3.32. /api/v4/transfer-form

Introduction

Transfer is a type of complex transaction that allows to move funds between bank cards (Primary Account Number - PAN), card tokens (Recurring Payment ID - RPI) and Connecting Party bank account (deposits).
Transfer Form integration is relevant for Connecting Party who are not able to accept Connecting Party order ID. card details (Connecting Party’s website must complete PCI DSS certification). Using Transfer Form integration Connecting Party is released of accepting payment details. In this case the accepting and processing of payment details is carried out on the Finera side (if PAN is not sent). This type of integration also allows the Sender (for transfers between cards) or Receiver (for deposit to card) to submit their PAN on Finera side.
Transfer is initiated through HTTPS POST request to the URL with the required parameters depending on a certain transfer Use-Case (see below). Use RSA-SHA256 for authentication.
Transfer Form Use-Cases diagram:

hide members hide circle circle " " as c2 package From <<Frame>> { class "Form" as f1a class "Card number\n(Pan)" as pan1a class "Reccuring Payment ID\n(RPI)" as rpi1a class "Connecting Party Account\n(Deposit to card)" as dca } package To <<Frame>> { class "Card number\n(Pan)" as pan2 class "Reccuring Payment ID\n(RPI)" as rpi2 class "Form" as f2 } f1a --|> pan2 f1a --|> rpi2 f1a -- c2 pan1a -- c2 rpi1a -- c2 dca -- c2 dca -[hidden]> f2 c2 --|> f2

Form to PAN

Transfer from Form to PAN occurs when transferring funds from payment details indicated in form to bank card for which its number is indicated.

Form to RPI

Transfer from Form to RPI occurs when funds are transferred from payment details indicated in form to bank card for which its recurring payment id is indicated.

PAN to Form

Transfer from RPI to Form occurs when funds are transferred from one bank card for which its number is indicated to payment details indicated in form.

RPI to Form

Transfer from RPI to Form occurs when funds are transferred from one bank card for which its recurring payment id is indicated to payment details indicated in form.

Form to Form

Transfer from Form to Form occurs when funds are transferred from payment details indicated in form to another payment details indicated in form.

Deposit to Form

Transfer from deposit to Form occurs when funds are transferred from Connecting Party account to payment details indicated in form.

API URLs

Note

The path in API URL should not be hardcoded, as it may be changed in future.

Integration

Production

https://sandbox.finera.com/paynet/api/v4/transfer-form/ENDPOINTID

https://merchant.finera.com/paynet/api/v4/transfer-form/ENDPOINTID

https://sandbox.finera.com/paynet/api/v4/transfer-form/group/ENDPOINTGROUPID

https://merchant.finera.com/paynet/api/v4/transfer-form/group/ENDPOINTGROUPID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded and Authorization headers.

Parameter

Description

Value

destination-card-no, alias

destination

Receiver`s card PAN.
Necessity: Required
Type: Numeric
Length: 19

deposit2card

Marker of deposit to card transfer. If true, no sender cardholder data is needed to process the transaction. If false, sender cardholder data is needed.
Value: False
Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.
Necessity: Required
Type: String
Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.
Necessity: Required
Type: Numeric
Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.
Necessity: Required
Type: String
Length: 3

order_desc

Order description.
Necessity: Required
Type: String
Length: 64k

client_orderid

Connecting Party order ID.
Necessity: Required
Type: String
Length: 128

first_name

Sender or Receiver’s first name.
Necessity: Optional
Type: String
Length: 50

last_name

Sender or Receiver’s last name.
Necessity: Optional
Type: String
Length: 50

ssn

Last four digits of the Sender or Receivers’s social security number.
Necessity: Optional
Type: Numeric
Length: 4

birthday

Sender or Receiver’s birthday.
Necessity: Optional
Type: Numeric
Length: 8

address1

Sender or Receiver’s address. (Please note that in some cases it is not possible to send address length more than 50 characters. Please contact your manager for more details.)
Necessity: Optional
Type: String
Length: 256

city

Sender or Receiver’s city.
Necessity: Optional
Type: String
Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.
Necessity: Optional
Type: String
Length: 2

zip_code

Sender or Receiver`s zip code.
Necessity: Optional
Type: String
Length: 10

country

Sender or Receiver’s country (two letter abbreviation).
Necessity: Optional
Type: String
Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.
Necessity: Optional
Type: String
Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.
Necessity: Optional
Type: String
Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +9999999999;mail@example.com etc. This value will be used by fraud monitoring system
Necessity: Optional
Type: String
Length: 128

email

Sender or Receiver’s email address.
Necessity: Optional
Type: String
Length: 50

site_url

URL the original transfer is made from.
Necessity: Optional
Type: String
Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.
Necessity: Optional
Type: String
Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Finera gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. merchant.finera.com should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.
Necessity: Optional
Type: String
Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Finera gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. merchant.finera.com should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.
Necessity: Optional
Type: String
Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.
Necessity: Optional
Type: String
Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.
Necessity: Optional
Type: String
Length: 128

server_callback_url
URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url refer to Connecting Party callback parameters. This parameter can be sent instead of notify_url. If server_callback_url is sent, Payment Gateway sends callback notification only when original transaction receives final status. If notify_url is sent, Payment Gateway sends callback notification once the original transaction receives final status, and about every future update for this original transaction (reversal, chargeback, etc).
Necessity: Optional
Type: String
Length: 1024

notify_url
URL, where the transaction status is sent to. Connecting Party may use notify URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to notify_url refer to Connecting Party callback parameters. This parameter can be sent instead of server_callback_url. If notify_url is sent, Payment Gateway sends callback notification once the original transaction receives final status, and about every future update for this original transaction (reversal, chargeback, etc). If server_callback_url is sent, Payment Gateway sends callback notification only when original transaction receives final status.
Necessity: Optional
Type: String
Length: 1024

Additional Parameters

Sender Customer Data

Parameters below can be required for specific integrations. For more information, please contact Support manager.

Parameter Name

Description

Value

sender_first_name

Sender’s first name.
Type: String
Length: 128

sender_last_name

Sender’s last name.
Type: String
Length: 128

sender_middle_name

Sender’s middle name/patronym.
Type: String
Length: 128

sender_ssn

Last four digits of the Sender’s social security number.
Type: String
Length: 11

sender_birth_place

Sender`s birth place.
Type: String
Length: 128

sender_birthday

Sender’s birthday.
Type: String
Length: 30

sender_address1

Sender’s address.
Type: String
Length: 256

sender_city

Sender’s city.
Type: String
Length: 128

sender_state

Sender’s US states (two letter abbreviation). Not applicable outside the US.
Type: String
Length: 4

sender_zip_code

Sender`s zip code.
Type: String
Length: 32

sender_citizenship

Sender`s citizenship.
Type: String
Length: 128

sender_country_code

Sender’s country (two letter abbreviation).
Type: String
Length: 2

sender_phone

Sender’s full international phone number, including country suffix.
Type: String
Length: 128

sender_cell_phone

Sender’s full international cell phone number, including country suffix.
Type: String
Length: 128

sender_email

Sender’s email address.
Type: String
Length: 128

sender_resident

Is sender a resident?
Type: Boolean

sender_identity_document_id

Sender`s identity document name.
Type: String
Length: 128

sender_identity_document_series

Sender`s identity document series.
Type: String
Length: 12

sender_identity_document_number

Sender`s identity document number.
Type: String
Length: 16

sender_identity_document_issuer_name

Sender`s identity document issuer.
Type: String
Length: 128

sender_identity_document_issuer_department_code

Sender`s identity document issuer department code.
Type: String
Length: 32

sender_identity_document_issue_date

Sender`s identity document issue date.
Type: Date

Receiver Customer Data

Parameters below can be required for specific integrations. For more information, please contact Support manager.

Parameter Name

Description

Value

receiver_first_name

Receiver’s first name.
Type: String
Length: 128

receiver_last_name

Receiver’s last name.
Type: String
Length: 128

receiver_middle_name

Receiver’s middle name/patronym.
Type: String
Length: 128

receiver_birth_place

Receiver`s birth place.
Type: String
Length: 128

receiver_birthday

Receiver’s birthday.
Type: String
Length: 128

receiver_address1

Receiver’s address.
Type: String
Length: 256

receiver_city

Receiver’s city.
Type: String
Length: 128

receiver_state

Receiver’s state.
Type: String
Length: 2-4

receiver_zip_code

Receiver`s zip code.
Type: String
Length: 32

receiver_region

Receiver`s region.
Type: String
Length: 30

receiver_area

Receiver`s area.
Type: String
Length: 50

receiver_citizenship

Receiver`s citizenship.
Type: String
Length: 128

receiver_country_code

Receiver`s country (two letter abbreviation).
Type: String
Length: 2

receiver_phone

Receiver’s full international phone number, including country suffix.
Type: String
Length: 128

receiver_email

Receiver’s email address.
Type: String
Length: 128

receiver_resident

Is receiver a resident?
Type: Boolean

receiver_identity_document_id

Receiver`s identity document name.
Type: String
Length: 128

receiver_identity_document_series

Receiver`s identity document series.
Type: String
Length: 12

receiver_identity_document_number

Receiver`s identity document number.
Type: String
Length: 16

receiver_identity_document_issuer_name

Receiver`s identity document issuer.
Type: String
Length: 128

receiver_identity_document_issuer_department_code

Receiver`s identity document issuer department code.
Type: String
Length: 32

receiver_identity_document_issue_date

Receiver`s identity document issue date.
Type: Date

Response Parameters

Note

Response has Content-Type: text/html;charset=utf-8 header. All fields are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value.

Parameter

Description.

type

The type of response. May be async-response, validation-error, error. If type equals validation-error or error, ex:error-message and error-code parameters contain error details.

paynet-order-id

Order id assigned to the order by Finera.

merchant-order-id

Connecting Party order ID.

serial-number

Unique number assigned by Finera server to particular request from the Connecting Party.

error-message

If status is error this parameter contains the reason for decline or error details.

error-code

The error code is case of error status.

redirect-url

The URL to the page where the Connecting Party should redirect the client’s browser. Connecting Party should send HTTP 302 redirect, see General Transfer Form Process Flow.

Request & Response Examples

Transfer from Form to PAN

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.finera.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="eZCXwEp9fO17vGFwPUDStKjOKIP9u0nu", oauth_signature="2qrf7DY0fiy88doBrIGafZBqLLX12ePYWDGLqNxwBfU9T3RzwSYtEj92EPuiJulnZxbPY6av4F2jT1JS02D4KqPAtadsEYb8AabBoSvXPK13FrIXKQ38hrcapmXwz%2Fbh0JJBnN3aMvKJ%2FnsvRChY%2FFpRhdudfdBxZLKpAXYfJQgk42%2FB9pu%2FsBSRWJwTnVZxfavHYMWmrY2rvg2x1nedSJq6O%2Fxffz9OU3CvHOlK%2FGfdI4WFvpHIXpw1Mlz%2F6AnQRdMmYHnoDsFu79GI57NeoBRsZazJBYh%2FE%2FFcS9sHU5BF0yvLQYz%2FCXtb7lDbKeDJTHDDWakyyZPQcOQReIMHpNwNr9mjC%2FucIJitFEldsWWGaOnTc2Tqtrdjzzwukm%2BP7Bi5siJ5Pl%2BxWqOMAEFPnCXfThBKIJrxQXbBwR4YfPaBb70nePybCH8JCX0vakoaH%2BwFJfR0WNgOBfYxQfUYNcEXDmrk8hLbwz%2FXJ6bfanFaE8N3OwijJmlzY%2B4ZrEqBjnklQcBnNuvuxKSb6dKtnRo5UVXEszEiCxEvWQifggohkU1CTHZFpA2qmrxjIcgJoDOhQPV6Lk92LiDtVSE2drxZ%2Bjui69ZzGlnKlM0lVCnFfdahrhtMM9GYNN%2B24YaKd5UkCMIMru%2BfOfvqwrJu00%2FIms8VXwsm9aP8pP4Lr3I%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670421183", oauth_version="1.0"
Content-Length: 303
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&destination-card-no=4268736646656312
&destination_card_printed_name=Test%20Test
&destination_expire_month=12
&destination_expire_year=2023
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Wed, 07 Dec 2022 13:56:03 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddbfa2
&merchant-order-id=34T43R77N
&paynet-order-id=6863810
&redirect-url=https%3A%2F%2Fsandbox.finera.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A577953626976766D4B494A66796F55434370393032673D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 08:25:15 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from Form to RPI

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.finera.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="yQFnx1Zerg4pH28VmLQL3HWc7dQJlAqg", oauth_signature="G2ZRjHOxzhsQ5xIurkM7Bo7REnoBfG3HIDDzwG9XfFGZdFC0815%2FPVS4ESdLPYVEr7iT2K3LtlO2mhMzmIWuRV3YTVKKCbfbuJkPk1OwJOx66ZaX4q0DI5Zej%2FadXiKuJ%2FLe%2BLL8Tp%2Ftzrylk6fiTAoX2AT471hp02xezERVwdEwkhoWB1mqwYE4VxOL8wDk0W0oqR%2Bk1XgWXPcj3E8WV3kEVFwxYwgi6daQyimqReEc5q8fqbUl7sANmIozrSRWqjG2K%2FBLs0W2UFLMcvWdHi2ON%2B%2BnTzaLCExB2991ozSE2jPp4eahkd69Zz%2BEwLENVIn8KDwvA5j25XaGgbqLKK%2BBt5CshObkvZZZ%2FuWqujp%2FzbOBGMuucuwyXe4yW8Ter1YC%2F9zoR%2BMwIcKBd5gaV4mOxQCZ5pe9GMD2805BlM2XDtcB9UT%2FeMs3MR3WIXN51EVCn%2BcazxwEI4LmZ5966aaUGu4GF41JWRQAZBchx4F%2Bd%2BRadwCceBJJSiQg82hwRk4QYnyDEx%2BWqcwErVZGCH8yJhph1Etn3e0G8z0PLBlG2hqTqGPFYivzyFHI1LNW8jl7%2BKJq2HZgXjtcU8Ji%2BVw2JVr86nnM4nPbpIRl7qr%2BSYUpXjWw%2B3e%2F6GtOL%2BOWzVFMo5jKf%2FfyJSdOgbyco1sBHplZRZ8Gsts8UGiIuQ8%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670847388", oauth_version="1.0"
Content-Length: 213
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&destination_card_recurring_payment_id=1491854
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:17:14 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc2d7
&merchant-order-id=34T43R77N
&paynet-order-id=6863948
&redirect-url=https%3A%2F%2Fsandbox.finera.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A66354B455A714F6F32684D61414E78767241354872343D

Fail Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:08:14 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 132

type=validation-error
&serial-number=00000000-0000-0000-0000-000002ddc2b8
&error-message=Recurring+payment+not+found
&error-code=122

Transfer from PAN to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.finera.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="BpGsiUR8CbIjGAD1Qxu8MTtGHnlIvzcF", oauth_signature="ozovWc0wjugTlGfrS8TeSxqQtnSEQ7UrGh7z6B5px5BoKgTWF44Ej6VCAxCWMl%2B1Qxg5iZ5ExOqTWZ2GTx70ly%2B%2BgHkSmz3t02PEr9XJsj2%2FOm4XFoF0LnbVPDje7AmZZBuF2l0iandlUBjJVA%2BarD6dWVv8LNrv3RVyheuhBreAr7dLcSD4Iu44MH76tOZS%2BuMnqqFjKwC37owAdC7xtJwOIF8wrFM272qHnzxbfvZRaJruoG6WO%2F%2BMGJLPnaNbrhfJ99%2BtvCybb0CsVMQqJ%2FsUWM8Z89ci6a4MCPE41v1i9lXyvkZDm6qfoVgKVPUHVVsjbvuu5Ub7MeMgBsl76ZrRsi9yLiHmPLQGqhzxydy14GpCNH9FFM2BdRSlkxfBYV1yzX2Ym4gZMq6myvVsCTDgHeGXeQe%2F%2F7z6lLE3S0%2BgcA6NkuhfLU7lvAl0CguRAvU3%2FlVh3R1p8C9S3BXQak6eM0xYp7hO1wQKXMq4uMM2FjmtTUYe6ZiqyjGbkTrrIEkD%2Fo%2FX1NXXylMbWxuNyoTnQXx%2BQzDsUrY3Mhtb%2FslwCGDY4puOlwiVqGg31EBz0wFWzJFX7n2uQO76g5q%2FnTJqf3dq3AdTC6xpaGC2kek0fxc6FEDdaoVeQ3PwJWYi1kcPbwkcvo4gIi03rcO3JUJZF3TfomkFs%2BFnh%2FwLJHs%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670569138", oauth_version="1.0"
Content-Length: 275
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&card_printed_name=Test%20Test
&client_orderid=34T43R77N
&credit_card_number=4047753518764320
&currency=USD
&cvv2=123
&deposit2card=false
&expire_month=12
&expire_year=2023
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Fri, 09 Dec 2022 06:59:20 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc004
&merchant-order-id=34T43R77N
&paynet-order-id=6863822
&redirect-url=https%3A%2F%2Fsandbox.finera.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A61365A5A5637456C4545743867705438697A512F30633D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Fri, 09 Dec 2022 06:45:14 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from RPI to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.finera.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="y03UAVaLM9NXEwAHD0R9YDCQQFzRWx8b", oauth_signature="Zgx05s2b%2Fr4wSbo0sb2tGXbhPeDYlfJfnziSH57mkYfEMNtGoWCeUlLanQLKq1ddusIBhGUFwpwoh5f22y9tqHRsekiAQ92s9ixQxmvE8sEV3Ov%2FHoTyktrxN0vhPxuwSmwD%2FhX%2FOMJgDaCoOZK%2BxeXfPRVRwlNM8LsDd29i%2FnIUsExWCBujs3M5ThYGz58UJdZmOxrWW3poH2Lb6Fw9b6XMwV2DzvyomhMzZfyQYYX%2BhP22rCmXTg%2BEyTVnJDBiWI3pF6WYQFjdO5tPbcK4bxw4IYNIKKEi78dw0%2FZcb65gfHlaUtqHd3ZXiFiob4YFeV%2B1XKI2wSVBVemEd3jVjOFXDZv2GLzrZOUkxcns6BqkRxMqaWc9%2FbpsL65XdFxB4LUuP2h1PVk6A5yjjanSjp1XqzyAx8EGpxYGAzIPNSsYPVN9x5TuyIqtYVXhz2y0z8RPx5VFmSYr%2BaCr6ruhRNkyonNmk47oPkIkG9PpLivBaq8PnIzUNpExTRIYJXJOwD69CjCPxT%2Fhr3udDQJD4ZHFE3TNA9g1H0VRL%2Ff60jPhZeanf9MgcFqz6jckPQghBixOaTBf9DmP9jmv12IQZ3PR3J3n53nDEUIw%2Fhiga3%2BdZswkJMYS57VB282SVfDXQPO%2F40OC%2B3annev%2BMftiSfChhRgazDRToCnbETXqoKc%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670850681", oauth_version="1.0"
Content-Length: 266
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&card_recurring_payment_id=1491854
&client_orderid=34T43R77N
&currency=USD
&cvv2=123
&deposit2card=false
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 13:12:21 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc34e
&merchant-order-id=34T43R77N
&paynet-order-id=6863959
&redirect-url=https%3A%2F%2Fsandbox.finera.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A5A716755336669466574615739747A737059777A50493D

Fail Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:25:05 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 176

type=validation-error
&serial-number=00000000-0000-0000-0000-000002ddc2ec
&merchant-order-id=34T43R77N
&error-message=Src+card+cvv2+should+be+filled+in+transfer.
&error-code=29

Transfer from Form to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.finera.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="3FUX1QCRBPF7am99UO4bty1qD7FK08I8", oauth_signature="CCvlgjfVBZOwoMS%2FbUXv1LiRlc0Nu3Owf3FwNmPnbP49RWi3ve3VE9Jt61QpRx14pmCz3xFKQt%2Bi4UvXJYlsn206TSZ9H7TGCSHhQQP5vD0mm3Pnq0YgtI2oPpn2PhgM%2FlgwwWcBjBqmCyzM%2FGGqK24zn5C20bxvHL9LfuMgF4bEpIYDGXVh3%2BbhlU5Z2H25fjjttZylm1SLhAi9lOct2%2BtH00TJ%2FgjdWR%2FCnIroLVPWqnYbE8f%2F%2Bz1HuynqW684UUaAiB8WgEulH1BBM6HqYiFAVyfWlLNzDv08cKZew7JPsso17XBdqYyE2QWkREM61FPSQpQsuAnRpezxjRZnmxsShXKqgNwj%2B%2BVeEEP7Z0IFqUreDgSYYSntrgtvZHhX6oNuEn4V8jWA6TO0wPNPKqkEXTk7w53nF0Hn%2FLgAa3FfYSHtCnFP1uELmPnVrO03IWaPPw0%2BcCJzNMua7g%2FYjlCsdV3tlwUwne1R0V3togR5k%2FTnG%2Bub4txjaFeqOm9p517ppKZQn8Fe0jtIIJMCYVRVmsYkeBZyyRgcdIBOAn09fCKZ7y74gI12py%2FvVzagFCjZo05T20gY6OpCkrP4HhWEkKJhrqSCBe7NLC1xZDszfkLFjF9Z4dWvk2PIcNfI3SGYZRks0YFPECycfYzYIJfuKplYAACzR47h30SaOiI%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670835177", oauth_version="1.0"
Content-Length: 167
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 08:53:26 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc1f8
&merchant-order-id=34T43R77N
&paynet-order-id=6863917
&redirect-url=https%3A%2F%2Fsandbox.finera.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A613368326D746C2B72645043314744502B537A6E57343D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 09:18:33 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from Deposit to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.finera.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="SDrbaim155azbf2UthcVDrhwiOA6liE4", oauth_signature="CFUUC1Y6QT5Gj7LA%2FdW6gkGN%2Fh73J8HAxhvYtFx%2F%2FChlQIU7f4uvVmKpOossrRD05wdx0ENHJZLZ8SI%2B610ygcWP%2B3K%2FqEYDI7qjdg8HgKlT3BnjSoGU6EjGjvcMwQSY0AwNJ4adYYZG6G%2Ble9SOvbPcQalkfxIjpTl%2FkyrIVtNS4h9ExkD%2Fg9UUXZ%2F2YAOCyhTy26QwOLOo5NmNeh%2FX7wpqPEyjHfEE%2FWbc3iSNSjlJA9b%2BfX5eFAVxzzZ2X76HRxy%2FuHqah9NszgXsagMHpXOpvovNRLEh7NFBqVDWhoHFfDS%2Bwd6vcLqXxwLKOVecmq06GN1%2BiZX4C9QebaNw6JSx72jMon3hnn37pUSLhzWXz%2BwlMX7XN%2FcTWsZ0kL51DzFXwPAJPVAeNevgxlaFtbELMGcZNOU19u72cOZKMu7%2FsxLAfCgUITCO2NhvZw%2BR8xUZUcxvwu4fvoTXr6rf8r0iloJIA9RoaKobzmPUDcGx3%2F4Hswjbqk7YOg6jxQJD6ZoKscHpLiQLvBWPILsSVMpQUpnUqzBNGexdCd8zaRzqiszwz4hEg6teTMFOLA%2FoQ8Wu%2FxtSs8JMuXsWtestY9h1y5KuXWDy8O9hpN45pBF%2BvtoDfyr6ktKrkZZTZG49FBKk%2FcKi5FjzL5Bsbwv9fgk1%2BRYDexMtHCqX%2Fdrz%2BzMM%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670851416", oauth_version="1.0"
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=true
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 13:23:58 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc35a
&merchant-order-id=34T43R77N
&paynet-order-id=6863960
&redirect-url=https%3A%2F%2Fsandbox.finera.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A5878476D6E717A31324167486F61674C6830743070343D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 13:19:46 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Postman Collection

Request Builder

Enter your private key in PKCS#1 container to use debug. See RSA-SHA256 for details.

Debug form
URL
login

login should be used as Consumer Public for OAuth

destination-card-no
credit_card_number
destination_card_recurring_payment_id

use either RPI or card number, not both

card_recurring_payment_id

use either RPI or card number, not both

amount
currency
cvv2
card_printed_name
expire_month
expire_year
ipaddress
order_desc
redirect_url
redirect_success_url
redirect_fail_url
client_orderid
merchant_form_data
deposit2card

boolean used only to determine if transaction type is deposit2card

sender_first_name
sender_last_name
sender_middle_name
sender_ssn
sender_birth_place
sender_birthday
sender_address1
sender_city
sender_state
sender_zip_code
sender_citizenship
sender_country_code
sender_phone
sender_cell_phone
sender_email
sender_resident
sender_identity_document_id
sender_identity_document_series
sender_identity_document_number
sender_identity_document_issuer_name
sender_identity_document_issuer_department_code
sender_identity_document_issue_date
receiver_first_name
receiver_last_name
receiver_middle_name
receiver_birth_place
receiver_birthday
receiver_address1
receiver_city
receiver_state
receiver_zip_code
receiver_region
receiver_area
receiver_citizenship
receiver_country_code
receiver_phone
receiver_email
receiver_resident
receiver_identity_document_id
receiver_identity_document_series
receiver_identity_document_number
receiver_identity_document_issuer_name
receiver_identity_document_issuer_department_code
receiver_identity_document_issue_date

Normalized parameters string to sign, according to OAuth 1.0a rules
POST body parameters to submit
OAuth 1.0a headers to submit.
HEX Encoded Signature
* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.
Base64 Encoded Signature
* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.