Integration
Getting Started
Ukrkart offers several environments
|
Production For real use |
Sandbox For testing and integration |
Mock server To study the operation of the methods |
Contact us
Contact us to register your interest in the Ukrcard platform.
|
|
We will contact you shortly to find out about:
- your business model
- the countries in which you intend to process payments
- other details for quick and successful implementation of your project
We define the type of your integration
The type of integration with the Ukrcard API is determined by the chosen payment system, the way of interaction with merchants, their customers and card systems. We use this information to choose the optimal type of integration.
If you plan to collect customer card data in your environment and send it to our API, you should ensure that your components are PCI DSS compliant.
If this is not the case, we recommend that you use the Checkout pages of PSPs already integrated with us (list), which are ready-made payment processing solutions without the need to process or store payment information, or use our own Checkout product.
INFO
Please note that PCI DSS compliance is required for using direct payments
Also at this stage, we help you decide on the scenario and choose the services you will need to use.
Access the test platform
You are assigned an external system ID, as well as a login and password, which you will use for each method API call.
Your service must work according to the HTTPS protocol, so you need to generate a TLS certificate. Procedure for generating Certificates:
INFO
-
A responsible person on your side must conduct the CSR generation.
-
Generation parameters:
- key algorithm: RSA;
- key length: 2048;
- CN =
( Example BNS4_Kyiv_01)
-
Send CSR to email security@ukrcard.ua
-
Receive an archive containing the signed Certificate in response
-
Remove the Certificate from the archive and apply it when calling the methods
Develop your implementation
Checklist for creating integration with Ukrcard
On this resource you will find a detailed description of all the methods you need, with examples, and the ability to call methods through the MOCK server.
We also provide a ready-made Postman collection that simplifies testing of all our methods.
The download button below will download:
- An API collection that contains all our method calls in ukrcard.dev subfolders
- An environment file with variables that you can edit to suit yourself
Submit a request for your real account
- Get the real ID of the external system;
- Generate and send a TLS-certificate for signing, and get it ready for use in the archive;
- Contact the selected acquiring bank (list) to obtain service conditions and information about tariffs;
- Agree and sign an agreement with the acquiring bank on the provision of the selected services (services);
- The acquiring bank sends a completed application for terminal registration with a list of permitted operations;
Configure your real account
- Set up a real environment;
- Conduct a pilot operation;
- We confirm the correctness of the operation
- You can start a flow of customers
Quick start
Use interactive documentation
The interactive documentation allows you to view the API specification, view examples, test them in real time in a sandbox environment, and generate code snippets.
Learn the query format and detailed field descriptions
Examine the response body, descriptions, and value format
Explore the pre-filled examples
Try using the API live with a mock server
Replay on the test server using your own access credentials
Test APIs using our Postman Collections
API Methods Reference
Ukrcard wsGate
E-Commerce acquiring
| API Method name | Description | Comment |
|---|---|---|
| Payment | E-commerce purchases | |
| Preauthorization | Order registration with pre-authorization | |
| Completion | Completion of payment before the pre-authorized order | |
| CancelPreauthorization | Canceling a previously pre-authorized order | |
| Confirm | Request status of operation | |
| ConfirmExt | Request to receive the advanced status of the operation | |
| Reverse | Reverse of paid order | |
| Refund | Refund of paid order | |
| Verify | Authentication confirmation (for Prostir) |
Money transfers
| API Method name | Description | Comment |
|---|---|---|
| р2рTransfer | Execution of the transfer | It is used to perform: - standard p2p translation; - transfer to an account - Card-2-Account (C2A); - credit part of the transfer - Account-2-Card (A2C). |
| Confirm | Request status of operation | |
| ConfirmExt | Request to receive the advanced status of the operation | |
| Reverse | Reverse of paid order | |
| Refund | Refund of paid order | |
| Verify | Authentication confirmation (for Prostir) |
Tokenized payments
| API Method name | Description | Comment |
|---|---|---|
Cards and accounts (UAPI)
| API Method name | Description | Comment |
|---|---|---|
Authentication when connecting
The following mechanisms are used for access control and authorization:
- Access parameters passed in request headers
- SSL certificate on the client side
Access parameters should be passed in the following headers:
| Header name | Comment |
| ExtSystemId | Identifier of the external system (ES) |
| login | ES login in the wsGate system, received from UKRKARD when connecting to the API |
| password | ES password in the wsGate system, received from UKRKARD when connecting to the API |
An example of an HTTP request with access parameters:
curl -v \
--request POST \
--url https://pre-wsgate.ukrcard.com.ua/ConfirmExt \
--cert ECOM_cert.pem \
--key ECOM_key.pem \
--header 'Host: pre-wsgate.ukrcard.com.ua' \
--header 'Content-Type: application/json' \
--header 'ExtSystemid: ECOM' \
--header 'login: ECOM' \
--header 'password: ECOM*' \
--header 'orderNumber: 3' \
--header 'RegDate: 2024-03-12 12:16:00' \
--header 'x-uws-clientdn: TestPay_ECOM' \
--header 'Accept: application/json' \
-d @- \
<< EOF
{"pageData":{"language":"uk"}}