API Reference
Requirements
Allpay API suites Israel-based projects and helps to accept payments from clients situated both in Israel and worldwide.
To use API you must have API login and key provided in your Allpay account (Settings ➙ API Integrations). Sign up for Allpay account.
Payment protocol
The payment process happens in two steps using the POST method:
- Payment request: This is where a new payment is created. Allpay sends back a URL for the payment page where the customer will be redirected.
- Successful payment notification: After a successful payment, Allpay submits you a notification with the payment details.
Both of these steps use SHA256 signature to ensure security.
Payment request
To create new payment, a POST request must be send to the following URL:
The POST request parameters are the following:
Example: "Order #123456" or "Payment for delivery"
Example: 1000.00
Options: ILS, USD, EUR
Options: ENG, HEB, RUS
Note: We don't have a fail URL because payment errors are displayed directly on the payment page, prompting the customer to make a new payment attempt.
Options: Up to 12.
Example: 500.00
0 (default) – the customer will be able to select the number of payments in the range from 1 to the value of the tash parameter;
1 - the number of payments will be fixed and equal to the value of the tash parameter.
Options: 0 or 1
Here is the example of a POST payment request:
Response
When a payment request is initiated, Allpay will return a URL (payment_url) to direct the customer to the payment page.
Upon completing the payment, if the transaction is successful, Allpay will redirect the customer to the success_url. However, in the event of a failed payment, the customer will remain on the payment page where an error message will be displayed, along with an option to attempt another payment.
Payment notification
After successful payment, Allpay will submit a POST request to the notifications_url with the following parameters:
Options: ILS, USD, EUR
1 – successful payment,
3 – refunded.
An order can be considered paid when the returned status is equal to 1 and the the signature is valid.
Code example to verify that the payment was successful:
Signature
Payment requests to Allpay and notifications returned from Allpay includes the 'sign' parameter which represents request signature. The signature is generated with the 'getApiSignature' function.
The 'getApiSignature' function sorts the request parameters (except for the 'sign' parameter and parameters with empty values) and use their values and the ":" (colon) separator to create the string. API Key is added to the end of the string. Then the string is hashed with SHA256 algorithm.
Payment status verification
Status of transaction can be checked by submitting POST request as follows. The request must be submitted with a minimum delay of 2 seconds after the payment.
Allpay will response with the following parameters:
1 – successful payment,
3 – refunded.
Options: ILS, USD, EUR
Tokens
A token is a securely captured and encrypted representation of a customer's bank card that can be used to initiate new payments without the need for the customer to re-enter their card details.
You can request token for any successful payment that was executed using Payment protocol. To receive the token submit signed request with the order_id of the original payment.
Allpay will response with the following parameters:
Now you can use the token to initiate new payment request by submitting it with the allpay_token parameter.
The payment will be executed immediately and, instead of the payment page URL, Allpay will return the following parameters:
Test Mode
To make test payments, activate the Test Mode in your Allpay account settings (Settings ➙ API Integrations ➙ Test Mode) and use test card details provided there.
To simulate failure, use real credit card details.
Support
Please route support requests to support@allpay.co.il or Telegram: @allpay_israel
Track API updates in the Telegram channel: Allpay API Updates.
Changelog
March 14, 2024:
The receipt parameter is included in both payment notification and payment verification response. This parameter provides the URL to the digital receipt, which is generated by the EasyCount module when the module is activated in the account settings.
Please note, that the request URL changed to...api4.
February 09, 2024:
Added new optional parameter for Payment Request: client_tehudat, representing the client's Social ID Number (Teudat Zehut). If provided, Allpay won't prompt the client for manual entry. If not provided, it will be requested on the payment page, as required by law. For non-Israeli citizens, submit 000000000.
December 24, 2023:
fail_url parameter will not be longer applied because payment errors are displayed directly on the payment page, prompting the customer to make a new payment attempt.
New parameter added: backlink_url, which is a URL for the new "Return to site" button on the bottom of the payment page.
December 21, 2023:
New parameters added in the responses for payment protocol, status verification and token requests: card_mask (example: 465901******7049), card_brand (example: visa, mastercard etc.) and foreign_card (issued in Israel or abroad).
Request URLs changed from ...api1 to ...api2. Example: https://allpay.to/app/?show=getpayment&mode=api1 (before) vs. https://allpay.to/app/?show=getpayment&mode=api2 (now).
September 09, 2023:
Added endpoint for creating and using tokens.
June 30, 2023:
When submitting currency parameter in USD or EUR, the amount will be auto-converted to ILS on the Allpay side. Exchange rates are taken in real time from Google Finance.
June 29, 2023:
Added payment verification method to check transaction status.
February 09, 2024:
Added new optional parameter for Payment Request: client_tehudat, representing the client's Social ID Number (Teudat Zehut). If provided, Allpay won't prompt the client for manual entry. If not provided, it will be requested on the payment page, as required by law. For non-Israeli citizens, submit 000000000.
December 24, 2023:
fail_url parameter will not be longer applied because payment errors are displayed directly on the payment page, prompting the customer to make a new payment attempt.
New parameter added: backlink_url, which is a URL for the new "Return to site" button on the bottom of the payment page.
December 21, 2023:
New parameters added in the responses for payment protocol, status verification and token requests: card_mask (example: 465901******7049), card_brand (example: visa, mastercard etc.) and foreign_card (issued in Israel or abroad).
Request URLs changed from ...api1 to ...api2. Example: https://allpay.to/app/?show=getpayment&mode=api1 (before) vs. https://allpay.to/app/?show=getpayment&mode=api2 (now).
September 09, 2023:
Added endpoint for creating and using tokens.
June 30, 2023:
When submitting currency parameter in USD or EUR, the amount will be auto-converted to ILS on the Allpay side. Exchange rates are taken in real time from Google Finance.
June 29, 2023:
Added payment verification method to check transaction status.