Cards API
Intro

FreedomPay provides an opportunity to issue a virtual payment card in one of the partner banks.

Query Mechanics
Request header
Request-Id must be unique. If duplicates are found, an error will be returned and the request will not be processed.
Request signature

Each request must be signed. The signature is passed to the Headers parameter Sign.

The ID of the user making the request is also passed to Headers. The Auth-Id parameter.

Signature generation process:

  • json request must be in one line, without hyphens.
  • add the merchant's secret key to the end of the JSON (provided by the manager)
  • calculate the sha256 hash of the received string and add it to the request headers, the Sign parameter.

An example of a string before calculating sha256:

{"cardholder_name":"IVANOV IVAN IVANOVICH","phone":79651234567,"product_code":1,"card_id":555}some_secret_string
An example of generating a signature in PHP:
$merchantId = {{paybox_merchant_id}};
$secretKey = {{paybox_merchant_secret}};

$array = [
  'cardholder_name' => 'IVANOV IVAN IVANOVICH',
  'phone'=> 79651234567,
  'product_code' => 1,
  'card_id' => 555,
];

$requestBody = json_encode($array);

$sign = hash('sha256', $requestBody . $secretKey);
Example of sending a request
curl --location --request GET 'some_url.com' \
     --header 'Request-Id: 5aac88a2-d16d-4e01-927c-8b02bf44375c' \
     --header 'Auth-Id: 12345' \
     --header 'Sign: 4f6d4bc08ceac4ffdbd6eec810dce91928132ea9c63b52a3b23f74be98b766b4' \
     --header 'Content-Type: application/json' \
     --data-raw '{
       "cardholder_name": "IVANOV IVAN IVANOVICH",
       "phone": 79651234567,
       "product_code": 1,
       "card_id": 555
     }'