New payment V4 S2S (server-to-server)
Maksuturva's payment API can be called in two ways:
Preferred: payment parameters are sent as a server-to-server request, authenticated with HTTP Basic Auth
Deprecated: payment parameters are sent via payer's browser as a form submission and authenticated with a hash
This document describes the preferred server-to-server request.
General documentation related to payment API can be found here:
Payment process with S2S API
A new payment request (NewPaymentExtended.pmt, HTTP FORM POST) is sent by the webstore software (with no payer browser intervention).
The server-to-server request is authenticated by using standard Basic Authentication Header.
Use merchant's seller_id as the username and secret key as the password for Basic Auth Header.
Do not calculate hash! That is, leave out parameters
pmt_hashversion. They are obsolete and totally ignored in new payment requests using Basic Authentication and can be omitted.
The response is in XML document with root element "pmt".
These values are usually the same as in the request:
pmt_version, pmt_id, pmt_reference, pmt_amount, pmt_currency
This is the address where the payer can be redirected instantly to continue the payment process
or this address could be used as "payment link" that is sent to the payer for example by email
or this link can be shown somewhere in the webstore.
Payer is redirected to the
When the payer returns to the webstore after payment, use Payment Status Query to validate the payment since the return message won't be hash validated as we cannot calculate the hash without the
New payment request: http://docs.maksuturva.fi/en/html/pages/3_3_payment.html
Server-to-server requests are sent to address
All server-to-server requests use UTF-8 charset.