Merchant Transfers API v1 documentation

Last update: May 9th, 2016

Summary

Introduction
Prerequisites
Authentication
Web Service Endpoints

List merchant transfers

1. Introduction

The Transfers API offers the functionality of retrieving information about merchant transfers. Data about transfers of marketplace merchant accounts can also be retrieved.
The API is organized around REST. It has resource-oriented URLs and uses HTTP response codes to indicate API errors. JSON is returned by all API responses, including errors.

2. Prerequisites

You should confirm with PayU that all necessary settings and configurations are correct on your merchant account and terminal.

3. Authentication

Authentication is done by sending two mandatory parameters in the query string:

merchant = Your Merchant Vendor Code, available in Control Panel (Account Management / Account Settings)
signature = A signature hash string computed as described here

Signature calculation

For security reason, each HTTP request must carry a unique signature. The signature is calculated using data from all parameters sent in the HTTP request (except "signature"), the Merchant's secret key and the HMAC method with SHA256 algorithm to encrypt data.

For example, let's consider that a Merchant (CC12 with secret key SECRET_KEY) sends the HTTP request to the API containing the following parameters and values:

            'merchant'        => 'CC12'
            'timestamp'       => '1462868405'
            'signature'       => '681437c94c00c51f5f4ac590ffc692dd7ca748084024ab709073deca704a49d0'
            'startDate'       => '2016-05-10'
            'merchantCodes[]' => 'CC12'

Step 1: Sort the parameters sent in the HTTP request alphabetically by parameter name. Exclude "signature" and "timestamp" parameters from the sorting.

NOTE Parameters should be sorted by their name (key), NOT their values.

Using the example, this is the order of significant parameters after the sort:

            'merchant'        => 'CC12'
            'merchantCodes[]' => 'CC12'
            'startDate'       => '2016-05-10'

Step 2: Compose the source string by concatenating the values of each request parameter sorted above, and append the value of the "timestamp" parameter at the end.

Now, based on this, the entire source string for the values of the sorted parameters at Step 1 will be:

CC12CC122016-05-101462867010

Step 3: Calculate the signature using HMAC with SHA256 as a hashing algorithm applied to the source string

For the calculated source string, the signature value will be:

            681437c94c00c51f5f4ac590ffc692dd7ca748084024ab709073deca704a49d0

Step 4: Add the calculated signature value to the HTTP request before sending it to PayU

See Authentication for more information on how to send authentication credentials

Example request:

                https://secure.payu.ro/api/merchants/v1/transfers?timestamp=1462868405&merchant=CC12&merchantCodes[]=CC12&startDate=2016-05-10&signature=681437c94c00c51f5f4ac590ffc692dd7ca748084024ab709073deca704a49d0

4. Web Service Endpoints

The Merchant Transfers Web Service is a REST-ful API.

List merchant transfers

Description:: Get a list of transfers for the requested merchant.
Also return transfers of the marketplace merchants linked to the primary merchant, if provided in the request.
Filter the list of returned transfers by several optional parameters.
The response is paginated.

API endpoint:: https://secure.payu.ro/api/merchants/v1/transfers

Method:: GET

Request Parameters:

Field	Required	Type	Description
merchant	YES	String	Merchant code
timestamp	YES	String	Used to validate expired requests
signature	YES	String	Computed as described here
startDate	NO	String	Formatted as a valid date; example: YYYY-MM-DD
endDate	NO	String	Formatted as a valid date; example: YYYY-MM-DD
status	NO	String	Validated for the following values: PAID, UNPAID
merchantCodes	YES	Array of strings	An array of merchant codes for which you want to retrieve the transfers. The authenticated merchant must have rights to retrieve the transfers for them and the accounts must be: his own account, linked accounts or marketplace seller accounts. If the authenticated merchant does not have access to one of the accounts an error will be returned.
limit	NO	Integer	The maximum number of returned transfers. If not sent or invalid value, the default limit is 10. If greater than 20 the limit is restricted to 20 automatically
paginationToken	NO	String	The returned list will contain results beginning from the requested paginationToken. Acts as an offset.

Request example:

                https://secure.payu.ro/api/merchants/v1/transfers?merchant=CC12&merchantCodes[]=MPLACEC1&merchantCodes[]=MPLACEC2&startDate=2011-11-01&endDate=2016-01-01&status=PAID&limit=3×tamp=1462870576&signature=babf3a13d8df15e4bbc68118ca963f85b4fb6b007c0570f42b506c8b90179eaa

Response:

Returns a list of transfers for the given merchant code and filters.

Response example:

            {
              "meta": {
                "pagination": {
                  "currentResults": 3,
                  "totalResults": 7,
                  "remainingResults": 4,
                  "paginationToken": "51937"
                },
                "status": {
                  "code": 200,
                  "message": "success"
                },
                "response": {
                  "httpCode": 200,
                  "httpMessage": "200 OK"
                }
              },
              "transfers": [
                {
                  "merchantCode": "MPLACEC2",
                  "amount": "99",
                  "currency": "RON",
                  "dueDate": "2014-09-26",
                  "payDate": "",
                  "status": "UNPAID",
                  "balance": "120",
                  "startDate": "2021-08-31",
                  "endDate": "2021-08-31"
                },
                {
                  "merchantCode": "MPLACEC1",
                  "amount": "43",
                  "currency": "RON",
                  "dueDate": "2014-09-26",
                  "payDate": "",
                  "status": "UNPAID",
                  "balance": "49",
                  "startDate": "2021-08-31",
                  "endDate": "2021-08-31"
                },
                {
                  "merchantCode": "CC12",
                  "amount": "60.14",
                  "currency": "RON",
                  "dueDate": "2012-01-16",
                  "payDate": "2012-01-16",
                  "status": "PAID",
                  "balance": "20",
                  "startDate": "2021-08-31",
                  "endDate": "2021-08-31"
                }
              ]
            }

Errors:

400 Bad Request

Error codes and messages:

1001 - Invalid parameter startDate
1002 - Invalid parameter endDate
1003 - Invalid parameter status
1004 - Invalid parameter merchantCodes

401 Unauthorized - See Authentication

500 Internal Server Error - please contact us if this error persists.

Error response examples:

                {
                  "meta": {
                    "status": {
                      "code": 1004,
                      "message": "Invalid parameter merchantCodes"
                    },
                    "response": {
                      "httpCode": 400,
                      "httpMessage": "400 Bad Request"
                    }
                  },
                  "error": {
                    "code": 1004,
                    "message": "Invalid parameter merchantCodes"
                  }
                }

                {
                  "meta": {
                    "status": {
                      "code": 401,
                      "message": "Request expired. Please make a new request."
                    },
                    "response": {
                      "httpCode": 401,
                      "httpMessage": "401 Unauthorized"
                    },
                    "version": "v1"
                  },
                  "error": {
                    "code": 401,
                    "message": "Request expired. Please make a new request."
                  }
                }

                {
                  "meta": {
                    "status": {
                      "code": 401,
                      "message": "Access denied. Unauthorized access."
                    },
                    "response": {
                      "httpCode": 401,
                      "httpMessage": "401 Unauthorized"
                    },
                    "version": "v1"
                  },
                  "error": {
                    "code": 401,
                    "message": "Access denied. Unauthorized access."
                  }
                }

                {
                  "meta": {
                    "status": {
                      "code": 401,
                      "message": "Missing timestamp parameter."
                    },
                    "response": {
                      "httpCode": 401,
                      "httpMessage": "401 Unauthorized"
                    },
                    "version": "v1"
                  },
                  "error": {
                    "code": 401,
                    "message": "Missing timestamp parameter."
                  }
                }