Check Payment Status
Example
Request
URL
POSThttps://api-merchant.alikassa.io/v1/payment/status📋
Headers:
Content-Type:application/jsonAccount: Your account UUID (available at: Project Accounts)Sign: Request signature
Go to API Certificates Settings and generate an "API certificate for payments". Save and unzip the archive:
password.txtprivate.pempublic.pem
We only store public.pem to verify signatures.
Wrap all POST data in JSON (in the same order) and sign it:
$data = json_encode($data);
$privateKey = openssl_pkey_get_private(
file_get_contents('private.pem'),
file_get_contents('password.txt')
);
if ($privateKey === false) {
throw new \Exception('Error cert.');
}
openssl_sign($data, $sign, $privateKey);
$sign = base64_encode($sign);
import { readFileSync } from 'fs';
import { createSign } from 'crypto';
const dataStr = JSON.stringify(data);
const privateKeyPem = readFileSync('private.pem', 'utf8');
const passphrase = readFileSync('password.txt', 'utf8').trim();
const signer = createSign('SHA1');
signer.update(dataStr);
signer.end();
const sign = signer.sign({ key: privateKeyPem, passphrase }, 'base64');
import json, base64
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding
data_bytes = json.dumps(data).encode('utf-8')
with open('password.txt','rb') as f:
password = f.read().strip()
with open('private.pem','rb') as f:
private_key = serialization.load_pem_private_key(f.read(), password=password)
signature = private_key.sign(data_bytes, padding.PKCS1v15(), hashes.SHA1())
sign = base64.b64encode(signature).decode('utf-8')
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Signature;
import java.util.Base64;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
byte[] dataBytes = new ObjectMapper().writeValueAsBytes(data);
char[] pass = Files.readString(Paths.get("password.txt")).toCharArray();
PEMParser parser = new PEMParser(Files.newBufferedReader(Paths.get("private.pem")));
PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) parser.readObject();
PrivateKey privateKey = new JcaPEMKeyConverter()
.getKeyPair(ckp.decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(pass)))
.getPrivate();
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initSign(privateKey);
sig.update(dataBytes);
String sign = Base64.getEncoder().encodeToString(sig.sign());
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha1"
"crypto/x509"
"encoding/base64"
"encoding/json"
"encoding/pem"
"io/ioutil"
)
dataBytes, _ := json.Marshal(data)
pemBytes, _ := ioutil.ReadFile("private.pem")
passBytes, _ := ioutil.ReadFile("password.txt")
block, _ := pem.Decode(pemBytes)
der, _ := x509.DecryptPEMBlock(block, passBytes)
priv, _ := x509.ParsePKCS1PrivateKey(der)
hash := sha1.Sum(dataBytes)
sigBytes, _ := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA1, hash[:])
sign := base64.StdEncoding.EncodeToString(sigBytes)
Send the $sign value in the Sign header.
Required Fields
Required Parameter
You must pass order_id or id.
| Name | Type | Description |
|---|---|---|
order_id | string (128) | Your ID specified during creation |
id | string (128) | AliKassa payment ID |
Response
| Name | Description |
|---|---|
url | Link to payment |
antiFraud | Anti-fraud check result |
payment_status | Payment status |
id | AliKassa payment ID |
order_id | Your order ID |
amount | Amount requested |
payment_amount | Actual paid amount |
is_partial_payment | Whether partial payment or not |
hold_amount | Hold amount |
hold_at | Date/time of hold release |
account_payment_amount | Amount credited to account |
commission_amount | Commission amount |
currency | Currency code (ISO 4217) |
service_code | Service code used |
account_old_balance | Balance before transaction |
account_new_balance | Balance after transaction |
crypto_network | Crypto network (if applicable) |
crypto_txid | Crypto transaction hash/ID |
customer_phone | Customer phone number |
customer_card_number | Customer card number (masked) |
payment_error_message | Error message if failed |
card_number | Full card number (if provided) |
card_holder_name | Card holder full name |
bank | Bank name |
bik_bank | Bank BIK |
Payment Status Values:
wait— in the process of paymentpaid— successfully paid (final status)cancel— canceled (final status)fail— error (final status)
Success Response (HTTP 200):
{
"url": "https://redirectlinkpay.com/293259c3-688b-33c1-a832-d77e1cd82f45",
"antiFraud": false,
"payment_status": "paid",
"id": 112412553,
"order_id": "1756900030",
"amount": "10.000000000",
"payment_amount": "10.000000000",
"is_partial_payment": false,
"hold_amount": "",
"hold_at": null,
"account_payment_amount": "9.000000000",
"commission_amount": "1.000000000",
"currency": "EUR",
"service_code": "payment_card_eur_card",
"account_old_balance": "16.00000000",
"account_new_balance": "25.00000000",
"crypto_network": null,
"crypto_txid": null,
"customer_phone": null,
"customer_card_number": null,
"payment_error_message": null,
"card_number": null,
"card_holder_name": null,
"bank": null,
"bik_bank": null
}
Error Response (HTTP 400):
{
"message": "The given data was invalid.",
"errors": {
...
}
}
*The payment with the specified ID/order_id was not found.
Please contact support and provide the request and response logs from the payment creation to investigate the issue.*
{
"message": "Payment not found",
}
500 Server Error — Unexpected server-side error.
An internal error occurred while processing your request. The payment status cannot be determined. If you receive this error, please contact support with the request and response logs to clarify the cause and status.
{
"message": "Internal server error"
}
Notifications
Notification Setup
If you passed notification_endpoint_id, then you will receive a notification about the change in payment status
Example Code
Unzip the downloaded archive into the folder "path to script/cert/payment/"
function requestPayment(string $method, string $account, array $data)
{
$data = json_encode($data);
$privateKey = openssl_pkey_get_private(
file_get_contents(__DIR__ . '/cert/payment/private.pem'),
file_get_contents(__DIR__ . '/cert/payment/password.txt')
);
if ($privateKey === false) {
throw new \Exception('Error cert.');
}
openssl_sign($data, $sign, $privateKey);
$sign = base64_encode($sign);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api-merchant.alikassa.io/' . $method);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'Account: ' . $account,
'Sign: ' . $sign,
]);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'AliKassa2.0 API');
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$response = curl_exec($ch);
return json_decode($response, true);
}
$payment = requestPayment('v1/payment/status', '93d5df06-996c-48c3-9847-348d6b580b80', [
'id' => '100000536',
]);
var_dump($payment);
import { readFileSync } from 'fs';
import { createSign } from 'crypto';
import https from 'https';
async function requestPayment(method, account, data) {
const dataStr = JSON.stringify(data);
const privateKeyPem = readFileSync('cert/payment/private.pem', 'utf8');
const passphrase = readFileSync('cert/payment/password.txt', 'utf8').trim();
const signer = createSign('SHA1');
signer.update(dataStr);
signer.end();
const sign = signer.sign({ key: privateKeyPem, passphrase }, 'base64');
const options = {
hostname: 'api-merchant.alikassa.io',
path: `/${method}`,
method: 'POST',
headers: {
'Content-Type': 'application/json',
Account: account,
Sign: sign,
'User-Agent': 'AliKassa2.0 API',
},
timeout: 30000,
};
return new Promise((resolve, reject) => {
const req = https.request(options, (res) => {
let body = '';
res.on('data', (chunk) => (body += chunk));
res.on('end', () => resolve(JSON.parse(body)));
});
req.on('error', reject);
req.write(dataStr);
req.end();
});
}
(async () => {
const payment = await requestPayment(
'v1/payment/status',
'93d5df06-996c-48c3-9847-348d6b580b80',
{
id: '100000536',
}
);
console.log(payment);
})();
import json
import base64
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding
import requests
def request_payment(method: str, account: str, data: dict):
data_bytes = json.dumps(data).encode('utf-8')
with open('cert/payment/password.txt', 'rb') as f:
password = f.read().strip()
with open('cert/payment/private.pem', 'rb') as f:
private_key = serialization.load_pem_private_key(f.read(), password=password)
signature = private_key.sign(data_bytes, padding.PKCS1v15(), hashes.SHA1())
sign = base64.b64encode(signature).decode('utf-8')
headers = {
'Content-Type': 'application/json',
'Account': account,
'Sign': sign,
'User-Agent': 'AliKassa2.0 API',
}
resp = requests.post(f'https://api-merchant.alikassa.io/{method}', data=data_bytes, headers=headers, timeout=30)
return resp.json()
payment = request_payment('v1/payment/status', '93d5df06-996c-48c3-9847-348d6b580b80', {
'id': '100000536',
})
print(payment)
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Signature;
import java.util.Base64;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import java.io.FileReader;
public class Example {
public static void main(String[] args) throws Exception {
ObjectMapper mapper = new ObjectMapper();
var data = Map.of("id", "100000536");
String dataStr = mapper.writeValueAsString(data);
char[] pass = Files.readString(Paths.get("cert/payment/password.txt")).toCharArray();
PEMParser parser = new PEMParser(new FileReader("cert/payment/private.pem"));
PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) parser.readObject();
var kp = new JcaPEMKeyConverter().getKeyPair(
ckp.decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(pass))
);
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initSign(kp.getPrivate());
sig.update(dataStr.getBytes(StandardCharsets.UTF_8));
String sign = Base64.getEncoder().encodeToString(sig.sign());
HttpRequest request = HttpRequest.newBuilder()
.uri(java.net.URI.create("https://api-merchant.alikassa.io/v1/payment/status"))
.header("Content-Type", "application/json")
.header("Account", "93d5df06-996c-48c3-9847-348d6b580b80")
.header("Sign", sign)
.header("User-Agent", "AliKassa2.0 API")
.POST(HttpRequest.BodyPublishers.ofString(dataStr))
.build();
var client = HttpClient.newHttpClient();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(mapper.readValue(response.body(), Object.class));
}
}
package main
import (
"bytes"
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha1"
"crypto/x509"
"encoding/base64"
"encoding/json"
"encoding/pem"
"io/ioutil"
"net/http"
"time"
)
func signData(data interface{}) string {
dataBytes, _ := json.Marshal(data)
pemBytes, _ := ioutil.ReadFile("cert/payment/private.pem")
passBytes, _ := ioutil.ReadFile("cert/payment/password.txt")
block, _ := pem.Decode(pemBytes)
der, _ := x509.DecryptPEMBlock(block, passBytes)
priv, _ := x509.ParsePKCS1PrivateKey(der)
hash := sha1.Sum(dataBytes)
sigBytes, _ := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA1, hash[:])
return base64.StdEncoding.EncodeToString(sigBytes)
}
func requestPayment(method, account string, data interface{}) (map[string]interface{}, error) {
sign := signData(data)
dataBytes, _ := json.Marshal(data)
req, _ := http.NewRequest("POST", "https://api-merchant.alikassa.io/"+method, bytes.NewReader(dataBytes))
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Account", account)
req.Header.Set("Sign", sign)
req.Header.Set("User-Agent", "AliKassa2.0 API")
client := &http.Client{Timeout: 30 * time.Second}
resp, _ := client.Do(req)
defer resp.Body.Close()
var result map[string]interface{}
json.NewDecoder(resp.Body).Decode(&result)
return result, nil
}
func main() {
payment, _ := requestPayment("v1/payment/status", "93d5df06-996c-48c3-9847-348d6b580b80", map[string]interface{}{
"id": "100000536",
})
fmt.Println(payment)
}