3.26. /api/v4/status

Introduction

To make an order status request one have to send an HTTPS POST request to the URLs and the parameters specified below. Use RSA-SHA256 for authentication. See Statuses.

API URLs

Integration

Production

https://sandbox.gitpay.tech/paynet/api/v4/status/ENDPOINTID

https://gate.gitpay.tech/paynet/api/v4/status/ENDPOINTID

https://sandbox.gitpay.tech/paynet/api/v4/status/group/ENDPOINTGROUPID

https://gate.gitpay.tech/paynet/api/v4/status/group/ENDPOINTGROUPID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded and Authorization headers.

Parameter Name

Description

Necessity

login

Merchant login name.

Mandatory

client_orderid

Unique order identifier assigned by merchant.

Mandatory

orderid

Order id assigned to the order by GitPay.

Conditional

by-request-sn

Serial number assigned to the specific request by GitPay. If this field exist in status request, status response return for this specific request. Include this parameter to get the status request with the particular transaction stage (can be used in specific cases). To get the latest transaction status, don’t include this parameter in status request.

Optional


In most common cases, the best option is to include both client_orderid and orderid parameters to status request. Order status can be requested with only client_orderid if it’s unique to merchant and orderid is not received. If orderid is not received in response, but this response contains an error, see the received error message to get the information why transaction was not created in the system.

Response Parameters

The same API command for status request is used in multiple Use-Cases, therefore some of the mentioned response parameters might not be present for specific case. Below is the full list of possible parameters.

Note

Response has Content-Type: text/html;charset=utf-8 header. All fields are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value.
* - these parameters are not defined by default. Please contact tech support to include these fields in callback.

Status Response Parameter

Description

type

The type of response. May be status-response.

status

See Status List for details.

amount

Actual transaction amount. This value can be changed during the transaction flow.

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar EUR for European Euro.

paynet-order-id

Order id assigned to the order by gate.gitpay.tech.

merchant-order-id

Connecting Party order id.

phone

Payer’s full international phone number, including country code.

html

HTML code of 3DS authorization form, encoded in application/x-www-form-urlencoded MIME format. Merchant must decode this parameter before showing the form to the Payer. gate.gitpay.tech System returns the following response parameters when it gets 3DS authorization form from the Issuer Bank. It contains auth form HTML code which must be passed through without any changes to the client’s browser. This parameter exists and has value only when the redirection HTML is already available. For non-3DS this never happens. For 3DS HTML has value after some short time after the processing has been started.

redirect-to

For 3DS authorization the merchant can redirect the Payer to URL provided in this parameter instead of rendering the page provided in html parameter. The redirect-to parameter is returned only if the html parameter is returned. Merchant should use GET HTTP method to redirect. This parameter must be used to work with 3DS 2.0.

serial-number

Unique number assigned by gate.gitpay.tech server to particular request from the Connecting Party.

last-four-digits

Last four digits of Payer bank card number.

dest-last-four-digits

Last four digits of customer credit card number. Relevant only for transfer transactions.

bin

Bank BIN of Payer bank card number.

card-type

Type of Payer bank card (VISA, MASTERCARD, etc).

gate-partial-reversal

Processing gate support partial reversal (enabled or disabled).

gate-partial-capture

Processing gate support partial capture (enabled or disabled).

transaction-type

Transaction type (sale, reversal, capture, preauth).

processor-rrn

Bank Receiver Registration Number.

processor-tx-id

Acquirer transaction identifier.

receipt-id

Electronic link to receipt https://gate.gitpay.tech/paynet/view-receipt/ENDPOINTID/receipt-id/.

name

Payer’s name.

card-ref-id

Card reference ID used in subsequent recurrent payments. Relevant only if card-ref-id was created for initial transaction.

cardholder-name

Cardholder’s name.

card-exp-month

Bank card expiration month.

card-exp-year

Bank card expiration year.

card-hash-id

Unique card identifier to use for loyalty programs or fraud checks.

card-country-alpha-three-code

Three letter country code of source card issuer. See Country and State Codes for details.

destination-card-country-alpha-three-code

Three letter country code of destination card issuer. See Country and State Codes for details.

dest-bin

Bank BIN of customer credit card number.

dest-card-type

Type of customer credit card (VISA, MASTERCARD, etc).

dest-bank-name

Bank name by customer card BIN.

destination-hash-id

Unique card identifier to use for loyalty programs or fraud checks. Relevant only for transfer transactions.

destination-card-hash-id

Unique card identifier to use for loyalty programs or fraud checks.

first-name

Payer’s first name.

last-name

Payer’s last name.

email

Payer’s e-mail.

country *

Payer’s country (two-letter country code). Please see Country and State Codes for a list of valid country codes.

state *

Payer’s state . Please see Country and State Codes for a list of valid state codes. Mandatory for USA, Canada and Australia.

city *

Payer’s city.

zip_code *

Payer’s ZIP code.

address1 *

Payer’s address line 1.

purpose

Destination to where the payment goes. It is useful for the merchants who let their payers to top up their accounts with bank card (Mobile phone accounts, game accounts etc.). Sample values are: +7123456789; gamer0001@ereality.com etc. This value can be used by the fraud monitoring system.

bank-name

Bank name by Payer card BIN.

terminal-id

Acquirer terminal identifier to show in receipt.

paynet-processing-date

Acquirer transaction processing date.

approval-code

Bank approval code.

order-stage

The current stage of the transaction processing. See Order Stage for details.

total-reversal-amount

Total amount of processed reversals. Relevant only for reversal transactions.

reversal-amount

The amount of the last processed reversal. Relevant only for reversal transactions.

auth-response-code

Response code used in Iso8583 protocol. Only returned in specific cases.

acquirer-processing-date

Acquirer transaction processing date.

processor-auth-credit-code

Approval credit code. Only returned in specific cases.

processor-credit-rrn

Retrieval Reference Number for credit transaction.

processor-credit-arn

Acquirer card reference number for credit transaction.

processor-debit-arn

Acquirer card reference number for debit transaction.

loyalty-balance

The current bonuses balance of the loyalty program for current operation. if available.

loyalty-message

The message from the loyalty program. if available.

loyalty-bonus

The bonus value of the loyalty program for current operation if available.

loyalty-program

The name of the loyalty program for current operation if available.

descriptor

Bank identifier of the payment recipient.

original-gate-descriptor

Descriptor, which is set on gate level in the system.

error-message

If status in declined, error, filtered this parameter contains the reason for decline.

error-code

The error code is case status in declined, error, filtered.

by-request-sn

Serial number assigned to the specific request by gate.gitpay.tech. If this field exist in status request, status response return for this specific request.

verified-3d-status

See 3D Secure Status List for details.

verified-rsc-status

Returned if Random Sum Check was performed. See Alternative cardholder authentication

eci

Electronic Commerce Indicator (Visa).

ips-src-payment-product-code

Code for card set by multinational financial service (Visa/Mastercard).

ips-src-payment-product-name

Decrypted code for card set by multinational financial service (Visa/Mastercard).

ips-src-payment-type-code

Type of card code set by multinational financial service (Visa/Mastercard).

ips-src-payment-type-name

Decrypted code for type of card set by multinational financial service (Visa/Mastercard).

merchantdata

If provided in initial request, merchant_data parameter and its value will be included in status response.

initial-amount

Amount, set in initiating transaction, without any fees or commissions. This value can’t change during the transaction flow.

seller-commission

Total commission for processed transaction. This is optional parameter. Please contact your manager in GitPay, if you would like to receive it.

acquirer-commission

Acquirer commission for processed transaction. This is optional parameter. Please contact your manager in GitPay, if you would like to receive it.

motivational-message

This is an optional message which contains extended information about the reason for the declined transaction.

transaction-date

Date of final status assignment for transaction.

orig-amount

Contains the original request amount if it was converted on auxiliary endpoint in Parallel form integration. Relevant only for Payment Cashier transactions.

orig-currency

Contains the original request currency if it was converted on auxiliary endpoint in Parallel form integration. Relevant only for Payment Cashier transactions.

PaReqForm Status Response Parameters

Name

Description

tds-pareq-form-pareq

ACS 3DS PaReq data, which received by the Connecting Party.

tds-pareq-form-acs-url

ACS URL to redirect the Payer to 3DS 1.0.2 Authentication Flow.

CReqForm Status Response Parameters

Name

Description

tds-creq-form-creq

A CReq message initiates Cardholder interaction in a Challenge Flow and is used to carry authentication data from the Cardholder. It is formed by the 3DS Server and is posted through the Cardholder’s browser by the merchant to the ACS URL.

tds-creq-form-acs-url

ACS URL to redirect the Payer for Challenge Flow.

MethodUrlFrame Status Response Parameters

Name

Description

tds-method-url-frame-3ds-server-trans-id

Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.

tds-method-url-frame-3ds-method-url

3DS Method URL used in iframe form which is provided to Payer browser by the merchant.

Rules to form the HTML form.

threeDSMethodData (threeDSMethodNotificationURL + threeDSServerTransID).

Request Example

POST /paynet/api/v4/status/46750 HTTP/1.1
User-Agent: curl/7.88.1
Accept: */*
Authorization: OAuth oauth_consumer_key="Test_Fuad_Merchant", oauth_nonce="BKOz6eHOs6sDJlLPAJhbDHAaXCy9xxNv", oauth_signature="eQXkV%2BJdiqJlyRqNaEzIKmYa3FZzUjdcMR6lXSfRn9tOYKUNPxI3UKU%2F%2FGsPpofXL%2B2RBjGh3Gqv%2BZBoKaVKOgNKwNNwpA4IOaskV71uuMbZCp0gPEbS%2BVaWLD8vzqpcgZ%2Bd5DRNMfimyXkWVWbsMUYj8N%2BSpXl4YnGIo0nXz9Q0Ppxetie3EG9NrN7CNu7NdovVjmstfYqpDRv9OhLo4tSQTD9C6bWvW2kmEvZsb2d1KANsGUW6rXyjkIoPxJ2XigIXBOUfwSWj9cV7SsZ%2FNk%2FVjNWgav2uw9J9I%2FiTqLLcKZ1pTWj1WOMwXhfoMCP10XOAOe72CQHX0DJL%2BFt01jmOXLvLdEkUZTFzsC6DGfHSDdcsjXquc9gxFKVr3d8e15by3566UI4pXKef%2Fe%2B3Ytvlrj7IUhIcNyA%2BVXp%2FwivxgwYu2xpQJMs6wlvw6Lz3N2wcFRqLs5ZEbdZ1%2F29pox8XW0ae8yZ2z2PClPzmJIoDcOr0GEtwyz5ByyeW0m33XA67UbPN6rwbdlVL2gwMqWwkn7KDYp7%2BifP%2B2BdbyXnw2LeJcuYDYAIDHa%2Bi0P09ZVToBpeLOx%2FobSF2y%2FsheVgo0O%2FRWtUEEXONvd0n7hEdnJ7mMYNivNitbfQ4SryQ2o8CdUDk9RgEaR7pn7ybTi4rQEhDqWF8sFMtaKhFn9o%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1734327207", oauth_version="1.0"
Content-Length: 58
Content-Type: application/x-www-form-urlencoded
Connection: close

client_orderid=1&login=Test_Fuad_Merchant&order_id=7364742

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 16 Dec 2024 05:38:33 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 1469

type=status-response
&serial-number=00000000-0000-0000-0000-000002f38234
&merchant-order-id=123456
&processor-tx-id=PNTEST-7364748
&paynet-order-id=7364748
&status=approved
&amount=10.42
&currency=USD
&descriptor=Test
&original-gate-descriptor=Test
&transaction-type=transfer
&receipt-id=2f885ae0-5220-3549-8eb5-622f4201f882
&name=John+Doe
&cardholder-name=John+Doe
&card-exp-month=12
&card-exp-year=2099
&processor-rrn=0435171505391
&approval-code=466875
&order-stage=transfer_approved
&last-four-digits=5721
&bin=421070
&card-type=VISA
&bank-name=DEMIRBANK+OJSC
&dest-bank-name=JPMORGAN+CHASE+BANK+N.A.
&dest-bin=423261
&dest-last-four-digits=1636
&dest-card-type=VISA
&auth-response-code=00
&paynet-processing-date=2024-12-16+08%3A37%3A25+MSK
&acquirer-processing-date=2024-12-16+08%3A37%3A25+MSK
&processor-auth-credit-code=311830
&card-hash-id=2511341
&destination-card-hash-id=2511340
&card-country-alpha-three-code=AZE
&destination-card-country-alpha-three-code=USA
&verified-3d-status=NOT_AUTHENTICATED
&processor-credit-rrn=0435147814453
&processor-credit-arn=899834666
&processor-debit-arn=668539305
&ips-src-payment-product-code=UNK
&ips-src-payment-product-name=Unknown
&ips-src-payment-type-code=Credit
&ips-src-payment-type-name=VISA+Credit
&ips-dst-payment-product-code=UNK
&ips-dst-payment-product-name=Unknown
&ips-dst-payment-type-code=Prepaid
&ips-dst-payment-type-name=VISA+Prepaid
&initial-amount=10.42
&transaction-date=2024-12-16+08%3A37%3A34+MSK

Fail Response Example

HTTP/1.1 200
Server: server
Date: Mon, 16 Dec 2024 05:33:57 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 164

type=status-response
&serial-number=00000000-0000-0000-0000-000002f38231
&merchant-order-id=1
&status=error
&error-message=AMBIGUOUS_CLIENT_ORDER_ID
&error-code=124

Postman Collection

Request Builder

Enter your private key in PKCS#1 container to use debug. See RSA-SHA256 for details.

Order status form
URL
login

login should be used as Consumer Public for OAuth

client_orderid

input Invoice Number

orderid
by-request-sn

Normalized parameters string to sign, according to OAuth 1.0a rules
POST body parameters to submit
OAuth 1.0a headers to submit.
HEX Encoded Signature
* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.
Base64 Encoded Signature
* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.