1. Home
  2. Web services
  3. Payments on a service ‘billon.me’

Payments on a service ‘billon.me’

  1. Definitions
  • Shared key, a string that is used to protect API queries available on a settings page of a service ‘billon.me’.
  • Transaction ID, unique transaction ID assigned by the seller. The seller’s obligation is to ensure that the transaction ID is never repeated.
  • Notification address, URL to which notifications of the final status of the transaction will be being sent set by the seller in the billon.me panel.
  • Return address, URL to which paying will be redirected after successful payment set by the seller.
  1. Safety

All queries are protected by a hash of the parameters. The hash is computed as follows:

  1. The values of the parameters must be ‘glued together’ into one string. The shared key should be added at the end of the string.
  2. Hash should be created from the string by function SHA-256. The result must be string in hexadecimal format.

We added received hash to the parameters of the query. The seller must verify parameter hash in the notifications sent by service billon.me. The seller’s obligation is to maintain confidentiality of shared key; in particular the process of calculating hash must take place on secured server. See for possible examples of calculation in point 5.

  1. Initiation of the payments

The seller sets amount of transaction and transaction ID, then redirects the user to:

https://billon.me/:username/:amount/:id/:hash

The transaction has status PENDING at the beginning. The user has 30 minutes to begin transaction. If none of started transactions succeeded at that time, the transaction will receive a final status EXPIRED. If money is transferred successfully, the final status will be SUCCESS. The user is redirected to the return address after the payment.

  1. Notifications

billon.me sends POST request to URL given by the seller after finalizing the transaction. The same notification is sent after change of the status and every minute until seller`s service sends string OK in response but not more than 10 minutes. The request is JSON in format:

{

    username: ‘sklep2’, // Seller`s name in billon.me

    amount: ‘30.50’,

    id: ‘1012001’, // ID given previously in link initiating the payment

    status: ‘SUCCESS’,

    hash: ‘6d8df2630ec108372dc015f51552db68676796142f0178b140803f33a73177f1’

}

 

  1. Example

The seller with an account name in billon.me ‘sklep2’ and shared key ‘a3dcc05f’ set unique id ‘1012001’ for new transaction in the amount of 30,50 zł. The hash is calculated by glueing parameters together in order: username, amount, id and adding shared key at the end:

sklep230.501012001a3dcc05f

After applying function SHA-256 on the string seller`s service receive hash:

6d8df2630ec108372dc015f51552db68676796142f0178b140803f33a73177f1

Next, the user is redirected to:

https://billon.me/:username/:amount/:id/:hash

in other words

https://billon.me/sklep2/30.50/1012001/6d8df2630ec108372dc015f51552db68676796142f0178b140803f33a73177f1

The user makes a payment. The service billon.me sends notification about giving payment final status to URL given in panel by seller after transferring money:

{

    username: ‘sklep2’, // Seller`s name in billon.me

    amount: ‘30.50’,

    id: ‘1012001’, // ID given previously in link initiating the payment

    status: ‘SUCCESS’,

    hash: ‘cf3a79ca80bfeba5288039458f95a8ba9f8092ff0a2bedda79f794040b1bec43’

}

 

The hash in the notification is created with string sklep230.501012001SUCCESSa3dcc05f

The notification is reassurance that money is at seller`s account. It is sent every minute for 10 minutes until seller`s service sends string OK in response. In case of lack of successful finished payment parameter status would have value EXPIRED.

The user is redirected to the return address set by seller immediately after finished payment.

Was this article helpful to you? Yes 1 No

How can we help?