 - PAYMENT CHANNELS) Example: `channel` = 1 Seller wishes 1 to select a mTransfer channel by default. List of available payment channels for given shop (`id`) might be downloaded using: Seller administration panel API Payment API (this mechanism is also used by widget, which is a tool to display available payment channels. Is has been described in administration panel in Tools –> Widget tab ) Resource addresses: https://ssl.dotpay.pl/t2/payment_api/channels/ Required parameters: `id` , `amount` , `currency` Optional parameters: `lang` , `format` (json lub xml) Example: https://ssl.dotpay.pl/t2/payment_api/channels/?id=123456&amount=301.00&currency=PLN&lang=pl&format=json
`ch_lock`	Forcing the channel specified in the `channel` parameter. The parameter `ch_lock` with a value 1 does not allow the Buyer to choose another channel of payment than defined on the Seller web pages. Available values: 0 - channel will not be forced (default) 1 – force the selected `channel` . Example: Sending parameters `channel` = 1 and `ch_lock` = 1 will not allow a customer to choose other payment method than mTransfer.
`ignore_last_payment_channel`	Sending parameter will cause Dotpay website to ignore last payment channel used by costomer (saved in their browser data), i.e. all available payment channels will be shown as if it was first payment. By default for consecutive payments last used channel is shown with an option to choose another one. Available values: 1– ignore last chosen channel Example: `ignore_last_payment_channel` = 1
`channel_groups`	This parameter defines which channel groups will be displayed after redirecting client to Dotpay payment form (by default all are presented). When using this parameter it is recommended to use `ignore_last_payment_channel` described above. Available values: K – payment cards, T – fast transfers, P – transfers, G – cash, W – purses and vouchers, R – installments, M – mobile transfers (DCB), O – postponed payments, U – Payment Initation Service (PIS), I – other. Parameter can have more than one group as a value, in this case letters have to be separated with commas. Example: `channel_groups` = T `channel_groups` = R,I `channel_groups` = R,I,P
`url`	This parameter defines the Internet address (HTTP or HTTPS) to which buyer is expected to return after payment. Behavior of `url` parameter is determined by `type` parameter. type: string max length: 1000 Example: `url` = https://www.example.com/thanks_page.php `url` = http://195.150.9.55/thanks_page.php When both `url` and `type` = 0 parameters are sent after completion of the payment process customer will see the return button to the site of the Seller. The use of the button will move the buyer to the address in the `url` parameter with the parameter `status` (submitted by the POST and GET), which contains information about the possible errors at the checkout pages ( OK or FAIL). Important Parameter status informs only about the payment process. Information about the current status of the transaction (new, completed, rejected, etc.) contains a variable `operation_status` sent to the address `urlc` . Example: `url` = https://www.example.com/thanks_page.php?status=OK
`type`	This parameter defines a method of redirection to the seller’s web page. Parameter value influences `url` parameter. Available values: 0 – after the payment, the buyer will see a button to return to the seller’s web page, 2 – no reaction, lack of a button (default value). 4 – a direct redirection to the payment channel provider (e.g. bank) as well as after payment making and logging out of the service (called on-site / white label ). In order for functionality to fully work it is required to send necessary parameters needed for given payment channel. If any of them is NOT sent, seller is going to be redirected to Dotpay page to fill missing information, return process will be unchanged (redirection from channel provider to url will be automatic). Important If direct redirection mechanism (`type` = 4) is used it is necessary to add Dotpay Regulations of Payments (parameter `bylaw` ) and personal data use for payment processing (parameter `personal_data` ) agreement checkboxes. Example: After sending the given parameters set a button will be displayed allowing a Buyer to redirect to https://www.example.com/thanks_page.php: `type` = 0 `url` = https://www.example.com/thanks_page.php After sending the given parameters set and a full set of parameters required for payment process a buyer will be redirected directly (omitting Dotpay interface) to the payment channel provider (e.g. internet banking login form). After logging out from the payment provider service a buyer will be redirected to `url` address. Using the given value allows a scheme e.g. Shop –> Bank –> Shop: `type` = 4 `url` = https://www.example.com/thanks_page.php `bylaw` = 1 `personal_data` = 1
`buttontext`	The content that appears on a button to return to the seller website. Default text is Back to shop. type: string min length: 4 max length: 100 Example: `buttontext` = Back to www.example.com
`bylaw`	Parameter informing client has accepted Dotpay Sp. z o.o. Regulations of Payments and cookies policy. If this parameter is used, seller should display a checkbox to the client with information as follows. Akceptuję <a title="regulamin płatności" target="_blank" href="https://ssl.dotpay.pl/t2/cloudfs1/magellan_media/regulamin_platnosci">Regulamin płatności</a> Dotpay sp. z o.o.. Available values: 1 – payment regulations accepted Example: `bylaw` = 1
`personal_data`	Parameter informing about displaying to the Payer information on the processing of personal data by Dotpay Sp. z o.o.. If this parameter is used, seller should display content similar to the one below: Przyjmuję do wiadomości, że w celu realizacji procesu płatności Administratorem moich danych osobowych jest Dotpay sp. z o.o.. (KRS 0000700791), 30-552 Kraków (Polska), Wielicka 28B, +48126882600, <a href="mailto:bok@dotpay.pl">bok@dotpay.pl</a>, zobacz <a title="regulamin" target="_blank" href="https://ssl.dotpay.pl/t2/cloudfs1/magellan_media/rodo"> pełną treść klauzuli informacyjnej</a>. Available values: 1 – information on hearing the clause information Example: `personal_data` = 1
`urlc`	Web address (HTTP or HTTPS) to receive parameters confirming or denying completion of the transaction. A detailed description of URLC confirmation is described further in chapter RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION). It is recommended for the address to lead directly to the receiving file. If any 301 or 302 redirections occur in the way (which allow HTTP method to change), notification from Dotpay might be empty. Another way is to use 307 / 308 redirections on the server, since they do not allow such behavior. Sending parameter overrides default shop ( `id` ) configuration from seller administration panel in Settings –> Notifications –> Urlc configuration –> Edit tab . Important If option Block external urlc (menu Settings –> Notifications –> Urlc configuration –> Edit) is checked, `urlc` parameter will be ignored. Important If option HTTPS verify (menu Settings –> Notifications –> Urlc configuration –> Edit) is checked, address has to use HTTPS protocol. type: string max length: 1000 Example: `urlc` = https://www.example.com/urlc_receiver.php `urlc` = http://195.150.9.55/urlc_receiver.php
`expiration_date`	Payment request expiration date, according to the Europa / Warsaw time zone. When using this parameter it is recommended to sign the request sent to Dotpay. Description of signature creation can be found in Redirection parameters integrity protection (CHK) section. Format: YYYY-MM-DD hh:mm:ss Example: `expiration_date` = 2019-06-01 12:06:37
`control`	Control parameter allows you to store sequence of data. Unchanged parameter is sent to the Merchant’s service in URLC confirmation. type: string max length: 1000 Example: `control` = ec4bf09d3dbe0cb71e6abc3ea44a7273
`firstname`	This parameter identifies the first name of the person making the payment. type: string min length: 1 max length: 50 regular expression: ^[\p{L}0-9\s\-_]{1,50}$ Example: `firstname` = John
`lastname`	This parameter identifies the surname of the person making the payment. type: string min length: 1 max length: 50 regular expression: ^[\p{L}0-9\s\-_]{1,50}$ Example: `lastname` = Smith
`email`	E-mail address of a person making the payment. Payment confirmation will be sent at this address. type: string max length: 100 Example: `email` = johnsmith@example.com
`street`	Street name. A part of the address of the buyer. type: string min length: 1 max length: 100 regular expression: ^[\p{L}0-9\.\s\-\'_,]{1,100}$ Example: `street` = Wielicka
`street_n1`	Building number. A part of the address of the buyer. type: string min length: 1 max length: 30 regular expression: ^[\p{L}0-9\s\-_\/]{1,30}$ Example: `street_n1` = 4
`street_n2`	Flat number. A part of the address of the buyer. type: string max length: 30 regular expression: ^[\p{L}0-9\s\-_]{0,30}$ Example: `street_n2` = 18
`state`	Additional address data. A part of the address of the buyer. type: string max length: 50 Example: `state` = NY
`addr3`	Additional address data. A part of the address of the buyer. type: string max length: 50
`city`	City name. A part of the address of the buyer. type: string min length: 1 max length: 50 regular expression: ^[\p{L}0-9\.\s\-\'_,]{1,50}$ Example: `city` = Kraków
`postcode`	Postal code. A part of the address of the buyer. type: string max length: 20 regular expression: ^[\d\w\s\-]{0,20}$ Example: `postcode` = 30-552
`phone`	Buyer’s phone number. type: string min length: 3 max length: 20 regular expression: ^[\+\s0-9\-_]{3,20}$ Example: `phone` = +48 127654321
`country`	Country name. A part of the address of the buyer. The name should be given in accordance with the ISO 3166-1 (alfa-2 or alfa-3) or a text English short name (using title case). type: string max length: 50 Example: `country` = PL `country` = POL `country` = Poland
`lang`	Defines the language of web page and payment forms. If parameter is not sent, pages will be displayed based on browser language. If given language is not available, English will be used. Available values: cs – Czech, de – German, en – English, es – Spanish, fr – French, hu – Hungarian, it – Italian, pl – Polish, ro – Romanian, ru – Russian, uk – Ukrainian lt – Lithuanian lv – Latvian Example: `lang` = en
`customer`	Recipient and shipping data. Parameter required for some channels (eg. 95 /PayPo/ ). This data should be in JSON a format and then encoded using Base64. List of data for this parameter and it’s encoding has been described in Shipping and payer data section. Value is not returned to merchant anywhere (e.g. in URLC notifications or administration panel). Important Using this parameter requires given account ( `id` ) to have enabled CHK verification. type: string Example: `customer` = eyJyZWdpc3RlcmVkX3NpbmNlIjoiMjAxNy0xMi0zMSIsIm9yZGVyX2NvdW50IjoxMiwicGF5ZXIiOnsiZmlyc3RfbmFtZSI6IkphbiIsImxhc3RfbmFtZSI6Iktvd2FsIiwiZW1haWwiOiJqYW5AZXhhbXBsZS5jb20ifSwib3JkZXIiOnsiZGVsaXZlcnlfdHlwZSI6IkNPVVJJRVIiLCJkZWxpdmVyeV9hZGRyZXNzIjp7ImNpdHkiOiJLcmFrb3ciLCJzdHJlZXQiOiJXaWVsaWNrYSIsImJ1aWxkaW5nX251bWJlciI6IjExIiwiZmxhdF9udW1iZXIiOiI3IiwicG9zdGNvZGUiOiIzMC01NTMiLCJjb3VudHJ5IjoiUE9MIn19fQ==
`deladdr`	Delivery address. Parameter is used by Dotpay system only for informational purposes. Value is not returned to merchant anywhere (e.g. in URLC notifications or administration panel). type: string max length: 500 Example: `deladdr` = Delivery Point 3, Warszawa, ul. Ogonowa 14
`p_info`	With use of this parameter a seller can define the name of a payment receiver which will be displayed on the payment Dotpay website. In case the name is not provided the default name will be displayed. Sending parameter overrides default shop ( `id` ) configuration from seller administration panel in Settings –> Shop configuration –> Edit tab type: string max length: 300 Example: `p_info` = Sklep example.com
`p_email`	This parameter describes an e-mail address, which will be seen by a customer. It overwrites an email address provided during registration process. Sending parameter overrides default shop ( `id` ) configuration from seller administration panel in Settings –> Shop configuration –> Edit tab. type: string max length: 100 Example: `p_email` = office@example.com
`pid`	Payment link for a given store ( `id` ) generated via Dotpay Admin Panel (in the tab Tools –> Payment links generator –> Generate a payment link) or via the Seller administration panel API . type: string length: 32 Example: `pid` = rfhu4jb5ym657g3xluf4bbqfmbyj6t17 The `pid` parameter can appear either alone in the payment link, e.g. https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17 or with additional parameters: `lang` , `ignore_last_payment_channel` , eg: https://ssl.dotpay.pl/t2/?pid=rfhu4jb5ym657g3xluf4bbqfmbyj6t17&ignore_last_payment_channel=1&lang=pl Caution By default, the store also requires the parameter link_pre-chk01\| `chk` to be sent. In the case of generating payment links from the administration panel, the chk parameter is automatically added to the link. However, when the payment link is generated manually from parameters or using the administration panel API, it is necessary to generate the correct value `chk` and attaching it to the payment link.
`blik_code`	BLIK code confirming payment with given channel. In standard procedure the code is entered by customer on payment provider website after choosing BLIK channel. Sending the parameter in redirection allows shortening payment process because code is entered on shop’s website with other order data. type: string min length: 6 max length: 6 regular expression: ^[\d]{6}$ Example: `blik_code` = 264230
`gp_token`	Encoded using the Base64 function token received from Google Pay after the merchant’s implementation of the Google Pay API. It contains encrypted data of the tokenized pay card used to process the payment. Sending the parameter in redirection allows shortening payment process because the authentication of the payer’s card data is already on the seller’s store page. type: string Example: `gp_token` = eyJzaWduYXR1cmUiOiJNRVFDSUZDSm5MQWI1Rk50N3gwT0J1OHhPeVdRMisyanFBaGorbFAxdmhqYUpIVk5BaUJHRFRwMk9UOTNNYzFXNTJ6VVFhWitVUjBaYjQ0Kys5QTdzZ2E0YVFBSVZRPTRkIiwiaW50ZXJtZWRpYXRlU2lnbmluZ0tleSI6eyJzaWduZWRLZXkiOiJ7XCJrZXlWYWx1ZVwiOlwiTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFLzJ1NUpxRXIwUXFLU1IvbUFUcWVLa0xjVVZKVnVOOFQ5ZVBMOW5WS1hYRFNDa3NiZzVyN2pmMGI0cjVkQTMrMmxDUFV5M2xGTW9NSUx4WlYzYUd4SGdcXHUwMDNkXFx1MDAzZFwiLFwia2V5RXhwaXJhdGlvblwiOlwiMTU1MDkzNjQ3MjQ5OFwifSIsInNpZ25hdHVyZXMiOlsiTUVZQ0lRRHVPL09XZWY3eUhxUzdnaU55dEZQRXZPRlgxMkhGWHRCRFAxelRFViswaVFJaEFOMW90YnhZd2tqQXBEQlJBSDVNWmtwelhjS1lNQ01JSGhEMk9ubk9xQ21XIl19LCJwcm90b2NvbFZlcnNpb24iOiJFQ3YyIiwic2lnbmVkTWVzc2FnZSI6IntcImVuY3J5cHRlZE1lc3NhZ2VcIjpcImZGc2pkMlFCZzExTS9oOVpIUXRYZCt5aHNhYTNYWFBlWndZS0FGK1JGMnQ4RnZtUnZKMG8xc1ZtTHJ4TTc0M1VyY1p0aWhqaXV2TUdQMHBpYTBqcFo2cGxTaWlQUWZ5NmdYKy80MW1mVVloUTRJQ3BKYTVBWFp2QU40UTBidHdMZUNycGFCMGtmRjJQRkVGMmxVUnNNbHV5bU04ZGhadEdVZmZHUm5ocFpJUGF3dUgzUUhBYUpmYi9iZGpoaTV4S2JLSDlYK2FNTFlDN0M2Wmp0SG05QW5vL3BqcUV1ZmpiM2FHU29WYVhPQk55MXhZc3QrQ0xUT0xLdkxvOE81R252WklqeHc3dzV0TU90Ry8vWlczWGU0QlhXTzdLOXhGVmphRmwrNVMwcFpFY2c5YXV6OFVRSG1uVnU4dTBQdkp2UUpBMnRZOVBYU2VScmZRMU1PZUp1Z1c5d3VYWDhjVEQ0bHpEeTN5NE1GMkNuYXJSREQ4aUZsL0NkTXphNUVWOGRhN1o3NkFzQVc3eEpqbXZKNmd0bDJKLytyc01nK3dQV0d3UTA0NEhTUTNQVGduZFdCWVY0NVRPZ1d1YzI1R1Y5T204elhydERsWldrRGlLS1NkUmVyOU9SSnh0a0o1Y0Jhd2NcXHUwMDNkXCIsXCJlcGhlbWVyYWxQdWJsaWNLZXlcIjpcIkJESE81citMSlViMStkT20xeUdmbTR3MTlFQmFNWFFKSDVzbUZRd3ZWU21hV1dMYURlQlg5eFF1VXZDT21OQkhpMXpBMUFUYzFvUk9JVlg5QTFSa3Evd1xcdTAwM2RcIixcInRhZ1wiOlwiZnNQWG40dTNMMm5sY2VHN2ZQRzJmblh0UXdBVWdSNmxDNmJ0Qk12UjFMY1xcdTAwM2RcIn0ifQ==
`ap_token`	Encoded using the Base64 function token received from Apple Pay after the merchant’s implementation of the Apple Pay. It contains encrypted data of the tokenized pay card used to process the payment. Sending the parameter in redirection allows shortening payment process because the authentication of the payer’s card data is already on the seller’s store page/payer device. type: string Example: `ap_token` = eyJzacmUiOiJ … h0UXAwM2RcIn0ifQ==

2. RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION)¶

In order to inform the Seller about the executed operation (transaction) an URLC confirmation mechanism has been created (HTTP request asynchronous connection, callback) which is sent by POST method and fully independent from a buyer’s action.

Confirmations are directed to the seller’s address which can be set in settings of a given shop in Dotpay panel (menu Settings –> Notifications –> Urlc configuration –> Edit) or to the address read from urlc sent by the Seller’s system in redirection of a Buyer to the payment site (unless urlc parameter has been unblocked from external sources, i.e. uncheck Block external URLC option). If URLC notification address DON’T use HTTP secure protocol (i.e. HTTPS) remember to deactivate HTTPS verify and SSL certificate verify options in menu mentioned above.

Verifying whether transaction is unique in merchant’s system should NOT be based only on value of control == control parameter. If for some reason customer redirects multiple times between shop and Dotpay or Dotpay and bank, there is a possibility of receiving for example 2 notifications with contradicting status for the same control. Transaction should be identified by taking as well operation_number into account, transaction id given by Dotpay.

Caution

No verification of a amount == operation_original_amount , currency == operation_original_currency and signature parameters on a merchant’s site is unsecure and may cause financial loss.

Content and result of URLC notifications is available in Dotpay panel by showing given operation details (by clicking on its number) in Payments -> Operations list menu. In the same place there is also an option to resend those notifications.

Caution

For correctly received URLC confirmation by the Seller’s system Dotpay expects an answer

OK

(only two capital letters, nothing more – encoding UTF8 without BOM, HTTP response status code 200). OK is a correctly received and processed confirmation, for example:

echo "OK";

When a different answer than OK is reversed by the Seller’s system Dotpay system will repeat confirmations (every few, several minutes). The X-Dotpay-URLC-Number parameter may be passed in the notification header, which will be one value higher than the previous one, counting from ‘0’ as the first message.

Parameters and optional values sent in URLC confirmations to the Seller’s system have been presented in the table below.

Note

Optional parameters are not returned by default. To activate them contact Dotpay tech support ( tech@dotpay.pl ).

Note

By default system sends notifications URLC only for payment operations for completed and rejected status (listed in table below). To enable notifications for other operations and statuses contact Technical Support at tech@dotpay.pl .

2.1. Table 3. (Parameters sent by Dotpay back to merchant’s system)¶

PARAMETER	MEANING / DESCRIPTION
`id`	Account ID. typ: integer min value: 1 max value: 999999 Example: `id` = 123456
`operation_number`	Transaction number. Format according to regular expression: ^M\d{4,5}\-\d{4,5}$ Example: `operation_number` = M1234-56789
`operation_type`	Transaction type. Available values: payment , payment_multimerchant_child , payment_multimerchant_parent , refund , payout , payout_any_amount , release_rollback , unidentified_payment complaint credit_card_registration payout_commission - commission on payment Example: `operation_type` = payment
`operation_status`	Transaction status. Available values: new , processing , completed , rejected , processing_realization_waiting , processing_realization Detailed description of operation statuses are presented in chapter ATTACHMENT II - OPERATION STATUSES DESCRIPTION Note completed and rejected status is final and will not change in the future. Example: `operation_status` = completed
`operation_amount`	Transaction amount. The centesimal separator is a dot (.) typ: string min length: 1 max length: 10 Example: `operation_amount` = 177.27
`operation_currency`	The currency in which the amount parameter is given. Format according to ISO 4217 standard. Example: `operation_currency` = PLN
`operation_withdrawal_amount`	Optional parameter indicating the operation withdrawal amount. Example: `operation_withdrawal_amount` = 176.00
`operation_commission_amount`	Optional parameter indicating the operation commission amount. The parameter is presented as a negative amount, and therefore contains a - sign. Example: `operation_commission_amount` = -1.27
`is_completed`	Optional parameter indicating the transaction marked as completed in the seller’s panel. Example: `is_completed` = false `is_completed` = true
`operation_original_amount`	The amount taken from `amount` parameter which has been sent by merchant’s system. typ: string min length: 1 max length: 10 Example: `operation_original_amount` = 42.82 Important No verification of a `operation_original_amount` parameter on a merchant’s site is unsecure and may cause financial loss.
`operation_original_currency`	The currency taken from `currency` parameter which has been sent by merchant’s system in redirecting buyer to the Dotpay website. Format compliant with standard ISO 4217 . Example: `operation_original_currency` = EUR Important No verification of a `operation_original_currency` parameter on a merchant’s site is unsecure and may cause financial loss.
`operation_datetime`	Date and time of transaction’s status change. Format: YYYY-MM-DD hh:mm:ss Example: `operation_datetime` = 2014-06-01 12:06:37
`operation_related_number`	Number of related transaction, if any exists (e.g. in case of a refund). Format according to regular expression: ^M\d{4,5}\-\d{4,5}$ Example: `operation_related_number` = M1234-56789 If a confirmation regards refund number M9876-5432 executed for an original operation M1234-5678 the parameter will accept original transaction number value which is M1234-5678.
`control`	This value corresponds with `control` parameter which has been sent by merchant’s service in a redirection to Dotpay service while making the payment (see Table 2. (Additional parameters) ). typ: string max length: 1000 Example: `control` = ec4bf09d3dbe0cb71e6abc3ea44a7273
`description`	This value corresponds with `description` parameter which has been sent by merchant’s service in a redirection to Dotpay service while making a payment (see Table 2. (Additional parameters) ). typ: string min length: 1 max length: 255 Example: `description` = Invoice 20/2014
`email`	E-mail address of a person making the payment. typ: string max length: 100 Example: `email` = johnsmith@example.com
`p_info`	Name of a payment receiver which was displayed on the Dotpay payment website during Customer payment making. typ: string max length: 300 Example: `p_info` = Shop
`p_email`	E-mail address which was displayed for customer as contact to Seller. typ: string max length: 100 Example: `p_email` = contact@shop.com
`credit_card_issuer _identification_number`	Optional parameter. Masked payment card number with which payment has been made. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Example: `credit_card_issuer_identification_number` = 603753
`credit_card_masked_number`	Optional parameter. Masked payment card number with which payment has been made. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Example: `credit_card_masked_number` = XXXX XXXX XXXX 6214
`credit_card_expiration_year`	Optional parameter. Year expiration date of a payment card, which payment has been made. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Example: `credit_card_expiration_year` = 2019
`credit_card_expiration_month`	Optional parameter. Month expiration date of a payment card, which payment has been made. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Example: `credit_card_expiration_month` = 01
`credit_card_brand_codename`	Optional parameter. Payment card brand with which payment has been made. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Example: `credit_card_brand_codename` = visa
`credit_card_brand_code`	Optional parameter. Payment card brand code with which payment has been made. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Example: `credit_card_brand_code` = Visa
`credit_card_unique_identifier`	Optional parameter. The unique identifier of the card registered in Dotpay. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Example: `credit_card_unique_identifier` = 9b73chvjxofy4d9g…d78d7l53ju34po12
`credit_card_id`	Optional parameter. Payment card ID given by Dotpay system. Important In order for parameter to be sent, options HTTPS verify and SSL certificate verify (menu Settings –> Notifications –> Urlc configuration –> Edit) have to be enabled. Additionally given account ( `id` ) has to be configured on Dotpay side so CHK validation is required. Example: `credit_card_id` = 59f92e2bf8bedc36…1369dvpa4b7ab02ae
`channel`	Payment channel (method) used by the buyer. For available values see ATTACHMENT 1 - PAYMENT CHANNELS . Example: `channel` = 1
`channel_country`	Optional parameter. Indicates the country of the payment instrument from which payment was made. Format: ISO 3166-1 (alpha-3). Example: `channel_country` = POL
`geoip_country`	Optional parameter. Indicates the location of the country resulting from IP address from which the payment was made. Format: ISO 3166-1 (alpha-3). Example: `geoip_country` = POL
`payer_bank_account_name`	Optional parameter. Account owner name registered in the bank. Example: `payer_bank_account_name` = JAN KOWALSKI
`payer_bank_account`	Optional parameter. The bank account number from which the payment was made. Format compliant with the IBAN. Example: `payer_bank_account` = PL41 1050 1009 4448 5481 1411 1395
`payer_transfer_title`	Optional parameter. The original title of the operation registered in the payer’s bank. Example: `payer_transfer_title` = Store Name M5223-2008 Operation title Transaction No.: M5223200800000000000000000000000
`blik_voucher_pin`	Optional parameter. PIN for the issued BLIK vouchers. Example: `blik_voucher_pin` = 6365
`blik_voucher_amount`	Optional parameter. The nominal value of issued voucher BLIK. Example: `blik_voucher_amount` = 100.00
`blik_voucher_amount_used`	Optional parameter. Actual amount paid from the issued BLIK voucher. This amount may be equal to or less than the face value of the `blik_voucher_amount` voucher issued. Example: `blik_voucher_amount_used` = 60.00
`channel_reference_id`	Optional parameter. Additional details of the operation, e.g. bank reference number. Example: `channel_reference_id` = CDEd3pis6offk708bac2070ebf478183ad91668fd495a9884
`operation_seller_code`	Optional parameter (only available by prior arrangement). A reply code for a rejected transaction that describes the possible reason for a transaction being refused. Sample codes are presented in table (equivalent to ‘seller_code’ in api seller). Example: `operation_seller_code` = CC_DO_NOT_HONOUR
`signature`	The checksum created by an acronym function SHA-256 being a concatenation of the above mentioned parameters according to the following formula: PIN + `id` + `operation_number` + `operation_type` + `operation_status` + `operation_amount` + `operation_currency` + `operation_withdrawal_amount` + `operation_commission_amount` + `is_completed` + `operation_original_amount` + `operation_original_currency` + `operation_datetime` + `operation_related_number` + `control` + `description` + `email` + `p_info` + `p_email` + `credit_card_issuer_identification_number` + `credit_card_masked_number` + `credit_card_expiration_year` + `credit_card_expiration_month` + `credit_card_brand_codename` + `credit_card_brand_code` + `credit_card_unique_identifier` + `credit_card_id` + `channel` + `channel_country` + `geoip_country` + `payer_bank_account_name` + `payer_bank_account` + `payer_transfer_title` + `blik_voucher_pin` + `blik_voucher_amount` + `blik_voucher_amount_used` + `channel_reference_id` + `operation_seller_code` Important Sign + in the above formula has been used only for its readability. It is NOT used to calculate the checksum. If in sent notification some parameter is NOT present, should be considered as null value or omitted in the calculation. Note PIN used to calculate a signature parameter is a string of characters which should be generated by a Merchant ( `id` )in My Dotpay panel (menu Settings –> Notifications –> Urlc configuration). It is only used to create the checksum and should NOT be sent along other payment data! Important No verification of a `signature` parameter on a merchant’s site is unsecure and may cause financial loss.

2.2. An example of calculating the signature parameter¶

An example of calculating parameter signature value is presented below in PHP.

<?php

$PIN = "Np3n4QmXxp6MOTrLCVs905fdrGf3QIGm";

$sign =
        $PIN.
        $_POST['id'].
        $_POST['operation_number'].
        $_POST['operation_type'].
        $_POST['operation_status'].
        $_POST['operation_amount'].
        $_POST['operation_currency'].
        $_POST['operation_withdrawal_amount'].
        $_POST['operation_commission_amount'].
        $_POST['is_completed'].
        $_POST['operation_original_amount'].
        $_POST['operation_original_currency'].
        $_POST['operation_datetime'].
        $_POST['operation_related_number'].
        $_POST['control'].
        $_POST['description'].
        $_POST['email'].
        $_POST['p_info'].
        $_POST['p_email'].
        $_POST['credit_card_issuer_identification_number'].
        $_POST['credit_card_masked_number'].
        $_POST['credit_card_expiration_year'].
        $_POST['credit_card_expiration_month'].
        $_POST['credit_card_brand_codename'].
        $_POST['credit_card_brand_code'].
        $_POST['credit_card_unique_identifier'].
        $_POST['credit_card_id'].
        $_POST['channel'].
        $_POST['channel_country'].
        $_POST['geoip_country'].
        $_POST['payer_bank_account_name'].
        $_POST['payer_bank_account'].
        $_POST['payer_transfer_title'].
        $_POST['blik_voucher_pin'].
        $_POST['blik_voucher_amount'].
        $_POST['blik_voucher_amount_used'].
        $_POST['channel_reference_id'].
        $_POST['operation_seller_code'];

$signature=hash('sha256', $sign);

?>

3. ADDITIONAL FEATURES¶

3.1. Redirection parameters integrity protection (CHK)¶

In order to protect redirection parameters integrity Dotpay system allows to sign their values.

Signature should be sent as additional parameter called chk (alongside rest of the payment parameters). chk value is checksum calculated with SHA‑256 algorithm using parameter concatenation described below keeping the order.

PIN + api_version + lang + id + pid + amount + currency + description + control + channel + credit_card_brand + ch_lock + channel_groups + onlinetransfer + url + type + buttontext + urlc + firstname + lastname + email + street + street_n1 + street_n2 + state + addr3 + city + postcode + phone + country + code + p_info + p_email + n_email + expiration_date + deladdr + recipient_account_number + recipient_company + recipient_first_name + recipient_last_name + recipient_address_street + recipient_address_building + recipient_address_apartment + recipient_address_postcode + recipient_address_city + application + application_version + warranty + bylaw + personal_data + credit_card_number + credit_card_expiration_date_year + credit_card_expiration_date_month + credit_card_security_code + credit_card_store + credit_card_store_security_code + credit_card_customer_id + credit_card_id + blik_code + credit_card_registration + surcharge_amount + surcharge + ignore_last_payment_channel + vco_call_id + vco_update_order_info + vco_subtotal + vco_shipping_handling + vco_tax + vco_discount + vco_gift_wrap + vco_misc + vco_promo_code + credit_card_security_code_required + credit_card_operation_type + credit_card_avs + credit_card_threeds + customer + gp_token + blik_refusenopayid + auto_reject_date + ap_token + id1 + amount1 + currency1 + description1 + control1 + … + id(n) + amount(n) + currency(n) + description(n) + control(n)

Caution

Character + was used only for visual clarity. It is NOT used to calculate the signature.

In case of links generated using seller administration panel ( pid ), calculation of chk value is done on basis of PIN + pid (according to the above formula), don’t take into account the parameters from which pid was created.

If given parameter is not used in redirection it has to be skipped.

Note

PIN used to calculate a chk parameter is a string of characters which should be generated by a Merchant ( id ) in My Dotpay panel (menu Settings –> Notifications –> Urlc configuration).

Caution

Default shop ( id ) configuration verifies chk parameter sent in payment request.

If it’s absent or its value is incorrect, error will be returned.

chk verification isn’t the only payment security mechanism, in some cases it might prove to be unnecessary. chk verification allows to check parameters in the first step of payment: redirecting customer to Dotpay. The most important part is compare amount and currency from payment created in Dotpay with data saved in seller’s service - RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION).

If your shop doesn’t have chk verification enabled (it’s optional or completely disabled), ask Dotpay to change your account’s settings.

If you are not sure your integration supports chk, please contact your service provider / programmer responsible for the implementation, or Doptay Tech support (email: tech@dotpay.pl ).

In case you don’t want to use this security measure and are aware of possible implications, you can disable chk for your account ( id ). To do so, send an email to administracja@dotpay.pl .

Below are exemplary functions (PHP) generating POST / GET request with chk .

3.1.1. Basic Example¶

Download this example (change extension to .php): Download example

<?php

################### https://www.dotpay.pl/developer/doc/api_payment/   ######################################################################
#
#	Exemplary function (PHP) generating  the correct payment redirection (POST / GET) to Dotpay payment api with parametr 'chk' (checksum).
#	You enter the payment data in the parameter: $ParametersArray.
#
#
#	Dotpay Sp. z o.o.
#	Tech Customer Service: tech@dotpay.pl
#   Date: 2020-02-11
#
##############################################################################################################################################


/** ---------  BASE CONFIG  ---------  **/

// Your Dotpay ID shop (6 digits)
	$DotpayId = "123456";

// PIN for Your Dotpay ID (copy this from your dotpay panel carefully, without space)
	$DotpayPin = "MyDotpayPIN000000j4suuSgMPXlg100";

// Dotpay Environment, available: "test" or "production"
	$Environment = "test";

//Redirection method: POST or GET ; recommended method is "POST"
	$RedirectionMethod = "POST";

/**  ---------  end config  ---------  **/



// ** -----------------------   SAMPLE DATA ------------------------- **/

/*  ## SAMPLE PAYMENT DATA IN ##  */
	// Note! You can use more parameters if You need
	// You must give at least: 'amount', 'currency', 'description' (and of course ID and PIN in the configuration of this script)
	// see more: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-1-podstawowe-parametry-przesylane-do-serwisu-dotpay
	// and: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-2-dodatkowe-parametry-przesylane-do-serwisu-dotpay

// ------
$ParametersArray = array(

	"api_version" => "dev",
	"amount" => "100.00",
	"currency" => "PLN",
	"description" => "Order no. 567915976",
	"url" => "https://www.example.com/thanks_page.php",
	"type" => "0",
	"buttontext" => "Back to the www.example.com",
	"urlc" => "https://www.example.com/urlc_receiver.php",
	"control" => "M1231MzaUdLQWR3",
	"firstname" => "Jan",
	"lastname" => "Nowak",
	"email" => "jan.nowak@example.com",
	"street" => "Warszawska",
	"street_n1" => "1",
	"city" => "Krakow",
	"postcode" => "12-345",
	"phone" => "123456789",
	"country" => "POL",
	"ignore_last_payment_channel" => 1
);

// ** -----------------------   SAMPLE DATA  end ------------------------- **/



## CALCULATE CHECKSUM - CHK

function GenerateChk($DotpayId, $DotpayPin, $ParametersArray)

{
    $ParametersArray['id'] = $DotpayId;

    $CHkInputString =   $DotpayPin.
                        (isset($ParametersArray['api_version']) ? $ParametersArray['api_version'] : null).
                        (isset($ParametersArray['lang']) ? $ParametersArray['lang'] : null).
                        (isset($ParametersArray['id']) ? $ParametersArray['id'] : null).
                        (isset($ParametersArray['amount']) ? $ParametersArray['amount'] : null).
                        (isset($ParametersArray['currency']) ? $ParametersArray['currency'] : null).
                        (isset($ParametersArray['description']) ? $ParametersArray['description'] : null).
                        (isset($ParametersArray['control']) ? $ParametersArray['control'] : null).
                        (isset($ParametersArray['channel']) ? $ParametersArray['channel'] : null).
                        (isset($ParametersArray['url']) ? $ParametersArray['url'] : null).
                        (isset($ParametersArray['type']) ? $ParametersArray['type'] : null).
                        (isset($ParametersArray['buttontext']) ? $ParametersArray['buttontext'] : null).
                        (isset($ParametersArray['urlc']) ? $ParametersArray['urlc'] : null).
                        (isset($ParametersArray['firstname']) ? $ParametersArray['firstname'] : null).
                        (isset($ParametersArray['lastname']) ? $ParametersArray['lastname'] : null).
                        (isset($ParametersArray['email']) ? $ParametersArray['email'] : null).
                        (isset($ParametersArray['street']) ? $ParametersArray['street'] : null).
                        (isset($ParametersArray['street_n1']) ? $ParametersArray['street_n1'] : null).
                        (isset($ParametersArray['city']) ? $ParametersArray['city'] : null).
                        (isset($ParametersArray['postcode']) ? $ParametersArray['postcode'] : null).
                        (isset($ParametersArray['phone']) ? $ParametersArray['phone'] : null).
                        (isset($ParametersArray['country']) ? $ParametersArray['country'] : null).
                        (isset($ParametersArray['ignore_last_payment_channel']) ? $ParametersArray['ignore_last_payment_channel'] : null);

    return hash('sha256',$CHkInputString);
}



## GENERATE FORM TO DOTPAY

function GenerateChkDotpayRedirection($DotpayId, $DotpayPin, $Environment, $RedirectionMethod, $ParametersArray)
{
    $ChkValue = GenerateChk($DotpayId, $DotpayPin, $ParametersArray);

    if ($Environment == 'production') {
        $EnvironmentAddress = 'https://ssl.dotpay.pl/t2/';
    } elseif ($Environment == 'test') {
        $EnvironmentAddress = 'https://ssl.dotpay.pl/test_payment/';
    }

    if ($RedirectionMethod == 'POST') {
        $RedirectionCode = '<form action="'.$EnvironmentAddress.'" method="POST" id="dotpay_redirection_form" accept-charset="UTF-8">'.PHP_EOL;
		$RedirectionCode .= "\t".'<input name="id" value="'.$DotpayId.'" type="hidden"/>'.PHP_EOL;

        foreach ($ParametersArray as $key => $value) 
		{
            $RedirectionCode .= "\t".'<input name="'.$key.'" value="'.$value.'" type="hidden"/>'.PHP_EOL;
        }
        $RedirectionCode .= "\t".'<input name="chk" value="'.$ChkValue.'" type="hidden"/>'.PHP_EOL;
        $RedirectionCode .= '</form>'.PHP_EOL.'<button id="dotpay_redirection_button" type="submit" form="dotpay_redirection_form" value="Submit">Confirm and Pay</button>'.PHP_EOL;

        return $RedirectionCode;

    } elseif ($RedirectionMethod == 'GET') {
        $RedirectionCode = $EnvironmentAddress.'?';

        foreach ($ParametersArray as $key => $value) 
		{
            $RedirectionCode .= $key.'='.rawurlencode($value).'&';
        }

        $RedirectionCode .= 'id='.$DotpayId;
        $RedirectionCode .= '&chk='.$ChkValue;

		return '<a href="'.$RedirectionCode.'">Link to Pay</a>';
    }
}


##  get form (POST method) or payment link (GET method)
##  ("Dotpay ID","PIN","[test|production]","[POST|GET]","payment data")

echo GenerateChkDotpayRedirection($DotpayId, $DotpayPin, $Environment, $RedirectionMethod , $ParametersArray);

?>

3.1.2. Full Example¶

Download this example (change extension to .php): Download example

<?php

################### https://www.dotpay.pl/developer/doc/api_payment/   ######################################################################
#
#	Exemplary function (PHP) generating  the correct payment redirection (POST / GET) to Dotpay payment api with parametr 'chk' (checksum).
#	You enter the payment data in the parameter: $ParametersArray.
#
#	In addition, the examplary includes the use of data for the Multimerchant service ($MultiMerchantList)
#	and some payment channels that require additional data, e.g. a delivery address ($customer).
#	You do not need to use them if you do not use these features.
#
#	Dotpay Sp. z o.o.
#	Tech Customer Service: tech@dotpay.pl
#   Date: 2019-04-15
#
##############################################################################################################################################


/** ---------  BASE CONFIG  ---------  **/

// Your Dotpay ID shop (6 digits)
	$DotpayId = "123456";

// PIN for Your Dotpay ID (copy this from your dotpay panel carefully, without space)
	$DotpayPin = "Oi9xSl8lE4cJhygjKn2L1MW2MBqkv234";

// Dotpay Environment, available: "test" or "production"
	$Environment = "test";

//Redirection method: POST or GET ; recommended method is "POST"
	$RedirectionMethod = "POST";

/**  ---------  end config  ---------  **/


// Do not remove this!
$MultiMerchantList = array(); //optional data
$customer = null;  //optional data


## CALCULATE CHECKSUM - CHK

function GenerateChk($DotpayId, $DotpayPin, $Environment, $RedirectionMethod, $ParametersArray, $MultiMerchantList, $customer_base64)

{
    $ParametersArray['id'] = $DotpayId;
	$ParametersArray['customer'] = $customer_base64;

    $chk =   $DotpayPin.
    (isset($ParametersArray['api_version']) ? $ParametersArray['api_version'] : null).
    (isset($ParametersArray['lang']) ? $ParametersArray['lang'] : null).
    (isset($ParametersArray['id']) ? $ParametersArray['id'] : null).
    (isset($ParametersArray['pid']) ? $ParametersArray['pid'] : null).
    (isset($ParametersArray['amount']) ? $ParametersArray['amount'] : null).
    (isset($ParametersArray['currency']) ? $ParametersArray['currency'] : null).
    (isset($ParametersArray['description']) ? $ParametersArray['description'] : null).
    (isset($ParametersArray['control']) ? $ParametersArray['control'] : null).
    (isset($ParametersArray['channel']) ? $ParametersArray['channel'] : null).
    (isset($ParametersArray['credit_card_brand']) ? $ParametersArray['credit_card_brand'] : null).
    (isset($ParametersArray['ch_lock']) ? $ParametersArray['ch_lock'] : null).
    (isset($ParametersArray['channel_groups']) ? $ParametersArray['channel_groups'] : null).
    (isset($ParametersArray['onlinetransfer']) ? $ParametersArray['onlinetransfer'] : null).
    (isset($ParametersArray['url']) ? $ParametersArray['url'] : null).
    (isset($ParametersArray['type']) ? $ParametersArray['type'] : null).
    (isset($ParametersArray['buttontext']) ? $ParametersArray['buttontext'] : null).
    (isset($ParametersArray['urlc']) ? $ParametersArray['urlc'] : null).
    (isset($ParametersArray['firstname']) ? $ParametersArray['firstname'] : null).
    (isset($ParametersArray['lastname']) ? $ParametersArray['lastname'] : null).
    (isset($ParametersArray['email']) ? $ParametersArray['email'] : null).
    (isset($ParametersArray['street']) ? $ParametersArray['street'] : null).
    (isset($ParametersArray['street_n1']) ? $ParametersArray['street_n1'] : null).
    (isset($ParametersArray['street_n2']) ? $ParametersArray['street_n2'] : null).
    (isset($ParametersArray['state']) ? $ParametersArray['state'] : null).
    (isset($ParametersArray['addr3']) ? $ParametersArray['addr3'] : null).
    (isset($ParametersArray['city']) ? $ParametersArray['city'] : null).
    (isset($ParametersArray['postcode']) ? $ParametersArray['postcode'] : null).
    (isset($ParametersArray['phone']) ? $ParametersArray['phone'] : null).
    (isset($ParametersArray['country']) ? $ParametersArray['country'] : null).
    (isset($ParametersArray['code']) ? $ParametersArray['code'] : null).
    (isset($ParametersArray['p_info']) ? $ParametersArray['p_info'] : null).
    (isset($ParametersArray['p_email']) ? $ParametersArray['p_email'] : null).
    (isset($ParametersArray['n_email']) ? $ParametersArray['n_email'] : null).
    (isset($ParametersArray['expiration_date']) ? $ParametersArray['expiration_date'] : null).
    (isset($ParametersArray['deladdr']) ? $ParametersArray['deladdr'] : null).
    (isset($ParametersArray['recipient_account_number']) ? $ParametersArray['recipient_account_number'] : null).
    (isset($ParametersArray['recipient_company']) ? $ParametersArray['recipient_company'] : null).
    (isset($ParametersArray['recipient_first_name']) ? $ParametersArray['recipient_first_name'] : null).
    (isset($ParametersArray['recipient_last_name']) ? $ParametersArray['recipient_last_name'] : null).
    (isset($ParametersArray['recipient_address_street']) ? $ParametersArray['recipient_address_street'] : null).
    (isset($ParametersArray['recipient_address_building']) ? $ParametersArray['recipient_address_building'] : null).
    (isset($ParametersArray['recipient_address_apartment']) ? $ParametersArray['recipient_address_apartment'] : null).
    (isset($ParametersArray['recipient_address_postcode']) ? $ParametersArray['recipient_address_postcode'] : null).
    (isset($ParametersArray['recipient_address_city']) ? $ParametersArray['recipient_address_city'] : null).
    (isset($ParametersArray['application']) ? $ParametersArray['application'] : null).
    (isset($ParametersArray['application_version']) ? $ParametersArray['application_version'] : null).
    (isset($ParametersArray['warranty']) ? $ParametersArray['warranty'] : null).
    (isset($ParametersArray['bylaw']) ? $ParametersArray['bylaw'] : null).
    (isset($ParametersArray['personal_data']) ? $ParametersArray['personal_data'] : null).
    (isset($ParametersArray['credit_card_number']) ? $ParametersArray['credit_card_number'] : null).
    (isset($ParametersArray['credit_card_expiration_date_year']) ? $ParametersArray['credit_card_expiration_date_year'] : null).
    (isset($ParametersArray['credit_card_expiration_date_month']) ? $ParametersArray['credit_card_expiration_date_month'] : null).
    (isset($ParametersArray['credit_card_security_code']) ? $ParametersArray['credit_card_security_code'] : null).
    (isset($ParametersArray['credit_card_store']) ? $ParametersArray['credit_card_store'] : null).
    (isset($ParametersArray['credit_card_store_security_code']) ? $ParametersArray['credit_card_store_security_code'] : null).
    (isset($ParametersArray['credit_card_customer_id']) ? $ParametersArray['credit_card_customer_id'] : null).
    (isset($ParametersArray['credit_card_id']) ? $ParametersArray['credit_card_id'] : null).
    (isset($ParametersArray['blik_code']) ? $ParametersArray['blik_code'] : null).
    (isset($ParametersArray['credit_card_registration']) ? $ParametersArray['credit_card_registration'] : null).
    (isset($ParametersArray['surcharge_amount']) ? $ParametersArray['surcharge_amount'] : null).
    (isset($ParametersArray['surcharge']) ? $ParametersArray['surcharge'] : null).
    (isset($ParametersArray['surcharge']) ? $ParametersArray['surcharge'] : null).
    (isset($ParametersArray['ignore_last_payment_channel']) ? $ParametersArray['ignore_last_payment_channel'] : null).
    (isset($ParametersArray['vco_call_id']) ? $ParametersArray['vco_call_id'] : null).
    (isset($ParametersArray['vco_update_order_info']) ? $ParametersArray['vco_update_order_info'] : null).
    (isset($ParametersArray['vco_subtotal']) ? $ParametersArray['vco_subtotal'] : null).
    (isset($ParametersArray['vco_shipping_handling']) ? $ParametersArray['vco_shipping_handling'] : null).
    (isset($ParametersArray['vco_tax']) ? $ParametersArray['vco_tax'] : null).
    (isset($ParametersArray['vco_discount']) ? $ParametersArray['vco_discount'] : null).
    (isset($ParametersArray['vco_gift_wrap']) ? $ParametersArray['vco_gift_wrap'] : null).
    (isset($ParametersArray['vco_misc']) ? $ParametersArray['vco_misc'] : null).
    (isset($ParametersArray['vco_promo_code']) ? $ParametersArray['vco_promo_code'] : null).
    (isset($ParametersArray['credit_card_security_code_required']) ? $ParametersArray['credit_card_security_code_required'] : null).
    (isset($ParametersArray['credit_card_operation_type']) ? $ParametersArray['credit_card_operation_type'] : null).
    (isset($ParametersArray['credit_card_avs']) ? $ParametersArray['credit_card_avs'] : null).
    (isset($ParametersArray['credit_card_threeds']) ? $ParametersArray['credit_card_threeds'] : null).
    (isset($ParametersArray['customer']) ? $ParametersArray['customer'] : null).
    (isset($ParametersArray['gp_token']) ? $ParametersArray['gp_token'] : null).
    (isset($ParametersArray['blik_refusenopayid']) ? $ParametersArray['blik_refusenopayid'] : null).
    (isset($ParametersArray['auto_reject_date']) ? $ParametersArray['auto_reject_date'] : null).    
    (isset($ParametersArray['ap_token']) ? $ParametersArray['ap_token'] : null);

    foreach ($MultiMerchantList as $item) {
        foreach ($item as $key => $value) {
            $chk =   $chk.
(isset($value) ? $value : null);
        }
    }
    return $chk;
}



## GENERATE FORM TO DOTPAY

function GenerateChkDotpayRedirection($DotpayId, $DotpayPin, $Environment, $RedirectionMethod, $ParametersArray, $MultiMerchantList, $customer_base64)
{
    $ParametersArray['id'] = $DotpayId;
    $ChkParametersChain = GenerateChk($DotpayId, $DotpayPin, $Environment, $RedirectionMethod, $ParametersArray, $MultiMerchantList, $customer_base64);


    $ChkValue = hash('sha256', $ChkParametersChain);

    if ($Environment == 'production') {
        $EnvironmentAddress = 'https://ssl.dotpay.pl/t2/';
    } elseif ($Environment == 'test') {
        $EnvironmentAddress = 'https://ssl.dotpay.pl/test_payment/';
    }

    if ($RedirectionMethod == 'POST') {
        $RedirectionCode = '<form action="'.$EnvironmentAddress.'" method="POST" id="dotpay_redirection_form" accept-charset="UTF-8">'.PHP_EOL;

        foreach ($ParametersArray as $key => $value) {
            $RedirectionCode .= "\t".'<input name="'.$key.'" value="'.$value.'" type="hidden"/>'.PHP_EOL;
        }

		if(isset($customer_base64)) {
			$RedirectionCode .= "\t".'<input name="customer" value="'.$customer_base64.'" type="hidden"/>'.PHP_EOL;
		}

        foreach ($MultiMerchantList as $item) {
            foreach ($item as $key => $value) {
                $RedirectionCode .= "\t".'<input name="'.$key.'" value="'.$value.'" type="hidden"/>'.PHP_EOL;
            }
        }

        $RedirectionCode .= "\t".'<input name="chk" value="'.$ChkValue.'" type="hidden"/>'.PHP_EOL;
        $RedirectionCode .= '</form>'.PHP_EOL.'<button id="dotpay_redirection_button" type="submit" form="dotpay_redirection_form" value="Submit">Confirm and Pay</button>'.PHP_EOL;

        return $RedirectionCode;

    } elseif ($RedirectionMethod == 'GET') {
        $RedirectionCode = $EnvironmentAddress.'?';

        foreach ($ParametersArray as $key => $value) {
            $RedirectionCode .= $key.'='.rawurlencode($value).'&';
        }

		if(isset($customer_base64)) {
			$RedirectionCode .= 'customer='.$customer_base64.'&';
		}

        foreach ($MultiMerchantList as $item) {
            foreach ($item as $key => $value) {
                $RedirectionCode .= $key.'='.rawurlencode($value).'&';
            }
        }

        $RedirectionCode .= 'chk='.$ChkValue;

		return '<a href="'.$RedirectionCode.'">Go to Pay</a><br>link:<br>'.$RedirectionCode;
    }
}





// ** -----------------------   SAMPLE DATA ------------------------- **/



/*  ## SAMPLE PAYMENT DATA IN ##  */
	// Note! You can use more parameters if You need
	// You must give at least: 'amount', 'currency', 'description' (and of course ID and PIN in the configuration of this script)
	// see more: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-1-podstawowe-parametry-przesylane-do-serwisu-dotpay
	// and: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#tabela-2-dodatkowe-parametry-przesylane-do-serwisu-dotpay

// ------
$ParametersArray = array(
	"api_version" => "dev",
	"amount" => "100.00",
	"currency" => "PLN",
	"description" => "Order no. 567915976",
	"url" => "https://www.example.com/thanks_page.php",
	"type" => "4",
	"channel" => "2",
	"buttontext" => "Back to the www.example.com",
	"urlc" => "https://www.example.com/urlc_receiver.php",
	"control" => "M1231MzaUdLQWR3",
	"firstname" => "Jan",
	"lastname" => "Nowak",
	"email" => "jan.nowak@example.com",
	"street" => "Warszawska",
	"street_n1" => "1",
	"city" => "Krakow",
	"postcode" => "12-345",
	"phone" => "123456789",
	"country" => "POL",
	"ignore_last_payment_channel" => "true"
);
// ------


/*   ###  SAMPLE CUSTOMER DATA IN with delivery address (optional) ###
			You can remove it if You don't need it
*/

// ------
$customer = array(
	"payer" => array(
		"first_name" => "Jan",
		"last_name" => "Kowal",
		"email" => "mymail@example.com",
	) ,
	"order" => array(
		"delivery_address" => array(
			"city" => "Kraków",
			"street" => "Wielicka",
			"building_number" => "28B",
			"postcode" => "30-552",
		)
	)
);

// ------



/*  ### SAMPLE Multimerchant DATA IN (3 accounts 'child' type ) - optional  ###
		 You can remove it if You don't need it
		 see more: https://www.dotpay.pl/developer/doc/api_payment/en/index.html#platnosc-dzielona-multimerchant-pasaz
*/

// ------ uncomment if you need:

/*
	$MultiMerchantList = array(
		$MultiMerchant1 = array(
			"id1" => "123456",
			"amount1" => "10.00",
			"currency1" => "PLN",
			"description1" => "description1",
			"control1" => "control1",
		) ,
		$MultiMerchant2 = array(
			"id2" => "234561",
			"amount2" => "60.00",
			"currency2" => "PLN",
			"description2" => "description2",
			"control2" => "control2",
		) ,
		$MultiMerchant3 = array(
			"id3" => "234562",
			"amount3" => "30.00",
			"currency3" => "PLN",
			"description3" => "description3",
			"control3" => "control3",
		)
	);

*/
// ------


// ** -----------------------   SAMPLE DATA  end ------------------------- **/


if (empty($customer) || !isset($customer['payer']) || !isset($customer['order']['delivery_address'])) {
	$customer_base64 = null;
} else {
	$customer_base64 = base64_encode(json_encode($customer));
}



##  get form (POST method) or payment link (GET method)
##  ("Dotpay ID","PIN","[test|production]","[POST|GET]","payment data","Multimerchant data", "additional customer data")

echo GenerateChkDotpayRedirection($DotpayId, $DotpayPin, $Environment, $RedirectionMethod , $ParametersArray, $MultiMerchantList, $customer_base64);

?>

3.2. One-click and recurring payments¶

Note

Functionality is only available for shops ( id ) which were adequately configured by Dotpay, what is dependent on signed agreement.

Functionality is only available for payment card channel (number 248), allowing client to realize payments without entering complete card data in future transactions made via Dotpay.

In order to use the functionality seller’s system has to send additional parameters (described below) in payment request and client should allow his card information to be stored by Dotpay (all data is stored according to highest security standards – PCI DSS Level 1).

When using described functionality it is recommended for request sent to Dotpay to be signed as well as signature verification to be required on given shop ( id ). Description of signature creation can be found in Redirection parameters integrity protection (CHK) section.

In order to register client’s card data in Dotpay system additional parameters have to be sent:

3.2.1. Table 4. (Parameters for card registration)¶

PARAMETER MEANING / DESCRIPTION

credit_card_store

Parameter defining whether client card data should be stored by Dotpay.

Available values:

1 – Storing credit card data is accepted

Example:

credit_card_store = 1

credit_card_customer_id

Unique buyer ID generated and stored by seller’s system. Required for future payments

Important

Dotpay does NOT return this information anywhere (i.e. URLC or API).

type: string

min length: 4

max length 1024

Example:

credit_card_customer_id = f9c6a4-25473

credit_card_registration

Optional parameter.

Creates operation credit_card_registration instead of payment, what allows to register credit card without paying.

Instead of charge temporary funds blockade will be issued, which is lifted when registration process is completed.

Tip

For operation credit_card_registration it’s required to use an amount of value 1.00 ( amount = 1.00).

Available values:

true – registration without payment

Example:

credit_card_registration = true

In order to make payment with registered card additional parameters described below need to be sent:

3.2.2. Table 5. (Parameters for consecutive payments with previously registered card)¶

PARAMETER MEANING / DESCRIPTION

credit_card_customer_id Unique buyer ID generated by seller’s system described in table above.

credit_card_id

Buyer’s registered card ID

This information might be sent in URLC notification (special account configuration required, described in RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION) section). It also might be received via API from operation details.

Common parameters for both first and consecutive payments have been described in table below, all of them are optional. Standard account configuration doesn’t allow them to be used (default settings are applied, configurable by Dotpay), special agreement might be required in order to send them.

3.2.3. Table 6. (Common parameters for both first and consecutive payments)¶

PARAMETER	MEANING / DESCRIPTION
`credit_card_operation_type`	Optional parameter. Operation type. Available values: e_commerce – first and consecutive payment in one-click model (default value), recurring_init – first transaction allowing later use of recurring payments, recurring – recurring payment (customer doesn’t have to be present in order to charge the registered card), Account ( `id` ) might be configured by Dotpay so recurring payments are default setting. In this case appropriate types recurring_init and recurring are going to be set automatically. Parameter is required when one account ( `id` ) handles both e-commerce and recurring payments. Tip Card registered using e_commerce cannot be used for recurring operation. Cards registered using recurring_init can be used for both recurring and e_commerce .
`credit_card_security_code_required`	Optional parameter. Allows to control whether CVV/CVV2 security code is required during payment. Applies only to consecutive e_commerce (one click). Available values: yes – required (default value), no – not required, option – field for security code will show up on payment form, but it won’t be mandatory.
`credit_card_threeds`	Optional parameter. Allows to control whether 3-D Secure authentication code is required during payment. Applies only to e_commerce model for enrolled cards. Available values: yes – required (default value, recommended for transaction security), no – not required, Tip Operation type recurring_init requires and recurring doesn’t require 3-D Secure authentication code, ignoring account settings or sent parameters.
`credit_card_avs`	Optional parameter. Allows to control whether customer will be required to enter additional personal data on payment form (address and phone number). Available values: yes – required, no – not required (default value).

3.2.4. Exemplary integration models and their corresponding requirements)¶

3.2.4.1. Integration model: 1 click¶

Table 7: Requirements for integration type 1 Click¶
Card registration	Consecutive payment
Required parameters: - `credit_card_customer_id` - `credit_card_store` = 1 Payment process: - CVV - required - 3DS – required*	Required parameters: - `credit_card_customer_id` - `credit_card_id` Payment process: - CVV - optional - 3DS - required*

* - recommended for transaction security

3.2.4.2. Integration model: recurring¶

Table 8: Requirements for integration type recurring¶
Card registration	Consecutive payment
Required parameters: - `credit_card_customer_id` - `credit_card_store` = 1 Payment process: - CVV - required - 3DS - required	Required parameters: - `credit_card_customer_id` - `credit_card_id` Payment process: - CVV - not applicable - 3DS - not applicable

* - recommended for transaction security

3.2.4.3. Mixed integration model: 1 click + recurring¶

Table 9: Requirements for integration type 1 click + recurring . Default account setting: e-commerce¶
Integration model	Card registration	Consecutive payment
1 click	Required parameters: - `credit_card_customer_id` - `credit_card_store` = 1 Payment process: - CVV - required - 3DS - required*	Required parameters: - `credit_card_customer_id` - `credit_card_id` Payment process: - CVV - optional - 3DS - required*
recurring	Required parameters: - `credit_card_customer_id` - `credit_card_store` = 1 - `credit_card_operation_type` = recurring_init Payment process: - CVV - required - 3DS - required	Required parameters: - `credit_card_customer_id` - `credit_card_id` - `credit_card_operation_type` = recurring Payment process: - CVV - not applicable - 3DS - not applicable

* - recommended for transaction security

Table 10: Requirements for integration type 1 click + recurring Default account setting: recurring¶
Integration model	Card registration	Consecutive payment
1 click	Required parameters: - `credit_card_customer_id` - `credit_card_store` = 1 - `credit_card_operation_type` = e_commerce Payment process: - CVV - required - 3DS - required*	Required parameters: - `credit_card_customer_id` - `credit_card_id` - `credit_card_operation_type` = e_commerce Payment process: - CVV - optional - 3DS - required*
recurring	Required parameters: - `credit_card_customer_id` - `credit_card_store` = 1 Payment process: - CVV - required - 3DS - required	Required parameters: - `credit_card_customer_id` - `credit_card_id` Payment process: - CVV - not applicable - 3DS - not applicable

* - recommended for transaction security

Below are exemplary redirection forms for one-click payment realization.

Exemplary payment request with card registration:

<div>

  <form action="https://ssl.dotpay.pl/t2/" method="post" id="dotpay_redirection_form">
    <input name="api_version" value="dev" type="hidden" />
    <input name="id" value="123456" type="hidden" />
    <input name="amount" value="320.00" type="hidden" />
    <input name="currency" value="PLN" type="hidden" />
    <input name="description" value="Płatność za 12345/2014" type="hidden" />
    <input name="control" value="202cb962ac590" type="hidden" />
    <input name="channel" value="248" type="hidden" />
    <input name="ch_lock" value="1" type="hidden" />
    <input name="firstname" value="John" type="hidden" />
    <input name="lastname" value="Smith" type="hidden" />
    <input name="email" value="john.smith@example.com" type="hidden" />
    <input name="type" value="0" type="hidden" />
    <input name="url" value="https://www.example.com/thanks_page.php" type="hidden" />
    <input name="urlc" value="https://www.example.com/urlc_receiver.php" type="hidden" />
    <input name="credit_card_store" value="1" type="hidden" />
    <input name="credit_card_customer_id" value="f9c6a4-25473" type="hidden" />
    <input name="chk" value="11ac1938ac47ddd53815b4aeb6230ab9fe4554d82ee11e39c41b9055f38f5c08" type="hidden" />
  </form>
  <p>
    <button type="submit" form="dotpay_redirection_form" value="Submit">
      Potwierdź zamówienie i zapłać</button>
  </p>

</div>

Exemplary payment request using registered card data (one-click):

<div>
  <form action="https://ssl.dotpay.pl/t2/" method="post" id="dotpay_redirection_form">

    <input name="api_version" value="dev" type="hidden" />
    <input name="id" value="123456" type="hidden" />
    <input name="amount" value="410.00" type="hidden" />
    <input name="currency" value="PLN" type="hidden" />
    <input name="description" value="Płatność za 12346/2014" type="hidden" />
    <input name="control" value="31ee79b30dc39a9cbaa" type="hidden" />
    <input name="channel" value="248" type="hidden" />
    <input name="ch_lock" value="1" type="hidden" />
    <input name="firstname" value="John" type="hidden" />
    <input name="lastname" value="Smith" type="hidden" />
    <input name="email" value="john.smith@example.com" type="hidden" />
    <input name="type" value="4" type="hidden" />
    <input name="url" value="https://www.example.com/thanks_page.php" type="hidden" />
    <input name="urlc" value="https://www.example.com/urlc_receiver.php" type="hidden" />
    <input name="credit_card_customer_id" value="f9c6a4-25473" type="hidden" />
    <input name="credit_card_id" value="59f92e2bf8bedc36bec2219862448dd54d...1829a239eb7432d0easuxp2w158eb13d6333ce71369184eb7ab02ae" type="hidden" />
    <input name="chk" value="ed0ef4e488ec2de3135b0a1ca226c31867f78bbcd8fe06506ae666210a78d68c" type="hidden" />

  </form>

  <p>
    <button type="submit" form="dotpay_redirection_form" value="Submit">Potwierdź zamówienie i zapłać (płatność one-click)</button>
  </p>
</div>

Note

For recurring payments it is recommended to use direct communication with Dotpay using REST API ( register order ).

Table below describes parameters which allow payment card data to be sent to Dotpay system if it is entered by client on seller’s website (for example on order summary page) instead of Dotpay.

Note

Processing payment card data by seller’s system requires – according to Payment Card Industry Data Security Standard (PCI DSS) – additional conditions to be met.

In order to receive more information about necessary formalities please contact Sales Department (handlowy@dotpay.pl).

Caution

Sending payment card data with parameters described below is only possible via POST method.

3.2.5. Table 11. (Parameters for credit card data)¶

PARAMETER	MEANING / DESCRIPTION
`credit_card_number`	Client’s payment card number. type: credit_card_number max length: 26 regular expression: ^[\d\s]{12,26}$ Example: `credit_card_number` = 5500005555555559
`credit_card_expiration_date_year`	Year of client’s payment card expiration date. length: 4 regular expression: ^(20)((19)\|([2-9][0-9]))$ Example: `credit_card_expiration_date_year` = 2019
`credit_card_expiration_date_month`	Month of client’s payment card expiration date. length: 2 regular expression: ^(0[1-9])\|(1[0-2])$ Example: `credit_card_expiration_date_month` = 02
`credit_card_security_code`	Client’s payment card security code (CVV2/CVC2). type: number max length: 4 regular expression: ^\d{3,4}$ Example: `credit_card_security_code` = 559

Deleting registered card might be realized with methods below:

Client might use link given in payment confirmation emails.
Deregistration request might be sent to Dotpay from seller’s system via API.

Request should be sent using DELETE method to the https://ssl.dotpay.pl/t2/payment_api/v1/cards/{credit_card_id}/ address where {credit_card_id} is card ID which should be removed.

Below is exemplary request (in PHP) and response of card deregistration. Authorization data (user, password) is adequate to seller GUI login credentials.

Request:

<?php

$ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, "https://ssl.dotpay.pl/t2/payment_api/v1/cards/59f92e2bf8bedc36bec221...718c58eb13d6333ce71369184eb7ab02ae/");
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  curl_setopt($ch, CURLOPT_CAINFO, "ca-bundle.crt"); //http://curl.haxx.se/docs/caextract.html
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_TIMEOUT, 100);
  curl_setopt($ch, CURLOPT_USERPWD, 'user:password');
  curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "DELETE");

  $response = curl_exec($ch); // API response
  $curl_info = curl_getinfo($ch); //curl info
  curl_close($ch);

  echo '<pre>';
  echo 'HTTP status code: '.$curl_info[http_code];
  echo PHP_EOL.'-------------------------'.PHP_EOL.PHP_EOL;
    print_r(json_decode($response));
    echo '</pre>';

Sample request to unregister the card:

DELETE /cards/(string: credit_card_id)/¶

Response:

HTTP/1.1 204 No Content

HTTP status code meaning:

CODE	MEANING / DESCRIPTION
204 No Content	Deleted
404 Not Found	Credit Card not found
400 Bad Request	Request processing error

3.3. Split payment (Multimerchant)¶

Note

Functionality is only available for shops ( id ) which were adequately configured by Dotpay, what is dependent on signed agreement.

Functionality allows to split one payment into multiple amounts to be accounted on given shops ( id ). Request has to contain additional parameters (required id(n) , amount(n) , and optional currency(n) , description(n) , control(n) , where (n) is a greater than 0 integer defining consecutive ID, amounts etc.) alongside standard parameters described in ADVANCED VERSION section.

Caution

It is not possible to make a Multimerchant payment with different currencies at once, value of each currency(n) parameter has to be the same as currency .

When using this functionality parameter id defines shop (called multimerchant parent) where operation payment_multimerchant_parent will be created, only as an information about full payment amount (sent in amount parameter). Meanwhile on shops id(n) (called multimerchant child) amounts amount1 - amount(n) will be accounted as payment_multimerchant_child operation.

Information sent is URLC notifications is adequate to given payment_multimerchant_parent or payment_multimerchant_child created on each shop ( id ).

Caution

In order for URLC notifications to be sent on multimerchant child accounts, an address has to be entered in each id(n) configuration (Settings –> Notifications –> Urlc configuration –> Edit) as there is no option to define parameter like urlc(n) .

Caution

It is only possible to refund payment_multimerchant_child operation accounted on given id(n) . It is NOT possible to refund whole payment using payment_multimerchant_parent .

Below is an exemplary split payment form.

<div>

  <form action="https://ssl.dotpay.pl/t2/" id="dotpay_redirection_form" method="POST" enctype="application/x-www-form-urlencoded">

    <input type="hidden" name="id" value="123456">
    <input type="hidden" name="amount" value="320.00">
    <input type="hidden" name="currency" value="PLN">
    <input type="hidden" name="description" value="Płatność za zamówienie 01/2017 parent">
    <input type="hidden" name="control" value="control_parent">

    <input type="hidden" name="id1" value="456123">
    <input type="hidden" name="amount1" value="120.00">
    <input type="hidden" name="currency1" value="PLN">
    <input type="hidden" name="description1" value="Płatność za zamówienie 01/2017 child1">
    <input type="hidden" name="control1" value="control_child1">

    <input type="hidden" name="id2" value="561423">
    <input type="hidden" name="amount2" value="90.00">
    <input type="hidden" name="currency2" value="PLN">
    <input type="hidden" name="description2" value="Płatność za zamówienie 01/2017 child2">
    <input type="hidden" name="control2" value="control_child2">

    <input type="hidden" name="id3" value="642513">
    <input type="hidden" name="amount3" value="110.00">
    <input type="hidden" name="currency3" value="PLN">
    <input type="hidden" name="description3" value="Płatność za zamówienie 01/2017 child3">
    <input type="hidden" name="control3" value="control_child3">
  </form>

  <p>
    <button type="submit" form="dotpay_redirection_form" value="Submit">
      Potwierdź zamówienie i zapłać
    </button>
  </p>

</div>

Important

Sum of amounts sent in parameters amount1, amount2, …, amount(n) has to be equal to the total amount of payment, defined in parameter amount .

3.4. Masscollect¶

Note

Functionality is only available for shops ( id ) which were adequately configured by Dotpay, what is dependent on signed agreement.

Functionality allows to send recipient bank account number in transaction request, which Is going to be used in payout, that is default account number defined is account ( id ) configuration will be overwritten.

Depending on account configuration, payouts created by automatic payouts mechanism will either be aggregated by bank account numbers or in 1:1 for where every payment creates separate payout. Payouts of any amount are always aggregated.

Caution

Using described functionality requires request sent to Dotpay to be signed as well as signature verification to be required on given shop ( id ). Description of signature creation can be found in Redirection parameters integrity protection (CHK) section.

In order to make Masscollect payments, additional parameters described in the table below should be sent in the order. Only the recipient_account_number parameter is required, however, it is also recommended to provide the recipient’s name using the parameter recipient_company or recipient_first_name and recipient_last_name .

3.4.1. Table 12. (Additional parameters used in the Masscollect service)¶

PARAMETER	MEANING / DESCRIPTION
`recipient_account_number`	Recipient account number in BBAN format. type: string max length: 26 Example: `recipient_account_number` = 32249000896640389235035459
`recipient_company`	Recipient company name type: string max length: 50 Example: `recipient_company` = My Company Inc.
`recipient_first_name`	Recipient first name type: string max length: 30 Example: `recipient_first_name` = John
`recipient_last_name`	Recipient last name type: string max length: 30 Example: `recipient_last_name` = Smith
`recipient_address_street`	Street – recipient address type: string max length: 40 Example: `recipient_address_street` = Wielicka
`recipient_address_building`	Building number – recipient address type: string max length: 10 Example: `recipient_address_building` = 72
`recipient_address_apartment`	Flat number – recipient address type: string max length: 10 Example: `recipient_address_apartment` = 1
`recipient_address_postcode`	Postcode – recipient address type: string max length: 6 Example: `recipient_address_postcode` = 30-552
`recipient_address_city`	City – recipient address type: string max length: 50 Example: `recipient_address_city` = Cracow

Below is an exemplary Masscollect payment form.

<div>

  <form action="https://ssl.dotpay.pl/t2/" id="dotpay_redirection_form" method="POST" enctype="application/x-www-form-urlencoded">

    <input type="hidden" name="id" value="123456">
    <input type="hidden" name="amount" value="123.45">
    <input type="hidden" name="description" value="Płatność za zamówienie 07/2017">
    <input type="hidden" name="recipient_account_number" value="32249000896640389235035459">
    <input type="hidden" name="recipient_company" value="Moja Firma S.A.">
    <input type="hidden" name="recipient_first_name" value="Jan">
    <input type="hidden" name="recipient_last_name" value="Kowalski">
    <input type="hidden" name="recipient_address_street" value="Wielicka">
    <input type="hidden" name="recipient_address_building" value="72">
    <input type="hidden" name="recipient_address_apartment" value="1">
    <input type="hidden" name="recipient_address_postcode" value="30-552">
    <input type="hidden" name="recipient_address_city" value="Kraków">
    <input type="hidden" name="chk" value="3135b6debcd8fe4e488ec2easux506c31867f78bed0ef0a1ca2266210a78d68c" />
  </form>

  <p>
    <button type="submit" form="dotpay_redirection_form" value="Submit">
      Potwierdź zamówienie i zapłać
    </button>
  </p>

</div>

3.5. Shipping and payer data¶

In order for channel provider to evaluate customer’s credit score, new additional parameters have been added.

Below is the list of those parameters with their description and requirements.

Sending more data than just required minimum might have big impact on credit score. If it is possible, it’s recommended to send complete data.

In order to process a given payment method, a new customer parameter has been added for integration with Dotpay. This parameter should contain specific information according to the following Table 13. Some payment channels may require less data, such as PayPo or Raty Alior.

3.5.1. Table 13. (Data handled by `customer` parameter)¶

FIELD NAME	TYPE	DESCRIPTION
`payer.first_name`	string	Payer name
`payer.last_name`	string	Payer lastname
`payer.email`	string	Payer email address
`payer.phone`	string	Payer phone number
`payer.address`	-	Payer address
`payer.address.city`	string	Payer address: city
`payer.address.street`	string	Payer address: street
`payer.address.building_number`	string	Payer address: building number
`payer.address.flat_number`	string	Payer address: flat number
`payer.address.postcode`	string	Payer address: post code
`payer.address.country`	string	Payer address: (ISO 3166-1 alpha2) or (ISO 3166-1 alpha3) country code
`is_logged_in`	boolean	Whether payer has register an account before placing an order
`registered_since`	string	Payer’s registration date on the seller’s website, format YYYY-MM-DD or YYYY-MM-DD hh:mm:ss Optional, if it’s sent, `order_count` is also required
`registered_since_indicator`	string (indicator)	Payer’s registration date on the seller’s website, indicator for the `registered_since` field Optional, if it’s sent, `order_count` is also required
`account_update`	string	Date of last change of paying account on the seller’s website, format YYYY-MM-DD
`account_update_indicator`	string (indicator)	Date of last change of paying account on the seller’s website, indicator for the field `account_update`
`password_change`	string	Date of last password change for the paying account on the seller’s website, format YYYY-MM-DD
`password_change_indicator`	string (indicator)	Date of last change of password for the paying account on the seller’s website, indicator for the field `password_change`
`shipping_address_since`	string	Date from when the payer’s delivery address is used, format YYYY-MM-DD
`shipping_address_since_indicator`	string (indicator)	Date from which the payer’s delivery address is used, the indicator for the field `shipping_address_since`
`order_count`	int	How many orders the payer has made made since registration Optional, if it’s sent, `registered_since` is also required
`order_count_day`	int	The number of orders placed by the paying seller on the same day
`order_count_year`	int	Number of orders placed by the paying seller in the same year
`fraud_activity`	boolean	Has the store ever seen suspicious activity on this buyer’s account
`order_history`	-	Current payer order history
`order_history.date`	string	n-order place date in YYYY-MM-DD format
`order_history.amount`	decimal (10,2)	Gross price of n-product
`order`	-	Order
`order.total_amount`	string	The value of the entire order
`order.id`	string	Order ID in the seller’s system. Corresponds to the ID number of the entire order in the store database
`order.items`	-	The contents of the shopping cart. We recommend that you do not exceed the number 100 articles in the list
`order.items.id`	string	ID of given shop product
`order.items.name`	string	The name of a single product in the seller’s system. Corresponds to the name of the product in the store database. min length: 1 max length: 150 regular expression: [\w\s\-_. ,'?@\\\/ąćęłńóśźżĄĆĘŁÓŃŚŹŻ]+$
`order.items.quantity`	int	Number of items in the customer’s order (n * Goods = total number of items) min length: 1 max length: 1000
`order.items.unit_type`	string	Item measurement unit, eg. quantity, kg, liters, meters and so on.
`order.items.gross_price`	decimal(10,2)	Gross price of n-product. Corresponds to the price of the product in the store database.
`order.items.type`	string	Order type (eg. product, payment, delivery, discount)
`order.items.is_virtual`	boolean	Product is virtual (doesn’t require a delivery)
`order.items.category`	string	The category of a single product in the seller’s system. the category should match one of the elements listed in the dictionary. List of available categories: Dictionary of available sales categories
`order.delivery_type`	string	Delivery method Available values: COURIER - courier POCZTA_POLSKA - Poczta Polska PICKUP_POINT - pickup point like UPS Access point, DHL Parcel Shop PACZKOMAT - parcel locker PACZKA_W_RUCHU - paczka w ruchu PICKUP_SHOP -pickup in shop (click&collect)
`order.delivery_address`	-	Delivery address If the package is delivered to a point / parcel locker / etc, such address and name should be given, not the details of the actual recipient.
`order.delivery_address.city`	string	Delivery address: city
`order.delivery_address.street`	string	Delivery address: street
`order.delivery_address.building_number`	string	Delivery address: building number
`order.delivery_address.flat_number`	string	Delivery address: flat number
`order.delivery_address.postcode`	string	Delivery address: post code
`order.delivery_address.country`	string	Delivery address: (ISO 3166-1 alpha2) or (ISO 3166-1 alpha3) country code
`order.delivery_address.name`	string	Name of recipient / collection point. Examples: `order.delivery_address.name` = D0B019A `order.delivery_address.name` = PPP:6252652
`order.delivery_address.phone`	string	Recipient’s phone number
`order.delivery_address.is_verified`	bool	Delivery address: Whether the delivery address is verified

Note

If the store does not want to provide the correct date, it is possible to use an indicator field of replacement type for selected parameters.

3.5.2. Values used for indicator field replacement for selected fields:¶

VALUE	DESCRIPTION
01	The payer’s account does not exist on the seller’s website
02	Date of the transaction just ordered
03	Date not older than 30 days ago
04	Date in the range 30 - 60 days ago
05	Date older than 60 days ago

Exemplary use of parameters described above:

Example in json format¶

{
    "payer": {
        "first_name": "Jan",
        "last_name": "Kowal",
        "email": "jankowal@example.com",
        "phone": "123456789",
        "address": {
            "city": "Warszawa",
            "street": "Krucza",
            "building_number": "1a",
            "flat_number": "4",
            "postcode": "00-950",
            "country": "POL"
        }
    },
    "is_logged_in": true,
    "registered_since": "2017-02-11",
    "order_count": 2,
    "order_history": [
        {
            "date": "2017-02-11",
            "amount": "456.21",
            "delivery_type": "COURIER"
        },
        {
            "date": "2018-05-21",
            "amount": "879.67",
            "delivery_type": "POCZTA_POLSKA"
        }
    ],
    "order": {
        "id": "MHH67HF8DS",
        "items": [
            {
                "id": "3245623",
                "name": "Super Phone 1",
                "quantity": 1,
                "unit_type": "szt.",
                "gross_price": "856.52",
                "type": "towar",
                "is_virtual": false
            },
            {
                "id": "3245625",
                "name": "Dostawa",
                "quantity": 1,
                "unit_type": "szt.",
                "gross_price": "15.00",
                "type": "dostawa",
                "is_virtual": false
            }
        ],
        "delivery_type": "POCZTA_POLSKA",
        "delivery_address": {
            "city": "Kraków",
            "street": "Wielicka",
            "building_number": "28b",
            "flat_number": "5",
            "postcode": "30-552",
            "country": "POL"
        }
    }
}

3.5.3. Dictionary of article categories for the parameter `order.items.category`¶

VALUE	DESCRIPTION
ART_ANTIQUES	Works of art, antiques
BOOKS_EDUCATIONAL	Books, educational materials
BUILDING_MATERIALS	Building Materials
CARS_MOTORBIKES_SCOOTERS	Cars, motorbikes, mopeds, scooters
CLOTHING_SHOES	Clothing, shoes
COMP_COMPONENTS	Computer components and accessories including monitors, printers and scanners
COMPUTERS	Computers
CONSOLES_GAMES	Consoles and games
DEVOTIONAL	Devotional articles
DOORS_WINDOWS	Windows and doors
ECO_SYSTEMS	Ecological systems
FOR_CHILDREN	Baby carriages, car seats and others
FUEL_COAL	Fuel and coal
FURNITURE	Furniture
GARDENING	Seeds, fertilizers, plants
GIFT_VOUCHERS	Gift vouchers, packages (other than medical)
HEATING	Central heating boilers, JUNKERS
HOME_FURNISHINGS	Home furnishings
HOME_TEXTILES	Home textiles, bedding and blankets
HOUSEHOLD_GOODS_BIG	Household appliances large
HOUSEHOLD_GOODS_SMALL	Household appliances small
INSURANCE	Insurance services
JEWELRY_WATCHES	Jewelry, watches
LAPTOPS_TABLETS	Laptops and tablets
MUSICAL_INSTRUMENTS	Musical instruments
OTHER_MOTORIZATION	Other motorization
PHONES_GPS	Telephones and GPS
PHOTO_CAMERA	Photo and Camera
RTV	RTV
SERVICES	Services
SOFTWARE	Software and other computer components
SPORTS_REHABILITATION	Sporting / rehabilitation / tourist articles
TOOLS_DEVICES	Tools and devices
VEHICLE_ACCESSORIES_EQUIPMENT	Vehicle accessories and equipment

3.5.4. Data required in `customer` parameter for PayPo channel¶

To make a payment with PayPo channel, specific data is required, which has been described in Table 13 :

Minimum data required for PayPo in json:¶

     {
       "payer": {
         "first_name": "Jan",
         "last_name": "Kowal",
         "email": "jankowal@example.com"
       },
       "order": {
         "delivery_address": {
           "city": "Kraków",
           "street": "Wielicka",
           "building_number": "28B",
           "postcode": "30-552"
         }
       }
     }

Complete data for PayPo in json:¶

     {
       "payer": {
         "first_name": "Jan",
         "last_name": "Kowal",
         "email": "jankowal@example.com",
         "phone": "+48126882600"
       },
       "registered_since": "2017-02-11",
       "order_count": 2,
       "order": {
         "id": "MHH67HF8DS",
         "delivery_type": "POCZTA_POLSKA",
         "delivery_address": {
           "city": "Kraków",
           "street": "Wielicka",
           "building_number": "28b",
           "flat_number": "5",
           "postcode": "30-552",
           "country": "POL"
         }
       }
     }

Optional parameters for PayPo have been colored, their absence might negatively impact payer’s credit score.

In order for this information to be passed to Dotpay in customer parameter, it has to be formatted correctly. First it needs to be encoded in JSON format and then encoded using Base64.

Example for generating customer parameter value (minimum) for PayPo channel in PHP:¶

     <?php

             $customer = array (

                 "registered_since" => "2017-12-31",
                 "order_count" => 12,


                 "payer" => array(
                         "first_name" => "Jan",
                         "last_name" => "Kowal",
                         "email" => "jan@example.com"
                          ),
                 "order" => array(
                         "delivery_type" => "COURIER",
                         "delivery_address" => array(

                                          "city" => "Krakow",
                                          "street" => "Wielicka",
                                          "building_number" => "11",
                                          "flat_number" => "7",
                                          "postcode" => "30-553",
                                          "country" => "POL"
                                                                     )
                            )

                 );



             $customer_base64 = base64_encode(json_encode($customer));

     ?>

3.5.5. Data required in `customer` parameter for Raty Alior channel¶

To make a payment with Raty Alior channel, specific data is required, which has been described in Table 13 :

Minimum data required for Raty Alior in json:¶

             {
                     "payer":{
                             "first_name":"Jan",
                             "last_name":"Kowal",
                             "email":"jankowal@example.com"
                     },
                     "order":{
                             "items":[
                                     {
                                             "name":"Super Phone 1",
                                             "quantity":1,
                                             "gross_price":"1200.00",
                                             "category":"PHONES_GPS"
                                     },
                                     {
                                             "name":"Pendrive 64GB",
                                             "quantity":4,
                                             "gross_price":"50.00",
                                             "category":"COMP_COMPONENTS"
                                     }
                             ]
                     }
             }

The value of the order.items.category parameter should be filled in according to the category dictionary.

The number of products in the order.items parameter is limited and should not be more than 500 items.

In order for this information to be passed to Dotpay in customer parameter, it has to be formatted correctly. First it needs to be encoded in JSON format and then encoded using Base64.

Example for generating customer parameter value (minimum) for Raty Alior channel in PHP:¶

     <?php

    $customer = array(
                 "payer" => array(
                     "first_name" => "Jan",
                     "last_name" => "Kowal",
                     "email" => "jankowal@example.com",
                 ),

                 "order" => array(
                        "items" => [
                                             array(
                                                     "name" => "Super Phone 1",
                                                     "quantity" => 1,
                                                     "gross_price" => "1200.00",
                                                     "category" => "PHONES_GPS"
                                             ),

                                             array(
                                                     "name" => "Pendrive 64GB",
                                                     "quantity" => 4,
                                                     "gross_price" => "50.00",
                                                     "category" => "COMP_COMPONENTS"
                                             )

                                     ],
                 )


             );


             $customer_base64 = base64_encode(json_encode($customer));

     ?>

3.5.6. Data required in `customer` parameter for PayPal channel (only with PayPal SPP)¶

The technical requirements necessary to obtain the “Extended Seller Protection Policy (SPP)” from PayPal to buy online - shop or reception point.

If you use the seller protection program on your PayPal account and you have an appropriate agreement in this regard with PayPal, in integration with Dotpay it is necessary to send additional information.

To make a payment with PayPal in SPP channel, specific data is required, which has been described in Table 13 :

An example of using the minimum required data for a PayPal channel in SPP (json format):¶

             {
                "payer":{
                   "first_name":"Jan",
                   "last_name":"Kowal",
                   "email":"jankowal@example.com"
                },
                "order":{
                   "delivery_address":{
                                     "name":"PPP:6252652",
                                     "city":"Kraków",
                                     "street":"Wielicka",
                                     "building_number":"28B",
                                     "postcode":"30-552",
                                     "phone":"+48126880000",
                                     "country":"PL"
                   }
                }
             }

In order for this information to be passed to Dotpay in customer parameter, it has to be formatted correctly. First it needs to be encoded in JSON format and then encoded using Base64.

Example for generating customer parameter value (minimum) for PayPal (SPP) channel in PHP:¶

     <?php

     $customer = array(
             "payer" => array(
                     "first_name" => "Jan",
                     "last_name" => "Kowal",
                     "email" => "jan@example.com"
             ) ,
             "order" => array(
                     "delivery_address" => array(

                             "name" => "PPP:6252652",
                             "city" => "Krakow",
                             "street" => "Wielicka",
                             "building_number" => "28B",
                             "postcode" => "30-552",
                             "phone" => "+48126880000",
                             "country" => "PL"
                     )
             )

     );

     $customer_base64 = base64_encode(json_encode($customer));

     ?>

Note

In order for the sent data to be correctly interpreted and sent from Dotpay to PayPal, such fact must be reported to Dotpay (tech@dotpay.pl) in advance for the correct configuration of the account.

3.6. Faulty redirections from the merchant’s system¶

On Dotpay’s side a shop ( id ) may be configured in such a way that in case of a faulty redirection to Dotpay (caused by e.g. a faulty parameters passed by the merchant’s system) an automated redirection will be made to the address from the url parameter (sent by merchant’s system) along with a faulty code.

When an error occurs a redirection to the address from url parameter will be made error_code parameter with a proper value will be added.

Note

In order to activate functionality enable Handling error codes in URL option available in seller administration panel in Settings –> Shop configuration –> Edit tab.

For example, while redirecting from a merchant’s system to unknown payment channel number in Dotpay, for passed in the redirection parameter url : url = https://example.com/

redirection will be to: https://example.com/?error_code=UNKNOWN_CHANNEL

error_code values are listed below:

PAYMENT_EXPIRED - payment link expired or datetime defined in expiration_date parameter has been exceeded

UNKNOWN_CHANNEL – invalid value of parameter channel

DISABLED_CHANNEL – payment channel is unavailable

UNKNOWN_CURRENCY – currency code is invalid

BLOCKED_ACCOUNT – account ( id ) is blocked

INACTIVE_SELLER – account ( id ) is inactive

AMOUNT_TOO_LOW - amount is lower than minimum defined for shop

AMOUNT_TOO_HIGH - amount is higher than maximum defined for shop

BAD_DATA_FORMAT - invalid request data, e.g. invalid expiration_date format

URLC_INVALID - account ( id ) settings require the URLC to contain SSL (the address starts with: ‘https: // ‘)

REQUIRED_PARAMETERS_NOT_PRESENT – one of the required parameters is missing

MULTIMERCHANT_INVALID_ACCOUNT_CONFIGURATION – one of the accounts is not properly configured for Multimerchant payments

MULTIMERCHANT_INSUFFICIENT_AMOUNT – sum of amount(n) parameters is not equal to amount value

MULTIMERCHANT_WRONG_CURRENCY – values of parameters currency and currency(n) are not equal

CREDIT_CARD_NOT_ACCEPTED – credit card data has been sent, but account ( id ) configuration doesn’t allow processing it

CREDIT_CARD_OPERATION_TYPE_NOT_ACCEPTED_CODE – parameter sent credit_card_operation_type , but account serrings ( id ) does not allow its processing

CREDIT_CARD_SECURITY_CODE_REQUIRED_NOT_ACCEPTED_CODE – parameter sent credit_card_security_code_required , but account serrings ( id ) does not allow its processing

CREDIT_CARD_3DS_NOT_ACCEPTED_CODE – parameter sent credit_card_threeds , but account serrings ( id ) does not allow its processing

CREDIT_CARD_AVS_NOT_ACCEPTED_CODE – parameter sent credit_card_avs , but account serrings ( id ) does not allow its processing

UNKNOWN_ERROR - returned value in other case than the above mentioned

4. TEST ENVIRONMENT¶

It is possible to create a test environment (independently on production environment) which allows to make a simulation payment (transaction) in order to test the shop integration with Dotpay payment system.

Note

In order to receive Dotpay test environment access fill in registration form available at

The address of a test environment has been placed below. Any action which should be taken in order to integrate with Dotpay payment system is analogical to the above described.

https://ssl.dotpay.pl/test_payment/ - address of the payment form

https://ssl.dotpay.pl/test_seller/ - address of the administration panel

https://ssl.dotpay.pl/test_payment/payment_api/channels/ - payment API address (channel list)

Simulating card payment (channel 248) requires valid card data.

Table below contains few exemplary cards which might be used for that purpose. Expiration date is anything from current date to December 2030.

4.1. Table 14. (List of sample card numbers that can be used in the process of testing card payments)¶

TYPE	NUMBER	CVV2 / CVC2	3DS
Visa*	4916 9715 6289 1025	025	No
Visa*	4929 5320 2788 7670	670	Yes
MasterCard*	5498 5400 7907 4343	343	No
MasterCard*	5344 6642 8071 1026	026	Yes
Visa	4111 1111 1111 1111	111	No
Visa	4444 4444 4444 4448	448	Yes
MasterCard	5500 0055 5555 5559	559	No

* for One-click or recurring payment testing

5. ADDITIONAL INFORMATION¶

5.1. Verification of the IP address¶

Dotpay IP address:

195.150.9.37

Using the above-mentioned IP service Dotpay sends all confirmation to the merchant’s system. For proper communication, the merchant should accept connections from this address.

Caution

Merchant’s system should always verify IP address from which a confirmation has been sent for security reasons.

Because of PCI DSS requirement the only SSL version used by Dotpay server is TLSv1.2 and TLSv1.3, with other protocol versions encrypted connection with host ssl.dotpay.pl will not be possible.

5.2. Security of payment integration¶

In order to provide the highest security standards for your transactions we recommend using all available security mechanisms.

Note

Transaction security should be handled in two places:

Redirecting customer from shop to Dotpay

Receiving payment confirmation from Dotpay

5.2.1. Redirecting customer from shop to Dotpay¶

Redirecting customer to Dotpay involves sending parameters defining payment details. To prevent unauthorized data manipulation in this step we recommend using data integrity protection. Parameters can be signed, this signature is passed as an additional chk parameter along other standard parameters.

A description of this functionality can be found in the chapter Redirection parameters integrity protection (CHK).

If your service is ready to send chk parameter for all of the transactions please contact Dotpay to enforce its verification.

Caution

Keep in mind minimal amount of payment parameters sent to Dotpay is: id , amount , currency , description .

Please verify whether your integration send those parameters correctly, according to format defined in this payment implementation manual.

5.2.2. Receiving confirmation of the posted payment in Dotpay¶

In order to send operation (transaction) confirmation to shop URLC (HTTP request, callback), mechanism is used, which using POST method passes all parameters.

If you are using this automatic notifications URLC, please make sure for every order received data is verified, especially when it comes to operation type ( operation_type ), it’s status ( operation_status ) and: - operation_original_amount - The amount taken from amount parameter which has been sent by merchant’s system.- operation_original_currency - The currency taken from currency parameter which has been sent by merchant’s system. - signature - checksum created by SHA‑256 function from concatenated notification parameters.

We also recommend to verify URLC notification origin, so in this case if IP belongs to Dotpay and is made using POST method. The IP address from which Dotpay sends notifications is listed in the chapter Verification of the IP address.

Caution

After receiving the confirmation of payment in the Dotpay service, the store should absolutely compare the value of the amount and currency paid with the expected amount registered when placing the order by the buyer in the store’s database.

The order should be processed by the store only when it checks whether the value due for the order stored in the store’s database is equal to the value posted in Dotpay assigned to the order!

6. ATTACHMENT I - PAYMENT CHANNELS¶

In the following table all channels which are available in Dotpay system are presented. Availability of payment method in a given account ( id ) depends on signed contract.

In the table the following are presented channel names, their providers and numbers, logotypes and remarks. Channel numbers are values which are accepted by channel parameter described in the above chapters.

6.1. Table 15. (Payment channels available in Dotpay system)¶

6.1.1. PAYMENT CARDS¶

NUMBER	NAME	PROVIDER	POSTING PAYMENTS	REMARKS
71	MasterPass	-	24/7	Available only for business accounts.
246	Payment cards	-	24/7	Available only for business accounts.
248	Payment cards	-	24/7	Available only for business accounts. Available for currency: PLN, EUR, USD, GBP
249	Visa SRC	-	24/7	Available only for business accounts.
260	Google Pay	Google LLC	24/7	Available only for business accounts. Required separate agreement.
262	Apple Pay	Apple Inc.	24/7	Available only for business accounts.

6.1.2. FAST TRANSFERS¶

NUMBER	NAME	PROVIDER	POSTING PAYMENTS	REMARKS
1	mTransfer	mBank S.A.	24/7
2	Płacę z Inteligo	Bank PKO BP	24/7
4	Płacę z iPKO	Bank PKO BP	24/7
6	Przelew24	Santander Bank Polska SA (previously Bank Zachodni WBK SA)	24/7
36	Pekao24Przelew	Bank Pekao S.A.	24/7
38	Płać z ING	ING Bank Śląski S.A.	24/7
44	Millennium - Płatności Internetowe	Millennium Bank S.A.	24/7
45	Pay with Alior Bank	Alior Bank S.A.	24/7
46	Płacę z Citi Handlowy	Citi Bank Handlowy S.A.	24/7
50	Pay Way Toyota Bank	Toyota Bank Polska	24/7
51	Płać z BOŚ	BOŚ Bank S.A.	24/7
66	Bank Nowy BFG S.A.	Bankowy Fundusz Gwarancyjny (dawniej Podkarpacki Bank Spółdzielczy)	24/7
70	Pocztowy24	Bank Pocztowy S.A.	24/7
73	BLIK	Polski Standard Płatności Sp. z o.o.	24/7
74	Banki Spółdzielcze	Krajowa Izba Rozliczeniowa S.A.	24/7
75	Płacę z Plus Bank	Krajowa Izba Rozliczeniowa S.A.	24/7
76	Getin Bank PBL	Krajowa Izba Rozliczeniowa S.A.	24/7
80	Noble Pay	Krajowa Izba Rozliczeniowa S.A.	24/7
81	Idea Cloud	Krajowa Izba Rozliczeniowa S.A.	24/7
83	EnveloBank	Bank Pocztowy S.A.	24/7
86	TrustPay	Trust Pay	24/7	Available only for business accounts. Available for currency: CZK, EUR
87	Credit Agricole PBL	Credit Agricole Bank Polska S.A.	24/7	Available only for business accounts.
90	BNP Paribas – płacę z Pl@net	Krajowa Izba Rozliczeniowa S.A.	24/7	Available only for business accounts.
91	Nest Bank	Krajowa Izba Rozliczeniowa S.A.	24/7	Available only for business accounts.
92	Bank Spółdzielczy w Brodnicy	Krajowa Izba Rozliczeniowa S.A.	24/7	Available only for business accounts.
93	Kasa Stefczyka	Spółdzielcza Kasa Oszczędnościowo-Kredytowa im. F. Stefczyka	24/7

6.1.3. TRANSFERS¶

NUMBER	NAME	PROVIDER	POSTING PAYMENTS
7	ING Corporate customers	ING Bank Śląski S.A.	Mon - Sat 8:00am - 8:00pm
10	Millennium Corporate customers	Millennium Bank S.A.	Mon - Fri 8:00am - 8:00pm
15	iPKO	Bank PKO BP	0:00am – 11:00pm / 7
16	Credit Agricole	Credit Agricole Bank Polska S.A.	4:00am – 11:00pm / 7
32	BNP Paribas	BNP Paribas Bank Polska SA	Mon - Fri 8:00am – 9:00pm
89	Santander	Santander Bank Polska SA (previously Bank Zachodni WBK SA)	Mon - Fri 8:00am – 9:00pm

6.1.4. CASH¶

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

11

Bank transfer / postal

-

Mon - Fri

3 Elixir sessions

82

SEPA transfer

-

Mon - Fri

3 Elixir sessions

Available only for business accounts.

Available for currency: EUR

6.1.5. PURSES AND VOUCHERS¶

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

52

SkyCash

SkyCash Poland S.A.

24/7

59

CinkciarzPAY

Conotoxia Sp. z o.o.

24/7

218

paysafecard

Paysafecard

24/7

Available for currency: PLN

WARNING: refunds are not available on this channel

6.1.6. INSTALLMENTS¶

NUMBER	NAME	PROVIDER	LOGO	POSTING PAYMENTS	REMARKS
55	Raty z Alior Bankiem	Alior Bank S.A.		24/7	Available only for business accounts, for orders between 300.00 PLN and amount defined in the agreement.
68	mRaty	mBank S.A.		24/7	Available only for business accounts, for orders between 300.00 PLN and amount defined in the agreement.

6.1.7. OTHERS¶

NUMBER

NAME

PROVIDER

LOGO

POSTING PAYMENTS

REMARKS

212

PayPal

24/7

Available for currency: PLN

Gateway model, Dotpay doesn’t send funds to the seller.

6.1.8. POSTPONED PAYMENTS¶

NUMBER NAME PROVIDER LOGO POSTING PAYMENTS REMARKS

94 Kupuj teraz, zapłać później [Buy now, pay later] Aiqlabs Sp. z o.o. 24/7 Available only for business accounts, for orders between 100.00 PLN and 2000.00 PLN or amount defined in the agreement.

92

PayPo

PayPo Sp. z o.o.

24/7

Available only for business accounts.

for orders between 40.00PLN and 1000.00PLN.

Required separate agreement.

Requires customer parameter.

6.1.9. MOBILE TRANSFERS - Direct Carrier Billing type¶

NUMBER	NAME	PROVIDER	POSTING PAYMENTS	REMARKS
231	Orange	Orange Polska S.A.	24/7	Available only for business accounts. Required separate agreement with Dotpay partner.
232	T-Mobile	T-Mobile Polska S.A.	24/7	Available only for business accounts. Required separate agreement with Dotpay partner.
233	PLAY	P4 Sp. z o.o.	24/7	Available only for business accounts. Required separate agreement with Dotpay partner.
234	Plus	Polkomtel Sp. z o.o.	24/7	Available only for business accounts. Required separate agreement with Dotpay partner.

6.2. Payment Channel List - available for download¶

Note

Listed channels and their logos are available for download at:

Channel logos: ( zip format )
Available payment methods : ( format xlsx )
Available payment methods: ( format json )

7. ATTACHMENT II - OPERATION STATUSES DESCRIPTION¶

In the following table are presented description of operation statuses which are created in system.

7.1. Table 16. (Operation statuses created in the Dotpay system)¶

STATUS MEANING / DESCRIPTION

new

(new)

A new operation. It means establishment of the operation.

processing

(waiting for deposit)

The operation is being processed, e.g. for payment type it means that a payer came back to Dotpay from a payment channel provider or a provider has informed Dotpay about this fact.

payment and payment_multimerchant_child operations don’t have the accounting in the processing state. Complaint operation in this state means that a complaint procedure has been started.

completed

(completed)

For payment, payment_multimerchant_child types it means that Dotpay has already had (or is sure to have) funds from the payment made by a customer.

For release_rollback type it means that locked funds from rollback were released to the shop’s account ( id ).

For payout, refund and complaint types it means that funds have been transferred to a merchant, to a payer or a payment channel provider. This is the final status which means the operation will not change its status.

For this operation additional accounting may be written but only those that are as a result of e.g. correction or correction incorrectly calculated.

rejected

(rejected)

For payment, payment_multimerchant_child types it means that Dotpay has NOT received funds from a payer and is sure that won’t receive those funds. This means that e.g. a payer has cancelled a payment or doesn’t have enough funds at a payment channel provider (e.g. bank) to execute the payment.

For payout, refund and complaint types it means that the operation was cancelled - funds were refunded to a shop’s account ( id ). This is the final status which means the operation will not change its status.

For this operation additional accounting may be written but only those that are as a result of e.g. correction or correction incorrectly calculated.

processing_realization_waiting

(waiting for realization)

Operation in this state expects execution, e.g. for payout operation it means a withdrawal request (manually by a merchant or by auto withdrawal mechanism).

Operation in this state expects execution in “n” business days where “n” is specified in the agreement signed by a merchant.

processing_realization

(realisation)

This status means start of withdrawal execution procedure, for payout type operation it means payout transfer to the merchant’s account, for refund type operation funds transfer to a payer’s account.

If possible (e.g. card payment channels), instead of funds transfer, a refund is executed on a given channel.

8. CHANGELOG¶

VERSION	DATE	CHANGES DESCRIPTION
1.78.22.1	2021-04-26	adding an additional optional parameter to Receiving confirmation of the posted payment in Dotpay updating the list of available payment channels
1.77.10.1	2021-02-22	changed channels logo: 71 ‘MasterPass’, 246, ‘Payment cards’, 248 (Payment cards) removed channel 35 ‘Kantor Polski’
1.75.7.1	2020-11-30	logo change for the channel: 1 (mTransfer) adding new values for `lang` = lt (Lithuanian) and `lang` = lv (Latvian) removed channel 60 (Płacę z T-Mobile Usługi Bankowe’)
1.74.2.1	2020-11-16	adding an additional optional parameter to URLC notification: `operation_seller_code` add new channel group in `channel_groups`
1.73.13.1	2020-10-16	logo change for the channel: 50 (Pay Way Toyota Bank)
1.72.3.1	2020-09-15	removed channel 21 ‘VIA - Moje Rachunki’ adding a new parameters `order.delivery_address.name`, `order.delivery_address.phone`, `order.delivery_address.is_verified` in Chapter Shipping and payer data adding data requirements sent in the parameter `customer` for the channel PayPal - only for SPP (Seller Protection Policy)
1.71.10.1	2020-08-18	removed channel 84 ‘Volkswagen Bank direct’ adding an additional optional parameter to URLC notification: `channel_reference_id`
1.70.0.1	2020-07-27	logo change for the channel 55 (Raty z Alior Bankiem) and channel 249 (Visa SRC)
1.69.18.2	2020-06-26	changed channels logo and and provider name for 249 ‘Visa SRC’ (before: ‘Visa Checkout’)
1.69.18.1	2020-06-19	logo change for the channel: 94 (Kupuj teraz, zapłać później)
1.67.18.2	2020-04-22	removed channel 65 (Płacę z Idea Bank)
1.67.18.1	2020-04-22	adding a new parameter `order.items.category` in Chapter Shipping and payer data adding data requirements sent in the parameter `customer` for the channel Raty Alior adding additional optional parameters to URLC CONFIRMATION: `payer_bank_account_name` , `payer_bank_account` , `payer_transfer_title` , `blik_voucher_pin` , `blik_voucher_amount` , `blik_voucher_amount_used`
1.65.2.1	2020-02-11	changed channels logo and and provider name for 66 ‘Bank Nowy BFG S.A.’ (before: ‘Płacę z PBS’)
1.62.2.1	2019-11-08	remove channels 48 (BNP Paribas – Płacę z Żółty), 88 (BNP Paribas dawni Klienci Raiffeisen), 56 (eurobank - płatność online) added channel 262 (Apple Pay) logo change for the channel 90 (BNP Paribas – płacę z Pl@net) extension of the `customer` parameter by additional fields in Shipping and payer data Chapter (account_update, account_update_indicator, fraud_activity, password_change, password_change_indicator, shipping_address_since_indicator) added parameter `ap_token`
1.60.16.1	2019-09-19	removed channel 33 (Volkswagen Bank)
1.59.10.2	2019-08-12	adding a new parameter `order.id` in Chapter Shipping and payer data , adding parameter description `pid` typographic corrections
1.59.10.1	2019-07-12	logo change for the channel 51 (Płać z BOŚ) and channel 95 (PayPo)
1.58.2.1	2019-06-10	changed channels logo and and provider name for 55 ‘Raty z Alior Bankiem’ (before: ‘erata - raty z dotpay’)
1.58.0.2	2019-06-03	changed channels logo and and provider name for 93 ‘Kasa Stefczyka’ (before: ‘eSKOK’) adding a new Chapter: Security of payment integration; typographical corrections
1.58.0.1	2019-05-23	typographical corrections
1.56.14.1	2019-04-24	added new value for parameter `currency` : BGN, CHF, HRK, HUF, RUB
1.56.11.3	2019-04-10	removed channel 72 (Płacę z Orange) added parameter `gp_token`
1.56.11.2	2019-04-01	changed names and logos for channels: 32 (previously: BGŻ BNP Paribas), 48 (previously: R - Przelew), 88 (previously: Raiffeisen), 90 (previously: BGŻ BNP Paribas) added parameter `customer` and corresponding Shipping and payer data section
1.56.11.1	2019-03-28	added channel 95 (PayPo) added channel 260 (Google Pay) added current channel list in xlsx file for download changed names and logos for channels: 32 (previously: BGŻ BNP Paribas), 48 (previously: R - Przelew), 88 (previously: Raiffeisen), 90 (previously: BGŻ BNP Paribas)
1.55.8.1	2019-03-22	removed channel 31 (Zapłać w Żabce i we Freshmarket) removed channel 24 (mPay)
1.55.7.1	2019-02-15	added new value for parameter `operation_type` = payout_commission added new value for parameter `lang` = uk (Ukrainian) added new value for parameter `currency` = NOK removed alternative payment parameters names: `kwota`, `waluta`, `opis`, `kanal`, `blokuj`, `grupykanalow`, `typ`, `txtguzik`, `data_waznosci`, `forename`, `imie`, `nazwisko`, `surname`, `ulica`, `budynek`, `lokal`, `mieszkanie`, `addr2`, `miasto`, `kod`, `telefon`, `kraj`, `jezyk`
1.53.5.1	2018-12-10	typographical corrections added parameter `credit_card_unique_identifier` in URLC notifications
1.52.6.1	2018-11-13	removed channel 58 („Szybkie Płatności Internetowe z Deutsche Bank PBC”) added a regular expression for the parameter amount
1.51.0.1	2018-10-03	added parameters in URLC notifications: `credit_card_expiration_year` and `credit_card_expiration_month`
1.50.11.1	2018-09-27	added channel 59 („CinkciarzPAY”) change of channel provider name from Volkswagen Bank Polska S.A. to Volkswagen Bank GmbH
1.50.8.2	2018-09-07	logo change for the channel 6 (Przelew24) and channel 89 (BZWBK)
1.50.8.1	2018-09-05	Newly created accounts now require `chk` parameter by default changes in descriptions regarding verification of order amount and currency
1.49.11.1	2018-06-26	added values O – Postponed Payments M - Mobile Transfers (DCB) for parameter `channel_groups` (`grupykanalow`) added channel 231 (Orange) added channel 232 (T-Mobile) added channel 233 (PLAY) added channel 234 (Plus) added channel 94 (Kupuj teraz, zapłać później) added information about TLSv1.2
1.45.2.1	2018-03-30	changed name of section One-click payments to One-click and recurring payments added new parameters to the section mentioned above and included them in Redirection parameters integrity protection (`CHK`) section as well added new values for `error_code` parameter described in “Faulty redirections from the merchant’s system” section
1.44.12.2	2018-03-08	added channel 93 (eSKOK)
1.44.12.1	2018-02-20	logo change for the channel 48 (R-Przelew) and 246, 248 (Payment cards)
1.44.10	2018-02-13	added new values for parameter `currency` (`waluta`) added new values for parameter `language` (`jezyk`) added exemplary cards to TEST ENVIRONMENT chapter
1.39.2.1	2017-09-03	added channel 83 (EnveloBank) added channel 249 (Visa Checkout) changed channels logo 246 (Payment cards via Payeezy) and 248 (Payment cards)
1.38.1.1	2017-08-21	added channel 15 (iPKO)
1.37.3.3	2017-07-10	added parameter in URLC notifications: `is_completed`
1.37.3.2	2017-06-28	added Masscollect subchapter
1.37.3.1	2017-06-27	added Split payment (Multimerchant) subchapter added Multimerchant and Surcharge parameters to Redirection parameters integrity protection (`CHK`) subchapter updated Faulty redirections from the merchant’s system subchapter added parameter `ignore_last_payment_channel`
1.36.10.1	2017-06-12	logo change for the channel 36 („Pekao24Przelew”)
1.36.7.1	2017-06-01	added channel 90 (BGŻ BNP Paribas) added channel 91 (Nest Bank) added channel 92 (Bank Spółdzielczy w Brodnicy) added information about dowloading payment `channel` list for given ID
1.35.4.2	2017-04-05	added value UAH for parameter `currency` (`waluta`) added channel 88 (Raiffeisen) added channel 89 (BZWBK)
1.35.4.1	2017-03-28	removed kanału 18 (Przelew z BPH)
1.34.9.3	2017-01-26	added parameter in URLC notifications: `credit_card_registration`
1.34.9.2	2017-01-11	added regular expressions changed channels logo: 71 („MasterPass”), 246 („Payment cards via Payeezy”), 248 (Payment cards)
1.34.9.1	2017-01-02	removed channel 77 (FerBuy) removed value O – postponed payments from parameter `channel_groups` (`grupykanalow`)
1.33.4.2	2016-12-06	added channel 218 (paysafecard)
1.33.4.1	2016-11-14	removed channel 27 (BGŻ)
1.32.6.2	2016-11-07	added `credit_card_registration` parameter removed channel 63 (Płacę z IKO)
1.32.6.1	2016-09-23	added channel 84 (Volkswagen Bank direct) added channel 86 (TrustPay) added channel 87 (Credit Agricole PBL)
1.30.6.3	2016-06-22	added `deladdr` parameter
1.30.6.2	2016-06-17	typographical corrections added `bylaw`, `personal_data` parameters added `credit_card_number`, `credit_card_expiration_date_year`, `credit_card_expiration_date_month`, `credit_card_security_code` parameters new way of receiving test environment access (added registration link)
1.30.6.1	2016-06-01	typographical corrections added One-click payments section added `expiration_date` parameter added value HASH_NOT_EQUAL_CHK for parameter `error_code` described in Faulty redirections from the merchant’s system section
1.29.11.1	2016-03-21	added chapter ADDITIONAL FEATURES added subchapter Redirection parameters integrity protection (`CHK`) moved subchapter Faulty redirections from the merchant’s system to chapter ADDITIONAL FEATURES
1.29.8.1	2016-02-26	added parameter `channel_groups` added information about HTTPS verify and SSL certificate verify in II. RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION) chapter added channel 82 (Przelew SEPA) added channel 248 (Payment cards) removed channel 64 (PeoPay)
1.28.5.2	2016-01-07	added parameter `blik_code` added chapter ATTACHMENT II - OPERATION STATUSES DESCRIPTION
1.28.5.1	2015-12-31	removed channel 79 (Open Pay)
1.27.0.1	2015-11-10	removed channel 25 (Plus Bank)
1.25.7.1	2015-10-30	removed channel 49 (MeritumBank)
1.25.3.1	2015-10-22	removed channel 22 (Ukash) removed channel 43 (Bank Spółdzielczy we Wschowie) removed channel 62 (DNB Nord)
1.25.1.1	2015-10-19	change of the main payment site (from https://ssl.dotpay.pl to https://ssl.dotpay.pl/t2/) removed channel 3 (MultiTransfer)
1.24.9.1	2015-10-12	added channel 81 (Idea Cloud)
1.23.13.3	2015-09-24	typographical corrections
1.23.13.2	2015-08-20	removed channel 69 (V.me)
1.23.13.1	2015-08-12	added channel 79 (Open Pay) added channel 80 (Noble Pay) removed channel 15 (iPKO)
1.23.9.2	2015-07-30	removal of UNKNOWN_ACCOUNT value of `error_code` parameter described in FAULTY REDIRECTIONS FROM THE MERCHANT’S SYSTEM chapter
1.23.9.1	2015-07-20	added channel 77 (FerBuy)
1.22.9.1	2015-06-01	added channel 74 (Banki Spółdzielcze) added channel 75 (Płacę z Plus Bank) added channel 76 (Getin Bank PBL) removed channel 17 (Płacę z iPKONET) removed channel 57 (Getin Bank) added parameters `operation_withdrawal_amount`, `operation_commission_amount`, `channel_country`, `geoip_country` in URLC notifications
1.20.9.2	2015-02-09	added channel 73 (BLIK)
1.20.9.1	2015-01-14	removed channel 245 (MasterCard Mobile) added chapter CHANGE LOG.
1.19.15.2	2014-12-12	added channel 72 (Płacę z Orange)
1.19.15.1	2014-12-08	added channel 71 (MasterPass)
1.18.5.4	2014-11-04	added channel 69 (V.me)
1.18.5.3	2014-11-19	removed channels 14 (KB24) and 61 (Bank Pocztowy)
1.18.5.2	2014-10-28	added channels 66 (Płacę z PBS ) and 70 (Pocztowy24) renamed channel 17 (from Płać z Nordea to Płacę z IPKOnet) added https://ssl.dotpay.pl/test_seller/ address to TEST ENVIRONMENT chapter

1. RECEIVING PAYMENTS¶

1.1. Basic version¶

1.1.1. Example forms of payments / donations¶

1.2. Advanced version¶

1.2.1. Diagram 1. Example of the payment process in the following diagram and description:¶

1.2.2. Table 1. (Basic parameters)¶

1.2.3. Table 2. (Additional parameters)¶

2. RECEIVING PAYMENT CONFIRMATION (URLC CONFIRMATION)¶

2.1. Table 3. (Parameters sent by Dotpay back to merchant’s system)¶

2.2. An example of calculating the signature parameter¶

3. ADDITIONAL FEATURES¶

3.1. Redirection parameters integrity protection (CHK)¶

3.1.1. Basic Example¶

3.1.2. Full Example¶

3.2. One-click and recurring payments¶

3.2.1. Table 4. (Parameters for card registration)¶

3.2.2. Table 5. (Parameters for consecutive payments with previously registered card)¶

3.2.3. Table 6. (Common parameters for both first and consecutive payments)¶

3.2.4. Exemplary integration models and their corresponding requirements)¶

3.2.4.1. Integration model: 1 click¶

3.2.4.2. Integration model: recurring¶

3.2.4.3. Mixed integration model: 1 click + recurring¶

3.2.5. Table 11. (Parameters for credit card data)¶

3.3. Split payment (Multimerchant)¶

3.4. Masscollect¶

3.4.1. Table 12. (Additional parameters used in the Masscollect service)¶

3.5. Shipping and payer data¶

3.5.1. Table 13. (Data handled by customer parameter)¶

3.5.2. Values used for indicator field replacement for selected fields:¶

3.5.3. Dictionary of article categories for the parameter order.items.category¶

3.5.4. Data required in customer parameter for PayPo channel¶

3.5.5. Data required in customer parameter for Raty Alior channel¶

3.5.6. Data required in customer parameter for PayPal channel (only with PayPal SPP)¶

3.6. Faulty redirections from the merchant’s system¶

4. TEST ENVIRONMENT¶

4.1. Table 14. (List of sample card numbers that can be used in the process of testing card payments)¶

5. ADDITIONAL INFORMATION¶

5.1. Verification of the IP address¶

5.2. Security of payment integration¶

5.2.1. Redirecting customer from shop to Dotpay¶

5.2.2. Receiving confirmation of the posted payment in Dotpay¶

6. ATTACHMENT I - PAYMENT CHANNELS¶

6.1. Table 15. (Payment channels available in Dotpay system)¶

6.1.1. PAYMENT CARDS¶

6.1.2. FAST TRANSFERS¶

6.1.3. TRANSFERS¶

6.1.4. CASH¶

6.1.5. PURSES AND VOUCHERS¶

6.1.6. INSTALLMENTS¶

6.1.7. OTHERS¶

6.1.8. POSTPONED PAYMENTS¶

6.1.9. MOBILE TRANSFERS - Direct Carrier Billing type¶

6.2. Payment Channel List - available for download¶

7. ATTACHMENT II - OPERATION STATUSES DESCRIPTION¶

7.1. Table 16. (Operation statuses created in the Dotpay system)¶

8. CHANGELOG¶

3.5.1. Table 13. (Data handled by `customer` parameter)¶

3.5.3. Dictionary of article categories for the parameter `order.items.category`¶

3.5.4. Data required in `customer` parameter for PayPo channel¶

3.5.5. Data required in `customer` parameter for Raty Alior channel¶

3.5.6. Data required in `customer` parameter for PayPal channel (only with PayPal SPP)¶