3.30. /api/v4/transfer-form

Introduction

Transfer is a type of complex transaction that allows to move funds between bank cards (Primary Account Number - PAN), card tokens (Recurring Payment ID - RPI) and Connecting Party bank account (deposits).
Transfer Form integration is relevant for Connecting Party who are not able to accept Connecting Party order ID. card details (Connecting Party’s website must complete PCI DSS certification). Using Transfer Form integration Connecting Party is released of accepting payment details. In this case the accepting and processing of payment details is carried out on the Gumballpay side (if PAN is not sent). This type of integration also allows the Sender (for transfers between cards) or Receiver (for deposit to card) to submit their PAN on Gumballpay side.
Transfer is initiated through HTTPS POST request to the URL with the required parameters depending on a certain transfer Use-Case (see below). Use RSA-SHA256 for authentication.
Transfer Form Use-Cases diagram:

hide members
hide circle

circle " " as c2
package From <<Frame>> {
class "Form" as f1a
class "Card number\n(Pan)" as pan1a
class "Reccuring Payment ID\n(RPI)" as rpi1a
class "Connecting Party Account\n(Deposit to card)" as dca

}
package To <<Frame>> {
class "Card number\n(Pan)" as pan2
class "Reccuring Payment ID\n(RPI)" as rpi2
class "Form" as f2

}

f1a --|> pan2
f1a --|> rpi2
f1a -- c2
pan1a -- c2
rpi1a -- c2
dca -- c2
dca -[hidden]> f2
c2 --|> f2

Form to PAN

Transfer from Form to PAN occurs when transferring funds from payment details indicated in form to bank card for which its number is indicated.

Form to RPI

Transfer from Form to RPI occurs when funds are transferred from payment details indicated in form to bank card for which its recurring payment id is indicated.

PAN to Form

Transfer from RPI to Form occurs when funds are transferred from one bank card for which its number is indicated to payment details indicated in form.

RPI to Form

Transfer from RPI to Form occurs when funds are transferred from one bank card for which its recurring payment id is indicated to payment details indicated in form.

Form to Form

Transfer from Form to Form occurs when funds are transferred from payment details indicated in form to another payment details indicated in form.

deposit to Form

Transfer from deposit to Form occurs when funds are transferred from Connecting Party account to payment details indicated in form.

API URLs

Integration

Production

https://sandbox.gumballpay.com/paynet/api/v4/transfer-form/ENDPOINTID

https://gate.gumballpay.com/paynet/api/v4/transfer-form/ENDPOINTID

https://sandbox.gumballpay.com/paynet/api/v4/transfer-form/group/ENDPOINTGROUPID

https://gate.gumballpay.com/paynet/api/v4/transfer-form/group/ENDPOINTGROUPID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded and Authorization headers.

Parameter Name

Description

Value

destination-card-no, alias destination

Receiver`s card PAN.

Necessity: Required

Type: Numeric

Length: 19

deposit2card

Marker of deposit to card transfer. If “true”, no sender cardholder data is needed to process the transaction. If “false”, sender cardholder data is needed.

Value: False

Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.

Necessity: Required

Type: String

Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.

Necessity: Required

Type: Numeric

Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.

Necessity: Required

Type: String

Length: 3

order_desc

Order description.

Necessity: Required

Type: String

Length: 64k

client_orderid

Connecting Party order ID.

Necessity: Required

Type: String

Length: 128

first_name

Sender or Receiver’s first name.

Necessity: Optional

Type: String

Length: 50

last_name

Sender or Receiver’s last name.

Necessity: Optional

Type: String

Length: 50

ssn

Last four digits of the Sender or Receivers’s social security number.

Necessity: Optional

Type: Numeric

Length: 4

birthday

Sender or Receiver’s birthday.

Necessity: Optional

Type: Numeric

Length: 8

address1

Sender or Receiver’s address.

Necessity: Optional

Type: String

Length: 50

city

Sender or Receiver’s city.

Necessity: Optional

Type: String

Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.

Necessity: Optional

Type: String

Length: 2

zip_code

Sender or Receiver`s zip code.

Necessity: Optional

Type: String

Length: 10

country

Sender or Receiver’s country (two letter abbreviation).

Necessity: Optional

Type: String

Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; [email protected] etc. This value will be used by fraud monitoring system

Necessity: Optional

Type: String

Length: 128

email

Sender or Receiver’s email address.

Necessity: Optional

Type: String

Length: 50

site_url

URL the original transfer is made from.

Necessity: Optional

Type: String

Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.

Necessity: Optional

Type: String

Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.

Necessity: Optional

Type: String

Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.

Necessity: Optional

Type: String

Length: 128

server_callback_url

URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url

refer to Connecting Party callback parameters.

Necessity: Optional

Type: String

Length: 1024

Parameter Name

Description

Value

destination_card_recurring_payment_id

Receiver`s recurring payment ID. To create destination_card_recurring_payment_id please see Card Reference ID Creation.

Necessity: Required

Type: Long

deposit2card

Marker of deposit to card transfer. If “true”, no sender cardholder data is needed to process the transaction. If “false”, sender cardholder data is needed.

Value: False

Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.

Necessity: Required

Type: String

Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.

Necessity: Required

Type: Numeric

Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.

Necessity: Required

Type: String

Length: 3

order_desc

Order description.

Necessity: Required

Type: String

Length: 64k

client_orderid

Connecting Party order ID.

Necessity: Required

Type: String

Length: 128

first_name

Sender or Receiver’s first name.

Necessity: Optional

Type: String

Length: 50

last_name

Sender or Receiver’s last name.

Necessity: Optional

Type: String

Length: 50

ssn

Last four digits of the Sender or Receivers’s social security number.

Necessity: Optional

Type: Numeric

Length: 4

birthday

Sender or Receiver’s birthday.

Necessity: Optional

Type: Numeric

Length: 8

address1

Sender or Receiver’s address.

Necessity: Optional

Type: String

Length: 50

city

Sender or Receiver’s city.

Necessity: Optional

Type: String

Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.

Necessity: Optional

Type: String

Length: 2

zip_code

Sender or Receiver`s zip code.

Necessity: Optional

Type: String

Length: 10

country

Sender or Receiver’s country (two letter abbreviation).

Necessity: Optional

Type: String

Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; [email protected] etc. This value will be used by fraud monitoring system

Necessity: Optional

Type: String

Length: 128

email

Sender or Receiver’s email address.

Necessity: Optional

Type: String

Length: 50

site_url

URL the original transfer is made from.

Necessity: Optional

Type: String

Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.

Necessity: Optional

Type: String

Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.

Necessity: Optional

Type: String

Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.

Necessity: Optional

Type: String

Length: 128

server_callback_url

URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url

refer to Connecting Party callback parameters.

Necessity: Optional

Type: String

Length: 1024

Parameter Name

Description

Value

credit_card_number

Sender`s credit card number.

Necessity: Required

Type: Numeric

Length: 19

cvv2

Sender`s CVV2 code. CVV2 (Card Verification Value) is the three of four digit number farthest to the right on the flip side of a credit card.

Necessity: Required

Type: String

Length: 3-4

expire_month

Sender credit card’s month of expiration.

Necessity: Required

Type: String

Length: 2

expire_year

Sender credit card’s year of expiration.

Necessity: Required

Type: String

Length: 2-4

card_printed_name

Sender`s card printed name.

Necessity: Required

Type: String

Length: 128

deposit2card

Marker of deposit to card transfer. If “true”, no sender cardholder data is needed to process the transaction. If “false”, sender cardholder data is needed.

Value: False

Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.

Necessity: Required

Type: String

Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.

Necessity: Required

Type: Numeric

Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.

Necessity: Required

Type: String

Length: 3

order_desc

Order description.

Necessity: Required

Type: String

Length: 64k

client_orderid

Connecting Party order ID.

Necessity: Required

Type: String

Length: 128

first_name

Sender or Receiver’s first name.

Necessity: Optional

Type: String

Length: 50

last_name

Sender or Receiver’s last name.

Necessity: Optional

Type: String

Length: 50

ssn

Last four digits of the Sender or Receivers’s social security number.

Necessity: Optional

Type: Numeric

Length: 4

birthday

Sender or Receiver’s birthday.

Necessity: Optional

Type: Numeric

Length: 8

address1

Sender or Receiver’s address.

Necessity: Optional

Type: String

Length: 50

city

Sender or Receiver’s city.

Necessity: Optional

Type: String

Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.

Necessity: Optional

Type: String

Length: 2

zip_code

Sender or Receiver`s zip code.

Necessity: Optional

Type: String

Length: 10

country

Sender or Receiver’s country (two letter abbreviation).

Necessity: Optional

Type: String

Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; [email protected] etc. This value will be used by fraud monitoring system

Necessity: Optional

Type: String

Length: 128

email

Sender or Receiver’s email address.

Necessity: Optional

Type: String

Length: 50

site_url

URL the original transfer is made from.

Necessity: Optional

Type: String

Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.

Necessity: Optional

Type: String

Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.

Necessity: Optional

Type: String

Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.

Necessity: Optional

Type: String

Length: 128

server_callback_url

URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url

refer to Connecting Party callback parameters.

Necessity: Optional

Type: String

Length: 1024

Parameter Name

Description

Value

cvv2

Sender`s CVV2 code. CVV2 (Card Verification Value) is the three of four digit number farthest to the right on the flip side of a credit card.

Necessity: Required

Type: String

Length: 3-4

card_recurring_payment_id

Sender`s recurring payment ID. To create card_recurring_payment_id please see Card Reference ID Creation.

Necessity: Required

Type: Long

deposit2card

Marker of deposit to card transfer. If “true”, no sender cardholder data is needed to process the transaction. If “false”, sender cardholder data is needed.

Value: False

Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.

Necessity: Required

Type: String

Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.

Necessity: Required

Type: Numeric

Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.

Necessity: Required

Type: String

Length: 3

order_desc

Order description.

Necessity: Required

Type: String

Length: 64k

client_orderid

Connecting Party order ID.

Necessity: Required

Type: String

Length: 128

first_name

Sender or Receiver’s first name.

Necessity: Optional

Type: String

Length: 50

last_name

Sender or Receiver’s last name.

Necessity: Optional

Type: String

Length: 50

ssn

Last four digits of the Sender or Receivers’s social security number.

Necessity: Optional

Type: Numeric

Length: 4

birthday

Sender or Receiver’s birthday.

Necessity: Optional

Type: Numeric

Length: 8

address1

Sender or Receiver’s address.

Necessity: Optional

Type: String

Length: 50

city

Sender or Receiver’s city.

Necessity: Optional

Type: String

Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.

Necessity: Optional

Type: String

Length: 2

zip_code

Sender or Receiver`s zip code.

Necessity: Optional

Type: String

Length: 10

country

Sender or Receiver’s country (two letter abbreviation).

Necessity: Optional

Type: String

Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; [email protected] etc. This value will be used by fraud monitoring system

Necessity: Optional

Type: String

Length: 128

email

Sender or Receiver’s email address.

Necessity: Optional

Type: String

Length: 50

site_url

URL the original transfer is made from.

Necessity: Optional

Type: String

Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.

Necessity: Optional

Type: String

Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.

Necessity: Optional

Type: String

Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.

Necessity: Optional

Type: String

Length: 128

server_callback_url

URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url

refer to Connecting Party callback parameters.

Necessity: Optional

Type: String

Length: 1024

Parameter Name

Description

Value

deposit2card

Marker of deposit to card transfer. If “true”, no sender cardholder data is needed to process the transaction. If “false”, sender cardholder data is needed.

Value: False

Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.

Necessity: Required

Type: String

Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.

Necessity: Required

Type: Numeric

Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.

Necessity: Required

Type: String

Length: 3

order_desc

Order description.

Necessity: Required

Type: String

Length: 64k

client_orderid

Connecting Party order ID.

Necessity: Required

Type: String

Length: 128

first_name

Sender or Receiver’s first name.

Necessity: Optional

Type: String

Length: 50

last_name

Sender or Receiver’s last name.

Necessity: Optional

Type: String

Length: 50

ssn

Last four digits of the Sender or Receiver’s social security number.

Necessity: Optional

Type: Numeric

Length: 4

birthday

Sender or Receiver’s birthday.

Necessity: Optional

Type: Numeric

Length: 8

address1

Sender or Receiver’s address.

Necessity: Optional

Type: String

Length: 50

city

Sender or Receiver’s city.

Necessity: Optional

Type: String

Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.

Necessity: Optional

Type: String

Length: 2

zip_code

Sender or Receiver`s zip code.

Necessity: Optional

Type: String

Length: 10

country

Sender or Receiver’s country (two letter abbreviation).

Necessity: Optional

Type: String

Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; [email protected] etc. This value will be used by fraud monitoring system

Necessity: Optional

Type: String

Length: 128

email

Sender or Receiver’s email address.

Necessity: Optional

Type: String

Length: 50

site_url

URL the original transfer is made from.

Necessity: Optional

Type: String

Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.

Necessity: Optional

Type: String

Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.

Necessity: Optional

Type: String

Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.

Necessity: Optional

Type: String

Length: 128

server_callback_url

URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url

refer to Connecting Party callback parameters.

Necessity: Optional

Type: String

Length: 1024

Parameter Name

Description

Value

deposit2card

Marker of deposit to card transfer. If “true”, no sender cardholder data is needed to process the transaction. If “false”, sender cardholder data is needed.

Value: True

Type: Boolean

ipaddress

The Sender or Receiver’s IP address, include for fraud screening purposes. NB: 45 is for IPv4 tunneling like 0000:0000:0000:0000:0000:0000:192.168.100.101.

Necessity: Required

Type: String

Length: 45

amount

Amount to be transferred. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents.

Necessity: Required

Type: Numeric

Length: 10

currency

Currency the transaction is charged in (three-letter currency code). Example of valid parameter values are: USD for US Dollar, EUR for European Euro.

Necessity: Required

Type: String

Length: 3

order_desc

Order description.

Necessity: Required

Type: String

Length: 64k

client_orderid

Connecting Party order ID.

Necessity: Required

Type: String

Length: 128

first_name

Sender or Receiver’s first name.

Necessity: Optional

Type: String

Length: 50

last_name

Sender or Receiver’s last name.

Necessity: Optional

Type: String

Length: 50

ssn

Last four digits of the Sender or Receiver’s social security number.

Necessity: Optional

Type: Numeric

Length: 4

birthday

Sender or Receiver’s birthday.

Necessity: Optional

Type: Numeric

Length: 8

address1

Sender or Receiver’s address.

Necessity: Optional

Type: String

Length: 50

city

Sender or Receiver’s city.

Necessity: Optional

Type: String

Length: 50

state

Sender or Receiver’s state (two-letter state code). Please see Mandatory State Codes for a list of valid state codes. Required for USA, Canada and Australia.

Necessity: Optional

Type: String

Length: 2

zip_code

Sender or Receiver`s zip code.

Necessity: Optional

Type: String

Length: 10

country

Sender or Receiver’s country (two letter abbreviation).

Necessity: Optional

Type: String

Length: 2

phone

Sender or Receiver’s full international phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

cell_phone

Sender or Receiver’s full international cell phone number, including country suffix.

Necessity: Optional

Type: String

Length: 15

purpose

Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; [email protected] etc. This value will be used by fraud monitoring system

Necessity: Optional

Type: String

Length: 128

email

Sender or Receiver’s email address.

Necessity: Optional

Type: String

Length: 50

site_url

URL the original transfer is made from.

Necessity: Optional

Type: String

Length: 128

redirect_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. Optional for direct integration (non-form) deposit2card. This parameter must be used if there is neither redirect_success_url nor redirect_fail_url.

Necessity: Optional

Type: String

Length: 1024

redirect_success_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

redirect_fail_url

URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. This parameter should not be used to retrieve results from Doc2.0 gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to the backend server_callback_url must be used instead. http://https://doc.gumballpay.com/ should be passed if non-3DS schema for transactions processing is used and there is no need to redirect Sender or Receiver anywhere. This parameter must be used if there is no redirect_url.

Necessity: Optional

Type: String

Length: 1024

preferred_language

Sender or Receiver’s two-letter language code for multi-language transfer forms.

Necessity: Optional

Type: String

Length: 2

merchant_form_data

Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters [a-zA-Z0-9], parameter value characters [a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.

Necessity: Optional

Type: String

Length: 128

server_callback_url

URL, where the transaction status is sent to. Connecting Party may use server callback URL for custom processing of the transaction completion, e.g. to collect payment data in the Connecting Party’s information system. For the list of parameters which come along with server callback to server_callback_url

refer to Connecting Party callback parameters.

Necessity: Optional

Type: String

Length: 1024

Response Parameters

Note

Response has Content-Type: text/html;charset=utf-8 header. All fields are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value.

Parameter

Description.

type

The type of response. May be async-response, validation-error, error. If type equals validation-error or error, ex:error-message and error-code parameters contain error details.

paynet-order-id

Order id assigned to the order by Gumballpay.

merchant-order-id

Connecting Party order ID.

serial-number

Unique number assigned by Gumballpay server to particular request from the Connecting Party.

error-message

If status is error this parameter contains the reason for decline or error details.

error-code

The error code is case of error status.

redirect-url

The URL to the page where the Connecting Party should redirect the client’s browser. Connecting Party should send HTTP 302 redirect, see General Transfer Form Process Flow.

Request & Response Examples

Transfer from Form to PAN

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.gumballpay.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="eZCXwEp9fO17vGFwPUDStKjOKIP9u0nu", oauth_signature="2qrf7DY0fiy88doBrIGafZBqLLX12ePYWDGLqNxwBfU9T3RzwSYtEj92EPuiJulnZxbPY6av4F2jT1JS02D4KqPAtadsEYb8AabBoSvXPK13FrIXKQ38hrcapmXwz%2Fbh0JJBnN3aMvKJ%2FnsvRChY%2FFpRhdudfdBxZLKpAXYfJQgk42%2FB9pu%2FsBSRWJwTnVZxfavHYMWmrY2rvg2x1nedSJq6O%2Fxffz9OU3CvHOlK%2FGfdI4WFvpHIXpw1Mlz%2F6AnQRdMmYHnoDsFu79GI57NeoBRsZazJBYh%2FE%2FFcS9sHU5BF0yvLQYz%2FCXtb7lDbKeDJTHDDWakyyZPQcOQReIMHpNwNr9mjC%2FucIJitFEldsWWGaOnTc2Tqtrdjzzwukm%2BP7Bi5siJ5Pl%2BxWqOMAEFPnCXfThBKIJrxQXbBwR4YfPaBb70nePybCH8JCX0vakoaH%2BwFJfR0WNgOBfYxQfUYNcEXDmrk8hLbwz%2FXJ6bfanFaE8N3OwijJmlzY%2B4ZrEqBjnklQcBnNuvuxKSb6dKtnRo5UVXEszEiCxEvWQifggohkU1CTHZFpA2qmrxjIcgJoDOhQPV6Lk92LiDtVSE2drxZ%2Bjui69ZzGlnKlM0lVCnFfdahrhtMM9GYNN%2B24YaKd5UkCMIMru%2BfOfvqwrJu00%2FIms8VXwsm9aP8pP4Lr3I%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670421183", oauth_version="1.0"
Content-Length: 303
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&destination-card-no=4268736646656312
&destination_card_printed_name=Test%20Test
&destination_expire_month=12
&destination_expire_year=2023
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Wed, 07 Dec 2022 13:56:03 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddbfa2
&merchant-order-id=34T43R77N
&paynet-order-id=6863810
&redirect-url=https%3A%2F%2Fsandbox.gumballpay.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A577953626976766D4B494A66796F55434370393032673D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 08:25:15 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from Form to RPI

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.gumballpay.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="yQFnx1Zerg4pH28VmLQL3HWc7dQJlAqg", oauth_signature="G2ZRjHOxzhsQ5xIurkM7Bo7REnoBfG3HIDDzwG9XfFGZdFC0815%2FPVS4ESdLPYVEr7iT2K3LtlO2mhMzmIWuRV3YTVKKCbfbuJkPk1OwJOx66ZaX4q0DI5Zej%2FadXiKuJ%2FLe%2BLL8Tp%2Ftzrylk6fiTAoX2AT471hp02xezERVwdEwkhoWB1mqwYE4VxOL8wDk0W0oqR%2Bk1XgWXPcj3E8WV3kEVFwxYwgi6daQyimqReEc5q8fqbUl7sANmIozrSRWqjG2K%2FBLs0W2UFLMcvWdHi2ON%2B%2BnTzaLCExB2991ozSE2jPp4eahkd69Zz%2BEwLENVIn8KDwvA5j25XaGgbqLKK%2BBt5CshObkvZZZ%2FuWqujp%2FzbOBGMuucuwyXe4yW8Ter1YC%2F9zoR%2BMwIcKBd5gaV4mOxQCZ5pe9GMD2805BlM2XDtcB9UT%2FeMs3MR3WIXN51EVCn%2BcazxwEI4LmZ5966aaUGu4GF41JWRQAZBchx4F%2Bd%2BRadwCceBJJSiQg82hwRk4QYnyDEx%2BWqcwErVZGCH8yJhph1Etn3e0G8z0PLBlG2hqTqGPFYivzyFHI1LNW8jl7%2BKJq2HZgXjtcU8Ji%2BVw2JVr86nnM4nPbpIRl7qr%2BSYUpXjWw%2B3e%2F6GtOL%2BOWzVFMo5jKf%2FfyJSdOgbyco1sBHplZRZ8Gsts8UGiIuQ8%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670847388", oauth_version="1.0"
Content-Length: 213
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&destination_card_recurring_payment_id=1491854
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:17:14 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc2d7
&merchant-order-id=34T43R77N
&paynet-order-id=6863948
&redirect-url=https%3A%2F%2Fsandbox.gumballpay.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A66354B455A714F6F32684D61414E78767241354872343D

Fail Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:08:14 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 132

type=validation-error
&serial-number=00000000-0000-0000-0000-000002ddc2b8
&error-message=Recurring+payment+not+found
&error-code=122

Transfer from PAN to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.gumballpay.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="BpGsiUR8CbIjGAD1Qxu8MTtGHnlIvzcF", oauth_signature="ozovWc0wjugTlGfrS8TeSxqQtnSEQ7UrGh7z6B5px5BoKgTWF44Ej6VCAxCWMl%2B1Qxg5iZ5ExOqTWZ2GTx70ly%2B%2BgHkSmz3t02PEr9XJsj2%2FOm4XFoF0LnbVPDje7AmZZBuF2l0iandlUBjJVA%2BarD6dWVv8LNrv3RVyheuhBreAr7dLcSD4Iu44MH76tOZS%2BuMnqqFjKwC37owAdC7xtJwOIF8wrFM272qHnzxbfvZRaJruoG6WO%2F%2BMGJLPnaNbrhfJ99%2BtvCybb0CsVMQqJ%2FsUWM8Z89ci6a4MCPE41v1i9lXyvkZDm6qfoVgKVPUHVVsjbvuu5Ub7MeMgBsl76ZrRsi9yLiHmPLQGqhzxydy14GpCNH9FFM2BdRSlkxfBYV1yzX2Ym4gZMq6myvVsCTDgHeGXeQe%2F%2F7z6lLE3S0%2BgcA6NkuhfLU7lvAl0CguRAvU3%2FlVh3R1p8C9S3BXQak6eM0xYp7hO1wQKXMq4uMM2FjmtTUYe6ZiqyjGbkTrrIEkD%2Fo%2FX1NXXylMbWxuNyoTnQXx%2BQzDsUrY3Mhtb%2FslwCGDY4puOlwiVqGg31EBz0wFWzJFX7n2uQO76g5q%2FnTJqf3dq3AdTC6xpaGC2kek0fxc6FEDdaoVeQ3PwJWYi1kcPbwkcvo4gIi03rcO3JUJZF3TfomkFs%2BFnh%2FwLJHs%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670569138", oauth_version="1.0"
Content-Length: 275
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&card_printed_name=Test%20Test
&client_orderid=34T43R77N
&credit_card_number=4047753518764320
&currency=USD
&cvv2=123
&deposit2card=false
&expire_month=12
&expire_year=2023
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Fri, 09 Dec 2022 06:59:20 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc004
&merchant-order-id=34T43R77N
&paynet-order-id=6863822
&redirect-url=https%3A%2F%2Fsandbox.gumballpay.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A61365A5A5637456C4545743867705438697A512F30633D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Fri, 09 Dec 2022 06:45:14 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from RPI to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.gumballpay.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="y03UAVaLM9NXEwAHD0R9YDCQQFzRWx8b", oauth_signature="Zgx05s2b%2Fr4wSbo0sb2tGXbhPeDYlfJfnziSH57mkYfEMNtGoWCeUlLanQLKq1ddusIBhGUFwpwoh5f22y9tqHRsekiAQ92s9ixQxmvE8sEV3Ov%2FHoTyktrxN0vhPxuwSmwD%2FhX%2FOMJgDaCoOZK%2BxeXfPRVRwlNM8LsDd29i%2FnIUsExWCBujs3M5ThYGz58UJdZmOxrWW3poH2Lb6Fw9b6XMwV2DzvyomhMzZfyQYYX%2BhP22rCmXTg%2BEyTVnJDBiWI3pF6WYQFjdO5tPbcK4bxw4IYNIKKEi78dw0%2FZcb65gfHlaUtqHd3ZXiFiob4YFeV%2B1XKI2wSVBVemEd3jVjOFXDZv2GLzrZOUkxcns6BqkRxMqaWc9%2FbpsL65XdFxB4LUuP2h1PVk6A5yjjanSjp1XqzyAx8EGpxYGAzIPNSsYPVN9x5TuyIqtYVXhz2y0z8RPx5VFmSYr%2BaCr6ruhRNkyonNmk47oPkIkG9PpLivBaq8PnIzUNpExTRIYJXJOwD69CjCPxT%2Fhr3udDQJD4ZHFE3TNA9g1H0VRL%2Ff60jPhZeanf9MgcFqz6jckPQghBixOaTBf9DmP9jmv12IQZ3PR3J3n53nDEUIw%2Fhiga3%2BdZswkJMYS57VB282SVfDXQPO%2F40OC%2B3annev%2BMftiSfChhRgazDRToCnbETXqoKc%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670850681", oauth_version="1.0"
Content-Length: 266
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&card_recurring_payment_id=1491854
&client_orderid=34T43R77N
&currency=USD
&cvv2=123
&deposit2card=false
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 13:12:21 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc34e
&merchant-order-id=34T43R77N
&paynet-order-id=6863959
&redirect-url=https%3A%2F%2Fsandbox.gumballpay.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A5A716755336669466574615739747A737059777A50493D

Fail Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 12:25:05 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 176

type=validation-error
&serial-number=00000000-0000-0000-0000-000002ddc2ec
&merchant-order-id=34T43R77N
&error-message=Src+card+cvv2+should+be+filled+in+transfer.
&error-code=29

Transfer from Form to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.gumballpay.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="3FUX1QCRBPF7am99UO4bty1qD7FK08I8", oauth_signature="CCvlgjfVBZOwoMS%2FbUXv1LiRlc0Nu3Owf3FwNmPnbP49RWi3ve3VE9Jt61QpRx14pmCz3xFKQt%2Bi4UvXJYlsn206TSZ9H7TGCSHhQQP5vD0mm3Pnq0YgtI2oPpn2PhgM%2FlgwwWcBjBqmCyzM%2FGGqK24zn5C20bxvHL9LfuMgF4bEpIYDGXVh3%2BbhlU5Z2H25fjjttZylm1SLhAi9lOct2%2BtH00TJ%2FgjdWR%2FCnIroLVPWqnYbE8f%2F%2Bz1HuynqW684UUaAiB8WgEulH1BBM6HqYiFAVyfWlLNzDv08cKZew7JPsso17XBdqYyE2QWkREM61FPSQpQsuAnRpezxjRZnmxsShXKqgNwj%2B%2BVeEEP7Z0IFqUreDgSYYSntrgtvZHhX6oNuEn4V8jWA6TO0wPNPKqkEXTk7w53nF0Hn%2FLgAa3FfYSHtCnFP1uELmPnVrO03IWaPPw0%2BcCJzNMua7g%2FYjlCsdV3tlwUwne1R0V3togR5k%2FTnG%2Bub4txjaFeqOm9p517ppKZQn8Fe0jtIIJMCYVRVmsYkeBZyyRgcdIBOAn09fCKZ7y74gI12py%2FvVzagFCjZo05T20gY6OpCkrP4HhWEkKJhrqSCBe7NLC1xZDszfkLFjF9Z4dWvk2PIcNfI3SGYZRks0YFPECycfYzYIJfuKplYAACzR47h30SaOiI%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670835177", oauth_version="1.0"
Content-Length: 167
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=false
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 08:53:26 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc1f8
&merchant-order-id=34T43R77N
&paynet-order-id=6863917
&redirect-url=https%3A%2F%2Fsandbox.gumballpay.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A613368326D746C2B72645043314744502B537A6E57343D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 09:18:33 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Transfer from Deposit to Form

Request Example

POST /paynet/api/v4/transfer-form/39915 HTTP/1.1
Host: sandbox.gumballpay.com
User-Agent: curl/7.83.0
Accept: */*
Authorization: OAuth oauth_consumer_key="TestMerchant", oauth_nonce="SDrbaim155azbf2UthcVDrhwiOA6liE4", oauth_signature="CFUUC1Y6QT5Gj7LA%2FdW6gkGN%2Fh73J8HAxhvYtFx%2F%2FChlQIU7f4uvVmKpOossrRD05wdx0ENHJZLZ8SI%2B610ygcWP%2B3K%2FqEYDI7qjdg8HgKlT3BnjSoGU6EjGjvcMwQSY0AwNJ4adYYZG6G%2Ble9SOvbPcQalkfxIjpTl%2FkyrIVtNS4h9ExkD%2Fg9UUXZ%2F2YAOCyhTy26QwOLOo5NmNeh%2FX7wpqPEyjHfEE%2FWbc3iSNSjlJA9b%2BfX5eFAVxzzZ2X76HRxy%2FuHqah9NszgXsagMHpXOpvovNRLEh7NFBqVDWhoHFfDS%2Bwd6vcLqXxwLKOVecmq06GN1%2BiZX4C9QebaNw6JSx72jMon3hnn37pUSLhzWXz%2BwlMX7XN%2FcTWsZ0kL51DzFXwPAJPVAeNevgxlaFtbELMGcZNOU19u72cOZKMu7%2FsxLAfCgUITCO2NhvZw%2BR8xUZUcxvwu4fvoTXr6rf8r0iloJIA9RoaKobzmPUDcGx3%2F4Hswjbqk7YOg6jxQJD6ZoKscHpLiQLvBWPILsSVMpQUpnUqzBNGexdCd8zaRzqiszwz4hEg6teTMFOLA%2FoQ8Wu%2FxtSs8JMuXsWtestY9h1y5KuXWDy8O9hpN45pBF%2BvtoDfyr6ktKrkZZTZG49FBKk%2FcKi5FjzL5Bsbwv9fgk1%2BRYDexMtHCqX%2Fdrz%2BzMM%3D", oauth_signature_method="RSA-SHA256", oauth_timestamp="1670851416", oauth_version="1.0"
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: close

amount=100
&client_orderid=34T43R77N
&currency=USD
&deposit2card=true
&ipaddress=1.1.1.1
&order_desc=Your%20order%20description
&redirect_url=http%3A%2F%2Fwww.example.com
&server_callback_url=https://httpstat.us/200

Success Response Example

HTTP/1.1 200
Server: server
Date: Mon, 12 Dec 2022 13:23:58 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Vary: Accept-Encoding
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Content-Language: en-US
Strict-Transport-Security: max-age=31536000
Content-Length: 285

type=async-form-response
&serial-number=00000000-0000-0000-0000-000002ddc35a
&merchant-order-id=34T43R77N
&paynet-order-id=6863960
&redirect-url=https%3A%2F%2Fsandbox.gumballpay.com%2Fpaynet%2Fform%2Finit%2FBB587546567A31587163597A684535634A775969614A5878476D6E717A31324167486F61674C6830743070343D

Fail Response Example

HTTP/1.1 403
Server: server
Date: Mon, 12 Dec 2022 13:19:46 GMT
Content-Type: text/html
Content-Length: 735
Connection: close
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>403</title>
    <style type="text/css">
        body {
            font-family: Arial, sans-serif;
            font-size: 130%;
            background-color: #eee;
        }
        p {
            margin: 10em auto 0;
            width: 500px;
            border: 1px solid gray;
            text-align: center;
            vertical-align: middle;
            padding: 40px 20px;
            background-color: #fff;
            -webkit-border-radius: 20px;
            -moz-border-radius: 20px;
            border-radius: 20px;
        }
    </style>
</head>
<body>
    <p>Access is denied</p>
</body>
</html>

Postman Collection

Request Builder

Enter your private key in PKCS#1 container to use debug. See RSA-SHA256 for details.

Debug form
URL
login

login should be used as Consumer Public for OAuth

destination-card-no
credit_card_number
destination_card_recurring_payment_id

use either RPI or card number, not both

card_recurring_payment_id

use either RPI or card number, not both

amount
currency
cvv2
card_printed_name
expire_month
expire_year
ipaddress
order_desc
redirect_url
redirect_success_url
redirect_fail_url
client_orderid
merchant_form_data
deposit2card

boolean used only to determine if transaction type is deposit2card

Normalized parameters string to sign, according to OAuth 1.0a rules
POST body parameters to submit
OAuth 1.0a headers to submit.
HEX Encoded Signature
* HEX encoded string is for debug purposes only. You shouldn't send this string to the server neither in HEX nor in Encoded HEX representation.
Base64 Encoded Signature
* Binary RSA-SHA256 signature directly encoded in base64 should be sent to the server.