Technical documentation for connection with ePay.bg ONE TOUCH

Content


Description
Communication
Application authorization. Issuing of token.
Information about user, payment instruments
Sending money
Payment by not registered used

Description

ePay.bg ONE TOUCH is interface for communication with ePay.bg servers. To use it you must have a registered application that the users of ePay.bg authorize to carry out certain actions. Every application has a secret key (SECRET), its own address (REPLY_ADDRESS – address of your page, on which we send different requests in case of a WEB application or URL Scheme of your mobile application), to which we provide feedback and unique identifier (APPID) that you send with every request to our servers. Depending on the rights of your application, it may be necessary with every request to send a parameter (checksum) certifying that the request comes from you. Contact the Commercial Department to register your application.
Depending on your needs, the application may provide different options to clients – bills check and payment,10 digits code payment, sending and receiving money, review of history and balances of payment instruments, etc. Users may use your application even without account in ePay.bg or authorize it to access their account in ePay.bg, may choose whether and which of the registered Microaccounts (an internal account that every user of ePay.bg has) and bank cards to use or to add new ones. After successfully completed authorization, we issue an identifier for user permissions (TOKEN) , which you must use in your requests to us on behalf of the user. Apart from APPID and TOKEN, with every request you must also send a unique identifier of the device used by the user (DEVICEID).

Communication with ePay.bg servers

The communication with ePay.bg servers is carried out through JSON REST API. If your request is successful, you will receive a response containing "status": "OK" and possibly other data according to the request, otherwise you will receive { "status" : "ERR", "err" : "SOME_ERROR_CODE", "errm" : "A message that you can show to the user" }
The entry points for testing purposes are:
API_BASE = https://demo.epay.bg/xdev/api - main communication address, to which you send your requests. API_BASE_WEB = https://demo.epay.bg/xdev/mobile - address for WEB communication with ePay.bg, requests to it should be made in a modern browser.
If a checksum validating the request is required, it must be sent with parameter APPCHECK, and is generated in the following way:
checksum = hmac_sha1_hex ( request_data , SECRET ), where request_data represents lines concatenated with NEWLINE, containing stuck upper_case(PARAM_NAME) and param_value, sorted in ascending order by PARAM_NAME. If the request requires TOKEN, you must add the user’s client number + NEWLINE

Application authorization. Receipt and invalidation of TOKEN

Upon registration, regardless whether requests to us come from your servers or directly from the devices of end users, each request must contain unique identifiers of the application (APPID), the device (DEVICEID) and the user (TOKEN).
A good idea for device identifier (DEVICEID) is to use Vendor ID in iOS or ANDROID_ID in Android.
After you have contacted our Commercial Department, registered your application and have its identifier (APPID), you should request the user of ePay.bg to authorize it for the actions chosen by you and if the procedure is successful, you will be able to get the last necessary identifier (TOKEN).

  • Getting TOKEN
The sequence is as follows:
1. First, you redirect the user to an address for application authorization in a browser:
GET request to API_BASE_WEB/api/start, containing mandatory parameters:
DEVICEID, APPID, KEY – unique key by which you search the result of the request later on.
It is desirable to also send user’s device data that is used for information and management of the authorizations on a later stage:
DEVICE_NAME, BRAND, OS , MODEL, OS_VERSION, PHONE
If your application only works with users registered in ePay.bg, you may submit parameter UTYPE with value 1; if you want users who are not registered, you must use UTYPE = 2
Sample authorization request https://demo.epay.bg/xdev/mobile/api/start?APPID=appid&DEVICEID=deviceid&KEY=uniq_key&DEVICE_NAME=myphone&BRAND=iPhone&OS=iOS&MODEL=iPhone5s&OS_VERSION=8.0&PHONE=1
Result: Depending on whether the authorization is successful or not, we will show the user a link with address REPLY_URI/authok upon success and REPLY_URI/authagain upon failure for mobile applications or REPLY_ADDRESS/?ret=authok, REPLY_ADDRESS/?ret=authagain for web applications. These links should open your mobile application or lead to your web page.
2. Verification of the authorization outcome: After the user has been returned to your mobile application or your WEB page, in case of successful authorization within 2 minutes you should get a code for issuing a TOKEN with:
GET request to API_BASE/api/code/get , containing mandatory parameters:
DEVICEID, APPID, KEY - unique key from the previous request
Sample request: https://demo.epay.bg/xdev/api/api/code/get?APPID=appid&DEVICEID=deviceid&KEY=uniq_key
Response:
{"status": "OK", "code": "token_code" } The same response may be obtained also by sending the above request, without waiting for the user to return to your application/page, because the user may not do it. If the authorization is denied or not completed, you will receive reply { "status" : "ERR" , "err" : "SOME_ERR" , "errm" : "error to show to user" }
3. Actual receipt of TOKEN:
GET request to API_BASE/api/token/get, response: {"status": "OK", "TOKEN": "token_string","EXPIRES":"expire_unixtime","KIN":"client uniq number" , "USERNAME" : "client username", "REALNAME": "client real name" }
From now on, all requests must contain APPID, DEVICEID and ТOKEN.

  • TOKEN Invalidation
GET request to API_BASE/api/token/invalidate ( mandatory parameters APPID, DEVICEID, TOKEN )

Information about user, payment instruments


  • General information about user
GET request to API_BASE/user/info ( parameter PINS = 1 must be submitted if you request information about user’s payment instruments )
Response:
{
    "status":"OK",
    "userinfo": {
        "GSM":"",
        "PIC":"user picture address",
        "REAL_NAME":"name of ePay.bg user",
        "ID":"user identifier",
        "KIN":"Client Identification Number",
        "EMAIL":"user@email.com"
    },
    "payment_instruments":[
            {   
                "ID":"Payment instrument identifier, passed upon payment",
                "VERIFIED":1, /* Is the payment instrument verified */
                "PIC":"",/* Picture according to the type of payment instrument - mictoaccount, visa, mastercard */
                "BALANCE":"21015", /* stotinki  */
                "NAME":"Microaccount", /* ePay.bg microaccount or bank card */
                "TYPE":2, /* 1 - bank card, 2 - microaccount  */
                "EXPIRES":"" /* expiration date of payment instrument , MM/YYYY, mictoaccounts do not expire */
            },
            {
                "PIC":"",
                "BALANCE":"", /* the balance of the bank cards is requested by the user separately for each card, because usually banks have a fee for that operation  */
                "ID":"UsYGw8-pTlZU4DJOAYT914hLVte6sRaUsdWXuK1wELs",
                "VERIFIED":1,
                "TYPE":1,
                "EXPIRES":"03/2017",
                "NAME":"the name of the card given by the user"
            },
        ],


}   
                        

  • Payment instruments information
GET request to API_BASE/user/info/pins
Response:
{
    "status":"OK",
    "payment_instruments":[
        {
            "NAME":"Microaccount",
            "ID":"UsYGw8-pTlZU4DJOAYT919QVd1EXm2KQ8iD9-2Mr-dQ",
            "PIC":"",
            "CARD_TYPE":"", /* first digit of the PAN of the card if it is a bank card */
            "EXPIRES":"",
            "BALANCE":"9808668", /* stotinki */
            "VERIFIED":1,
            "CARD_TYPE_COUNTRY":"", /* Country where the card is issued */
            "CARD_TYPE_DESCR":"", /* payment instrumen information */
            "TYPE":2    
        },
        {
            "VERIFIED":1,
            "EXPIRES":"12/2015",
            "BALANCE":"",
            "CARD_TYPE":"6",
            "ID":"UsYGw8-pTlZU4DJOAYT91xPUP8YqpocJScram3nKxVs",
            "NAME":"FIB Maestro",
            "PIC":"",
            "CARD_TYPE_DESCR":"",
            "CARD_TYPE_COUNTRY":"",
            "TYPE":1
        },
        {
            "CARD_TYPE":"5",
            "PIC":"",
            "ID":"UsYGw8-pTlZU4DJOAYT914wtfCccfrIbeMWwUDFeuOM",
            "NAME":"CCB MC 3",
            "VERIFIED":1,
            "EXPIRES":"12/2015",
            "BALANCE":"",
            "CARD_TYPE_COUNTRY":"",
            "TYPE":1,
            "CARD_TYPE_DESCR":"MasterCard"
        },
    ]
}

    

  • Payment instruments balance information

This request should only be made after user confirmation, because most of the banks have fees for checking the balance
Checking the balance of a microaccount is performed with one request that receives response immediately.
Microaccount example:
GET request to API_BASE/user/info/pins/balance?PINS=pin_id_microaccount + mandatory APPID,DEVICEID,TOKEN
Response:
{
    "payment_instruments":[
        {
            "NAME":"Microaccount",
            "ID":"UsYGw8-pTlZU4DJOAYT919QVd1EXm2KQ8iD9-2Mr-dQ",
            "STATUS":"OK",
            "EXPIRES":"",
            "BALANCE":"9808668", /* microaccount balance is immediately returned (without secondary check needed) */
            "TYPE":2
        }
    ],
    "status":"OK"
}

Balance of bank cards is checked by two requests performed consecutively.
First, GET request to API_BASE/user/info/pins/balance with parameter PINS = pin_id1,pin_id2,pin_idN must be made.
STATUS and BALANCE are returned in its response for every checked payment instrument.
If STATUS = "CHECK", CHECKID = "check_idN" is also returned. If STATUS = "ОК" or BALANCE = "balance in stotinki", there is no need of new check, but if STATUS = "CHECK" or BALANCE = "", GET request to API_BASE/user/info/pins/balance with parameter PINS = pin_id1,pin_id2,pin_idN and parameter CHECKIDS=check_id1,check_idN should be made.
GET to API_BASE/user/info/pins/balance with parameters PINS = pin_id1,pin_id2,pin_idN and CHECKIDS=check_id1,check_idN
This request may be made repeatedly until you get STATUS="OK" and BALANCE="balance in stotinki" or STATUS="ERR"; a good idea is to make it within a certain timeout.
If the parameter CHECKIDS=check_id1, check_idN is not submitted, the user may be charged again as most of the banks charge for this operation.
Example:
1. GET API_BASE/user/info/pins/balance?appid=YourAppID&token=SomeToken&deviceid=DEVICEID&pins=UsYGw8-pTlZU4DJOAYT914wtfCccfrIbeMWwUDFeuOM
Response:
{
    "payment_instruments":[
        {
            "NAME":"CCB MC 3",
            "ID":"UsYGw8-pTlZU4DJOAYT914wtfCccfrIbeMWwUDFeuOM",
            "STATUS":"CHECK", /*
             if the status is CHECK  the request for the check is received, to see the result from it you need to send the same request and to add parameter  CHECKIDS = respective  CHECKID numbers
            */
            "CHECKID":"UsYGw8-pTlZU4DJOAYT91xVabb7Od-EXo7Cd4K_0CiY", /* to be sent with next request */
            "BALANCE":"",
            "EXPIRES":"",
            "TYPE":1
        }
    ],
    "status":"OK"
}

2. GET API_BASE/user/info/pins/balance?appid=YourAppID&token=SomeToken&deviceid=DEVICEID&pins=UsYGw8-pTlZU4DJOAYT914wtfCccfrIbeMWwUDFeuOM&checkids=UsYGw8-pTlZU4DJOAYT91xVabb7Od-EXo7Cd4K_0CiY
Response:
    {
        "status":"OK",
        "payment_instruments":[
            {
                "TYPE":1,
                "ERR":"ECHECK",
                "ID":"UsYGw8-pTlZU4DJOAYT914wtfCccfrIbeMWwUDFeuOM",
                "NAME":"FIB Maestro",
                "ERRM":"Invalid data. (514)", /* Error that can be displayed to end user */
                "STATUS":"ERR",
                "BALANCE":"",
                "EXPIRES":""
            }
        ]
    }

Successful response to the same request:
    {
        "status":"OK",
        "payment_instruments":[
            {
                "TYPE":1,
                "ID":"UsYGw8-pTlZU4DJOAYT914wtfCccfrIbeMWwUDFeuOM",
                "NAME":"FIB Maestro",
                "STATUS":"OK",
                "BALANCE":"34534",
                "EXPIRES":"03/2016"
            }
        ]
    }


Money send

ePay.bg ONE TOUCH helps users send money to another user of ePay.bg. Depending on the rights of your application, users can send money to all or certain application beneficiaries. The payment can be made both with a payment instrument already added to the application, and with a new card on the mobile page of ePay.bg. Payment is made in three steps: Receiving payment code, Checking the parameters, Payment request.
  • Receiving payment identifier
This identifier is used in subsequent requests - (payment tax) checks, payment and payment status request
POST to API_BASE/payment/init , with parameter TYPE="send" .
Id is returned in the response, that is used in subsequent requests.
Parameter EXP=Unix Time - add ID expiration time
                    
{   
    "payment": {
        "ID":"UsYGw8-pTlZU4DJOAYT91_v-l30SMjADFA6AYPWYbJI"
    },
    "status":"OK"
}
>

POST to API_BASE/payment/init, with params ID, TYPE="send"
{
    "payment":{
        "ID":"String"
    },
    "status":"String"
}

  • Checking the parameters provided by the user.
This request should be made after the user inputs or changes amount or chooses a payment instrument; the response contains payment fees
POST to API_BASE/payment/check, with parameter ID (from API_BASE/payment/init response), TYPE="send", AMOUNT=stotinki, RCPT=recipient, RCPT_TYPE=recipient type, DESCRIPTION=payment description, REASON=payment reason, PINS(payment instrument to be used, if none given taxes for all that can be used are returned) , SHOW=what information about the sender should see the recipient
RCPT_TYPE could be KIN-Client identification number,GSM-mobile number of recipient registered in ePay.bg, EMAIL-recipient email registered in ePay.bg
SHOW could be one or more of GSM,KIN,EMAIL,NAME, divided by','. KIN is used by default
{
    "payment":{
        "ID":"UsYGw8-pTlZU4DJOAYT91_v-l30SMjADFA6AYPWYbJI",
        "PAYMENT_INSTRUMENTS":[
            {   
                "NAME":"ПИБ Маестро",
                "TAX":1,
                "ID":"UsYGw8-pTlZU4DJOAYT91xPUP8YqpocJScram3nKxVs",
                "STATUS":"OK",
                "TOTAL":35
            }
        ],
        "AMOUNT":34,
        "DATA":{
            "RCPT_TYPE":"KIN",
            "RCPT":"3894711478"
        }
    },
    "status":"OK"
}

POST to API_BASE/payment/check, with parameter ID, TYPE="send", AMOUNT, RCPT, RCPT_TYPE, DESCRIPTION, REASON, PINS , SHOW
{
    "payment":{
        "ID":"String",
        "PAYMENT_INSTRUMENTS":[
            {   
                "NAME":"String",
                "TAX":Integer,
                "ID":"String",
                "STATUS":"String",
                "TOTAL":Integer
            }
        ],
        "AMOUNT":Integer,
        "DATA":{
            "RCPT_TYPE":"String",
            "RCPT":"String"
        }
    },
    "status":"String"
}


  • Money send
POST to API_BASE/payment/send/user , with parameters AMOUNT, DESCRIPTION, PINS,RCPT,RCPT_TYPE, REASON,ID,SHOW=KIN,NAME,EMAIL,GSM
STATE contains payment result. It could be 2 - Processing, 3 - Successful, 4 - Not successful payment.
Response:
{
    "payment": {
        "SHOW.NAME":0,
        "SHOW.KIN":1,
        "SHOW.GSM":0,
        "TOTAL":35,
        "PINS":"UsYGw8-pTlZU4DJOAYT918PwRo4yHpe9i2EP4MXhQYVswVNAZdgJUljcrW22_Z9D9frQUAwOWHst\nN924CNqh3A",
        "STATE":2, 
        "RCPT_TYPE":"KIN",
        "TAX":1,
        "REASON":"",
        "SHOW.EMAIL":0,
        "STATE.TEXT":"Processing",
        "SHOW":"6051143866",
        "RCPT":"3894711478",
        "AMOUNT":34,
        "DESCRIPTION":"",
        "SHOW.PIC":0,
        "NO":"",
        "ID":"UsYGw8-pTlZU4DJOAYT91_v-l30SMjADFA6AYPWYbJI"
    },
    "status":"OK"
}


POST to API_BASE/payment/send/user , with parameters AMOUNT, DESCRIPTION, PINS,RCPT,RCPT_TYPE, REASON,ID,SHOW=KIN,NAME,EMAIL,GSM
{
    "payment": {
        "SHOW.NAME":Integer,
        "SHOW.KIN":Integer,
        "SHOW.GSM":Integer,
        "TOTAL":Integer,
        "PINS":"String",
        "STATE":Integer, 
        "RCPT_TYPE":"String",
        "TAX":Integer,
        "REASON":"String",
        "SHOW.EMAIL":Integer,
        "STATE.TEXT":"String",
        "SHOW":"String",
        "RCPT":"String",
        "AMOUNT":Integer,
        "DESCRIPTION":"String",
        "SHOW.PIC":Integer,
        "NO":"String",
        "ID":"String"
    },
    "status":"String"
}


  • Money send result
POST to API_BASE/payment/send/status , with parameter ID
STATE key in the response holds payment result. 2 - Processing, 3 - Success, 4 - Failure. STATE.TEXT is user frindly message.
Response:
{
    "status":"OK",
    "payment":{
        "RCPT":"3894711478",
        "SHOW":"6051143866",
        "STATE.TEXT":"Unsuccessful payment(Invalid data. (514))",
        "SHOW.EMAIL":"",
        "NO":"",
        "ID":"UsYGw8-pTlZU4DJOAYT91_v-l30SMjADFA6AYPWYbJI",
        "DESCRIPTION":"",
        "AMOUNT":34,
        "SHOW.GSM":"",
        "SHOW.KIN":"6051143866",
        "SHOW.NAME":"",
        "TAX":1,
        "REASON":"",
        "RCPT_TYPE":"KIN",
        "STATE":4,
        "TOTAL":35,
        "PINS":"UsYGw8-pTlZU4DJOAYT918PwRo4yHpe9i2EP4MXhQYVswVNAZdgJUljcrW22_Z9D9frQUAwOWHst\nN924CNqh3A"
    }
}

or if card is not save

{
    "status": "OK",
    "payment": { 
        "ID":  "UsYGw8-pTlZU4DJOAYT915SmHpAR07b9BTHwjlZMrIM",
        "RCPT_TYPE": "KIN",
        "SHOW.EMAIL": "",
        "SHOW.NAME": "",
        "TAX": 102,
        "NO": "",
        "STATE.TEXT": "Извършено плащане", /* Payment made */
        "SHOW.GSM": "",
        "REASON": "reason",
        "SHOW": "4303137865",
        "AMOUNT":  50,
        "RCPT": "4470411058",
        "SHOW.KIN": "4303137865",
        "TOTAL": 152,
        "DESCRIPTION": "DESCR",
        "STATE": 3
    },
    "paid_with": {
        "CARD_TYPE_COUNTRY": "",
        "CARD_TYPE_DESCR": "Visa",
        "CARD_TYPE": "4",
        "TYPE": 1
    },
    "savecard": 0
}


Request to API_BASE/payment/send/status, with param ID
{
    "status":"String",
    "payment":{
        "RCPT":"String",
        "SHOW":"String",
        "STATE.TEXT":"String",
        "SHOW.EMAIL":"String",
        "NO":"String",
        "ID":"String",
        "DESCRIPTION":"String",
        "AMOUNT":Integer,
        "SHOW.GSM":"String",
        "SHOW.KIN":"String",
        "SHOW.NAME":"String",
        "TAX":Integer,
        "REASON":"String",
        "RCPT_TYPE":"String",
        "STATE":Integer,
        "TOTAL":Integer,
        "PINS":"String"
    }
}

or if card is not save

{
    "status":"String",
    "payment":{
        "RCPT":"String",
        "SHOW":"String",
        "STATE.TEXT":"String",
        "SHOW.EMAIL":"String",
        "NO":"String",
        "ID":"String",
        "DESCRIPTION":"String",
        "AMOUNT":Integer,
        "SHOW.GSM":"String",
        "SHOW.KIN":"String",
        "SHOW.NAME":"String",
        "TAX":Integer,
        "REASON":"String",
        "RCPT_TYPE":"String",
        "STATE":Integer,
        "TOTAL":Integer,
        "PINS":"String"
    }
    "paid_with": {
        "CARD_TYPE_COUNTRY": "String",
        "CARD_TYPE_DESCR": "String",
        "CARD_TYPE": "String",
        "TYPE": Integer
    },
    "savecard": Integer
}


Payment by not registered user

Creates user and generates token (TOKEN), with which the user can make payment. Request API_BASE_WEB/api/payment/noreg/send with GET or POST containing:
- APPID - application id,
- DEVICEID - device id string,
- ID - unique key, used to get the result of the request later,
- AMOUNT - amount to pay in stotinki ,
- RCPT - Recipient KIN,
- RCPT_TYPE = KIN,
- DESCRIPTION - description,
- REASON - reason,

- SAVECARD - the parameter is optional, if exists SAVECARD=1 the card will be automatically saved for future payments

- CHECKSUM - checksum generated this way:
hmac_sha1_hex ( request_data , SECRET ), where request_data is concatenated by NEWLINE(\n) rows, each row contains
PARAM_NAME and param_value, rows are sorted by PARAM_NAME ASC . Example:
PARAM_NAME1param_value1\nPARAM_NAME2param_value2\n...PARAM_NAMENparam_valueN\n
Keep in mind the newline on the last row ( after the last param_value )

GET API_BASE_WEB/api/payment/noreg/send, containting APPID, DEVICEID, ID, AMOUNT, RCPT, RCPT_TYPE, DESCRIPTION, REASON, CHECKSUM
            API_BASE_WEB/api/payment/noreg/send?APPID=2143960160650364377823089976443473298565779337965372776022890068&DEVICEID=1231234&ID=124345678&AMOUNT=10&RCPT=8897458022&RCPT_TYPE=KIN&DESCRIPTION=some descr&REASON=some reason&checksum=c1e47b922bf2c304380c86f3e658ed61de19c192
    

Automatically saved card for future payments
GET API_BASE_WEB/api/payment/noreg/send, containting APPID, DEVICEID, ID, AMOUNT, RCPT, RCPT_TYPE, DESCRIPTION, REASON, SAVECARD, CHECKSUM
            API_BASE_WEB/api/payment/noreg/send?APPID=2143960160650364377823089976443473298565779337965372776022890068&DEVICEID=1231234&ID=124345678&AMOUNT=10&RCPT=8897458022&RCPT_TYPE=KIN&DESCRIPTION=some descr&REASON=some reason&SAVECARD=1&checksum=c1e47b922bf2c304380c86f3e658ed61de19c192
    

  • Information about payment by not registered user
You could check the status of the payment by not registered user with:
GET API_BASE/api/payment/noreg/send/status, containing APPID, DEVICEID, ID - unique key,
RCPT - recipient, KIN (client identification number ).
In the response in "payment" object the result is in STATE key. It could be 2 - Processing, 3 - Success,
4 - Not successful payment, in key STATE.TEXT you can see status that can be shown to the end user, АMOUNT is the payment amount
in stotinki, TAX is the tax in stotinki, TOTAL = AMOUNT + TAX in stotinki, RCPT is Client identification number (KIN)
of the recipient, PAYER_KIN is client identification number (KIN) of the sender, REASON contains some reason for payment
, DESCRIPTION - some description, TOKEN contains user identifier (TOKEN)
If during the payment the user chose to keep the card in payment_instrument object can be found
ID - card id, NAME - card name, CARD_TYPE - first digit of card number, CARD_TYPE_DESCR - payment instrument info
, TYPE = 1 (bank card), EXPIRES - mm/YYYY, VERIFIED - 0 -card is not verified
or 1 card was verified, CARD_TYPE_COUNTRY - card issuer country
Response:
GET API_BASE/api/payment/noreg/send/status, containing APPID, DEVICEID, ID, RCPT
{
    "payment":{
        "REASON":"some reason",
        "DESCRIPTION":"Description",
        "AMOUNT":10,
        "TAX":100,
        "TOTAL":110,
        "RCPT_TYPE":"KIN",
        "RCPT":"8897458022",
        "PAYER_KIN":"5112074184"
        "STATE":2,
        "STATE.TEXT":"Processing",
        "TOKEN": "99823906809141864859059099131376",
    },
    "status":"OK"
} 

or with card save:
{
    "payment":{
        "REASON":"reason",
        "DESCRIPTION":"description",
        "AMOUNT":10,
        "TAX":100,
        "TOTAL":110,
        "RCPT_TYPE":"KIN",
        "RCPT":"8897458022",
        "PAYER_KIN":"5112074184"
        "STATE":2,
        "STATE.TEXT":"Processing",
        "TOKEN": "99823906809141864859059099131376",
    },
    "payment_instrument": {
        "ID": "UsYGw8-pTlZU4DJOAYT911cDTSmYoCcPYIAaLZp-1FQ",
        "CARD_REF": "c8fb30bdaed9d9721b4ac215251333900548cca18575ae1f017566c12f8ee626",
        "NAME": "Visa***1111",
        "CARD_TYPE": 4,
        "TYPE": 1,
        "CARD_TYPE_DESCR": "Visa",
        "EXPIRES": "04/2020",
        "VERIFIED": 0,
        "CARD_TYPE_COUNTRY": ""
    },
    "savecard": 1,
    "status":"OK"
} 

or with card which is not save:
{
    "payment":{
        "REASON":"reason",
        "DESCRIPTION":"description",
        "AMOUNT":10,
        "TAX":100,
        "TOTAL":110,
        "RCPT_TYPE":"KIN",
        "RCPT":"8897458022",
        "PAYER_KIN":"5112074184"
        "STATE":2,
        "STATE.TEXT":"Processing",
        "TOKEN": "99823906809141864859059099131376",
    },
    "paid_with": {
        "CARD_TYPE": 4,
        "TYPE": 1,
        "CARD_TYPE_DESCR": "Visa",
        "CARD_TYPE_COUNTRY": ""
    },
    "savecard": 0,
    "status":"OK"
}

or if the request is not paid:
{
    "msg":"NOT PAID",
    "status":"OK"
}