Mir Pay
Introduction
Mir payment system provides an opportunity to process payments from merchant's applications or mobile versions of websites with use of the Mir Pay service.
If you have a permission to store credentials, you can store credentials for further regular payments (recurrent or installment payments) during payment via Mir Pay.
The following sections describe the integration of the Mir Pay In-Application payment method.
To accept payments via Mir Pay, you must have this feature enabled for you.
Integration schemes
Payment page on Payment gateway side
sequenceDiagram
participant C as Client
participant M as Merchant
participant P as Payment page
participant G as Payment gateway
participant MP as Mir Pay
C->>M: 1. Forming an order
M->>G: 2. Request for order registration
G-->>M: 3. Response to the request
M-->>C: 4. Redirecting to the payment page
C->>P: 5. Getting a payment form
P->>G: 6. Request for possible payment methods
G->>G: 7. Formation of the Universal link
G-->>P: 8. Mir Pay option of the merchant, Universal link
P-->>C: 9. Payment form
C->>P: 10. Selecting Mir Pay payment method
P->>MP: 11. Universal link
MP->>MP: 12. Checking
MP-->>C: 13. List of cards
C->>MP: 14. Selecting the card
MP-->>C: 15. redirect of the client to the payment page
MP-->>G: 16. Payment data
G->>G: 17. Decoding data
G->>G: 18. Making payment by token
C->>P: 19. Request for the payment result
P->>G: 20. Request for the payment result
G-->>P: 21. Payment result
P-->>C: 22. Payment result
- The client forms an order on the merchant's website.
- The merchant requests an order registration by sending an API request to the payment gateway:
a. For one-phase payment - register.do API request;
b. For two-phase payment - registerPreAuth.do API request. - The payment gateway registers an order and sends a response to the merchant containing the
formUrlparameter (the payment URL to which the merchant should redirect the client) and theorderIdparameter (the unique order number in the payment gateway system). - The online store redirects the client to the URL received in the
formUrlparameter. - The client's browser opens the received URL.
- The payment page requests a list of possible payment methods from the payment gateway.
- The payment gateway forms a Universal link.
- The payment gateway returns the merchant's Mir Pay option and Universal link in the response.
- The client receives a payment form with a rendered Mir Pay payment button.
- The client selects Mir Pay payment method on the payment page.
- The payment page launches Universal link on the client's device.
- Mir Pay verifies the merchant's signature and involvement in the program.
- Mir Pay displays a list of cards to the client.
- The client selects a card for payment in the Mir Pay application.
- Mir Pay redirects the client's browser to the payment page URL.
- Mir Pay generates payment data and sends encrypted payment data to the payment gateway.
- The payment gateway decodes the payment data.
- The payment gateway processes the payment.
- The client's browser accesses the payment page to receive the payment result.
- The payment page requests the payment result from the payment gateway.
- The payment gateway returns the payment result to the payment page.
- The payment page displays the payment result to the client.
Payment page/Application on Merchant's side
Prerequisites
In order to accept Mir Pay payments via the payment gateway, when you leverage your own payment page/application to independently access Mir Pay, you must be issued an end certificate. Please contact the technical support service to obtain this certificate.
Along with the end certificate you should receive from the technical support service the following:
- "Standard of the "Mir" payment system. Description of the implementation of Mir Pay Android In-Application operations for the merchant" document.
- MirPaySDK.aar library for embedding in the merchant's mobile application.
- API description in the a yaml-file format.
- The URL of the merchant's end certificate file on the Aggregator's public Web resource (https://participant's host/juks/-juks.json), if this merchant supports In-Application Web-based operation technology.
sequenceDiagram
participant C as Client
participant M as Merchant
participant G as Payment gateway
participant MP as Mir Pay
C->>M: 1. Selecting Mir Pay payment method
M->>MP: 2. Mir Pay call
MP->>MP: 3. Signature verification
MP-->>C: 4. List of cards
C->>MP: 5. Selecting the card
MP-->>M: 6. Encrypted payment data
M->>G: 7. Request for Mir Pay payment
G->>G: 8. Decoding data
G->>G: 9. Payment
G-->>M: 10. Payment result
M-->>C: 11. Payment result
- The client selects the Mir Pay payment method on the merchant's payment page.
- Merchant runs an In-Application operation preparation script via MirPaySDK in the Mir Pay application/Merchant runs an In-Application operation preparation script via Deeplink or Universal Link in the Mir Pay application.
- Mir Pay verifies the merchant's signature and involvement in the program.
- Mir Pay displays a list of cards to the client.
- The client selects a card for payment in the Mir Pay application.
- Mir Pay generates the payment data and sends the encrypted payment data to the merchant.
- The merchant requests a payment by sending /mir/payment.do API request to the payment gateway .
- The payment gateway decodes the payment data.
- The payment gateway processes the payment.
- The payment gateway returns the payment result to the merchant.
- The merchant displays the payment result to the client.
Payment data decryption on Merchant's side
sequenceDiagram
participant C as Client
participant M as Merchant
participant G as Payment gateway
participant MP as Mir Pay
C->>M: 1. Selecting Mir Pay payment method
M->>MP: 2. Mir Pay call
MP->>MP: 3. Signature verification
MP-->>C: 4. List of cards
C->>MP: 5. Selecting the card
MP-->>M: 6. Encrypted payment data
M->>M: 7. Decoding data
M->>G: 8. Request for Mir Pay payment
G->>G: 9. Payment
G-->>M: 10. Payment result
M-->>C: 11. Payment result
- The client selects the Mir Pay payment method on the payment page.
- Merchant runs an In-Application operation preparation script via MirPaySDK in the Mir Pay application/Merchant runs an In-Application operation preparation script via Deeplink or Universal Link in the Mir Pay application.
- Mir Pay verifies the merchant's signature and involvement in the program.
- Mir Pay displays a list of cards to the client.
- The client selects a card for payment in the Mir Pay application.
- Mir Pay generates the payment data and sends the encrypted payment data to the merchant.
- The merchant decodes the payment data.
- The merchantt creates a payment request /mir/paymentDirect.do containing the decrypted payment data and sends it to the payment gateway.
- The payment gateway processes the payment.
- The payment gateway returns the payment result to the merchant.
- The merchant displays the payment result to the client.
Mir Pay API requests
Mir Pay order registration
The request used to register and pay for an order is https://mts.rbsuat.com/payment/mir/payment.do. The request call is available if the merchant is assigned a corresponding permission.
When sending the request, you should use the header:
Content-Type: application/json
Request parameters
| Required | Name | Type | Description |
|---|---|---|---|
| Conditional | merchant |
String [1..255] | Merchant login in the payment gateway. Mandatory if authorization is via merchant. |
| Conditional | username |
String [1..30] | Merchant's API account login. Mandatory if authorization is via username and password. |
| Conditional | password |
String [1..30] | Merchant's API account password. Mandatory if authorization is made via username and password. |
| Mandatory | orderNumber |
String [1..36] | Order number (ID) in the merchant's system, must be unique for each order. |
| Optional | description |
String [1..598] | Order description in any format. To enable sending this field to the processing system, contact the technical support service. It is not allowed to fill this parameter with personal data or payment data (card numbers, etc.). This requirement is due to the fact that the order description is not masked in Merchant Portal and log files. |
| Optional | language |
String [2] | ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used. Supported languages: ru,en,zh,tr,pt,ko,ja,fr,es,de,ar,kz,kk. |
| Optional | additionalParameters |
Object | Additional parameters of the order that are stored in the merchant personal area for the subsequent viewing. Each new pair of a parameter name and its value must be separated by a comma. Below is a usage example.{ "firstParamName": "firstParamValue", "secondParamName": "secondParamValue"} When storing a credential, this tag can contain parameters that specify the type of the stored credential. See the list of parameters. |
| Optional | preAuth |
Boolean | Parameter that defines the necessity of a pre-authorization (putting the amount on hold on the customer's account until its debiting). The following values are available:
|
| Mandatory | ip |
String [1..39] | Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters). |
| Optional | clientId |
String [0..255] | Customer number (ID) in the merchant's system — up to 255 characters. Used to implement the functionality of stored-credential transactions. Can be returned in the response if the merchant is allowed to store credentials. Specifying this parameter in stored-credential transactions is mandatory. Otherwise, a payment will be unsuccessful. |
| Mandatory | paymentToken |
String [1..8192] | A string in JWE Compact Serialization format with In-Application operation data. |
| Optional | clientId |
String [0..255] | Customer number (ID) for storing credentials for further regular payments. Should be specified only if a technical payment is made for further regular payments. |
| Optional | tii |
String | Transaction initiator indicator. A parameter indicating what type of operation will be carried out by the initiator (Customer or Merchant). Possible values. |
Additional parameters that specify the type of created stored credential and are passed in additionalParameters:
| Required | Name | Type | Description |
|---|---|---|---|
| Conditional | installments |
Integer [3] | Maximum number of allowed authorizations for installment payments. Should be specified when creating an installment stored credential. |
| Conditional | recurringFrequency |
Integer [2] | Maximum number of days between authorizations. Positive integer from 1 to 28. Should be specified when creating a recurring or installment stored credential. |
| Conditional | recurringExpiry |
String [8] | The date after which further authorizations should not be performed. Format: YYYYMMDD. Should be specified when creating a recurring or installment stored credential. |
Possible values of tii (read about the stored credential types supported by the Payment Gateway here):
tii value |
Description | Transaction type | Transaction initiator | Card data for transaction | Card data saved after transaction | Note |
|---|---|---|---|---|---|---|
| Empty | Regular | Customer | Entered by Customer | No | An e-commerce transaction, credential is not stored. | |
| CI | Initial Common CIT | Initiating | Customer | Entered by Customer | Yes | An e-commerce transaction, credential is stored. |
| F | Unscheduled CIT | Subsequent | Customer | Customer selects card instead of manual entry | No | An e-commerce transaction that uses a stored credential. |
| U | Unscheduled MIT | Subsequent | Merchant | No manual entry, Merchant passes the data | No | An e-commerce transaction that uses a stored credential. Used for one-phase payments only. |
| RI | Initial Recurrent CIT | Initiating | Customer | Entered by Customer | Yes | An e-commerce transaction, credential is stored. |
| R | Recurrent MIT | Subsequent | Merchant | No manual entry, Merchant passes the data | No | A recurrent transaction that uses a stored credential. Used for one-phase payments only. |
| II | Initial Installment CIT | Initiating | Customer | Entered by Customer | Yes | An e-commerce transaction, credential is stored. |
| I | Installment MIT | Subsequent | Merchant | No manual entry, Merchant passes the data | No | An installment transaction that uses a stored credential. Used for one-phase payments only. |
Response parameters
| Required | Name | Type | Description |
|---|---|---|---|
| Mandatory | success |
Boolean | Main parameter which indicates directly that the request was successful. The following values are available:
Note that the value true here simply means that the request was proccessed, not that the order was paid. Read here to find out how to get payment status. |
| Conditional | data |
Object | This parameter is returned only if the payment is processed successfully. See the description below. |
| Conditional | error |
Object | This parameter is returned only if the payment failed. See the description below. |
data block contains the following elements.
| Required | Name | Type | Description |
|---|---|---|---|
| Mandatory | orderId |
String [1..36] | Order number in the payment gateway. Unique within the payment gateway. |
| Optional | bindingId |
String [1..255] | Identifier of the credentials stored when paying for the order or used for payment. Available only if the merchant is allowed to store credentials. |
error block contains the following elements.
| Required | Name | Type | Description |
|---|---|---|---|
| Mandatory | code |
String [1..3] | Code as an information parameter stating an error occurred. |
| Mandatory | description |
String [1..598] | A detailed technical explanation of the error - the contents of this parameter should not to be displayed to the customer. |
| Mandatory | message |
String [1..512] | Information parameter that is an error description to be displayed to the user. The parameter may vary, so it should not be hardcoded. |
Examples
Request example
curl --location 'https://mts.rbsuat.com/payment/mir/payment.do' \
--header 'Content-Type: application/json' \
--data '{
"username": "test_user",
"password": "test_user_password",
"orderNumber": 3229,
"description": "description",
"language": "RU",
"tii" : "II",
"clientId":"202403122",
"additionalParameters": {
"installments": "5",
"recurringFrequency": "5",
"recurringExpiry": "20241004"
},
"preAuth": false,
"paymentToken": "eyJhbGciOiJSU0...9HDxLg",
"ip": "x.x.x.x"
}'Response in case of a successful payment
{
"success": true,
"data": {
"orderId": "243ec139-4b5a-7859-b409-bbcb4806bc81",
"bindingId": "7c1d7969-bf01-7f34-be04-c6904806bc81"
}
}Response in case of a failed payment
{
"error": {
"code": 1,
"description": "Processing Error",
"message": "Insufficient amount on card"
},
"success": false
}Mir Pay Direct
The request used to make a direct payment via Mir Pay is https://mts.rbsuat.com/payment/mir/paymentDirect.do. The request call is available if the merchant is assigned a corresponding permission.
When sending the request, you should use the header:
Content-Type: application/json
This request can be used for integrations that involve payment data decoding on Merchant side.
Request parameters
| Required | Name | Type | Description |
|---|---|---|---|
| Conditional | merchant |
String [1..255] | Merchant login in the payment gateway. Mandatory if authorization is via merchant. |
| Conditional | username |
String [1..30] | Merchant's API account login. Mandatory if authorization is via username and password. |
| Conditional | password |
String [1..30] | Merchant's API account password. Mandatory if authorization is made via username and password. |
| Mandatory | orderNumber |
String [1..36] | Order number (ID) in the merchant's system, must be unique for each order. |
| Optional | description |
String [1..598] | Order description in any format. To enable sending this field to the processing system, contact the technical support service. It is not allowed to fill this parameter with personal data or payment data (card numbers, etc.). This requirement is due to the fact that the order description is not masked in Merchant Portal and log files. |
| Optional | language |
String [2] | ISO 639-1 encoded language key. If the language is not specified, the default language specified in the store settings is used. Supported languages: ru,en,zh,tr,pt,ko,ja,fr,es,de,ar,kz,kk. |
| Optional | additionalParameters |
Object | Additional parameters of the order that are stored in the merchant personal area for the subsequent viewing. Each new pair of a parameter name and its value must be separated by a comma. Below is a usage example.{ "firstParamName": "firstParamValue", "secondParamName": "secondParamValue"} When storing a credential, this tag can contain parameters that specify the type of the stored credential. See the list of parameters. |
| Optional | preAuth |
Boolean | Parameter that defines the necessity of a pre-authorization (putting the amount on hold on the customer's account until its debiting). The following values are available:
|
| Mandatory | ip |
String [1..39] | Buyer's IP address. IPv6 is supported in all requests. (up to 39 characters). |
| Mandatory | paymentToken |
String [1..8192] | The token received from MirPay. The value must be decoded and encoded in Base64. |
| Optional | clientId |
String [0..255] | Customer number (ID) for storing credentials for further regular payments. Should be specified only if a technical payment is made for further regular payments. |
| Conditional | originalPaymentNetRefNum |
String [1..36] | The identifier of the original or previous successful transaction in the payment system in relation to the performed stored-credential transaction - TRN ID. Is passed when tii = R,U, or F.Is mandatory when using merchant's stored credentials in stored credential transfers. |
| Conditional | originalPaymentDate |
String | Date of initiating transaction. The format is Unix timestamp, in milliseconds. Is passed when tii = R,U, or F. |
| Optional | tii |
String | Transaction initiator indicator. A parameter indicating what type of operation will be carried out by the initiator (Customer or Merchant). Possible values. |
Additional parameters that specify the type of created stored credential and are passed in additionalParameters:
| Required | Name | Type | Description |
|---|---|---|---|
| Conditional | installments |
Integer [3] | Maximum number of allowed authorizations for installment payments. Should be specified when creating an installment stored credential. |
| Conditional | recurringFrequency |
Integer [2] | Maximum number of days between authorizations. Positive integer from 1 to 28. Should be specified when creating a recurring or installment stored credential. |
| Conditional | recurringExpiry |
String [8] | The date after which further authorizations should not be performed. Format: YYYYMMDD. Should be specified when creating a recurring or installment stored credential. |
Possible values of tii (read about the stored credential types supported by the Payment Gateway here):
tii value |
Description | Transaction type | Transaction initiator | Card data for transaction | Card data saved after transaction | Note |
|---|---|---|---|---|---|---|
| Empty | Regular | Customer | Entered by Customer | No | An e-commerce transaction, credential is not stored. | |
| CI | Initial Common CIT | Initiating | Customer | Entered by Customer | Yes | An e-commerce transaction, credential is stored. |
| F | Unscheduled CIT | Subsequent | Customer | Customer selects card instead of manual entry | No | An e-commerce transaction that uses a stored credential. |
| U | Unscheduled MIT | Subsequent | Merchant | No manual entry, Merchant passes the data | No | An e-commerce transaction that uses a stored credential. Used for one-phase payments only. |
| RI | Initial Recurrent CIT | Initiating | Customer | Entered by Customer | Yes | An e-commerce transaction, credential is stored. |
| R | Recurrent MIT | Subsequent | Merchant | No manual entry, Merchant passes the data | No | A recurrent transaction that uses a stored credential. Used for one-phase payments only. |
| II | Initial Installment CIT | Initiating | Customer | Entered by Customer | Yes | An e-commerce transaction, credential is stored. |
| I | Installment MIT | Subsequent | Merchant | No manual entry, Merchant passes the data | No | An installment transaction that uses a stored credential. Used for one-phase payments only. |
Response parameters
| Required | Name | Type | Description |
|---|---|---|---|
| Mandatory | success |
Boolean | Main parameter which indicates directly that the request was successful. The following values are available:
Note that the value true here simply means that the request was proccessed, not that the order was paid. Read here to find out how to get payment status. |
| Conditional | data |
Object | This parameter is returned only if the payment is processed successfully. See the description below. |
| Conditional | error |
Object | This parameter is returned only if the payment failed. See the description below. |
data block contains the following elements.
| Required | Name | Type | Description |
|---|---|---|---|
| Mandatory | orderId |
String [1..36] | Order number in the payment gateway. Unique within the payment gateway. |
| Необязательно | bindingId |
String [1..255] | Identifier of the credentials stored when paying for the order or used for payment. Available only if the merchant is allowed to store credentials. |
error block contains the following elements.
| Required | Name | Type | Description |
|---|---|---|---|
| Mandatory | code |
String [1..3] | Code as an information parameter stating an error occurred. |
| Mandatory | description |
String [1..598] | A detailed technical explanation of the error - the contents of this parameter should not to be displayed to the customer. |
| Mandatory | message |
String [1..512] | Information parameter that is an error description to be displayed to the user. The parameter may vary, so it should not be hardcoded. |
Examples
Request example
curl --location 'https://mts.rbsuat.com/payment/mir/paymentDirect.do' \
--header 'Content-Type: application/json' \
--data '{
"username": "test_user",
"password": "test_user_password",
"orderNumber": 243ec139-4b5a-7859-b409-bbcb4806bc81,
"description": "description",
"language": "RU",
"tii" : "II",
"clientId":"202403112",
"additionalParameters": {
"installments": "5",
"recurringFrequency": "5",
"recurringExpiry": "20241231"
},
"preAuth": false,
"paymentToken": "eyJ0YW4iOiIyMj...wifQ==",
"ip": "x.x.x.x"
}'Response in case of a successful payment
{
"success": true,
"data": {
"orderId": "243ec139-4b5a-7859-b409-bbcb4806bc81",
"bindingId": "7c1d7969-bf01-7f34-be04-c6904806bc81"
}
}Response in case of a failed payment
{
"error": {
"code": 1,
"description": "Processing Error",
"message": "Insufficient amount on card"
},
"success": false
}