Platform developers that need a payment solution can integrate with Allpay.
This model is suitable for platforms that want to add Allpay as a payment method and be listed in the Allpay integrations catalog. It does not include partner payouts and is based on mutual promotion (other partnership models).
This integration will become available to Allpay customers as a ready-made way to connect your platform.
Requirements
To have your platform added to the Allpay integrations catalog, the following conditions must be met:
- You do not participate in the Allpay partner or referral program.
This integration is based on mutual promotion. - The integration must be approved by Allpay in advance.
Your platform must be in demand in Israel and already used by real customers. - You are ready to support the integration on an ongoing basis.
You are responsible for maintaining the integration and providing customer support on your side.
How to start
To approve the integration of your platform, contact Allpay support and briefly describe:
- your platform;
- who your customers are;
- how exactly you want to use Allpay payments;
- which integration method you plan to use: manual or automated;
- whether there are already customers who need this integration.
Integration methods
Integration with Allpay can be implemented in two ways:
- manual integration;
- automated integration.
Manual integration
With manual integration, you implement the connection on your side and publish instructions for customers on your website.
The customer will need to:
- Open the integrations section in the Allpay dashboard.
- Create API keys.
- Copy the keys and paste them into the settings of your platform.
Technical involvement from Allpay is usually not required for this type of integration. After implementation, send us information about your platform and a link to the Allpay connection instructions on your website.
After review and approval, your platform will be added to the Allpay integrations catalog.
Automated integration
Automated integration allows the platform to be connected without manually copying API keys. The user clicks the connection button in the Allpay dashboard, confirms the connection on your platform side, and the API keys are transferred automatically.
Before implementation, Allpay provides your platform with:
<span class="u-richtext-element">partner_id</span> — the individual integration ID;
<span class="u-richtext-element">secret_key</span> — the secret key for signing and verifying server requests.
<span class="u-richtext-counter">1</span>Redirect from Allpay to your platform page
The user opens the <span class="u-richtext-element">Settings</span> → <span class="u-richtext-element">Integrations</span> → <span class="u-richtext-element">Your platform</span> section in the Allpay dashboard and clicks the connection button.
Allpay generates a one-time token for linking the accounts and redirects the user to the confirmation page on your platform side, for example:
https://your-platform.com/connect?token=TOKEN
Where <span class="u-richtext-element">TOKEN</span> is the one-time token created by Allpay.
The standard token lifetime is 1 hour.
<span class="u-richtext-counter">2</span>Confirmation on your platform side
On your side, the user confirms the connection under their account.
After confirmation, your platform redirects the user back to the universal Allpay endpoint:
https://allpay.to/services/endpoints/exchange.php?act=connect&partner_id=PARTNER_ID&token=TOKEN&external_uid=USER_ID
Where:
<span class="u-richtext-element">act=connect</span> — the integration connection action;
<span class="u-richtext-element">partner_id</span> — the individual integration ID;
<span class="u-richtext-element">token</span> — the one-time token created by Allpay;
<span class="u-richtext-element">external_uid</span> — the internal user ID on your platform.
<span class="u-richtext-counter">3</span>Creating and sending API keys to your platform
After verifying the token, Allpay links the Allpay user with the user on your platform, creates or finds the API keys <span class="u-richtext-element">api_login</span> and <span class="u-richtext-element">api_key</span>, and then sends them to your endpoint.
Example endpoint on your platform side:
POST https://your-platform.com/allpay/partner/exchange
Request body:
{
"external_uid": "USER_ID",
"api_login": "API_LOGIN",
"api_key": "API_KEY",
"sign": "SIGNATURE"
}
Where:
<span class="u-richtext-element">external_uid</span> — the user ID on your platform;
<span class="u-richtext-element">api_login</span> — the Allpay user's API login;
<span class="u-richtext-element">api_key</span> — the Allpay user's API key;
<span class="u-richtext-element">sign</span> — the request signature.
<span class="u-richtext-counter">4</span>Request signature
The server request with the API keys is signed using HMAC SHA-256.
Signature format:
hash_hmac('sha256', $payload_json, $secret_key);
Where:
<span class="u-richtext-element">payload_json</span> — the JSON request body;
<span class="u-richtext-element">secret_key</span> — the individual secret key.
<span class="u-richtext-counter">5</span>Response from your platform
After successfully receiving and saving the keys, your platform must return a successful response, for example:
{
"ok": true
}
After this, Allpay marks the integration as active.
Disconnecting the integration
If the user disconnects the integration on your platform side, you must delete the saved API keys on your side.
In addition, your platform must send a POST request to Allpay to disconnect the integration:
POST https://allpay.to/services/endpoints/exchange.php?act=disconnect&partner_id=PARTNER_ID
Request body:
{
"external_uid": "USER_ID",
"sign": "SIGNATURE"
}
Where:
<span class="u-richtext-element">external_uid</span> — the user ID on your platform;
<span class="u-richtext-element">sign</span> — the request signature.
The disconnect request is also signed using <span class="u-richtext-element">secret_key</span>.
If the user disconnects the integration from the Allpay dashboard, Allpay can send a disconnect notification to your platform endpoint. To receive this notification, provide an endpoint on your side.
Security requirements
For automated integration, the following requirements must be met:
- HTTPS only
All requests between Allpay and your platform must be sent only over HTTPS. - Secure key storage
The received <span class="u-richtext-element">api_login</span> and <span class="u-richtext-element">api_key</span> must be stored securely on your side. - Server request signatures
Server requests must be signed using <span class="u-richtext-element">secret_key</span>.
<span id="info">Information for the integrations catalog</span>
After the technical part is completed and the integration is working, send us the following information to add your platform to the Allpay integrations catalog:
- platform logo in SVG format;
- short platform description of up to 200 characters;
- extended platform description of up to 360 characters;
- technical support contacts for the integration: email and WhatsApp or Telegram;
- information on whether your integration supports installments, recurring payments, and refunds;
- link to the Allpay connection instructions on your website.
Allpay branding guidelines
Use the correct brand spelling:
correct: Allpay;
incorrect: AllPay, All Pay, allpay.
Use the official Allpay logo.