Web Merchant Interface

Contents:

Definitions

MERCHANT

Merchant is a WebMoney Transfer user accepting payments from other WMT users via Merchant WebMoney Transfer.
The merchant accepts WebMoney for goods or services rendered via the Internet, thus he is supposed to have his own website.

CUSTOMER

Customer is a WebMoney Transfer user willing to pay for goods or services offered by the merchant via the Internet.

WebMoney Transfer Interface

PAYMENT RECEIPT PARAMETERS

In order to receive payments via Merchant WebMoney Transfer, merchants must be registered with WebMoney Transfer. Moreover, they must set up a number of parameters regulating the receipt of payments and notification about payments.
Parameters may be set up at 'Settings ' (https://merchant.wmtransfer.com).
Each purse that the merchant uses to accept payments has its own set of parameters in the service.
Parameters and their functions:

Parameter Format Description
Result URL 255 characters (case sensitive) URL (on the merchant's website) to which Merchant WebMoney Transfer will send an HTTP POST or SMTP notification about the payment and its details. If the merchant fails to specify the URL, he will not be notified.
URL must begin with "http://", "https://" or "mailto:". If the URL begins with mailto:, the notification will be sent to the provided email. For example, if you enter 'mailto:', the notification will be emailed to .
The notification will be sent through ports 80 and 443 if you are using the URL beginning with "http://" or "https://".
And the Result URL is called twice: directly before the payment (in order to check the merchant's web-site operability), and immediately after the payment has successfully been performed (to transmit the payment parameters). During the first call, if the Transmit parameters in the pre-request checkbox is marked, the parameters are transmitted in the pre-request form. Otherwise the call is made without parameters. During the second call the parameters are transmitted in the Payment Notification form.
Success URL 255 characters (case sensitive) URL (on the merchant's website) to which the customer's browser will be redirected in case of a successful payment through Merchant WebMoney Transfer. URL must begin with "http://" or "https://".
Method of requesting Success URL - Method (POST, GET or LINK) used to redirect to the Success URL.
Fail URL 255 characters (case sensitive) URL (on the merchant's website) to which the customer's browser will be redirected if the payment failed. URL must begin with http:// or "https://".
Method of requesting Fail URL - Method (POST, GET or LINK) used to redirect to the Fail URL.
Method of generating payment notification control signature - Algorithm used by Merchant WebMoney Transfer to authenticate the notification sent to the merchant's site. Two algorithms are supported: MD5 and SIGN (the latter is recommended).
Test/Operative mode - Payments processing mode. When the test mode is used, Merchant WebMoney Transfer imitates execution of payments (no payments are really made and no funds are transferred). Test mode is set up by default. In test mode payments can be made only via WM Keeper.
Activity - the flag that permits or denies to accept payments to the merchant's purse via the service. If the flag is off, the Web Merchant Interface will inform the customer about the impossibility of making a payment in all cases.
Secret Key Key 50 characters (case sensitive) A string of characters that is added to the transfer details sent to the merchant in the notification. It is known only to the merchant and the Merchant WebMoney Transfer service.
Send the Secret Key to the Result URL, if the Result URL is secured - The option informs the service that the Secret Key must be added to the notification sent to the merchant's website if the Result URL is secured (SSL is used), i.e. the Result URL begins with "https://".
If the Result URL is not using SSL, the Secret Key will not be sent even if the option is enabled. The Secret Key is not sent as well if the Result URL has been reassigned in the payment request form.
Allow overriding URL from Payment Request Form: - Method of requesting Success URL , Fail URL and Method of requesting Fail URL may be changed in the 'Payment Request Form'.
Transmit the parameters in prerequest - the flag that reports to the Web Merchant Interface that the parameters, which are transmitted to the Result URL of the merchant's web-site directly before a payment attempt, should be transmitted in the Prerequest form. If the flag is off, the prerequest is sent without parameters.
If the flag is set to 1, the merchant's web-site has to return 'YES'-string in the response for the Web Merchant Interface service could continue the payment process. If the response is different, the payment won't be settled and the customer will get an error message.
Send the unsetteled payment notification to WM Keeper - the flag that informs the Web Merchant Interface of the necessity of sending a notification to the merchant's WM Keeper in case of an unsettled payment.
Accept Paymer.com checks (WM-cards) or WM-notes - the flag that allows to enable or disable the possibility of direct payments to the merchant with Paymer.com checks, WM-cards or WM-notes . You can learn more about the features of this payment type from the instruction .
Accept payments via payment terminals, ATM, cash offices - the flag that allows to enable or disable the possibility of accepting payments via payment terminals, ATM, checkout counters, cash offices etc. (by means of WebMoney Check service). You can learn more about the features of this payment type from the instruction .

Payment workflow

Payment workflow is shown at the picture below.

HTML FORMS

Five HTML forms are used to transmit data between the merchant's website and the service:

  • Payment request form is generated on the merchant's website in order to request a payment in Merchant WebMoney Transfer and transfer it through the customer's browser.
  • A prelimiary request form is generated by Web Merchant Interface to send the parameters of a preliminary request for performing a payment to the merchant's web-site - if the flag "Send the parameters in a preliminary request" is enabled. If the flag is disabled, then the form isn't used (the request is sent without parameters). The request is sent bypassing the user's browser.
  • Payment notification form is generated by Merchant WebMoney Transfer in order to notify the merchant about the payment. The customer's browser is not used during the transmission of payment notification to the merchant's website.
  • Settled payment form is generated by Merchant WebMoney Transfer if the payment was successful.
  • Unsettled payment form is generated by Merchant WebMoney Transfer if the payment failed. The form is transmitted to the merchant's website through the customer's web browser.

Payment request form

The form transmits the request from the merchant's site to Merchant WebMoney Transfer through the customer's browser. It has the following fields and parameters:

Action - https://merchant.wmtransfer.com/lmi/payment.asp

Method - POST

Fields - fields transmitted in the form:

Field HTML Field Name Is it required? Description
Merchant's purse LMI_PAYEE_PURSE Yes The merchant's purse to which the customer has to pay. Format is a letter and twelve digits.
Presently, Z, R, E, U and D purses are used in the service.
Amount LMI_PAYMENT_AMOUNT Yes The amount the merchant wants to receive from the customer. The amount must be more than zero; decimal separator is used.
Purchase inner number LMI_PAYMENT_NO No The merchant specifies the number of the purchase in accordance with his accounting system. The parameter is not required, but we advise you to always use it. You should use a unique number for each payment so that you can easily find all the information about it.
Number must be an integer, less than 2147483647.
Comments LMI_PAYMENT_DESC Yes* Description of products or services.
It must be added to the WebMoney transfer payment form as well. Maximum 255 characters in length. Win-1251
Comments LMI_PAYMENT_DESC_BASE64 Yes* A description of goods or services encoded UTF-8 and then encrypted with Base64 algorithm. Is formed by the merchant. If used, the result will be substituted for LMI_PAYMENT_DESC. It allows text content not to depend on the encoding used on merchant's web-site.
Test mode LMI_SIM_MODE No The field is used only in the test mode. It may have one of the following values:
0 or empty: All test payments will be successful;
1: All test payments will fail;
2: 80% of test payments will be successful, 20% of test payments will fail.
Replacement of Result URL LMI_RESULT_URL No This field lets the merchant temporarily replace the Result URL specified on a special web page of the Merchant WebMoney Transfer site.
If the 'Allow URLs transmitted in the form' option is enabled, the transmitted URL will replace the Result URL specified on the site of Merchant WebMoney Transfer.
The format of this field must coincide with the format of the Result URL.
Replacement of Success URL LMI_SUCCESS_URL No This field lets the merchant temporarily replace the Success URL specified on a special web page of the Merchant WebMoney Transfer site.
If the 'Allow URLs transmitted in the form' option is enabled, the transmitted URL will replace the Success URL specified on the site of Merchant WebMoney Transfer. Otherwise, the URL specified at the site of Merchant WebMoney Transfer will be used.
The format of this field must coincide with the format of the Success URL.
Replacement of Success URL method LMI_SUCCESS_METHOD No This field lets the merchant temporarily replace the parameter 'Method of requesting the Success URL' that he had set up at the site of Merchant WebMoney Transfer (Settings page).
If the 'Allow URLs transmitted in the form' option is enabled, the URL in the form will replace the parameter 'Method of requesting Success URL' specified on the website of Merchant WebMoney Transfer.
The field may have values 0, 1 or 2 equal to values of the 'Method of requesting Success URL' - 'GET', 'POST' or 'LINK'.
Replacement of Fail URL LMI_FAIL_URL No This field lets the merchant temporarily replace the parameter 'Fail URL ' he had set up at the site of Merchant WebMoney Transfer (Settings page).
If the 'Allow URLs transmitted in the form' option is enabled, the URL in the form will replace the parameter 'Fail URL' specified on the website of Merchant WebMoney Transfer.
Otherwise, the URL specified at the website will be used. Format must coincide with the format of the Fail URL.
Replacement of Fail URL method LMI_FAIL_METHOD No This field lets the merchant temporarily replace the parameter 'Method of requesting Fail URL' specified at the website of Merchant WebMoney Transfer.
If the 'Allow URLs transmitted in the form' option is enabled, the URL in the form will replace the parameter 'Method of requesting Fail URL' specified on the website of Merchant WebMoney Transfer. Otherwise, the URL specified at the website will be used.
The field may have the values 0, 1 or 2 equal to values of the 'Method of requesting Fail URL' - 'GET', 'POST' or 'LINK'.
WM-card number LMI_PAYMER_PINNUMBERINSIDE No The merchant can optionally implement a special payment method for WM-cards (scratch-cards) and Paymer checks. It allows to prompt the customer for his WM-card (check) number, which he is going to pay with, directly at the merchant's site and transmit it in the given field, whereupon the customer is redirected to the card code entering step, and the payment methods selection step is skipped.
WM-note number LMI_WMNOTE_PINNUMBERINSIDE No The customer can optionally implement a special payment method for WM-notes. It allows to prompt the customer for his WM-note number, which he is going to pay with, directly at the merchant's site and transmit it in the given field, whereupon the customer is redirected to the WM-note code entering step, and the payment methods selection step is skipped.
Customer's E-mail LMI_PAYMER_EMAIL No If the merchant knows the customer's e-mail address, he can transmit it in the given fiels whereupon the customer won't have to specify it when paying with WM-note, Paymer check or WM-card.
WebMoney Check number LMI_WMCHECK_NUMBERINSIDE No The merchant can optionally implement a special payment method for WebMoney Check (payment terminals, cashpoints, checkout counters). It allows to prompt the customer for his Check number (mobile phone number), which he is going to pay with, directly at the merchant's site and transmit it in the given field, whereupon the customer is redirected to the WebMoney Check payment method and only has to enter his password to proceed with the payment.
WebMoney Check password LMI_WMCHECK_CODEINSIDE No This field is targeted for prompting the customer for his WebMoney Check that allows to redirect him straight to the final page where he should enter a single-use code sent in an SMS, and the payment methods selection step is skipped. As for security, it is safe to prompt the customer for his password for it grants nothing but read-only access to WM.Check account, and it is impossible to make a payment without single-used SMS-codes which are sent and entered in safe mode at WebMoney.Merchant site only.
E-invoicing payment method LMI_ALLOW_SDP No Using this field the merchant can redirect the customer to the e-invoicing payment method page directly, avoiding the payment method selection page. When forming a payment form the customer can assign this filed the following values: 0 - for money transfer systems, 3 - for Alpha-click, 4 - for Russian banks cards, 5 - for Russian Standart bank internet-banking system, 6 - for VTB24 internet-banking system, 7 - for THANK YOU from Sberbank bonus point, 8 - for payment terminals and banks (for U-purses only)
Phone number for quick payment LMI_FAST_PHONENUMBER No At the moment a possibility of making a quick payment available for every member is implemented in the service. To do this one should only have a mobile phone on hand, and the system, using its number, will find the corresponding WM-indentificator or WM-check and make the payment which should be confirmed by a SMS- or USSD-code. If you have the customer's mobile phone number (e.g. from his profile) specified in international format and containing only digits without any unnecessary symbols, transmit it in the given field and the customer won't have to enter it.
Credit period LMI_PAYMENT_CREDITDAYS No In case the merchant sells his goods on credit and receives payments to his D-purse, this field should contain the number of days of credit period. If payments are received to D-purse but the given parameter is omitted, the credit period assumes to be 30 days. We strongly recommend to check the conformity of the value of the parameter in prerequest or payment notification when specifying it.
Store number LMI_SHOP_ID No This parameter is obligatory for aggregators only ( these are transitional services that accept payments for third parties). This field should be used by aggregators to transmit the Megastock catalogue registration number of a store which the given payment is accepted for.
Additional parameters set by the merchant Set by the merchant No Merchant WebMoney Transfer processes the fields without the 'LMI_' or '_' prefix automatically and transmits the data specified in them to the merchant's website after the payment is made.

* - Only one of LMI_PAYMENT_DESC and LMI_PAYMENT_DESC_BASE64 parameters presense is obligatory!

The Action field of the form allows the merchant to redirect the customer to a specific payment method immediately. It is very comfortable when the merchant fully implements all possible options when setting up a store. For this there is 'at' parameter in the request URL. E.g. transmitting a payment form with URL https://merchant.wmtransfer.com/lmi/payment.asp?at=authtype_8 redirects the customer to the 'payment from a WM-purse' payment method, and at=authtype_3 - to WM-card payment. If the parameter is omitted, the latest used method will be chosen. All available payment methods are listed below:

  • authtype_2 Keeper Light
  • authtype_3 WM-card (we strongly recommend to prompt the customer for his WM-card number and transmit it in the LMI_PAYMER_PINNUMBERINSIDE parameter if there is a separate item for the sratch-card payment method at the merchant's site, for it will allow to avoid redirecting and the customer will immediately get to the final page skipping the payment method selection and WM-card number entering steps.)
  • authtype_4 Keeper Mobile
  • authtype_5 E-num
  • authtype_6 Paymer check (we strongly recommend to prompt the customer for his check number and transmit it in the LMI_PAYMER_PINNUMBERINSIDE parameter if there is a separate item for the Paymer check payment method at the merchant's site, for it will allow to avoid redirecting and the customer will immediately get to the final page skipping the payment method selection and check number entering steps.)
  • authtype_7 Payment terminals
  • authtype_8 Keeper Classic
  • authtype_9 Keeper Mini
  • authtype_10 WM-note (we strongly recommend to prompt the customer for his check number and transmit it in the LMI_PAYMER_PINNUMBERINSIDE parameter if there is a separate item for the WM-note payment method at the merchant's site, for it will allow to avoid redirecting and the customer will immediately get to the final page skipping the payment method selection and WM-note number entering steps.)
  • authtype_11 Russian Post (for WMR-purses only)
  • authtype_12 For social Network Keeper
  • authtype_13 WebMoney Check
  • authtype_14 Money transfer via common money transfer systems (for WMR-purses only)
  • authtype_16 Russian banks credit cards, for WMR-purses only (we strongly recommend to transmit '4' in the LMI_ALLOW_SDP parameter if there is a separate item (icon, set) for the 'payment via bank cards' payment method at the merchant's site, for it will allow to avoid redirecting and the customer will immediately get to the final page skipping the payment method selection step.)
  • authtype_17 Quick payment with mobile phone number specifying (if the merchant knows the customer's mobile phone number specified in international format, he can transmit it in the LMI_FAST_PHONENUMBER parameter and the customer won't have to enter it at our site when making a quick payment)
  • authtype_18 Alpha-Click, Russian Standard Bank and VTB24 internet-banking systems, for WMR-purses only (we strongly recommend to transmit the number of the chosen bank in the LMI_ALLOW_SDP parameter if there is a separate item (icon, set) for the 'payment via internet-banking system' payment method at the merchant's site, for it will allow to avoid redirecting and the customer will immediately get to the final page skipping the payment method selection and bank selection steps.)
  • authtype_19 Payment with THANK YOU from Sberbank bonuses, for WMR-purses only.

Sample 1. Fragment of the 'Payment request form ' without the URL replacement

 
<html> 
<head>
 ... 
</head> 
<body>
...
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">  
  <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="12.08">
  <input type="hidden" name="LMI_PAYMENT_DESC" value="платеж по счету">
  <input type="hidden" name="LMI_PAYMENT_NO" value="1234">
  <input type="hidden" name="LMI_PAYEE_PURSE" value="Z145179295679">
  <input type="hidden" name="LMI_SIM_MODE" value="0">
  <input type="hidden" name="FIELD_1" value="VALUE_1">
  <input type="hidden" name="FIELD_2" value="VALUE_2">
  ... 
  <input type="hidden" name="FIELD_N" value="VALUE_N"> 
  ... 
</form>
..
</body>
</html>

Sample 2. Fragment of the 'Payment request form' with the URL replacement


<html>
<head>
...
</head>
<body>
...
<form method="POST" action="https://merchant.wmtransfer.com/lmi/payment.asp">
    <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="12.08">
    <input type="hidden" name="LMI_PAYMENT_DESC" value="payment under the bill">
    <input type="hidden" name="LMI_PAYMENT_NO" value="1234">
    <input type="hidden" name="LMI_PAYEE_PURSE" value="Z145179295679">
    <input type="hidden" name="LMI_SIM_MODE" value="0">

    <input type="hidden" name="LMI_RESULT_URL" value="http://www.shop.com/result.asp">
    <input type="hidden" name="LMI_SUCCESS_URL" value="http://www.shop.com/success.html">
    <input type="hidden" name="LMI_SUCCESS_METHOD" value="2">
    <input type="hidden" name="LMI_FAIL_URL" value="http://www.shop.com/fail.html">
    <input type="hidden" name="LMI_FAIL_METHOD" value="2">

    <input type="hidden" name="FIELD_1" value="VALUE_1">
    <input type="hidden" name="FIELD_2" value="VALUE_2">
    ...
    <input type="hidden" name="FIELD_N" value="VALUE_N">
    ...
</form>
..
</body>
</html>

Pay attention to the EXEMPLARY implementation of the payment request form in Plati.ru store, where all variants of choosing a payment method as well as immediate redirecting to the necessary payment method with existing user's data are used.

Prerequest form

This form transmits details of initiated payment to the merchant directly before the payment. There are the following parameters and fields in the form:

Action - Result URL

Method - POST

Fields - fields transmitted in the form:

Name HTML Field Name Description
Prerequest flag LMI_PREREQUEST 1
Merchant's purse LMI_PAYEE_PURSE The merchant's purse to which the customer has made payment. Format is a letter and 12 digits.
Amount LMI_PAYMENT_AMOUNT Amount paid by the customer. Decimal separator is used.
Purchase inner number LMI_PAYMENT_NO The merchant specifies the number of a purchase in accordance with his accounting system. The service receives a purchase inner number from the merchant's website.
Test mode LMI_MODE Shows the mode the payment request was processed. Two values are possible:
0: Payment was made in operative mode, funds were transferred to the merchant's purse;
1: Payment was in test mode, funds were not sent
Customer's WM ID LMI_PAYER_WM WM identifier of the customer.
Customer's purse LMI_PAYER_PURSE WM purse of the customer.
Capitaller's WM ID LMI_CAPITALLER_WMID In case the customer makes payment by means of the Capitaller budget automation tool this field trnasmits the WMID of the given identifier, with that the purse specified in LMI_PAYER_PURSE parameter belongs to the WMID specified in LMI_CAPITALLER_WMID, and LMI_PAYER_WM contains the identifier of the owner who has the access with permission to make payments in the given capitaller.
WM card number(electronic checks) LMI_PAYMER_NUMBER Paymer.com check number or WM-card number; available only in case the customer pays with a Paymer check or a WM-card.
Customer's E-mail LMI_PAYMER_EMAIL E-mail specified by the customer; available only in case the customer pays with a Paymer check or a WM-card.
WM-note number LMI_EURONOTE_NUMBER WM-note check number; available only in case the customer pays with a WM-note.
Customer's E-mail LMI_EURONOTE_EMAIL E-mail specified by the customer; available only in case the customer pays with a WM-note.
WebMoney Check number LMI_WMCHECK_NUMBER Customer's WebMoney Check number (mobile phone number); available only in case the customer pays via WebMoney Check service (via payment terminals, cash points, checkout counters).
Customer's phone number LMI_TELEPAT_PHONENUMBER Customer's mobile phone number; available only in case the customer pays via WM Keeper Mobile.
Payment number in Keeper Mobile LMI_TELEPAT_ORDERID Transaction number in WM Keeper Mobile; available only in case the customer pays via WM Keeper Mobile.
Credit period LMI_PAYMENT_CREDITDAYS In case the customer pays from his C-purse to the merchant's D-purse (credit sale variant) this parameter transmits credit period specified in days. We strongly recommend that you verify the equivalence of the value of this field in prerequest form with that of payment request form.
Comments LMI_PAYMENT_DESC A comment for the payment; serves for the merchant could verify comments of payments for mismatches. This field is transmitted after URLEncode function is processed. As the form sent from merchant's site to the merchant.wmtransfer.com is transmitted by means of the client's browser, the merchant, if necessary, can verify not only the amount of payment but its original comment as well. Exhange and financial service should perform such verification obligatory.
E-invoicing payment method LMI_SDP_TYPE If this parameter is available, that means the payment is to be performed by a method which doesn't require a registration in the System; 0 - for money transfer systems, 3 - for Alpha-click, 4 - for Russian banks cards, 5 - for Russian Standart bank internet-banking system, 6 - for VTB24 internet-banking system, 7 - for THANK YOU from Sberbank bonus point, 8 - for payment terminals and banks (for U-purses only).
Additional parameters set by the merchant Set by the merchant All the fields transmitted from the merchant's website in the "Payment request form" that have no "LMI_" or "_" prefix.

If the "parameters transmission" flag is enabled, the payment processing will continue if the merchant's website returns "Yes" (string). If the merchant's website returns anything else, the payment will not be completed and the customer will receive an error message.

Sample. Fragment of "Prerequest form"


<html>
<head>
...
</head>
<body>
...
<form method="POST" action="<Result URL>">

    <input type="hidden" name="LMI_PREREQUEST" value="1">
    <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="1.0">
    <input type="hidden" name="LMI_PAYMENT_NO" value="1">
    <input type="hidden" name="LMI_PAYEE_PURSE" value="R397656178472">
    <input type="hidden" name="LMI_MODE" value="1">
    <input type="hidden" name="LMI_PAYER_WM" value="809399319852">

    <input type="hidden" name="FIELD_1" value="VALUE_1">
    <input type="hidden" name="FIELD_2" value="VALUE_2">
    ...
</form>
..
</body>
</html>

Payment notification form

The form transmits the details of a settled payment to the merchant. It has the following fields:

Action - Result URL

Method - POST

Fields are described in the table:

Field HTML Field Name Description
Merchant's purse LMI_PAYEE_PURSE Merchant's purse to which the customer has made the payment. Format is a letter and 12 digits.
Amount LMI_PAYMENT_AMOUNT Amount paid by the customer; decimal separator is used.
Purchase inner number LMI_PAYMENT_NO Number of a purchase in accordance with the accounting system of the merchant received by the service from the website of the merchant.
Test mode flag LMI_MODE The parameter identifies the mode of the payment request processing. It may have two values:
0: The payment is made in the operative mode, funds are transferred from the customer's purse to the merchant's purse;
1: The payment is made in the test mode, funds are not transferred - the transfer is imitated.
Bill number in WebMoney Transfer LMI_SYS_INVS_NO The bill number specified by the WebMoney Merchant Service during the payment request processing. It is a unique number in WebMoney Transfer
Payment number in WebMoney Transfer LMI_SYS_TRANS_NO Payment number generated by the WebMoney Merchant Service during the processing of the payment request. It is a unique number in WebMoney Transfer.
Customer's purse LMI_PAYER_PURSE Purse from which the customer has made the payment.
Customer WM ID LMI_PAYER_WM WM identifier of the customer.
Capitaller's WM ID LMI_CAPITALLER_WMID In case the customer makes payment by means of the Capitaller budget automation tool this field trnasmits the WMID of the given identifier, with that the purse specified in LMI_PAYER_PURSE parameter belongs to the WMID specified in LMI_CAPITALLER_WMID, and LMI_PAYER_WM contains the identifier of the owner who has the access with permission to make payments in the given capitaller.
WM card number(electronic checks) LMI_PAYMER_NUMBER Paymer.com check number or WM-card number; available only in case the customer pays with a Paymer check or a WM-card.
Customer's E-mail LMI_PAYMER_EMAIL E-mail specified by the customer; available only in case the customer pays with a Paymer check or a WM-card.
WM-note number LMI_EURONOTE_NUMBER WM-note check number; available only in case the customer pays with a WM-note.
Customer's E-mail LMI_EURONOTE_EMAIL E-mail specified by the customer; available only in case the customer pays with a WM-note.
WebMoney Check number LMI_WMCHECK_NUMBER Customer's WebMoney Check number (mobile phone number); available only in case the customer pays via WebMoney Check service (via payment terminals, cash points, checkout counters).
Customer's phone number LMI_TELEPAT_PHONENUMBER Customer's mobile phone number; available only in case the customer pays via WM Keeper Mobile.
Payment number in Keeper Mobile LMI_TELEPAT_ORDERID Transaction number in WM Keeper Mobile; available only in case the customer pays via WM Keeper Mobile.
Credit period LMI_PAYMENT_CREDITDAYS In case the customer pays from his C-purse to the merchant's D-purse (credit sale variant) this parameter transmits credit period specified in days. We strongly recommend that you verify the equivalence of the value of this field in prerequest form with that of payment request form.
Control signature LMI_HASH The control signature is used to verify the integrity of data and authenticate the sender.
The control signature algorithm is described in this section .
Date and time of payment LMI_SYS_TRANS_DATE Date and time of payment processing in WebMoney Transfer in
YYYYMMDD HH:MM:SS format.
Secret Key LMI_SECRET_KEY Secret Key is known only to the merchant and Merchant WebMoney Transfer.
The parameter will be empty, if the Result URL is changed or not secured or the ' Send the secret key to the Result URL' option is disabled.
E-invoicing payment method LMI_SDP_TYPE If this parameter is available, that means the payment is to be performed by a method which doesn't require a registration in the System; 0 - for money transfer systems, 3 - for Alpha-click, 4 - for Russian banks cards, 5 - for Russian Standart bank internet-banking system, 6 - for VTB24 internet-banking system, 7 - for THANK YOU from Sberbank bonus point, 8 - for payment terminals and banks (for U-purses only).
Comments LMI_PAYMENT_DESC A comment for the payment; serves for the merchant could verify comments of payments for mismatches. This field is transmitted after URLEncode function is processed. As the form sent from merchant's site to the merchant.wmtransfer.com is transmitted by means of the client's browser, the merchant, if necessary, can verify not only the amount of payment but its original comment as well. Exhange and financial service should perform such verification obligatory.
Merchant's parameteres Set by the merchant All the fields transmitted from the merchant's website in the 'Payment request form' without the "LMI_" or "_" prefix.

Important!
The merchant should provide the verification of data sent in the 'Payment notification form' in accordance with tips given here.

Sample. Fragment of the 'Payment notification form'


<html>
<head>
...
</head>
<body>
...
<form method="POST" action="<Result URL>">

    <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="1.0">
    <input type="hidden" name="LMI_PAYMENT_NO" value="1">
    <input type="hidden" name="LMI_PAYEE_PURSE" value="R397656178472">
    <input type="hidden" name="LMI_MODE" value="1">
    <input type="hidden" name="LMI_SYS_INVS_NO" value="281">
    <input type="hidden" name="LMI_SYS_TRANS_NO" value="558">
    <input type="hidden" name="LMI_PAYER_PURSE" value="R397656178472">
    <input type="hidden" name="LMI_PAYER_WM" value="809399319852">
    <input type="hidden" name="LMI_SYS_TRANS_DATE" value="20020314 14:01:14">
    <input type="hidden" name="LMI_HASH" value="114128B8AEFD8CAA76D3CF75B9AEBC17">

    <input type="hidden" name="FIELD_1" value="VALUE_1">
    <input type="hidden" name="FIELD_2" value="VALUE_2">
    ...
</form>
..
</body>
</html>

Settled payment form

The form transmits details of a settled payment to the merchant's site. The data are transmitted through the customer's browser only if the method of requesting the Success URL is 'GET' or 'Post'. The form has the following parameters and fields:

Action - Success URL

Method - method of requesting Success URL

Fields - fields transmitted in the form:

Field HTML Field Name Description
Purchase inner number LMI_PAYMENT_NO The field transmits the number of a purchase in the accounting system of the merchant. Merchant WebMoney Transfer takes this number from the merchant's site.
Bill number in WebMoney Transfer LMI_SYS_INVS_NO Bill number set by the merchant during the the payment request processing. It is a unique number in WebMoney Transfer.
Payment number in WebMoney Transfer LMI_SYS_TRANS_NO Number of a payment in WebMoney Transfer generated during the payment request processing by Merchant WebMoney Transfer. It is unique.
Date and time of payment LMI_SYS_TRANS_DATE Date and time of payment processing in WebMoney Transfer in
'YYYYMMDD HH:MM:SS' format.
WM card number(electronic checks) LMI_PAYMER_NUMBER Paymer.com check number or WM-card number; available only in case the customer pays with a Paymer check or a WM-card.
Customer's E-mail LMI_PAYMER_EMAIL E-mail specified by the customer; available only in case the customer pays with a Paymer check or a WM-card.
WM-note number LMI_EURONOTE_NUMBER WM-note check number; available only in case the customer pays with a WM-note
Customer's E-mail LMI_EURONOTE_EMAIL E-mail specified by the customer; available only in case the customer pays with a WM-note
WebMoney Check number LMI_WMCHECK_NUMBER Customer's WebMoney Check number (mobile phone number); available only in case the customer pays via WebMoney Check service (via payment terminals, cash points, checkout counters).
Customer's phone number LMI_TELEPAT_PHONENUMBER Customer's mobile phone number; available only in case the customer pays via WM Keeper Mobile.
Payment number in Keeper Mobile LMI_TELEPAT_ORDERID Transaction number in WM Keeper Mobile; available only in case the customer pays via WM Keeper Mobile.
Credit period LMI_PAYMENT_CREDITDAYS In case the customer pays from his C-purse to the merchant's D-purse (credit sale variant) this parameter transmits credit period specified in days. We strongly recommend that you verify the equivalence of the value of this field in prerequest form with that of payment request form.
Merchant's parameters Set by the merchant All the data transmitted from the merchant's website in the 'Payment request form' without the 'LMI_' or '_' prefix.

Sample. Fragment of the 'Settled payment form"


<html>
<head>
...
</head>
<body>
...
<form method="<method of requesting Success URL>" action="<Success URL>">

    <input type="hidden" name="LMI_PAYMENT_NO" value="1">
    <input type="hidden" name="LMI_SYS_INVS_NO" value="281">
    <input type="hidden" name="LMI_SYS_TRANS_NO" value="558">
    <input type="hidden" name="LMI_SYS_TRANS_DATE" value="20020314 14:01:14">

    <input type="hidden" name="FIELD_1" value="VALUE_1">
    <input type="hidden" name="FIELD_2" value="VALUE_2">
    ...
</form>
..
</body>
</html>

Unsettled payment form

The form transmits the details of unsettled payments to the merchant's website. Data are transmitted through the customer's browser if the specified method of requesting the Success URL is 'GET' or 'POST'. The form has the following fields:

Action - Fail URL

Method - method of requesting Fail URL

Fields - fields are the same as in the settled payment form.

Sample. Fragment of the 'Unsettled payment form'


<html>
<head>
...
</head>
<body>
...
<form method="<method of requesting Fail URL>" action="<Fail URL>">

    <input type="hidden" name="LMI_PAYMENT_NO" value="1">
    <input type="hidden" name="LMI_SYS_INVS_NO" value="">
    <input type="hidden" name="LMI_SYS_TRANS_NO" value="">
    <input type="hidden" name="LMI_SYS_TRANS_DATE" value="">

    <input type="hidden" name="FIELD_1" value="VALUE_1">
    <input type="hidden" name="FIELD_2" value="VALUE_2">
    ...
</form>
..
</body>
</html>

VERIFICATION OF PAYMENT DATA

When the payment is made, Merchant WebMoney Transfer sends a notification in the 'Payment notification form ' to the Result URL provided by the merchant.
We advise you to verify the data transmitted in the 'Payment notification form':

  1. Verify if the data have been sent by Merchant WebMoney Transfer (data source)
  2. Verify if the data haven't been modified (data integrity)
  3. Verify the payment amount
  4. Verify the merchant's purse
  5. Verify the payment mode (test or operative mode)

Data source verification

The Secret Key must be known only to the merchant and Merchant WebMoney Transfer. The Secret Key may be used for authentication of a sender. There is a number of different ways to authenticate the sender:

  • If the Result URL is secured and cannot be changed (edited),
    the merchant may authenticate the sender in two different ways:
  • If the merchant doesn't want to verify the control signature, he must enable the 'Send the Secret Key to the Result URL' option. In this case Merchant WebMoney Transfer will send the Secret Key to the merchant's website (in the 'LMI_SECRET_KEY' field of the payment notification form. The merchant will have to verify the secret key each time he receives the payment notification.
  • The other way is to verify the control signature. The control signature is generated by Merchant WebMoney Transfer and is transmitted in the 'LMI_HASH' field.
    This method is a bit more laborious but in this case the secret key will not be transmitted via the Internet.
  • If the Result URL is not secured or it can be changed ,
    Merchant WebMoney Transfer will not send the Secret Key independent of whether or not the 'Send the Secret Key to the Result URL' option is enabled. Thus, the merchant will have to verify the control signature.

Service Merchant use IP addresses

Data integrity verification

Merchant WebMoney Transfer notifies the merchant about the payment and sends payment details and control signature letting verify the integrity of data in a number of different ways depending of whether or not the Result URL is secured:

  • If the Result URL is secured and cannot be changed ,
    the merchant does not need to verify the control signature because the SSL protocol provides the security and integrity of data.
  • If the Result URL is not secured and can be changed ,
    we advise you to verify the integrity of data by the control signature.

Control signature

The control signature lets the merchant verify the source of data, integrity of data transferred to the Result URL in the 'Payment notification form '.
The control signature is generating by 'sticking' together values of parameters transmitted in the 'Payment notification form' in the following order:

  1. Merchant's purse (LMI_PAYEE_PURSE);
  2. Amount (LMI_PAYMENT_AMOUNT);
  3. Purchase number (LMI_PAYMENT_NO);
  4. Test mode flag (LMI_MODE);
  5. Account number in WebMoney Transfer (LMI_SYS_INVS_NO);
  6. Payment number in WebMoney Transfer (LMI_SYS_TRANS_NO);
  7. Date and time of payment (LMI_SYS_TRANS_DATE);
  8. Secret Key (LMI_SECRET_KEY);
  9. Customer's purse (LMI_PAYER_PURSE);
  10. Customer's WM id (LMI_PAYER_WM).

Control signature algorithm depends on parameters set by the merchant (MD5 or SIGN).
MD5 (Message Digest 5) generates a sequence of 32 hexadecimal digits. Message Digest 5 was developed by Ron Rivest of MIT Laboratory for Computer Science and RSA Data Security, Inc. It was published on the Internet in April, 1992 (RFC 1321).
SIGN generates a sequence of 132 hexadecimal digits on the WebMoney Transfer digital signature algorithm with use of WMSignerX.

Verification of control signature

The control signature may be verified manually on these pages - (MD5, SIGN) - and automatically on the merchant's site by the following algorithm:

  • MD5
  1. Make a string by sticking together the parameters received in the 'Payment notification form' in the same order as at the control signature generation (see above). Remember that the Secret Key is used to generate the signature. Calculate MD5 of this string. Compare the calculated value with 'LMI_HASH' received through the 'Payment notification form'
  2. Calculate MD5 of this string
  3. Compare the calculated value with the value transmitted in the 'Payment notification form '.

If the generated signature coincides with the one transmitted in the ' Payment notification form', the data have not been changed and the source of the data is Merchant WebMoney Transfer.

  • SIGN
  1. Make a string by sticking the parameters received in the 'Payment notification form' in the same order as at the control signature generation (see above). Remember that the Secret Key is used to generate the signature.
  2. Verify the digital signature. Use Interface X7. Specify the following parameters:
  • TesterWMID - WM identifier of the merchant;
  • ClientWMID - WM identifier of Merchant WebMoney Transfer that generates the digital signature of the payment notification. Its number is 967909998006.
  • AccessMarker -string received at the first stage of sticking parameters of the 'Payment notification form ';
  • ClientSignStr - control signature generated by Merchant WebMoney Transfer and transmitted to the website of the merchant in the 'Payment notification form' (the 'LMI_HASH' parameter);
  • SignStr - digital signature of the request.

If the verification result is positive, the data have not been modified and they have been sent by Merchant WebMoney Transfer.

Payment amount verification

Regardless of the fact that the customer cannot change the payment amount, we advise the merchant to verify the payment amount transmitted in the ' LMI_PAYMENT_AMOUNT' parameter.

Verification of merchant's purse

Regardless of the fact that the customer cannot change the purse number, we advise the merchant to verify the purse number transmitted in the 'LMI_PAYEE_PURSE' parameter, especially if he uses several purses in Merchant WebMoney Transfer.

Payment mode verification

Merchant WebMoney Transfer provides test payments. In order to set up the test mode, you should enable the 'Test/Operative Mode '. The information about the current mode is transmitted in the 'LMI_MODE' parameter (1 - test mode, 0 - operative mode).
No real payments will be made in the test mode, but the service will transmit the data and imitate the payment.

Merchant WebMoney Transfer Testing

The 'Test/Operative Mode ' parameter lets the merchants test integration of their websites with Merchant WebMoney Transfer without making real payments. If the test mode is enabled, the service will generate only test payments.

The merchant may set up the operative mode when he is sure that his website is integrated with and it operates correctly.

Samples

PHP

See also:
Checking transaction parameters, performed via Merchant WebMoney Transfer
Web Merchant Interface - Accepting payments through payment terminals ATMs and stores
Web Merchant Interface-Accepting payments via Paymer cheques WebMoney scratch cards or WM Note
Web Merchant Interface-Accepting payments via WM Keeper Mobile
Web Merchant Interface - Acceptance of payments from bank cards of Russian banks
Web Merchant Interface - Acceptance of payments through an Internet-bank
Web Merchant Interface - Acceptance of payments through money transfer systems
Web Merchant Interface - Acceptance of payments through Sberbank THANK YOU bonuses
Two Simple Steps to Accept WebMoney Payments
Merchant WebMoney Transfer
Click&Buy Merchant Interface
Paying for products and services using the Merchant service