3.26. /api/v4/withdrawal-sbp

Introduction

To make a withdrawal send an HTTPS POST request - by using URLs and the parameters specified below. Use OAuth RSA-SHA256 for authentication.

API URLs

Integration

Production

https://sandbox.sbctech.ru/paynet/api/v4/withdrawal-sbp/ENDPOINTID

https://gate.sbctech.ru/paynet/api/v4/withdrawal-sbp/ENDPOINTID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded and Authorization headers.

Parameter Name

Description

Value

client_orderid

Connecting Party’s order identifier.
Necessity: Required
Type: String
Length: 128

amount

Amount to be charged. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.
Necessity: Required
Type: Numeric
Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Sample values are: USD for US Dollar EUR for European Euro.
Necessity: Required
Type: String
Length: 3

receiver_phone

Receiver phone, also can be sent as phone.
Necessity: Required
Type: Numeric
Length: 128

merchant_data

Any additional information for this transaction which may be useful in Connecting Party’s external systems, e.g. VIP customer, TV promo campaign lead. Will be returned in Status response and Connecting Party Callback. For SBP, this parameter is used to pass Receiver’s bank code. Contact SBC for details.
Necessity: Required
Type: String
Length: 64k

bank_id

Any additional information for this transaction which may be useful in Connecting Party’s external systems, e.g. VIP customer, TV promo campaign lead. Will be returned in Status response and Connecting Party Callback. For SBP, this parameter is used to pass Receiver’s bank code. Also can be sent as merchant_data. Contact SBC for details.
Necessity: Required
Type: String
Length: 64k

ipaddress

Receiver’s IP address (IPv4 or IPv6).
Necessity: Conditional
Type: String
Length: 7-45

purpose

Withdrawal purpose.
Necessity: Conditional
Type: String
Length: 128

receiver_first_name

Receiver first name, also can be sent as first_name.
Necessity: Conditional
Type: String
Length: 128

receiver_last_name

Receiver last name, also can be sent as last_name.
Necessity: Conditional
Type: String
Length: 128

receiver_country_code

Receiver country code, also can be sent as country.
Necessity: Conditional
Type: String
Length: 3

receiver_state

Receiver state, should be provided for countries that have states (USA, Canada, Australia), also can be sent as state.
Necessity: Conditional
Type: String
Length: 4

receiver_city

Receiver city, also can be sent as city.
Necessity: Conditional
Type: String
Length: 128

receiver_zip_code

Receiver zip code, also can be sent as zip_code.
Necessity: Conditional
Type: Numeric
Length: 32

receiver_address1

Receiver address, also can be sent as address1.
Necessity: Conditional
Type: String
Length: 256

receiver_email

Receiver E-mail, also can be sent as email.
Necessity: Conditional
Type: String
Length: 128

order_desc

Brief order description.
Necessity: Optional
Type: String
Length: 64

server_callback_url

URL the transaction result will be sent to. Connecting Party may use this URL for custom processing of the transaction completion, e.g. to collect sales data in Connecting Party’s database. See more details at Connecting Party Callbacks.
Necessity: Optional
Type: String
Length: 128

* Ask Support Manager if Conditional fields are Required for integration.

Response Parameters

Note

Response has Content-Type: text/html;charset=utf-8 header. All fields are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value.

Withdrawal Request Parameters

Description

type

The type of response. May be async-response, validation-error, error. If type equals validation-error or error, error-message and error-code parameters contain error details

paynet-order-id

Order id assigned to the order by SBC.

merchant-order-id

Connecting Party order id.

serial-number

Unique number assigned by SBC server to particular request from the Connecting Party.

error-message

If status is error this parameter contains the reason for decline or error details.

error-code

The error code is case of error status.

Request Example

POST /paynet/api/v4/withdrawal-sbp/39915 HTTP/1.1
Host: sandbox.sbctech.ru
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="b5E31Tw6SVjauE29uOf2jOLnuUSXmVdE", oauth_signature="WrW79JHNUVwDRhCGWQYgaN6xmJXpQxy8XSNyCOL6b2Wyf7V5BWGMe2TZa1bjC9ZeO0Q3FcQxeGGHv0%2F7hsMAsJNQEET321VNsbDwao2Ep%2Bp7eoYiGYrVveSrSW1diCrBf3AJYJZM0PTJ67Sl8XyeTVBHT4kpC5qBu3xDQ3aFfKnmRTmn9fiVsYsYu3DQrsHM1K9uAoltGt3Muz0kCDZ3MWNGrNqtdpWuar8HRQD3kckcPjuN9D6VrSuQm9eLx27G%2FvkiP%2BZ44i8ghIUp61NWSrJ4Ky69JiZ%2FoaVVmUTEaanc%2F%2B%2BQT6jBwWy%2Bb%2FTLUrxtSakeNfcjn1JVwRf4aCX2fhyG5ozH%2BjiXF6eRb83WVqBUAwykSq35pLU3Vmua3pKMKAJK1ZRDZdjGrT50KJg5tBniC4JFzdQqjQf%2FhFnDYodfIK3S2qZo%2FD3Bmlya46iEcK6SAQdNBBQue3E5Qi8FEHYrY1o7K8wDyzT1QzqqHF%2BQdmXcElSGu9ge0Y655%2BbGtXhnsUWnKEO0NGqErvAwzm7yUg0e5QWHVf505aE7pr5K4z%2Fzj7AvkuD7R1savqam%2BnnuSfq1E%2BnnnN7mTcC0g18Sr38vdTshcGq99YW3xWKc%2FpuooZYdYa5A6u46o%2BREZSTCD2XexcV49%2F9eVn3xdoTXYq4NISJSY8U7ThKnr0g%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1677831012", oauth_version="1.0"
Content-Length: 150
Content-Type: application/x-www-form-urlencoded
Connection: close

amount: 100.00
&client_orderid=123456
&currency=RUB
&merchant_data=100000000111
&order_desc=Test Order Description
&phone=89031234567
&ipaddress=127.0.0.1
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Fri, 03 Mar 2023 08:10:34 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 137

type=async-response
&serial-number=00000000-0000-0000-0000-000002e2c322
&merchant-order-id=1
&paynet-order-id=6982864
&end-point-id=39915

Fail Response Example

HTTP/1.1 403 Forbidden
Server: server
Date: Thu, 25 Aug 2022 06:50:16 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <title>403</title>

<style type="text/css">
body {
font-family: Arial, sans-serif;
font-size: 130%;
background-color: #eee;
}

p {
margin: 10em auto 0;
width: 500px;
border: 1px solid gray;
text-align: center;
vertical-align: middle;
padding: 40px 20px;
background-color: #fff;
-webkit-border-radius: 20px;
-moz-border-radius: 20px;
border-radius: 20px;
}
</style>
</head>

<body>
<p>Access is denied</p>
</body>
</html>

Postman Collection

Request Builder

Insert PKCS#1 PEM private key for sandbox environment in the field below. Request builder supports up to 4096 key length.

Debug form
URL
parameters
login

login should be used as Consumer Public for OAuth

Normalized parameters string to sign, according to OAuth 1.0a rules
POST body parameters to submit
OAuth 1.0a headers to submit.
HEX Encoded Signature
* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.
Base64 Encoded Signature
* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.