Gateway API

The G2G service allows you to organize a direct connection of the merchant to FreedomPay without using payment pages.


Connection requires a PCI DSS certificate.
Signature generation

Any messages (requests and responses) between FreedomPay and the merchant are signed. To form a signature, you must concatenate with the delimiter ;

  1. name of the called script (from the last / to the end or ?)
  2. all message fields in alphabetical order, including a random string pg_salt, consisting of an arbitrary number of digits and Latin letters, while: a. for nested tags, this rule is applied recursively (XML only) b. fields with the same name are taken in the order in which they appear in the message
  3. and payment password secret_key, which is set in the store settings and is known only to the merchant and FreedomPay.
It is necessary to calculate md5 from the string obtained as a result of concatenation and add it to the request or response as an additional parameter pg_sig. The MD5 hash is written as a lowercase hexadecimal string (32 characters).

Any party can add additional parameters to the request or response that are not specified in the documentation. These parameters are also involved in the signature calculation. The message is not signed, and accordingly the pg_salt and pg_sig fields are missing only in one case - when FreedomPay could not identify the merchant and therefore does not know its secret_key. In this case, the pg_error_code field (numerical error code) takes the value 9998.

Main server address:

Test server adreess:
An example of a request with a signature:

curl --location --request POST '' \
--form 'pg_order_id=23' \
--form 'pg_merchant_id={{paybox_merchant_id}}' \
--form 'pg_amount=25' \
--form 'pg_description=test' \
--form 'pg_salt=molbulak' \
--form 'pg_sig={{paybox_signature}}'
# Signature example:

PHP code example:

$pg_merchant_id = {{paybox_merchant_id}};
$secret_key = {{paybox_merchant_secret}};

$request = [
    'pg_merchant_id'=> $pg_merchant_id,
    'pg_order_id' => 1234,
    'pg_amount' => 100,
    'pg_payment_to' => 4405645000006150,
    'pg_description' => 'Payment description',
    'pg_post_link' => '',
    'pg_salt' => 'some random string',

//generate a signature and add it to the array
ksort($request); // sort alphabetically
array_unshift($request, 'p2p2nonreg');
array_push($request, $secret_key);

$request['pg_sig'] = md5(implode(';', $request));

unset($request[0], $request[1]);