Praxis Wiki logo

Payment API {process} Sale

Payment Card Processing API lets you process the credit and debit card deposits and payouts over REST API.

To see the compatibility mode for legacy integrations with no encryption applied to card details, please see Sale - No Encryption

{danger.fa-exclamation} IMPORTANT: Sometimes transaction_id (PSP transaction identifier) is empty, this may happen in the cases when the PSP has rejected the processing attempt due to input validation or unavailability of the payment gateway.


Name URL


Variable Type Description
amount int(20) Required. Payment amount in cents.
Please note: for certain currencies (see full list here) there is a fraction other than 100 cents per unit, this is important if you multiply by 100 to send the amount in cents
currency varchar(10) Required. Payment currency
card_number_encrypted varchar(256) Required. Card number encrypted with aes-256-cbc, see encryption algorithm below
cvv_encrypted varchar(256) Required. Card security code encrypted with aes-256-cbc, see encryption algorithm below
card_exp_encrypted varchar(256) Required. Card expiration date encrypted with aes-256-cbc, see encryption algorithm below
pin varchar(50) Required. Unique customer id in your system
dob date Required. Date of birth of the customer. MM/DD/YYYY format accepted.
email varchar(50) Required. Customer's email
phone int(20) Required. Numeric only, includes country area code. Should not be a dummy sequence like 123456 or 111111, should be at least 6 digits long.
requester_ip varchar(10) Required. Customer's IP address
address varchar(100) Required. Customer's address
city varchar(50) Required. City of the customer
country varchar(2) Required. ISO 3166-1 alpha-2 (US, MT, IT, GB, DE etc)
first_name varchar(25) Required. Customer's first name
last_name varchar(25) Required. Customer's last name
state varchar(2) Optional. State/Province where the customer resides. Only for US, CA and AU. 2 characters ISO format. Otherwise leave blank (send “NA”).
zip varchar(12) Required. Postal Code of the customer. Can provide values for other countries. Limited to 12 alphanumeric characters only.
gateway varchar(32) Optional. Gateway doing the processing
application_key varchar(32) Required. Identifier of your application (website)
merchant_id varchar(50) Required. Merchant API client account identifier
return_url varchar(256) Required. User will be redirected to a specified URL upon 3D Secure confirmation (in case of 3D Secure flow)
notification_url varchar(256) Required. URL to which the deposit status notification will be sent
order_id varchar(50) Required. Transaction identifier in your system
transaction_type varchar(8) Required. Transaction type. Must be set to sale for deposit
reference_id varchar(50) Optional. (Required on refund) Original transaction identifier from
timestamp int(11) Required. Request time. URL will be active during 1 min after this time
version varchar(3) Required. API version
signature varchar(96) Required. Request signature. Please refer to How to Build Signature for details on signing the request.


Variable Type Description
status int Required.
- 0 if the request was successful
- Negative integer if internal server/network error occurs
- Positive integer if application/logical error occurs
description varchar(256) Required. Accurate description of the result. Return the actual error for any exception as it helps to diagnose issues in production
redirect_url varchar(256) Optional. 3D Secure verification URL. Appears only in combination with "transaction_status":"pending_async"
trace_id int(11) Optional. Transaction identifier in
transaction_id varchar(50) Optional. Transaction identifier in PSP
transaction_status varchar(16) Required.
- pending - processing initiated, final response expected from PSP
- approved - processing was successful
- rejected - processing failed
- pending_async - customer action expected (3D Secure, etc.)
- error - processing or configuration error
payment_processor varchar(25) Optional. Gateway doing the processing
error_code varchar(32) Optional. Error code for rejected transactions
error_details varchar(256) Optional. Error description for rejected transactions
version varchar(3) Required. API version
signature varchar(96) Required. sha384 HASH code of response (same algorithm as request signature)


For example below: Merchant Secret = "MerchantSecretKey"


curl -X POST \ \
-H 'Content-Type: application/json' \
-d '{
    "address": "Avenue 51\/2",
    "amount": "100",
    "application_key": "Sandbox",
    "card_number": "ZMq4wDaiaQ/xOwMEcQ7R3ASjTnoOMu+avLuJYgAnz1Q=",
    "card_exp": "WI8V4bE5/l8fIhUv6aMO8w==",
    "city": "New York",
    "country": "US",
    "currency": "USD",
    "cvv": "111",
    "dob": "05\/15\/1980",
    "email": "[email protected]",
    "first_name": "Test",
    "gateway": "s-pTSZyK23E1Ee5KZpcNbX_aFl0HuhQ0",
    "last_name": "User",
    "merchant_id": "Test-Integration-Merchant",
    "notification_url": "https:\/\/\/v1\/deposits\/tx-1560610955",
    "order_id": "test-1560610955",
    "phone": "+1987987987987",
    "pin": "1",
    "requester_ip": "",
    "return_url": "https:\/\/\/payment_result\/tx-1560610955",
    "state": "LA",
    "timestamp": 1579218438,
    "transaction_type": "sale",
    "reference_id": "null",
    "version": "1.2",
    "zip": "24123",
    "signature": "e51f94c9358cdee68befb399c0f05b1c598d0ebfe29a40d39ad665a21643a2b96b657970669988aa8dbde191cbaeb621"

Response (3D Secure)

    "description": "Ok",
    "error_code": "0",
    "error_details": "[TEST] Transaction status: redirect",
    "payment_processor": "TestPP",
    "redirect_url": "https:\/\/\/site\/process\/WEYrdE5XKzhhKzRjQjBIbE5kWlpLZz09",
    "status": 0,
    "trace_id": 1000000680,
    "transaction_id": "15607165967613",
    "transaction_status": "pending_async",
    "version": "1.2",
    "signature": "c739c3d581355f0ac242ffa206687efffeb6f01148a796b6121931a16230bb7c527b46886402519923d1bca6b96d64dc"

Response (Approved)

    "description": "Ok",
    "error_code": "0",
    "error_details": "[TEST] Transaction status: approved",
    "payment_processor": "TestPP",
    "redirect_url": null,
    "status": 0,
    "trace_id": 1000000681,
    "transaction_id": "15607165967620",
    "transaction_status": "approved",
    "version": "1.2",
    "signature": "268ac58da717d65217c7957d7fde679c35c5b5fa58bac53d3cea8fec9739c5bb3acce42d90e11987db43305beadad0ac"

Response (Rejected)

    "description": "Ok",
    "error_code": "1",
    "error_details": "[TEST] Transaction status: rejected",
    "payment_processor": "TestPP",
    "redirect_url": null,
    "status": 0,
    "trace_id": 1000000682,
    "transaction_id": "15607165967622",
    "transaction_status": "rejected",
    "version": "1.2",
    "signature": "2ee9f427c4940bd4dbb5d72f5414b868a90d507fd729d157a0b0338a87ad2a9e3c7fcd8c8263df89134d3a93cb889bda"


   * Method for encryption using AES algorithm
   * @param  string $valueForEncryption  The parameter to be encrypted - card_number, card_exp, cvv
   * @param  string $merchantSecret  Merchant’s secret key
   * @param  int $requestTimestamp   Timestamp from the request body
   * @return  string

  public function encrypt(string $valueForEncryption, string $merchantSecret, int $requestTimestamp) : string
        $method = ‘aes-256-cbc’;
        $key = str_pad($merchantSecret, 32, ‘0’, STR_PAD_LEFT);
        $iv = str_pad($requestTimestamp, 16, ‘0’, STR_PAD_LEFT);
        $encrypted = openssl_encrypt($valueForEncryption, $method, $key, OPENSSL_RAW_DATA, $iv);

        return base64_encode($encrypted);


    "card_number": "ZMq4wDaiaQ/xOwMEcQ7R3ASjTnoOMu+avLuJYgAnz1Q=",
    "card_exp": "WI8V4bE5/l8fIhUv6aMO8w==",
    "cvv": "BCm5yhYeeYoJlsOSIRd8Mg=="

You are currently viewing version 3.4 Latest version here