Actions are initiated by sending an HTTP POST request to one of Paysons endpoint URIs.
The response from the Payson server contain information about the overall success of the request and possible additional data depending on which action was requested.
The following diagram shows the basic request-response mechanism:
HTTP POST request structure
Headers are used to specify API credentials and HTTP content type. The following HTTP Headers must be submitted with each request to Payson:
|Required||PAYSON-SECURITY-USERID||Your API User ID (AgentId).|
|Required||PAYSON-SECURITY-PASSWORD||Your API Password (MD5-key).|
|Required||Content-Type||Value must be: application/x-www-form-urlencoded|
|Optional||PAYSON-APPLICATION-ID||Your Application ID. (Only applicable if you have received one)|
HTTP Message body
The message body is used to provide parameters needed to complete the requested action. The parameter list must be formatted as a list of Name-Value pairs (NVP formatted) separated by the ampersand (&) sign, i.e. must be in the form ‘NAME_1=VALUE_1&NAME_2=VALUE_2&…&NAME_N=VALUE_N’.
In all cases except for the ‘Verify’ action, the HTTP response message body consists of an NVP-formatted string as described above. Each NVP-formatted string has parameters that describe the overall success of the requested action, as well as possible additional parameters specific to the requested action.
After you have received a token, redirect the customer to the following url to complete the payment:
All requests to the Payson API servers are made over HTTPS using 128-bit encryption. The requests are routed through the sub domain api.payson.se, for which SecureTrust CA has signed the certificate.
Your API credentials must be provided in every request to Payson in order to be valid.
You will receive a payment reference, or ‘payment token’, from an initial pay action. The token will be used in all subsequent requests to Payson regarding that payment. A typical example of this would be: