Recurring billing is when a merchant automatically charges a cardholder for specified goods or services on a prearranged schedule. Recurring billing requires the merchant to get the cardholder’s permission one time up front for recurring charges.
First of all, before continuing you should read the documentation to find out if it's the right tool, which you are looking for.
At this time recurring billing API is only available in Production, which is used as a real environment. To obtain an account register in Paysera.
Create a Checkout project and fill all the required information.
Contact Paysera with a description of how are you going to implement Recurring Billing API and your
project ID. We will determine if there is no problems with enabling this API for your business.
If your business is compatible, we will configure API client and send credentials to you. You can now begin to integrate Recurring Billing API.
In order to collect real payments, contact Paysera, so we can reconfigure your business.
All API calls must be authenticated. Currently, one authentication scheme is used:
In any case, all requests to the Paysera system are made using HTTPS protocol. Paysera system always authenticates the client, but the client needs to be sure that the authentication on Paysera server is performed too.
MAC access authentication used in API is based on the OAuth 2.0 Message Authentication Code (MAC) Tokens specification.
Before using API, you must register your app in Paysera system. Public registration is not yet available, please contact our support to register the client for this API. You will be provided with your credentials, for example:
business_id: IrdTc8uQodU7PRpLzzLTW6wqZAO6tAMU mac_id: Opb2XVb-gEh4aGcR09Ko5Wb8V_6vueDM mac_key: i-_Qs9Jzn7UqBts7Ts5cEiC2CRROpOag mac_algorithm: hmac-sha-256
mac_keymust be kept secret at all times.
At each request to API the client must construct an authentication header by calculating the UNIX
generating a random string used as a
nonce. From these values, together with the HTTP request method,
request URI, hostname, port and
mac_key, the client has to calculate hash using the algorithm
mac_algorithm. This calculated hash is
mac value, which must be included in the
MAC) and the following parameters:
id- ID assigned to the client making the request (
ts- calculated UNIX timestamp;
nonce- randomly generated value; only characters in ranges %x20-21 / %x23-5B / %x5D-7E can be used;
mac- calculated hash of request values and
ext- extension to MAC protocol. May contain parameter
body_hashand extra parameters
location_id. Parameters are URL-encoded.
body_hashis the result of sha256 and base64 encoded request content if it's present. If there is no content,
body_hashshould be omitted.
extcan be empty if there are no parameters, including
POST /checkout/rest/v1/payment-requests Host: checkout-eu-a.paysera.com Authorization: MAC id="wkVd93h2uS", ts="1343811600", nonce="nQnNaSNyubfPErjRO55yaaEYo9YZfKHN", mac="Fq2JdkPxXggdNUjjhMuMXD6TNxwyTC8bkG3bJGIx3L4="
macvalue is calculated from the normalized request string and
\nin most of programming languages):
Hostrequest header in lower case;
extfield - URL-encoded string containing various extra parameters.
GET /notification/rest/v1/notifications/ABcJDZe-rWzLgQKxZTamdfZRApsrPuyE Host: checkout-eu-a.paysera.com
1343818800\n nQnNaSNyubfPErjRO55yaaEYo9YZfKHN\n GET\n /notification/rest/v1/notifications/ABcJDZe-rWzLgQKxZTamdfZRApsrPuyE\n checkout-eu-a.paysera.com\n 443\n \n
macis calculated using HMAC algorithm together with the sha256 hash function:
mac = HMAC-SHA256(mac_key, normalizedRequestString)
Please refer to HMAC and SHA256 specifications for more details on these algorithms.
The result is provided as a binary result, encoded in base64.