API Reference

Here you can find merchant-Paytiko interaction API details for ACV flow

Authorization Webhook

{
  ,
  "AccountId": "1300622440",
  "AccountDetails": {
    "MerchantId": 4,
    "CreatedDate": "2022-11-17T16:19:50.5808343+00:00",
    "FirstName": "John",
    "LastName": "Doe",
    "Email": "john@doe.lk",
    "Currency": "USD",
    "Country": "UA",
    "Dob": "1990-12-16T00:00:00+00:00",
    "City": "Kharkiv",
    "ZipCode": "61121",
    "Region": "Kharkiv",
    "Street": "130Kharkiv"
  },
  "MerchantOrderId": "49d2bd9c-0501-4246-967d-1d8c1f128bb7",
  "TransactionType": "PayIn",
  "TransactionStatus": "Authorized",
  "Amount": 17,
  "Currency": "USD",
  "TransactionId": 474144,
  
  "PaymentProcessor": "Checkout Payment",
  "DeclineReasonText": null,
  "CardType": "Visa",
  "LastCcDigits": "0002",
  "CascadingInfo": {
    "SessionId": "8a731a87-c6f9-448d-b71b-e542147590c8",
    "AttemptsVector": [
      {
        "PaymentSystem": "PayTabs",
        "PaymentProcessorId": 60370,
        "PaymentProcessorKey": "a7888913-f27c-443f-b9b8-7a3857313af8",
        "DeclineReason": "3DSecure authentication rejected",
        "ExternalTransactionId": "63815763893440274602",
        "InternalPspId": "TST2308901545003",
        "TransactionId": 474143,
        "Date": "2023-03-30T09:04:53.6573129+00:00",
        "Status": "Rejected"
      },
      {
        "PaymentSystem": "CheckoutPayment",
        "PaymentProcessorId": 40201,
        "PaymentProcessorKey": "3d6cd334-743e-4ed0-9094-a059fa3a548d",
        "DeclineReason": null,
        "ExternalTransactionId": "63815763901668608403",
        "InternalPspId": "pay_cpinktpiguzene5qjc4gjzo4ki",
        "TransactionId": 474144,
        "Date": "2023-03-30T09:05:01.6694882+00:00",
        "Status": "Authorized"
      }
    ]
  },
  "IssueDate": "2023-03-30T09:05:13.4049459Z",
  
  "AuthData": {
    /* This data contract is specific for each payment gateway */
  },
  "Signature": "c1129e62c55dd93ba58a05d78cbe61381d9cccb6fdd2e25ecd688d1e748caa8b"
}

Signature generated as:

$signature = SHA256(`${orderId};${MERCHANT_SECRET_KEY_ISSUED_BY_PAYTIKO}`)

AuthDatacontract is gateway-specific.

Schema samples for your particular gateway you can find here.

Real client's IP from which payment was initiated you can take from ClientIP field.

Authorized Transaction Validation

POST {WEBHOOK_RECEIVER_URL_ISSUED_BY_PAYTIKO}/validate-transaction

This endpoint used to perform authorized transaction validation from merchant's side.

Headers

Name	Type	Description
X-Merchant-Secret*	String	{MERCHANT_SECRET_KEY_ISSUED_BY_PAYTIKO}

Request Body

Name	Type	Description
transactionId*	String	Authorized transaction identifier, taken from ExternalTransactionId of our authorization webhook payload.
validationStatus*	String	[ Capture, Void ]
signature*	String	Request signature. $signature = SHA256(`${orderId};${MERCHANT_SECRET_KEY_ISSUED_BY_PAYTIKO}`)

202: Accepted Validation request accepted to proceed.

400: Bad Request Error message can be found at $.errorMessage of response JSON.