Click&Buy Merchant Interface
The interface allows your customers to pay and receive goods on your website with a single click (supported in WM Keeper Classic version 18.104.22.168 and higher) as well as in WM Keeper Light.
It is available for merchants who have a Merchant WM Passport.
- Key Terms
- Description of the Click&Buy Merchant Interface
- Testing the Click&Buy Merchant Interface
- An Example of Using Click&Buy Merchant Interface
A merchant is a WebMoney Transfer user, who accepts payments from other WM users to his or her WM-purse via the Click&Buy Merchant Interface, and has a Merchant WM Passport. Merchants are assumed to have their own websites, since they accept payments for goods or services offered online.
A customer is a WebMoney Transfer user, who wants to pay for a merchant’s online services or goods.
Description of the Click&Buy Merchant Interface¶
The diagram below illustrates the payment algorithm.
To initiate payments via the Click Buy Merchant Interface, a merchant must generate an URL on his or her website in the format described below.
After clicking the URL, the customer downloads a product or service information that is displayed in the WM Keeper payment dialogue.
Once the Pay button is clicked, WM Keeper sends a payment request to the WebMoney Transfer server.
In the event of successful payment, the WebMoney Transfer server returns a claim check to WM Keeper.
After receiving the check, WM Keeper opens a special window and, inside of it, downloads a page that displays the purchase. At the same time, WM Keeper sends a payment receipt to the merchant website. The receipt contains information on the customer’s payment.
Based on the information in the receipt, the merchant generates a page with the sold product.
To initiate payments via the Click&Buy Merchant Interface, a merchant must generate a specially formatted link on his or her website. The link address varies with WM Keeper version (WM Keeper Classic or WM Keeper Light) and the language used by the customer.
|Customer version of WM Keeper||URL for payment via the Click&Buy Merchant Interface|
|WM Keeper Classic||wmk:paylink|
|WM Keeper Light (рус)||https://light.webmoney.ru/pci.aspx|
|WM Keeper Light (eng)||https://light.wmtransfer.com/pci.aspx|
The format of the parameters within the link does not depend on the type or version of the customer’s WM Keeper:
|Name||Function, Accepted Values||Example|
|url||A merchant webpage URL to which a customer is redirected after payment.
The URL is always enclosed in angle brackets!
|purse||A merchant purse to receive payment||R111111111111|
|amount||Product or service cost; the whole "integer" and the fractional part are separated by a point followed by no more than two digits; Nonsignificant zeros cannot be used.||0.1|
|method||The method employed to transfer a payment receipt to the merchant website: POST or GET||POST|
|desc||Brief description of product or service||String (for example, a test paylink)|
|mode||Test or Operating mode of payment
test – Test payment mode with funds not being transferred
no value or parameter omitted - Operating payment mode with funds being transferred
Example of a Paylink:
<a href="wmk:paylink ?url=<https://merchant.webmoney.ru/conf/pci_testlink.asp?G=0> &purse=R111111111111 &amount=0.1 &method=POST &desc=pay+link+for+test &mode=test">Pay link</a>
HTTP URLs have a limited length. Besides, many browsers truncate lines that are more than 200-500 characters long!
Payment Receipt Format¶
The WebMoney Transfer server generates a payment receipt during transfer of funds. And sends it to the merchant website via customer’s WM keeper once the link in the url parameter is opened using the method indicated in the method parameter.
The following fields are communicated in the receipt:
|Name||HTML Field Name||Description|
|Customer Id||WMID||12-digit Customer Identifier|
|The unique transaction number in the WebMoney Transfer billing system||pci_wmtid||An integer number|
|The purse to which payment was made||pci_pursedest||Merchant purse|
|The purse from which payment was made||pci_pursesrc||Customer's purse|
|Amount paid||pci_amount||A number where the fractional part is separated by a point|
|Brief description of product or service||pci_desc||string|
|Date of Payment||pci_datecrt||format: YYYYMMDD HH:MM:SS|
|Payment receipt signature (MD5)||pci_marker||A string generated by the WebMoney Transfer server for receipt verification|
|Payment mode flag: test/operating||pci_mode||test or blank|
Merchants must insure verification of the "Payment Receipt" data as advised in the Payment Receipt Validation section.
Payment Receipt Validation¶
When the Click&Buy Merchant Interface is used, the merchant website receives a payment receipt containing information about the payment made and the product purchased. The receipt has a signature that is generated according to the following algorithm:sign = md5(pci_wmtid+WMID+md5(Upper(url+purse+amount+desc+mode))+pci_pursesrc+pci_pursedest+pci_amount+pci_desc+pci_datecrt+mode+md5(passwd)),
- “sign” is the receipt signature;
- “md5” is the MD5 signing technique (returns the result in uppercase);
- “passwd” is the merchant’s password in WebMoney Transfer;
- “Upper” is the string conversion to uppercase.
In order to perform validation, the merchant personally calculates the signature using the data in the receipt and his or her password. Then, compares the calculated signature with the one in the receipt. Their match evidences that the receipt came from the Click&Buy Merchant Interface and its data is not distorted.
After verifying the signature, the merchant checks the following:
- The amount paid
- The product description (desc)
- The merchant purse
- The payment run mode (test or real)
VERIFYING THE PURCHASE RECEIVER¶
After verifying the receipt and the payment data it contains, the merchant can check the customer’s WMID to make sure the person visiting the website is the same who has paid for the product. The customer’s WMID can be found in the WMID parameter. The customer’s WM Keeper communicates it to the merchant website. You can even make sure the page is opened by the same WMID as stated in the WMID parameter. You can do this by using the identification of the customer who owns the WM Keeper Classic or by comparing the WMID parameter value with the value of the SUBJECTCN field of the WM Keeper Light SSL client certificate.
WM Keeper Classic Identification on a Website¶
WM Keeper Classic identification is based on WM Keeper signature verification. The interface for verification of signatures generated by WM Keeper Classic is described in the following section Interface X7 .
If the URL opened by WM Keeper Classic after a payment via the Click&Buy Merchant Interface includes the sign_needed parameter with either the post or get value (e.g., sign_needed=post), WM Keeper Classic communicates the following additional parameters to the web server:
|Name||HTML Field Name||Description|
|Date and time the signature was generated (UTC)||DATETIME||формат - YYYY.MM.DD HH:MM:SS|
|The signature-generating URL||URL||строка;|
|The signature||SIGN||A string generated by WM Keeper for the string made up of the URL being opened, current date (DATETIME) and WMID (URL+DATETIME+WMID)|
The above parameters are communicated with the method indicated in sign_needed (POST or GET).
Thus, if you want to make sure the merchant website was visited by the owner of the same ID as stated in the WMID field, all you have to do is verify the signature in the SIGN field. To do this, generate a string by merging the current URL, the signature date, and the WMID in the WMID parameter, and then send it.
WM Keeper Light Identification on a Website¶
To insure reliable identification of a WM Keeper Light owner’s ID on a website, the website must have a WebMoney Transfer server certificate installed. Also, the website must be set up to require client certificates.
Testing the Click&Buy Merchant Interface¶
The "*mode*" parameter allows merchants to test integration of their website with the Click&Buy Merchant Interface without making real payments. If the parameter is set to mode=test, the service will only generate test payments.
The parameter "*Test/Operating Mode*" must be set to "Test" mode until the merchant is confident that his or her website integration with the Click&Buy Merchant Interface works correctly!
An Example of Using the Click&Buy Merchant Interface¶
Try the links below to pay (a token amount of WMZ 0.01) and receive a product using the Click&Buy Merchant Interface.
|A product (file) – a sample code for processing a payment receipt (WMZ 0.01)||Buy|
|A product (file) – a server photo (WMZ 0.01)||Buy|
|A product (file) – a song (WMZ 0.01)||Buy|
|A product (file) – an online magazine article (WMZ 0.01)||Buy!|
|A product (in browser) – a sample code for processing a payment receipt (WMZ 0.01)||Buy|
|A product (in browser) – server photo (WMZ 0.01)||Buy|
|A product (in browser) – a song (WMZ 0.01)||Buy|
|A product (in the browser) – an online magazine article (WMZ 0.01)||Buy!|
Below, you can buy a sample code for processing a payment receipt (Internet shop) for IIS using ASP+JScript, for a token payment WMZ 0.01.
|A sample code for processing a payment receipt for ASP (including a Click&Buy API file) (0.01 WMZ)||Buy|
|Sample parameters received when paying via Click&Buy (sign_needed=GET, method=POST) in test mode||Buy|
|Sample parameters received when paying via Click&Buy (sign_needed=GET, method=GET) in test mode||Buy|
|Sample parameters received when paying via Click&Buy (sign_needed=POST, method=POST) in test mode||Buy|
|Sample parameters received when paying via Click&Buy (sign_needed=POST, method=GET) in test mode||Buy|
Sample in PHP language: download