Permalink: |
Web Merchant Interface
last updated: December 12, 2024
Contents:¶
- Definitions
- About Merchant WebMoney Transfer
- Merchant WebMoney Transfer Testing
Definitions¶
MERCHANT¶
A Merchant is a WebMoney Transfer user accepting payments from other WebMoney Transfer users via Merchant WebMoney Transfer.
The merchant accepts WebMoney for goods or services rendered via the Internet, thus they are supposed to have their own website.
CUSTOMER¶
A Customer is a WebMoney Transfer user willing to pay for goods or services offered by the merchant via the Internet.
WebMoney Transfer Interface¶
PAYMENT RECEIPT PARAMETERS¶
In order to receive payments via Merchant WebMoney Transfer merchants must be registered with WebMoney Transfer. Moreover they must set up a number of parameters regulating the receipt of payments and notification about payments.
Parameters may be set up in 'Settings ' (https://merchant.wmtransfer.com).
Each purse that the merchant uses to accept payments has its own set of parameters in the service.
Parameters and their functions:
Parameter | Format | Description |
Test/Work modes | - | Flag which is setting payment processing mode in the service. In test mode Web Merchant Interface it simulates making of payments (real payments are not making). Test mode is set as a default. You can pay only through WM Keeper in test mode. If flag is set OFF mode, Web Merchant Interface will inform customer that it’s not possible to make a payment in all cases. In operating mode payments go in the usual way (as normal). |
Merchant name | 50 characters | The information that will be shown to the customer (to the buyer) when paying. it is expedient to specify in this field a brand name, site name, service, shop name and other information that characterizes goods and services that is selling through this purse. |
Secret Key | Key 50 characters (case sensitive) | A string of characters that is added to the transfer details sent to the merchant in the notification. It is known only to the merchant and the Merchant WebMoney Transfer service. The same string of symbols is used in XML-interfaces associated with Web Merchant Interface and helping in its work and use(for example Interface X18 and Interface X20). |
Send the Secret Key to the Result URL, if the Result URL is secured | - | The option informs the service that the Secret Key must be added to the notification sent to the merchant's website if the Result URL is secured (SSL is used), i.e. the Result URL begins with "https://". If the Result URL is not using SSL, the Secret Key will not be sent even if the option is enabled. The Secret Key is not sent as well if the Result URL has been reassigned in the payment request form. |
Secret Key X20 | Key 50 characters (case sensitive) | If Merchant uses Interface X20 in order to integrate acceptance of payments in its mobile app or service then it is often necessary to make an interface call directly from client application (in other words for common applications and services without server side or even in its absence ) so for safety reasons it is undesirable to use standard Secret Key, in interface call in order to not to compromise it. To do this, you can specify in this field an additional * Secret Key X20 * and then Interface X20 will work only with this string. Also Secret Key X20 MUST be indicated in case when the flag “signature of payment form is required” is switched on as it is used in the making of this signature. |
Result URL | 255 characters (case sensitive) | URL (on the merchant's website) to which Merchant WebMoney Transfer will send an HTTP POST or SMTP notification about the payment and its details. If the merchant fails to specify the URL, he will not be notified. The URL must begin with "http://", "https://" or "mailto:". If the URL begins with mailto:, the notification will be sent to the provided email. For example if you enter 'mailto:shop@address.com' the notification will be emailed to shop@address.com. The notification will be sent through ports 80 and 443 if you are using the URL beginning with "http://" or "https://". And the Result URL is called twice: directly before the payment (in order to check the merchant's website operability) and immediately after the payment has successfully been performed (to transmit the payment parameters). During the first call if the Transmit parameters in the pre-request checkbox is marked, the parameters are transmitted in the pre-request form. Otherwise the call is made without parameters. During the second call the parameters are transmitted in the Payment Notification form. |
Transmit the parameters in prerequest | - | The flag that reports to the Web Merchant Interface that the parameters, which are transmitted to the Result URL of the merchant's website directly before a payment attempt, should be transmitted in the Prerequest form. If the flag is off, the prerequest is sent without parameters. If the flag is set to 1, the merchant's website has to return 'YES'-string in the response for the Web Merchant Interface service to continue the payment process. If the response is different, the payment will not be settled and the customer will get an error message. |
Proxy for Result URL | - | When for some reason calls Result URL are not coming from standard IP addresses of the system due to routing errors, provider restrictions etc., you can select one of the following IP addresses listed in this settings of IP addresses and service requests for Result URL will be coming from selected address |
Success URL | 255 characters (case sensitive) | URL (on the merchant's website) to which the customer's browser will be redirected in case of a successful payment through Merchant WebMoney Transfer. URL must begin with "http://" or "https://". |
Method of requesting the Success URL | - | Method (POST, GET or LINK) used to redirect to the Success URL. |
Fail URL | 255 characters (case sensitive) | URL (on the merchant's website) to which the customer's browser will be redirected if the payment failed. URL must begin with http:// or "https://". |
Method of requesting the Fail URL | - | Method (POST, GET or LINK) used to redirect to the Fail URL. |
Allow overriding the URL from the Payment Request Form: | - | This option allow to override Result URL, Success URL and Fail URL, method of requesting Success URL and Fail URL may be changed in the 'Payment Request Form'. |
Send the unsettled payment notification to WM Keeper | - | The flag that informs the Web Merchant Interface of the necessity of sending a notification to the merchant's WM Keeper in case of an unsettled payment. |
Method of generating payment notification control signature | - | Algorithm used by Merchant WebMoney Transfer to authenticate the notification sent to the merchant's site. Two algorithms are supported: SHA256 and SIGN (the latter is recommended). |
Necessarily require transaction acceptance through SMS | - | In case of enable this option customers can make payments to the purse only with second factor confirmation - SMS or Enum. This option applies to WM payments only, it doesn't apply to other payment methods. |
Necessarily require signature payment form | - | In addition to the standard fields the activation of this option requires from Merchant the necessary sending of the field LMI_PAYMENTFORM_SIGN, including the signature of the main fields of payment, which are sent in the Payment request form. For more details about how to form this field please find its description below in the Payment request form. If this checkbox is activated, but you don't send the field LMI_PAYMENTFORM_SIGN in the Payment request form, then a buyer will get an error. |
Additional payment methods | - | This section of setting contains other payment methods such as Paymer checks, WM checks, bank cards, mobile payments etc. Full list of additional payment methods depends on the type of a purse. Links to detailed descriptions of each method, conditions of it's use etc. are given directly into each of the methods in the purse settings page |
Payment workflow¶
Payment workflow is shown in the picture below.
HTML FORMS¶
Five HTML forms are used to transmit data between the merchant's website and the service:
- A Payment request form is generated on the merchant's website in order to request a payment in Merchant WebMoney Transfer and transfer it through the customer's browser.
- A Prerequest form is generated by Web Merchant Interface to send the parameters of a preliminary request for performing a payment to the merchant's website - if the flag "Send the parameters in a prerequest" is enabled. If the flag is disabled then the form is not used (the request is sent without parameters). The request is sent bypassing the user's browser.
- A Payment notification form is generated by Merchant WebMoney Transfer in order to notify the merchant about the payment. The customer's browser is not used during the transmission of payment notification to the merchant's website.
- A Settled payment form is generated by Merchant WebMoney Transfer if the payment was successful.
- An Unsettled payment form is generated by Merchant WebMoney Transfer if the payment failed. The form is transmitted to the merchant's website through the customer's web browser.
Payment request form¶
The form transmits the request from the merchant's site to Merchant WebMoney Transfer through the customer's browser. It has the following fields and parameters:
Action - https://merchant.wmtransfer.com/lmi/payment_utf.asp
Method - POST
accept-charset -UTF-8
content-type - application/x-www-form-urlencoded
Fields - fields transmitted in the form:
Field | HTML Field Name | Is it required? | Description |
Merchant's purse | LMI_PAYEE_PURSE | Yes | The merchant's purse to which the customer has to pay. Format is a letter and twelve digits. Presently, Z-,E-,G-,X-,H-,L-,S-,F-,T-,M and D purses are used in the service. |
Amount | LMI_PAYMENT_AMOUNT | Yes | The amount the merchant wants to receive from the customer. The amount must be more than zero; decimal separator is used. |
Purchase inner number | LMI_PAYMENT_NO | No | The merchant specifies the number of the purchase in accordance with their accounting system. The parameter is not required, but we advise you to always use it. You should use a unique number for each payment so that you can easily find all the information about it. positive integer of 15 digits maximally, less than 999999999999999. |
Comments | LMI_PAYMENT_DESC | Yes* | Description of products or services. It must be added to the WebMoney transfer payment form as well. Maximum 255 characters in length. UTF-8 |
Comments | LMI_PAYMENT_DESC_BASE64 | Yes* | A description of goods or services encoded UTF-8 and then encrypted with Base64 algorithm. Is formed by the merchant. If used the result will be substituted for LMI_PAYMENT_DESC. It allows text content not to depend on the encoding used on merchant's website. |
Test mode | LMI_SIM_MODE | No | The field is used only in the test mode. It may have one of the following values: 0 or empty: All test payments will be successful; 1: All test payments will fail; 2: 80% of test payments will be successful, 20% of test payments will fail. |
Replacement of Result URL | LMI_RESULT_URL | No | This field lets the merchant temporarily replace the Result URL specified on a special web page of the Merchant WebMoney Transfer site. If the 'Allow URLs transmitted in the form' option is enabled, the transmitted URL will replace the Result URL specified on the site of Merchant WebMoney Transfer. The format of this field must coincide with the format of the Result URL. |
Replacement of Success URL | LMI_SUCCESS_URL | No | This field lets the merchant temporarily replace the Success URL specified on a special web page of the Merchant WebMoney Transfer site. If the 'Allow URLs transmitted in the form' option is enabled, the transmitted URL will replace the Success URL specified on the site of Merchant WebMoney Transfer. Otherwise, the URL specified at the site of Merchant WebMoney Transfer will be used. The format of this field must coincide with the format of the Success URL. |
Replacement of Success URL method | LMI_SUCCESS_METHOD | No | This field lets the merchant temporarily replace the parameter 'Method of requesting the Success URL' that they set up on the Merchant WebMoney Transfer site (Settings page). If the 'Allow URLs transmitted in the form' option is enabled, the URL in the form will replace the parameter 'Method of requesting Success URL' specified on the website of Merchant WebMoney Transfer. The field may have values 0, 1 or 2 equal to values of the 'Method of requesting Success URL' - 'GET', 'POST' or 'LINK'. |
Replacement of Fail URL | LMI_FAIL_URL | No | This field lets the merchant temporarily replace the parameter 'Fail URL ' they set up on the Merchant WebMoney Transfer site (Settings page). If the 'Allow URLs transmitted in the form' option is enabled, the URL in the form will replace the parameter 'Fail URL' specified on the Merchant WebMoney Transfer website. Otherwise the URL specified on the website will be used. The format must coincide with the format of the Fail URL. |
Replacement of Fail URL method | LMI_FAIL_METHOD | No | This field lets the merchant temporarily replace the parameter 'Method of requesting Fail URL' specified at the website of Merchant WebMoney Transfer. If the 'Allow URLs transmitted in the form' option is enabled, the URL in the form will replace the parameter 'Method of requesting Fail URL' specified on the website of Merchant WebMoney Transfer. Otherwise the URL specified at the website will be used. The field may have the values 0, 1 or 2 equal to values of the 'Method of requesting Fail URL' - 'GET', 'POST' or 'LINK'. |
WM-card number | LMI_PAYMER_PINNUMBERINSIDE | No | The merchant can optionally implement a special payment method for WM-cards (scratch-cards) and Paymer checks. It allows you to prompt the customer for their WM-card (check) number with which they are going to pay directly on the merchant's site and transmit it in the given field whereupon the customer is redirected to the card code entering step, and the payment methods selection step is skipped. |
Customer's Email | LMI_PAYMER_EMAIL | No | If the merchant knows the customer's email address he can transmit it in the given fields whereupon the customer will not have to specify it when paying with WM-note, Paymer check or WM-card. |
Customer's Email | No | If the merchant knows the customer's email address he can transmit it in the given fields whereupon the customer will not have to specify it when paying with Bitcoin, Litecoin, Ethereum and USDT | |
WebMoney Check number | LMI_WMCHECK_NUMBERINSIDE | No | The merchant can optionally implement a special payment method for WebMoney Check (payment terminals, cashpoints, checkout counters). It allows you to prompt the customer for their Check number (mobile phone number) with which they are going to pay directly on the merchant's site and transmit it in the given field, whereupon the customer is redirected to the WebMoney Check payment method and only has to enter their password to proceed with the payment. |
WebMoney Check password | LMI_WMCHECK_CODEINSIDE | No | This field is targeted for prompting the customer for their WebMoney Check that allows you to redirect them straight to the final page where they should enter a single-use code sent in an SMS and the payment methods selection step is skipped. As for security, it is safe to prompt the customer for their password for it grants nothing but read-only access to their WM.Check account, and it is impossible to make a payment without the single-used SMS-codes which are sent and entered in safe mode on the WebMoney.Merchant site only. |
E-invoicing payment method | LMI_ALLOW_SDP | No | Using this field the merchant can redirect the customer to the e-invoicing payment method page directly avoiding the payment method selection page. When forming a payment form the customer can assign this field the following values: 4 - for Russian banks cards, 19 - Bitcoin, 20 - runpay MDL purse, 26 - Litecoin, 27 - Ethereum, 28 - USDT, 29 - bank cards by P2P, 30 - Monero, 31 - Alipay P2P, 32 - SBP P2P |
Phone number for quick payment | LMI_FAST_PHONENUMBER | No | At the moment the possibility of making a quick payment available for every member is implemented in the service. To do this one only needs to have a mobile phone to hand, and the system, using its number, will find the corresponding WM-indentificator or WM-check and make the payment which should be confirmed by a SMS- or USSD-code. If you have the customer's mobile phone number (e.g. from their profile) specified in the international format and containing only digits without any unnecessary symbols, transmit it in the given field and the customer will not have to enter it. |
Credit period | LMI_PAYMENT_CREDITDAYS | No | In case the merchant sells their goods on credit and receives payments to their D-purse this field should contain the number of days of credit period. If payments are received to a D-purse but the given parameter is omitted it will be assumed that the credit period will be 30 days. We strongly recommend that you check the conformity of the value of the parameter in prerequest or payment notification when specifying it. |
Store number | LMI_SHOP_ID | No | This parameter is obligatory for aggregators only ( these are transitional services that accept payments for third parties). This field should be used by aggregators to transmit the Megastock catalogue registration number of a store which the given payment is accepted for. |
Form signature | LMI_PAYMENTFORM_SIGN | No | This field should be necessarily sent in case the checkbox Necessarily request a signature of the payment form is activated in the purse settings. If you do not send this field, a buyer will get an error. In case the field is sent, but the checkbox Necessarily request a signature of the payment form is not activated, a buyer will get an error too. In other words you need to activate the checkbox and send the field, or not to activate and not to send. The field should be formed by the hashing the string, which includes three other significant fields Payment request form and values of Secret Key X20 (from purse settings), separated by a semicolon, through the algorithm "SHA256": https://en.wikipedia.org/wiki/SHA-1 Signature string should be formed as follows: LMI_PAYEE_PURSE;LMI_PAYMENT_AMOUNT;LMI_PAYMENT_NO;Secret Key X20;or LMI_PAYEE_PURSE;LMI_PAYMENT_AMOUNT;LMI_HOLD;LMI_PAYMENT_NO;Secret Key X20;for forms with LMI_HOLD param. If you send the parameters, which did not participate in hashing, then a buyer will get an error. Due to this please make sure that the fields are not formatted since the creation of signature and are sent in unmodified form! |
Hold duration | LMI_HOLD | No | Hold duration (the period of unaccessibility of funds). If specified, the transaction is to be time-protected for the specified number of days. To receive the funds, the merchant has to complete the transaction on the merchant.wmtransfer.com website or call the XML-interface. If nothing of the above is done, the funds will return to the customer's purse as soon as the hold period has expired. Prescheduled moneybacks are performed on the merchant.wmtransfer.com website or by means of the XML-interface. This method is available for the payments made from WM-purses only. This parameter can be used only in case the payment request form is signed! |
Additional parameters set by the merchant | Set by the merchant | No | Merchant WebMoney Transfer processes the fields without the 'LMI_' or '_' prefix automatically and transmits the data specified in them to the merchant's website after the payment is made. |
* - Only one of LMI_PAYMENT_DESC and LMI_PAYMENT_DESC_BASE64 parameters presense is necessary.
The Action field of the form allows the merchant to redirect the customer to a specific payment method immediately. It is very easy when the merchant fully implements all the possible options when setting up a store. For this there is an 'at' parameter in the request URL. E.g. transmitting a payment form with URL https://merchant.wmtransfer.com/lmi/payment_utf.asp?at=authtype_8 redirects the customer to the 'payment from a WM-purse' payment method and at=authtype_3 - to WM-card payment. If the parameter is omitted the last used method will be chosen. All available payment methods are listed below:
- authtype_2 Keeper WebPro
- authtype_3 WM-card/Paymer check (we strongly recommend that you prompt the customer for their WM-card number/Paymer check and transmit it in the LMI_PAYMER_PINNUMBERINSIDE parameter if there is a separate item for the scratch-card/paymer check payment method at the merchant's site, for it will allow you to avoid redirecting and the customer will immediately get to the final page skipping the payment method selection and WM-card number/Paymer check entering steps.)
- authtype_8 Keeper WinPro
- authtype_9 Keeper Standard
- authtype_12 For social Network Keeper
- authtype_13 WebMoney Check
- authtype_16 Russian banks credit cards, for Z-purses only (we strongly recommend to transmit '4' in the LMI_ALLOW_SDP parameter if there is a separate item (icon, set) for the 'payment via bank cards' payment method at the merchant's site, for it will allow you to avoid redirecting and the customer will immediately get to the final page skipping the payment method selection step.)
- authtype_17 Quick payment with mobile phone number specifying (if the merchant knows the customer's mobile phone number specified in international format they can transmit it in the LMI_FAST_PHONENUMBER parameter and the customer will not have to enter it on our site when making a quick payment)
- authtype_20 Bitcoin
- authtype_22 RunPay MDL
- authtype_26 Litecoin
- authtype_27 Ethereum
- authtype_28 USDT
Sample 1. Fragment of the 'Payment request form ' without the URL replacement
<html> <head> ... </head> <body> ... <form method="POST" action="https://merchant.webmoney.ru/lmi/payment_utf.asp" accept-charset="utf-8"> <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="12.08"> <input type="hidden" name="LMI_PAYMENT_DESC" value="платеж по счету"> <input type="hidden" name="LMI_PAYMENT_NO" value="1234"> <input type="hidden" name="LMI_PAYEE_PURSE" value="Z145179295679"> <input type="hidden" name="LMI_SIM_MODE" value="0"> <input type="hidden" name="FIELD_1" value="VALUE_1"> <input type="hidden" name="FIELD_2" value="VALUE_2"> ... <input type="hidden" name="FIELD_N" value="VALUE_N"> ... </form> .. </body> </html>
Sample 2. Fragment of the 'Payment request form' with the URL replacement
<html> <head> ... </head> <body> ... <form method="POST" action="https://merchant.wmtransfer.com/lmi/payment_utf.asp" accept-charset="utf-8"> <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="12.08"> <input type="hidden" name="LMI_PAYMENT_DESC" value="payment under the bill"> <input type="hidden" name="LMI_PAYMENT_NO" value="1234"> <input type="hidden" name="LMI_PAYEE_PURSE" value="Z145179295679"> <input type="hidden" name="LMI_SIM_MODE" value="0"> <input type="hidden" name="LMI_RESULT_URL" value="http://www.shop.com/result.asp"> <input type="hidden" name="LMI_SUCCESS_URL" value="http://www.shop.com/success.html"> <input type="hidden" name="LMI_SUCCESS_METHOD" value="2"> <input type="hidden" name="LMI_FAIL_URL" value="http://www.shop.com/fail.html"> <input type="hidden" name="LMI_FAIL_METHOD" value="2"> <input type="hidden" name="FIELD_1" value="VALUE_1"> <input type="hidden" name="FIELD_2" value="VALUE_2"> ... <input type="hidden" name="FIELD_N" value="VALUE_N"> ... </form> .. </body> </html>
Pay attention to the EXEMPLARY implementation of the payment request form in the Plati.ru store, where all variants of choosing a payment method as well as immediate redirecting to the necessary payment method with existing user's data are used.
Prerequest form¶
This form transmits details of initiated payment to the merchant directly before the payment. There are the following parameters and fields in the form:
Action - Result URL
Method - POST
Fields - fields transmitted in the form:
Name | HTML Field Name | Description |
Prerequest flag | LMI_PREREQUEST | 1 |
Merchant's purse | LMI_PAYEE_PURSE | The merchant's purse to which the customer has made payment. Format is a letter and 12 digits. |
Amount | LMI_PAYMENT_AMOUNT | Amount paid by the customer. Decimal separator is used. |
Purchase inner number | LMI_PAYMENT_NO | The merchant specifies the number of a purchase in accordance with their accounting system. The service receives a purchase inner number from the merchant's website. |
Test mode | LMI_MODE | Shows the mode the payment request was processed. Two values are possible: 0: Payment was made in operative mode, funds were transferred to the merchant's purse; 1: Payment was in test mode, funds were not sent |
Customer's WM ID | LMI_PAYER_WM | WM identifier of the customer. |
Customer's purse | LMI_PAYER_PURSE | WM purse of the customer. |
Capitaller's WM ID | LMI_CAPITALLER_WMID | In case the customer makes payment by means of the Capitaller budget automation tool this field transmits the WMID of the given identifier, with that the purse specified in LMI_PAYER_PURSE parameter belongs to the WMID specified in LMI_CAPITALLER_WMID, and LMI_PAYER_WM contains the identifier of the owner who has the access with permission to make payments in the given capitaller. |
WM card number(electronic checks) | LMI_PAYMER_NUMBER | Paymer.com check number or WM-card number; available only in case the customer pays with a Paymer check or a WM-card. |
Customer's Email | LMI_PAYMER_EMAIL | Email specified by the customer; available only in case the customer pays with a Paymer check or a WM-card. |
Customer's Email | Email specified by the customer; available only in case the customer pays with Bitcoin, Litecoin, Ethereum and USDT | |
WebMoney Check number | LMI_WMCHECK_NUMBER | Customer's WebMoney Check number (mobile phone number); available only in case the customer pays via WebMoney Check service (via payment terminals, cash points, checkout counters). |
Customer's phone number | LMI_TELEPAT_PHONENUMBER | Customer's mobile phone number; available only in case the customer pays via WM Keeper Mobile. |
Payment number in Keeper Mobile | LMI_TELEPAT_ORDERID | Transaction number in WM Keeper Mobile; available only in case the customer pays via WM Keeper Mobile. |
Credit period | LMI_PAYMENT_CREDITDAYS | In case the customer pays from their C-purse to the merchant's D-purse (credit sale variant) this parameter transmits the credit period specified in days. We strongly recommend that you verify the equivalence of the value of this field in prerequest form with that of payment request form. |
Comments | LMI_PAYMENT_DESC | A comment for the payment (UTF-8); serves for the merchant could verify comments of payments for mismatches. This field is transmitted after the URLEncode function is processed. As the form sent from merchant's site to the merchant.wmtransfer.com is transmitted by means of the client's browser, the merchant, if necessary, can verify not only the amount of payment but its original comment as well. Exhange and financial service should perform such verification obligatory. |
E-invoicing payment method | LMI_SDP_TYPE | If this parameter is available that means the payment is to be performed by a method which does not require registration in the System; 4 - for Russian banks cards, 19 - Bitcoin, 20 - runpay MDL purse, 26 - Litecoin, 27 - Ethereum, 28 - USDT |
Country of location code | LMI_PAYER_COUNTRYID | ISO code https://en.wikipedia.org/wiki/ISO_3166-1 of a current country location indicated by a payer |
Code of the country where the document was issued | LMI_PAYER_PCOUNTRYID | ISO code https://en.wikipedia.org/wiki/ISO_3166-1 of a passport-issuing country, if the passport data is indicated by a payer |
IP-address | LMI_PAYER_IP | IP-address of a payer for the moment of payment |
Hold duration | LMI_HOLD | Hold duration (the period of unaccessibility of funds). If specified, the transaction is to be time-protected for the specified number of days. To receive the funds, the merchant has to complete the transaction on the merchant.wmtransfer.com website or call the XML-interface. If nothing of the above is done, the funds will return to the customer's purse as soon as the hold period has expired. |
Additional parameters set by the merchant | Set by the merchant | All the fields transmitted from the merchant's website in the "Payment request form" that have no "LMI_" or "_" prefix. |
If the "parameters transmission" flag is enabled the payment processing will continue if the merchant's website returns "YES" (string). If the merchant's website returns anything else the payment will not be completed and the customer will receive an error message.
Sample. Fragment of "Prerequest form"
<html> <head> ... </head> <body> ... <form method="POST" action="<Result URL>"> <input type="hidden" name="LMI_PREREQUEST" value="1"> <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="1.0"> <input type="hidden" name="LMI_PAYMENT_NO" value="1"> <input type="hidden" name="LMI_PAYEE_PURSE" value="R397656178472"> <input type="hidden" name="LMI_MODE" value="1"> <input type="hidden" name="LMI_PAYER_WM" value="809399319852"> <input type="hidden" name="FIELD_1" value="VALUE_1"> <input type="hidden" name="FIELD_2" value="VALUE_2"> ... </form> .. </body> </html>
Payment notification form¶
The form transmits the details of a settled payment to the merchant. It has the following fields:
Action - Result URL
Method - POST
Fields are described in the table:
Field | HTML Field Name | Description |
Merchant's purse | LMI_PAYEE_PURSE | Merchant's purse to which the customer has made the payment. Format is a letter and 12 digits. |
Amount | LMI_PAYMENT_AMOUNT | Amount paid by the customer; decimal separator is used. |
Purchase inner number | LMI_PAYMENT_NO | Number of a purchase in accordance with the accounting system of the merchant received by the service from the website of the merchant. |
Test mode flag | LMI_MODE | The parameter identifies the mode of the payment request processing. It may have two values: 0: The payment is made in the operative mode, funds are transferred from the customer's purse to the merchant's purse; 1: The payment is made in the test mode, funds are not transferred - the transfer is imitated. |
Bill number in WebMoney Transfer | LMI_SYS_INVS_NO | The bill number specified by the WebMoney Merchant Service during the payment request processing. It is a unique number in WebMoney Transfer |
Payment number in WebMoney Transfer | LMI_SYS_TRANS_NO | The payment number generated by the WebMoney Merchant Service during the processing of the payment request. It is a unique number in WebMoney Transfer. |
Customer's purse | LMI_PAYER_PURSE | Purse from which the customer has made the payment. |
Customer WM ID | LMI_PAYER_WM | WM identifier of the customer. |
Capitaller's WM ID | LMI_CAPITALLER_WMID | In case the customer makes payment by means of the Capitaller budget automation tool this field transmits the WMID of the given identifier with that the purse specified in LMI_PAYER_PURSE parameter belongs to the WMID specified in LMI_CAPITALLER_WMID, and LMI_PAYER_WM contains the identifier of the owner who has the access with permission to make payments in the given capitaller. |
WM card number(electronic checks) | LMI_PAYMER_NUMBER | Paymer.com check number or WM-card number; available only in case the customer pays with a Paymer check or a WM-card. |
Customer's Email | LMI_PAYMER_EMAIL | Email specified by the customer; available only in case the customer pays with a Paymer check or a WM-card. |
Customer's Email | Email specified by the customer; available only in case the customer pays with Bitcoin, Litecoin, Ethereum and USDT | |
WebMoney Check number | LMI_WMCHECK_NUMBER | Customer's WebMoney Check number (mobile phone number); available only in case the customer pays via WebMoney Check service (via payment terminals, cash points, checkout counters). |
Customer's phone number | LMI_TELEPAT_PHONENUMBER | Customer's mobile phone number; available only in case the customer pays via WM Keeper Mobile. |
Payment number in Keeper Mobile | LMI_TELEPAT_ORDERID | Transaction number in WM Keeper Mobile; available only in case the customer pays via WM Keeper Mobile. |
Credit period | LMI_PAYMENT_CREDITDAYS | In case the customer pays from their C-purse to the merchant's D-purse (credit sale variant) this parameter transmits credit period specified in days. We strongly recommend that you verify the equivalence of the value of this field in the prerequest form with that of the payment request form. |
Hold duration | LMI_HOLD | Hold duration (the period of unaccessibility of funds). If specified, the transaction is to be time-protected for the specified number of days. To receive the funds, the merchant has to complete the transaction on the merchant.wmtransfer.com website or call the XML-interface. If nothing of the above is done, the funds will return to the customer's purse as soon as the hold period has expired. |
Control signature | LMI_HASH | The control signature is used to verify the integrity of data and authenticate the sender. The control signature algorithm is described in this section . |
Control signature | LMI_HASH2 | The control signature is used to verify the integrity of data and authenticate the sender. The control signature algorithm is described in this section . |
Date and time of payment | LMI_SYS_TRANS_DATE | Date and time of payment processing in WebMoney Transfer in YYYYMMDD HH:MM:SS format. |
Secret Key | LMI_SECRET_KEY | Secret Key is known only to the merchant and Merchant WebMoney Transfer. The parameter will be empty if the Result URL is changed or not secured or the ' Send the secret key to the Result URL' option is disabled. |
E-invoicing payment method | LMI_SDP_TYPE | If this parameter is available that means the payment is to be performed by a method which does not require registration in the System; 4 - for Russian banks cards, 19 - Bitcoin, 20 - runpay MDL purse, 26 - Litecoin, 27 - Ethereum, 28 - USDT |
Comments | LMI_PAYMENT_DESC | A comment for the payment (UTF-8); serves so that the merchant can verify comments of payments for mismatches. This field is transmitted after the URLEncode function is processed. As the form sent from the merchant's site to the merchant.wmtransfer.com is transmitted by means of the client's browser, the merchant, if necessary, can verify not only the amount of payment but its original comment as well. Exhange and financial service should perform such verification obligatory. |
Country of location code | LMI_PAYER_COUNTRYID | ISO code https://en.wikipedia.org/wiki/ISO_3166-1 of a current country location indicated by a payer |
Сode of the country where the document was issued | LMI_PAYER_PCOUNTRYID | ISO code https://en.wikipedia.org/wiki/ISO_3166-1 of a passport-issuing country, if the passport data is indicated by a payer |
IP-address | LMI_PAYER_IP | IP-address of a payer for the moment of payment |
Merchant's parameteres | Set by the merchant | All the fields transmitted from the merchant's website in the 'Payment request form' without the "LMI_" or "_" prefix. |
Important!
The merchant should provide the verification of data sent in the 'Payment notification form' in accordance with the tips given here.
Sample. Fragment of the 'Payment notification form'
<html> <head> ... </head> <body> ... <form method="POST" action="<Result URL>"> <input type="hidden" name="LMI_PAYMENT_AMOUNT" value="1.0"> <input type="hidden" name="LMI_PAYMENT_NO" value="1"> <input type="hidden" name="LMI_PAYEE_PURSE" value="R397656178472"> <input type="hidden" name="LMI_MODE" value="1"> <input type="hidden" name="LMI_SYS_INVS_NO" value="281"> <input type="hidden" name="LMI_SYS_TRANS_NO" value="558"> <input type="hidden" name="LMI_PAYER_PURSE" value="R397656178472"> <input type="hidden" name="LMI_PAYER_WM" value="809399319852"> <input type="hidden" name="LMI_SYS_TRANS_DATE" value="20020314 14:01:14"> <input type="hidden" name="LMI_HASH" value="114128B8AEFD8CAA76D3CF75B9AEBC17"> <input type="hidden" name="LMI_HASH2" value="8ACAC8C59D6CA6EB0AD56DF5C0CE8BB4D096557C8AF0C642D7E5CE1344C107D8"> <input type="hidden" name="FIELD_1" value="VALUE_1"> <input type="hidden" name="FIELD_2" value="VALUE_2"> ... </form> .. </body> </html>
Settled payment form¶
The form transmits details of a settled payment to the merchant's site. The data is transmitted through the customer's browser only if the method of requesting the Success URL is 'GET' or 'Post'. The form has the following parameters and fields:
Action - Success URL
Method - method of requesting Success URL
Fields - fields transmitted in the form:
Field | HTML Field Name | Description |
Purchase inner number | LMI_PAYMENT_NO | The field transmits the number of a purchase in the accounting system of the merchant. Merchant WebMoney Transfer takes this number from the merchant's site. |
Bill number in WebMoney Transfer | LMI_SYS_INVS_NO | Bill number set by the merchant during the payment request processing. It is a unique number in WebMoney Transfer. |
Payment number in WebMoney Transfer | LMI_SYS_TRANS_NO | Number of a payment in WebMoney Transfer generated during the payment request processing by Merchant WebMoney Transfer. It is unique. |
Date and time of payment | LMI_SYS_TRANS_DATE | Date and time of payment processing in WebMoney Transfer in 'YYYYMMDD HH:MM:SS' format. |
WM card number(electronic checks) | LMI_PAYMER_NUMBER | Paymer.com check number or WM-card number; available only in case the customer pays with a Paymer check or a WM-card. |
Customer's Email | LMI_PAYMER_EMAIL | Email specified by the customer; available only in case the customer pays with a Paymer check or a WM-card. |
Customer's Email | Email specified by the customer; available only in case the customer pays with Bitcoin, Litecoin, Ethereum and USDT | |
WebMoney Check number | LMI_WMCHECK_NUMBER | Customer's WebMoney Check number (mobile phone number); available only in case the customer pays via WebMoney Check service (via payment terminals, cash points, checkout counters). |
Customer's phone number | LMI_TELEPAT_PHONENUMBER | Customer's mobile phone number; available only in case the customer pays via WM Keeper Mobile. |
Payment number in Keeper Mobile | LMI_TELEPAT_ORDERID | Transaction number in WM Keeper Mobile; available only in case the customer pays via WM Keeper Mobile. |
Credit period | LMI_PAYMENT_CREDITDAYS | In case the customer pays from their C-purse to the merchant's D-purse (credit sale variant) this parameter transmits credit period specified in days. We strongly recommend that you verify the equivalence of the value of this field in prerequest form with that of payment request form. |
Merchant's parameters | Set by the merchant | All the data transmitted from the merchant's website in the 'Payment request form' without the 'LMI_' or '_' prefix. |
Sample. Fragment of the 'Settled payment form"
<html> <head> ... </head> <body> ... <form method="<method of requesting Success URL>" action="<Success URL>"> <input type="hidden" name="LMI_PAYMENT_NO" value="1"> <input type="hidden" name="LMI_SYS_INVS_NO" value="281"> <input type="hidden" name="LMI_SYS_TRANS_NO" value="558"> <input type="hidden" name="LMI_SYS_TRANS_DATE" value="20020314 14:01:14"> <input type="hidden" name="FIELD_1" value="VALUE_1"> <input type="hidden" name="FIELD_2" value="VALUE_2"> ... </form> .. </body> </html>
Unsettled payment form¶
The form transmits the details of unsettled payments to the merchant's website. Data is transmitted through the customer's browser if the specified method of requesting the Success URL is 'GET' or 'POST'. The form has the following fields:
Action - Fail URL
Method - method of requesting Fail URL
Fields - fields are the same as in the settled payment form.
Sample. Fragment of the 'Unsettled payment form'
<html> <head> ... </head> <body> ... <form method="<method of requesting Fail URL>" action="<Fail URL>"> <input type="hidden" name="LMI_PAYMENT_NO" value="1"> <input type="hidden" name="LMI_SYS_INVS_NO" value=""> <input type="hidden" name="LMI_SYS_TRANS_NO" value=""> <input type="hidden" name="LMI_SYS_TRANS_DATE" value=""> <input type="hidden" name="FIELD_1" value="VALUE_1"> <input type="hidden" name="FIELD_2" value="VALUE_2"> ... </form> .. </body> </html>
VERIFICATION OF PAYMENT DATA¶
When the payment is made Merchant WebMoney Transfer sends a notification in the 'Payment notification form ' to the Result URL provided by the merchant.
We advise you to verify the data transmitted in the 'Payment notification form':
- Verify if the data have been sent by Merchant WebMoney Transfer (data source)
- Verify if the data has not been modified (data integrity)
- Verify the payment amount
- Verify the merchant's purse
- Verify the payment mode (test or operative mode)
Data source verification¶
The Secret Key must be known only to the merchant and Merchant WebMoney Transfer. The Secret Key may be used for authentication of a sender. There is a number of different ways to authenticate the sender:
- If the Result URL is secured and cannot be changed (edited),
the merchant may authenticate the sender in two different ways: - If the merchant does not want to verify the control signature he must enable the 'Send the Secret Key to the Result URL' option. In this case Merchant WebMoney Transfer will send the Secret Key to the merchant's website (in the 'LMI_SECRET_KEY' field of the payment notification form. The merchant will have to verify the secret key each time he receives the payment notification.
- The other way is to verify the control signature. The control signature is generated by Merchant WebMoney Transfer and is transmitted in the 'LMI_HASH' field.
This method is a bit more laborious but in this case the secret key will not be transmitted via the Internet. - If the Result URL is not secured or it can be changed ,
Merchant WebMoney Transfer will not send the Secret Key independent of whether or not the 'Send the Secret Key to the Result URL' option is enabled. Thus the merchant will have to verify the control signature.
Service Merchant use IP addresses
Data integrity verification¶
Merchant WebMoney Transfer notifies the merchant about the payment and sends payment details and control signature letting verify the integrity of data in a number of different ways depending on whether or not the Result URL is secured:
- If the Result URL is secured and cannot be changed ,
the merchant does not need to verify the control signature because the SSL protocol provides the security and integrity of data. - If the Result URL is not secured and can be changed ,
we advise you to verify the integrity of data by the control signature.
Control signature¶
The control signature lets the merchant verify the source of data and the integrity of data transferred to the Result URL in the 'Payment notification form '.
The control signature is generating by 'sticking' together values of parameters transmitted in the 'Payment notification form' in the following order:
- Merchant's purse (LMI_PAYEE_PURSE);
- Amount (LMI_PAYMENT_AMOUNT);
- Time-protection period for the payment with holding (LMI_HOLD); if missed, the string is generated excluding this parameter. If this parameter is present, it should be separated by the ; symbol (semicolon) on both sides from the other parameters of the string.
- Purchase number (LMI_PAYMENT_NO);
- Test mode flag (LMI_MODE);
- Account number in WebMoney Transfer (LMI_SYS_INVS_NO);
- Payment number in WebMoney Transfer (LMI_SYS_TRANS_NO);
- Date and time of payment (LMI_SYS_TRANS_DATE);
- Secret Key (LMI_SECRET_KEY);
- Customer's purse (LMI_PAYER_PURSE);
- Customer's WM id (LMI_PAYER_WM).
When merging the fields should be divided by the ; symbol (semicolon) or without any dividing symbols.
If dividing symbols are used the signed string should be sent in the LMI_HASH2 parameter. Otherwise - in the LMI_HASH parameter.
The control signature algorithm depends on parameters set by the merchant (SHA256 or SIGN).
SHA256 (* Secure Hash Algorithm *) computed with 32-bit words. SHA-256 algorithm generates an almost-unique, fixed size 256-bit (32-byte) hash (64 symbols string). Designed by the U.S. National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard (FIPS).
SIGN generates a sequence of 132 hexadecimal digits on the WebMoney Transfer digital signature algorithm with use of WMSignerX.
Verification of the control signature¶
The control signature may be verified manually on these pages - (SHA256, SIGN) - and automatically on the merchant's site by the following algorithm:
- SHA256
- Make a string by sticking together the parameters received in the 'Payment notification form' in the same order as in the control signature generation (see above). Remember that the Secret Key is used to generate the signature. Calculate the SHA256 of this string. Compare the calculated value with 'LMI_HASH' received through the 'Payment notification form'
- Calculate the SHA256 of this string
- Compare the calculated value with the value transmitted in the 'Payment notification form '.
If the generated signature coincides with the one transmitted in the ' Payment notification form', the data has not been changed and the source of the data is Merchant WebMoney Transfer.
- SIGN
- Make a string by sticking the parameters received in the 'Payment notification form' in the same order as at the control signature generation (see above). Remember that the Secret Key is used to generate the signature.
- Verify the digital signature. Use Interface X7. Specify the following parameters:
- TesterWMID - WM identifier of the merchant;
- ClientWMID - WM identifier of Merchant WebMoney Transfer that generates the digital signature of the payment notification. Its number is 967909998006.
- AccessMarker -string received at the first stage of sticking parameters of the 'Payment notification form ';
- ClientSignStr - control signature generated by Merchant WebMoney Transfer and transmitted to the website of the merchant in the 'Payment notification form' (the 'LMI_HASH' parameter);
- SignStr - digital signature of the request.
If the verification result is positive, the data has not been modified and has been sent by Merchant WebMoney Transfer.
Payment amount verification¶
The information forwarded through the parameter "LMI_PAYMENT_AMOUNT" containing the payment amount is to be obligatorily verified.
Verification of merchant's purse¶
Regardless of the fact that the customer cannot change the purse number we advise the merchant to verify the purse number transmitted in the 'LMI_PAYEE_PURSE' parameter, especially if he uses several purses in Merchant WebMoney Transfer.
Payment mode verification¶
Merchant WebMoney Transfer provides test payments. In order to set up the test mode, you should enable the 'Test/Work mode: '. The information about the current mode is transmitted in the 'LMI_MODE' parameter (1 - test mode, 0 - operative mode).
No real payments will be made in the test mode, but the service will transmit the data and imitate the payment.
Merchant WebMoney Transfer Testing¶
The 'Test/Work mode' parameter lets the merchants test the integration of their websites with Merchant WebMoney Transfer without making real payments. If the test mode is enabled the service will generate only test payments.
The merchant may set up the operative mode when he is sure that his website is integrated and operates correctly.
Samples¶
See also:
Checking transaction parameters, performed via Merchant WebMoney Transfer
Web Merchant Interface-Accepting payments via Paymer cheques WebMoney scratch cards or WM Note
Web Merchant Interface - Acceptance of payments from bank cards of Russian banks
Payment acceptance through bank cards P2P
Accepting payments in Bitcoin
Accepting payments in Ethereum
Accepting payments in USDT
Two Simple Steps to Accept WebMoney Payments
Merchant WebMoney Transfer
Paying for products and services using the Merchant service