Click&Buy Merchant Interface

The interface allows your customers to pay and receive goods on your website with a single click (supported in WM Keeper Classic version 2.2.0.9 and higher) as well as in WM Keeper Light.
It is available for merchants who have a Merchant WM Passport.

Contents:

Key Terms

A merchant is a WebMoney Transfer user, who accepts payments from other WM users to his or her WM-purse via the Click&Buy Merchant Interface, and has a Merchant WM Passport. Merchants are assumed to have their own websites, since they accept payments for goods or services offered online.

A customer is a WebMoney Transfer user, who wants to pay for a merchant’s online services or goods.

Description of the Click&Buy Merchant Interface

Payment Algorithm

The diagram below illustrates the payment algorithm.

To initiate payments via the Click Buy Merchant Interface, a merchant must generate an URL on his or her website in the format described below.
After clicking the URL, the customer downloads a product or service information that is displayed in the WM Keeper payment dialogue.
Once the Pay button is clicked, WM Keeper sends a payment request to the WebMoney Transfer server.
In the event of successful payment, the WebMoney Transfer server returns a claim check to WM Keeper.
After receiving the check, WM Keeper opens a special window and, inside of it, downloads a page that displays the purchase. At the same time, WM Keeper sends a payment receipt to the merchant website. The receipt contains information on the customer’s payment.
Based on the information in the receipt, the merchant generates a page with the sold product.

Paylink Format

To initiate payments via the Click&Buy Merchant Interface, a merchant must generate a specially formatted link on his or her website. The link address varies with WM Keeper version (WM Keeper Classic or WM Keeper Light) and the language used by the customer.

Customer version of WM Keeper URL for payment via the Click&Buy Merchant Interface
WM Keeper Classic wmk:paylink
WM Keeper Light (рус) https://light.webmoney.ru/pci.aspx
WM Keeper Light (eng) https://light.wmtransfer.com/pci.aspx

The format of the parameters within the link does not depend on the type or version of the customer’s WM Keeper:

Name Function, Accepted Values Example
url A merchant webpage URL to which a customer is redirected after payment.
The URL is always enclosed in angle brackets!
<https://merchant.webmoney.ru/conf/pci_testlink.asp?A=1&b=1>
purse A merchant purse to receive payment R111111111111
amount Product or service cost; the whole "integer" and the fractional part are separated by a point followed by no more than two digits; Nonsignificant zeros cannot be used. 0.1
method The method employed to transfer a payment receipt to the merchant website: POST or GET POST
desc Brief description of product or service String (for example, a test paylink)
mode Test or Operating mode of payment
test – Test payment mode with funds not being transferred
no value or parameter omitted - Operating payment mode with funds being transferred
test

Example of a Paylink:

<a href="wmk:paylink
    ?url=<https://merchant.webmoney.ru/conf/pci_testlink.asp?G=0>
    &purse=R111111111111
  &amount=0.1
    &method=POST
    &desc=pay+link+for+test
    &mode=test">Pay link</a>

HTTP URLs have a limited length. Besides, many browsers truncate lines that are more than 200-500 characters long!

Payment Receipt Format

The WebMoney Transfer server generates a payment receipt during transfer of funds. And sends it to the merchant website via customer’s WM keeper once the link in the url parameter is opened using the method indicated in the method parameter.

The following fields are communicated in the receipt:

Name HTML Field Name Description
Customer Id WMID 12-digit Customer Identifier
The unique transaction number in the WebMoney Transfer billing system pci_wmtid An integer number
The purse to which payment was made pci_pursedest Merchant purse
The purse from which payment was made pci_pursesrc Customer's purse
Amount paid pci_amount A number where the fractional part is separated by a point
Brief description of product or service pci_desc string
Date of Payment pci_datecrt format: YYYYMMDD HH:MM:SS
Payment receipt signature (MD5) pci_marker A string generated by the WebMoney Transfer server for receipt verification
Payment mode flag: test/operating pci_mode test or blank

Note!
Merchants must insure verification of the "Payment Receipt" data as advised in the Payment Receipt Validation section.

Payment Receipt Validation

When the Click&Buy Merchant Interface is used, the merchant website receives a payment receipt containing information about the payment made and the product purchased. The receipt has a signature that is generated according to the following algorithm:

sign = md5(pci_wmtid+WMID+md5(Upper(url+purse+amount+desc+mode))+pci_pursesrc+pci_pursedest+pci_amount+pci_desc+pci_datecrt+mode+md5(passwd)),
where:
  • “sign” is the receipt signature;
  • “md5” is the MD5 signing technique (returns the result in uppercase);
  • “passwd” is the merchant’s password in WebMoney Transfer;
  • “Upper” is the string conversion to uppercase.

In order to perform validation, the merchant personally calculates the signature using the data in the receipt and his or her password. Then, compares the calculated signature with the one in the receipt. Their match evidences that the receipt came from the Click&Buy Merchant Interface and its data is not distorted.
After verifying the signature, the merchant checks the following:

  1. The amount paid
  2. The product description (desc)
  3. The merchant purse
  4. The payment run mode (test or real)

VERIFYING THE PURCHASE RECEIVER

After verifying the receipt and the payment data it contains, the merchant can check the customer’s WMID to make sure the person visiting the website is the same who has paid for the product. The customer’s WMID can be found in the WMID parameter. The customer’s WM Keeper communicates it to the merchant website. You can even make sure the page is opened by the same WMID as stated in the WMID parameter. You can do this by using the identification of the customer who owns the WM Keeper Classic or by comparing the WMID parameter value with the value of the SUBJECTCN field of the WM Keeper Light SSL client certificate.

WM Keeper Classic Identification on a Website

WM Keeper Classic identification is based on WM Keeper signature verification. The interface for verification of signatures generated by WM Keeper Classic is described in the following section Interface X7 .
If the URL opened by WM Keeper Classic after a payment via the Click&Buy Merchant Interface includes the sign_needed parameter with either the post or get value (e.g., sign_needed=post), WM Keeper Classic communicates the following additional parameters to the web server:

Name HTML Field Name Description
Date and time the signature was generated (UTC) DATETIME формат - YYYY.MM.DD HH:MM:SS
The signature-generating URL URL строка;
The signature SIGN A string generated by WM Keeper for the string made up of the URL being opened, current date (DATETIME) and WMID (URL+DATETIME+WMID)

The above parameters are communicated with the method indicated in sign_needed (POST or GET).
Thus, if you want to make sure the merchant website was visited by the owner of the same ID as stated in the WMID field, all you have to do is verify the signature in the SIGN field. To do this, generate a string by merging the current URL, the signature date, and the WMID in the WMID parameter, and then send it.

WM Keeper Light Identification on a Website

To insure reliable identification of a WM Keeper Light owner’s ID on a website, the website must have a WebMoney Transfer server certificate installed. Also, the website must be set up to require client certificates.

Testing the Click&Buy Merchant Interface

The "*mode*" parameter allows merchants to test integration of their website with the Click&Buy Merchant Interface without making real payments. If the parameter is set to mode=test, the service will only generate test payments.

The parameter "*Test/Operating Mode*" must be set to "Test" mode until the merchant is confident that his or her website integration with the Click&Buy Merchant Interface works correctly!

An Example of Using the Click&Buy Merchant Interface

Try the links below to pay (a token amount of WMZ 0.01) and receive a product using the Click&Buy Merchant Interface.

A product (file) – a sample code for processing a payment receipt (WMZ 0.01) Buy
A product (file) – a server photo (WMZ 0.01) Buy
A product (file) – a song (WMZ 0.01) Buy
A product (file) – an online magazine article (WMZ 0.01) Buy!
A product (in browser) – a sample code for processing a payment receipt (WMZ 0.01) Buy
A product (in browser) – server photo (WMZ 0.01) Buy
A product (in browser) – a song (WMZ 0.01) Buy
A product (in the browser) – an online magazine article (WMZ 0.01) Buy!

Below, you can buy a sample code for processing a payment receipt (Internet shop) for IIS using ASP+JScript, for a token payment WMZ 0.01.

A sample code for processing a payment receipt for ASP (including a Click&Buy API file) (0.01 WMZ) Buy
Sample parameters received when paying via Click&Buy (sign_needed=GET, method=POST) in test mode Buy
Sample parameters received when paying via Click&Buy (sign_needed=GET, method=GET) in test mode Buy
Sample parameters received when paying via Click&Buy (sign_needed=POST, method=POST) in test mode Buy
Sample parameters received when paying via Click&Buy (sign_needed=POST, method=GET) in test mode Buy

Sample in PHP language: download