{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"79ce8686-8753-4e7f-bc8c-e831d02c8736","name":"Main API Collection","description":"## Authentication\n\nAll API requests require authentication using a Bearer token in the `Authorization` header.\n\n**Headers:**\n\n- `Authorization: Bearer`\n    \n- `Content-Type: application/json`\n    \n- `Signature:`\n    \n\n## Signature Verification\n\nAll requests and responses should be signed using HMAC-SHA256 with your secret key. This ensures the integrity and authenticity of the data exchanged between your system and the API.\n\n### Generating a Signature\n\nTo generate a signature, create an HMAC-SHA256 hash of the request body using your secret key.\n\nThere is a simple piece of PHP code that shows how to generate a signature:\n\n``` php\n/** @var \\Psr\\Http\\Message\\RequestInterface $request */\n$signature = hash_hmac(\n  'sha256',\n  $request->getBody()->getContents(),\n  $secretKey\n);\n$request->withHeader('Signature', $signature);\n\n ```\n\nOr JavaScript/Node.js:\n\n``` javascript\nconst hmac = require('crypto-js/hmac-sha256');\nconst body = {\n    orderId: '123',\n    // ...\n};\nconst signature = hmac(JSON.stringify(body), 'secretKey')\n  .toString();\n// 0a059c58184f388c6fe56bc07bf0b71f941ad85175283b5257fc9490422d9f6e\n\n ```\n\nOr Python:\n\n``` python\nimport hashlib\nimport hmac\nimport json\ndef _signature(data: dict, secret: str) -> str:\n    # IMPORTANT: use separators to remove spaces after : and ,\n    string = json.dumps(data, separators=(\",\", \":\"))\n    secret_key = bytes(secret, \"utf8\")\n    return hmac.new(secret_key, string.encode(), hashlib.sha256).hexdigest()\ndef _gen_headers(payload: dict, api_key: str, secret: str) -> tuple:\n    sign = _signature(payload, secret)\n    headers = {\n        \"Signature\": sign,\n        \"Content-Type\": \"application/json\",\n        \"Authorization\": f\"Bearer {api_key}\"\n    }\n    return headers, payload\n# Example usage:\ndata = {\n    'orderId': '123',\n    'merchantId': 'your_merchant_id',\n    'amount': 1000\n}\nheaders, payload = _gen_headers(data, 'your_api_key', 'your_secret_key')\nprint(headers['Signature'])\n# 0ff2fa58c4811407c4cd5fcb5adef76bf32c4213a579da5b17ebffb61525cb11\n\n ```\n\n## Signature Verification for Callbacks\n\nEach callback contains a `Signature` header signed with your secret key. It is important to verify callback signature in order to prevent possible security vulnerabilities.\n\n**Example in JavaScript (verifying callback):**\n\n``` javascript\nconst crypto = require('crypto');\n// callbackBody - raw body string received from callback request\nconst signature = callbackHeaders['Signature'];\nconst expectedSignature = crypto.createHmac('sha256', secretKey).update(callbackBody).digest('hex');\nif (signature === expectedSignature) {\n  // Signature is valid - process the callback\n} else {\n  // Signature is invalid - reject the callback\n}\n\n ```\n\n---\n\n**Example in PHP (verifying callback):**\n\n``` php\n$callbackBody = file_get_contents('php://input');\n$signature = $_SERVER['HTTP_SIGNATURE'] ?? '';\nif($signature === hash_hmac('sha256', $callbackBody, $secretKey))\n{\n  // Signature is valid - you can trust this callback\n}\n\n ```\n\n---\n\n### Error Codes\n\nBelow is a summary of error codes that can be returned by the API:\n\n| HTTP Status | Code | Message | Details |\n| --- | --- | --- | --- |\n| 400 | 400 | Invalid amount | The amount should be between minimum and maximum allowed values. |\n| 400 | 40001 | Invalid orderId | The provided orderId is either malformed or already exists. |\n| 400 | 40002 | All requisites are busy / Invoice creation failed | Unable to create an invoice; all requisites are currently busy or url is not available. |\n| 400 | 40003 | Invalid payment method | The specified payment method is not associated with the merchant or currency mismatch. |\n| 400 | 40004 | Insufficient funds | The merchant does not have sufficient funds to process this payout. |\n| 400 | 40008 | Request is being processed | The request is currently being processed. Please wait before retrying. |\n| 401 | 401 | Unauthorized | No authorization provided and no order_id provided. |\n| 403 | 403 | Access denied | Your IP address is not in the whitelist. |\n| 403 | 40301 | User blocked | This user has been blocked from making payments. |\n| 403 | 40302 | Anti-spam protection triggered | Too many payment requests in a short period. User has been blocked. |\n| 404 | 40401 | Merchant not found / Payment not found | The specified merchantId does not exist or is invalid. / No payment found for the given orderId. |\n| 404 | 40402 | Payment method not found / No banks available | The specified payment method does not exist. / There are no banks available for the specified method or currency. |\n| 404 | 40403 | No payment methods found | The merchant does not have any associated payment methods. |\n| 404 | 40404 | Resource not found | The requested resource was not found. |\n| 409 | 40901 | Duplicate payment / Invoice already exists | Payment with this orderId already exists and has been processed. / An invoice is already associated with this payment. |\n| 422 | 422 | Unprocessable Content | The selected status is invalid. |\n| 500 | 50001 | An error occurred / Internal server error | Internal server error. |\n\n---\n\n## Callbacks\n\nWhen a payment's status changes, the system can send a callback to the `callbackUri` provided during payment creation. The callback will include a signed payload similar to the response from the \"[Get Payment Status](#9a8a7412-0b96-46bf-92c7-9a727ae89025)\" endpoint. Header has signature.\n\n**Possible state Values:**\n\n- `created` - payment created without an invoice (no method selected, user is redirected to choose a method)\n    \n- `pending`\\- **payment successfully created with the chosen method!**\n    \n- `dispute`\\- dispute/appeal\n    \n- `in_check`\\- payment verification initiated by the user or an active payout in progress.\n    \n- `finished`\\- payment successfully completed (final status).\n    \n- `canceled`\\- canceled by the user or the gateway (final status for payouts).\n    \n- `expired`\\- payment expired.\n    \n- `failed`\\- payment creation failed; no suitable requisite found (final status)\n    \n\n---\n\n---\n\n## Notes\n\n- **Error Handling:** Always check for `status: false` in the response to handle errors gracefully.\n    \n- **Rate Limiting:** Excessive requests may result in rate limiting. Ensure your application handles HTTP 429 responses.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"13931884","team":1591748,"collectionId":"79ce8686-8753-4e7f-bc8c-e831d02c8736","publishedId":"2sAYQdipUu","public":true,"publicUrl":"https://docs.aggrepay.pro","privateUrl":"https://go.postman.co/documentation/13931884-79ce8686-8753-4e7f-bc8c-e831d02c8736","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":""},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":null,"colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":null,"colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.0","publishDate":"2026-02-11T20:36:59.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":""},"logos":{"logoLight":null,"logoDark":null}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/db3a44929bab6b45ac972de06d4a3011d30ce0d9daad23d281a980542017deb3","favicon":"https://aggrepay.pro/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://docs.aggrepay.pro/view/metadata/2sAYQdipUu"}