DEVELOPER API



API METHODS

Payment Gateway Page URL

https://well-cash.com/?currency={CURRENCY}&amount={AMOUNT}&public_key={PUBLIC_KEY}&redirect_uri={REDIRECT_URI}&callback_uri={CALLBACK_URI}&order={ORDER_ID}

{CURRENCY} - cryptocurrency or token code (BTC, ETH, PCT, etc)

{AMOUNT} - amount you want to charge from the user in USD

{PUBLIC_KEY} - your personal Public Key

{REDIRECT_URI} - URL where the user is redirected to after successful payment

{CALLBACK_URI} - URL address for the payment callback API method. Usually used to check Payment details on the Seller’s website side.

{ORDER_ID} - Arbitrary Number/unique Order ID which is passed to {CALLBACK_URI} to match payment confirmations with the order(s).


Payment Callback

Payment callback is used to notify the Merchant about a completed payment.

When a payment is complete, the following POST request is made to {CALLBACK_URI} parameter defined in the previous section. This request also contains HMAC signature to protect Merchant from spoofing.

POST {CALLBACK_URI}

Body: {"_id":"{_ID}","order":"{ORDER_ID}","publicKey":"{PUBLIC_KEY}","amount":"{AMOUNT}","sign":"{SIGN}"}

where,

{_ID} - Unique contract ID

{ORDER_ID} - Arbitrary Number/unique Order ID which is passed to {CALLBACK_URI} to match payment confirmations with order(s)

{AMOUNT} - Amount charged from payer in cryptocurrency

{PUBLIC_KEY} - Merchant ID

{SIGN} - HMAC signature


HMAC Signature

This signature is used to validate that the payment has been initiated by you and is not spoofed. Validation process is described below:

Exclude ‘sign’ parameter from Payment Callback request and sort them in alphabetically ascending order.

{"_id":"{_ID}",“amount”:"{AMOUNT}",“order”:"{ORDER_ID}",“publicKey”:"{PUBLIC_KEY}"}

Concatenate all parameters from Payment Callback request excluding ‘sign’ parameter.

_id=5ced1515ace138038daebec9&amount=0.0037109&order=555&publicKey=1gmnhp1jtu8memt

Create HMAC Signature using SHA512 algorithm, with Merchant API Secret as HMAC key:

HMAC_SHA512("{MERCHANT_API_SECRET}", “_id=5ced1515ace138038daebec9&amount=0.0037109&order=555&publicKey=1gmnhp1jtu8memt”)

Compare the generated signature with parameter ‘sign’ from the Payment Callback request - if they are equal, you can trust this request.