PAYONE Documentation Platform

To create and manage PAYONE Links we provide the following API.

Authorization takes place via the Authorization header in the HTTP request and is subject to the following schema:

---end

Authorization header example
`Authorization: payone-hmac-sha256 VP35q2dC855VYEs0nzqTCbAx2BAUq1+oO1yByuvPcl4=`

---end

Create/Update Link

---end

The total amount is calculated as follows from the shopping cart:

shoppingCart
`"shoppingCart": [ { "type": "goods", "number": "article1", "price": 25, "quantity": 2, "vatRate": 7 }, { "type": "goods", "number": "article2", "price": 50, "quantity": 1, "vatRate": 7 } ]`

---end

Total amount calculation
`article1.price * article1.quantity + article2.price * article2.quantity = totalAmount`

---end

The token is now calculated in the following way:

Concatenating principle
`merchantId + accountId + portalId + mode + reference + totalAmount + currency = dataToBeSigned`

---end

Concatenating example
`18333 + 18334 + 2111222 + LIVE + uniqueReference + 100 + EUR = 18333183342111222LIVEuniqueReference100EUR`

---end

HmacSAH256 principle
`HmacSHA256(dataToBeSigned, portalKey) = signature`

---end

HmacSHA256 example
`HmacSHA256(18333183342111222LIVEuniqueReference100EUR, superSecret) = signature`

---end

Base64 principle
`Base64(signature) = token`

---end

Base64 example
`Base64(signature) = cBSvOHskJqf0Si/5ZP+mlM8lCm0zvT/YbH6MvvQWNBs=`

---end

Finally we put the result in the header and get the request header:

Example header
`Authorization: payone-hmac-sha256 cBSvOHskJqf0Si/5ZP+mlM8lCm0zvT/YbH6MvvQWNBs=`

---end

The principle remains the same the data to be signed is now: linkId

Example get single link
`Base64(HmacSHA256(linkId, portalKey))`

---end

The principle remains the same:

Get all links
`Base64(HmacSHA256(merchantId + accountId + portalId + mode, portalKey))`