1.1.5. Transfer V4¶

Transfer V4 Integration Data
- Transfer V4 URL

Transfer V4 Integration Data ¶

Transfer V4 URL ¶

The End point ID is an entry point for incoming Merchant’s transactions and is the only MoneyNetint object which is exposed via API.

Deposit to card transactions are initiated through HTTPS POST request by using URL in the following format:
https://pne-gate.moneynetint.com/paynet/api/v4/transfer/ENDPOINTID – to use v4 transfer.
https://pne-gate.moneynetint.com/paynet/api/v4/transfer-form/ENDPOINTID – to use v4 transfer-form.
for integration purposes use staging environment pne-sandbox.moneynetint.com instead of production pne-gate.moneynetint.com

3D redirect ¶

If your gate supports 3D Secure you need to send status request and process html return parameter to send customer to 3D Secure Authorisation. The simplified schema looks like:

Customer -> Merchant: Initiate transaction
activate Merchant

Merchant -> "MoneyNetint": transfer-by-ref
activate "MoneyNetint"
"MoneyNetint" --> Merchant: async-response
Merchant -> "MoneyNetint": status
"MoneyNetint" --> Merchant: html
deactivate "MoneyNetint"
Merchant --> Customer: urldecode(html)
deactivate Merchant

Sender card data ¶

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in MoneyNetint.

Money transfer request parameter	Length/Type	Comment
credit_card_number	19/Numeric	Sender: customer credit card number.
cvv2	3-4/String	Sender: the customer’s CVV2 code. CVV2 (Card Verification Value) is the three of four digit number farthest to the right on the flip side of a credit card.
expire_month	2/String	Sender: the credit card’s month of expiration.
expire_year	2-4/String	Sender: the credit card’s year of expiration
card_printed_name	128/String	Sender: card printed name.
card_recurring_payment_id	Long	Sender: recurring payment id.

Receiver card data ¶

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in MoneyNetint.

Money transfer request parameter	Length/Type	Comment
destination-card-no	19/Numberic	Receiver: card PAN.
destination_card_recurring_payment_id	Long	Receiver: recurring payment id.

Sender customer data ¶

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in MoneyNetint.

Money transfer request parameter	Length/Type	Comment
sender_first_name	128/String	Sender: customer’s first name.
sender_last_name	128/String	Sender: customer’s last name.
sender_middle_name	128/String	Sender: customer’s middle name/patronym.
sender_ssn	11/String	Sender: the Social Security number is a nine-digit number in the format AAA-GG-SSSS. The last four digits of the customer’s social security number.
sender_birth_place	128/String	Sender: birth place.
sender_birthday	30/String	Sender: customer’s birthday.
sender_address1	256/String	Sender: customer’s address.
sender_city	128/String	Sender: customer’s city.
sender_state	4/String	Sender: the customer’s US states (two letter abbreviation). Not applicable outside the US.
sender_zip_code	32/String	Sender: zip code
sender_citizenship	128/String	Sender: citizenship, гражданство.
sender_country_code	3/String	Sender: the customer’s country(two letter abbreviation)
sender_phone	128/String	Sender: the customer’s full international phone number, including country suffix.
sender_cell_phone	128/String	Sender: the customer’s full international cell phone number, including country suffix.
sender_email	128/String	Sender: the customer’s email address.
sender_resident	Boolean	Sender: resident, является ли резидентом.
sender_identity_document_id	128/String	Sender: identity document name, идентификатор ДУДЛ.
sender_identity_document_series	12/String	Sender: identity document series, серия ДУДЛ.
sender_identity_document_number	16/String	Sender: identity document number, номер ДУДЛ.
sender_identity_document_issuer_name	128/String	Sender: identity document issuer, кем выдан ДУДЛ.
sender_identity_document_issuer_department_code	32/String	Sender: identity document issuer department code, код подразделения.
sender_identity_document_issue_date	Date	Sender: identity document issue date, дата выдачи ДУДЛ.

Receiver customer data ¶

Parameters below can be mandatory for specific integrations. For more information, please contact your manager in MoneyNetint.

Money transfer request parameter	Length/Type	Comment
receiver_first_name	128/String	Receiver: customer’s first name.
receiver_last_name	128/String	Receiver: customer’s last name.
receiver_middle_name	128/String	Receiver: customer’s middle name/patronym.
receiver_birth_place	11/String	Receiver: birth place, место рождения.
receiver_birthday	128/String	Receiver: customer’s birthday.
receiver_address1	256/String	Receiver: customer’s address.
receiver_city	128/String	Receiver: customer’s city.
receiver_zip_code	32/String	Receiver: zip code
receiver_region	30/String	Receiver: region
receiver_area	50/String	Receiver: area.
receiver_citizenship	128/String	Receiver: citizenship, гражданство.
receiver_country_code	3/String	Receiver: the customer’s country(two letter abbreviation)
receiver_phone	128/String	Receiver: the customer’s full international phone number, including country suffix.
receiver_resident	Boolean	Receiver: resident, является ли резидентом.
receiver_identity_document_id	128/String	Receiver: identity document name, идентификатор ДУДЛ.
receiver_identity_document_series	12/String	Receiver: identity document series, серия ДУДЛ.
receiver_identity_document_number	16/String	Receiver: identity document number, номер ДУДЛ.
receiver_identity_document_issuer_name	128/String	Receiver: identity document issuer, кем выдан ДУДЛ.
receiver_identity_document_issuer_department_code	32/String	Receiver: identity document issuer department code, код подразделения.
receiver_identity_document_issue_date	Date	Receiver: identity document issue date, дата выдачи ДУДЛ.

Sender anti-fraud data ¶

Money transfer request parameter	Length/Type	Comment
customer_user_agent	512/String	Customer User Agent Info
customer_localtime	128/String	Customer Localtime
customer_screen_size	32/String	Customer Screen Size.
customer_accept_language	128/String	Customer browser accept language
customer_accept	128/String	Customer Browser Accept Header
ipaddress	7-45/String	The customer’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101

Transfer Response ¶

Transfer response parameter	Description
type	The type of response. May be async-response, validation-error, error. If type equals validation-error or error, error-message and error-code parameters contain error details.
paynet-order-id	Order id assigned to the order by MoneyNetint
merchant-order-id	Merchant order id
serial-number	Unique number assigned by MoneyNetint server to particular request from the Merchant.
error-message	If status is error this parameter contains the reason for decline or error details
error-code	The error code is case of error status
end-point-id	Endpoint id used for the transaction

Mandatory fields ¶

Parameter name	Description
ipaddress	The customer’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101
client_orderid	Customer order ID.
currency	Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar EUR for European Euro.
amount	Amount to be transfered. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents
redirect_url	URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration(non-form) deposit2card.
order_desc	Order description

Parameters, which will define the type of transaction are listed below.

Transfer v4 fill rules ¶

Transaction type	Parameters to send
PAN —> PAN	cvv2,expire_month,expire_year,card_printed_name,credit_card_number,destination-card-no + mandatory fields
PAN —> RPI	cvv2,expire_month,expire_year,card_printed_name,credit_card_number,destination_card_recurring_payment_id + mandatory fields
RPI —> PAN	card_recurring_payment_id, expire_month,expire_year,card_printed_name, destination-card-no + mandatory fields
RPI —> RPI	card_recurring_payment_id, expire_month,expire_year,card_printed_name, destination_card_recurring_payment_id + mandatory fields
0 —> PAN (deposit2card)	destination-card-no, deposit2card = true + mandatory fields
0 —> RPI (deposit2card)	destination_card_recurring_payment_id, deposit2card = true + mandatory fields

Transfer-form v4 fill rules ¶

Transaction type	Parameters to send
form —> PAN	destination-card-no + mandatory fields
form —> RPI	destination_card_recurring_payment_id + mandatory fields
PAN —> form	credit_card_number, cvv2,expire_month,expire_year,card_printed_name + mandatory fields
RPI —> form	card_recurring_payment_id, cvv2,expire_month,expire_year,card_printed_name, + mandatory fields
form —> form	mandatory fields
0 —> form(deposit2card)	deposit2card = true + mandatory fields

In case of transfer-form transaction, you will receive a response with redirect_url, which contains URL of the form to fill in the remaining parameters.

Transfer Request V4 debug ¶

To reproduce your API call, input all of the data from your original request, including the authentication tokens. Don’t forget to set the nonce and timestamp to the values you used. An OAuth signed URL should match regardless of the generating library. If the signatures differ, you know there is a bug in your OAuth signature code. Due to current PCI DSS restrictions only OAuth 1.0a RSA-SHA256 signature is allowed. Other signature methods are restricted. So to send command to the server your request should be: sent as POST, contains OAuth 1.0a headers, signed with RSA-SHA256.

Generate Public and Private key pair

You need only private and public key to authorize your transaction. To generate it please got to https://www.openssl.org/ download latest version of openssl and run following commands:

openssl genpkey -algorithm RSA -out private_key_pkcs_8.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -pubout -in private_key_pkcs_8.pem -out public_key.pem

Share your Private key with no one, you should be the only person to know it. Your Public key, on the contrary, should be sent to your manager, so he can register it in the system. Use different keys for production and for testing purposes to avoid its comprometation.

Private key

For using this demo you need private key in PKCS#1 container. The format of the key should be PKCS#1 PEM text formatted and unencrypted RSA private key. To get it use the following command

openssl rsa -in private_key_pkcs_8.pem -out private_key_pkcs_1.pem

As a result you will get a key starting with -----BEGIN RSA PRIVATE KEY-----. For production purposes you can use key in any format supported by your software. This demo supports key length up to 4096. Insert your RSA Private key for sandbox environment below.

Debug form

URL		input URL(use /v4/transfer-form/ENDPOINTID for transfer-form)
endpointid or endpointgroupid		input your ENDPOINTID or ENDPOINTGROUPID
login		your login should be used as Consumer Public for OAuth
destination-card-no		enter the beginning of the sequence, and then "i".
credit_card_number		enter the beginning of the sequence, and then "i".
destination_card_recurring_payment_id		use either RPI or card number, not both
card_recurring_payment_id		use either RPI or card number, not both
amount
currency
cvv2
card_printed_name
expire_month
expire_year
ipaddress
order_desc
redirect_url
client_orderid
merchant_form_data
deposit2card		boolean used only to determine if transaction type is deposit2card

Normalized parameters string to sign, according to OAuth 1.0a rules

POST body parameters to submit

OAuth 1.0a headers to submit.

HEX Encoded Signature

^{* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.}

Base64 Encoded Signature

^{* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.}

Order status V4 debug ¶

To reproduce your API call, input all of the data from your original request, including the authentication tokens. Don’t forget to set the nonce and timestamp to the values you used. An OAuth signed URL should match regardless of the generating library. If the signatures differ, you know there is a bug in your OAuth signature code. Due to current PCI DSS restrictions only OAuth 1.0a RSA-SHA256 signature is allowed. Other signature methods are restricted. So to send command to the server your request should be: sent as POST, contains OAuth 1.0a headers, signed with RSA-SHA256.

Generate Public and Private key pair

You need only private and public key to authorize your transaction. To generate it please got to https://www.openssl.org/ download latest version of openssl and run following commands:

openssl genpkey -algorithm RSA -out private_key_pkcs_8.pem -pkeyopt rsa_keygen_bits:4096
openssl rsa -pubout -in private_key_pkcs_8.pem -out public_key.pem

Share your Private key with no one, you should be the only person to know it. Your Public key, on the contrary, should be sent to your manager, so he can register it in the system. Use different keys for production and for testing purposes to avoid its comprometation.

Private key

For using this demo you need private key in PKCS#1 container. The format of the key should be PKCS#1 PEM text formatted and unencrypted RSA private key. To get it use the following command

openssl rsa -in private_key_pkcs_8.pem -out private_key_pkcs_1.pem

As a result you will get a key starting with -----BEGIN RSA PRIVATE KEY-----. For production purposes you can use key in any format supported by your software. This demo supports key length up to 4096. Insert your RSA Private key for sandbox environment below.

Order status form

URL		input URL
endpointid or groupid		input your ENDPOINTID or ENDPOINTGROUPID
login
client_orderid		input your Invoice Number
order_id
by-request-sn

Normalized parameters string to sign, according to OAuth 1.0a rules

POST body parameters to submit

OAuth 1.0a headers to submit.

HEX Encoded Signature

^{* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.}

Base64 Encoded Signature

^{* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.}

Payment Form Template Sample ¶

<html>
<head>
    <script type="text/javascript">
    function isCCValid(r){var n=r.length;if(n>19||13>n)return!1;
        for(i=0,s=0,m=1,l=n;i<l;i++)d=parseInt(r.substring(l-i-1,l-i),10)*m,s+=d>=10?d%10+1:d,1==m?m++:m--;
        return s%10==0?!0:!1}
    </script>
</head>
<body>
<h3>Order #$!MERCHANT_ORDER_ID - $!ORDERDESCRIPTION</h3>
<h3>Total amount: $!AMOUNT $!CURRENCY to $!MERCHANT</h3>

<form action="${ACTION}" method="post">
    <div>Destination card number: <input id="cardnumber" name="${CARDNO}" type="text" maxlength="19" autocomplete="off"/></div>

    $!{INTERNAL_SECTION}
    #if($!card_error)
    <div style="color: red;">$!card_error</div>
    #end
    <input name="submit" onclick="return isCCValid(document.getElementById('cardnumber').value);" type="submit" value="Pay"/>
</form>
</body>
</html>

Quick search

1.1.5. Transfer V4¶

Generate Public and Private key pair

Private key

Debug form

Generate Public and Private key pair

Private key

Order status form