NAV Navbar
shell(cURL) PHP Java

Getting started

Follow this steps to start processing payments with Astropay API:

alt steps

  1. Register: Create your AstropayCard account in our site: https://merchant.astropaycard.com/sign_up

  2. Get Credentials: After the registration is finished you will have access to your credentials, your account configuration and your Back-Office at: https://merchant.astropaycard.com

  3. Integrate API: Follow the instructions of this reference to integrate the products you prefer.

  4. Process payments: Start processing your payment with Astropay!

Credentials

Authenticate your account by including your key in API requests as described below. You can manage your API keys in the Back-Office. Those API keys carry many privileges, so be sure to keep them secure! Do not share it in publicly accessible areas such GitHub, client-side code, and so forth.

All API requests must be made over HTTPS and by POST. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Environment

We currently have two environments available.

The sandbox environment, where you should do all the tests to integrate with our API. Money here is not real. There are test cards in this documentation. You can ask your Technical Account Manager for more cards in different amounts or currencies.

Sandbox Environment URL: https://sandbox-api.astropaycard.com

The production environment, which you should be when you know the integration is working fine because we use real money here.

Production Environment URL: https://api.astropaycard.com

Available endpoints

Deposits endpoints

API endpoint Description
Do a deposit Used to send and process transaction requests. You are going to use this WebService to authorize, capture and refund transactions.
Deposit Status Will provide information about transactions.

Cashouts endpoints

API endpoint Description
Send Cashout Card to Mobile Used to send an AstroPay Card to a mobile phone using the mobile number or the AstroPay App ID.
Check if a user has the App installed Lets you check if a user has the AstroPay Card App installed in their mobile number.
Check status of a Cashout Card Returns the status of a specific cashout card.
Cancel a Cashout Card Used to cancel a specific cashout card. Only available for Cashout Cards on PENDING status. click HERE to learn more about Cashout Card statuses

Deposits

Do a Deposit

Do a deposit request using AstroPay Card

API endpoint

POST /verif/validator

Try it out/Examples

curl -X POST \
  'https://sandbox-api.astropaycard.com/verif/validator?x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_type=AUTH_CAPTURE&x_card_num=&x_card_code=&x_exp_date=&x_amount=&x_currency=&x_unique_id=&x_invoice_num=' \
  -H 'Accept: */*' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Length: 244' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Host: sandbox-api.astropaycard.com' \
  -H 'cache-control: no-cache' \
  -d 'x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_type=AUTH_CAPTURE&x_card_num=1111111111111111&x_card_code=1234&x_exp_date=12-2020&x_amount=100.00&x_currency=USD&x_unique_id=1234567&x_invoice_num=123456789'
<?php

$request = new HttpRequest();
$request->setUrl('https://sandbox-api.astropaycard.com/verif/validator');
$request->setMethod(HTTP_METH_POST);

$request->setQueryData(array(
  'x_login' => 'NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG',
  'x_trans_key' => 'WvbwyqStoyHhbom05EZlwDVrqj4M6sKf',
  'x_type' => 'AUTH_CAPTURE',
  'x_card_num' => '',
  'x_card_code' => '',
  'x_exp_date' => '',
  'x_amount' => '',
  'x_currency' => '',
  'x_unique_id' => '',
  'x_invoice_num' => ''
));

$request->setHeaders(array(
  'cache-control' => 'no-cache',
  'Connection' => 'keep-alive',
  'Content-Length' => '244',
  'Accept-Encoding' => 'gzip, deflate',
  'Host' => 'sandbox-api.astropaycard.com',
  'Cache-Control' => 'no-cache',
  'Accept' => '*/*',
  'Content-Type' => 'application/x-www-form-urlencoded'
));

$request->setContentType('application/x-www-form-urlencoded');
$request->setPostFields(array(
  'x_login' => 'NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG',
  'x_trans_key' => 'WvbwyqStoyHhbom05EZlwDVrqj4M6sKf',
  'x_type' => 'AUTH_CAPTURE',
  'x_card_num' => '1111111111111111',
  'x_card_code' => '1234',
  'x_exp_date' => '12-2020',
  'x_amount' => '100.00',
  'x_currency' => 'USD',
  'x_unique_id' => '1234567',
  'x_invoice_num' => '123456789'
));

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_type=AUTH_CAPTURE&x_card_num=1111111111111111&x_card_code=1234&x_exp_date=12-2020&x_amount=100.00&x_currency=USD&x_unique_id=1234567&x_invoice_num=123456789");
Request request = new Request.Builder()
  .url("https://sandbox-api.astropaycard.com/verif/validator?x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_type=AUTH_CAPTURE&x_card_num=&x_card_code=&x_exp_date=&x_amount=&x_currency=&x_unique_id=&x_invoice_num=")
  .post(body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .addHeader("Accept", "*/*")
  .addHeader("Cache-Control", "no-cache")
  .addHeader("Host", "sandbox-api.astropaycard.com")
  .addHeader("Accept-Encoding", "gzip, deflate")
  .addHeader("Content-Length", "244")
  .addHeader("Connection", "keep-alive")
  .addHeader("cache-control", "no-cache")
  .build();

Response response = client.newCall(request).execute();

Request parameters (Form)

Field Description Type Example
x_login
REQUIRED
Your merchant ID in Astropay platform String (15) AsGsd35Grf 1
x_trans_key
REQUIRED
Your merchant password in Astropay platform String (32) D23weF2f4g 1
x_type
REQUIRED
Transaction type AUTH_CAPTURE, REFUND AUTH_CAPTURE
x_card_num
REQUIRED
AstroPay Card number String (16) 1145426000818586 2
x_card_code
REQUIRED
AstroPay Card security code (CVV) Integer(4) 1234
x_exp_date
REQUIRED
AstroPay Card expiration date String (7) - MM/AAAA 02/2013
x_amount
REQUIRED
Transaction Amount Decimal(10,2) 25.69
x_currency
REQUIRED
Transaction currency String (3) - ISO Code 4217 USD 3
x_unique_id
REQUIRED
Unique, anonymized identifier of users in the merchant system String (20) abs1522566
x_invoice_num
REQUIRED
Unique identifier of merchant transaction String (20) dsa3jg438n
x_version
OPTIONAL
API version Decimal(4,2) 2.0(Default: 2.0)
x_duplicate_window
OPTIONAL
The time window after a transaction is taken as duplicated Integer 60
x_response_format
OPTIONAL
The response format options “json”, “xml”, “text” json
x_delim_char
OPTIONAL
Response delimiting char between fields when the response x_response_format is string Char (1)
x_delim_data
OPTIONAL
The request to receive a delimited transaction response Boolean true
x_method
OPTIONAL
Type of pay method “CC” CC
x_trans_id
OPTIONAL
TransactionID param returned by AstroPay on AUTH_CAPTURE transaction. Mandatory for REFUND String (50) 14523

Response parameters

Field Description Type Example
response_code Transaction response code: 1- Approved, 2- Declined, 3- Error Integer
response_subcode Subcode response Integer 1
response_reason_code Integer 1
response_reason_text Description of the transaction result String (200) Transaction OK!
approval_code Authorization code String(50) abc150
AVS AVS of the transaction Char(1) P
TransactionID Transaction ID provided by AstroPay Integer 1254113
r_unique_id AstroPay user who's using the card. (only version 2.0 or greater) Integer 7451
x_invoice_num Invoice number provided by the merchant String(20) invoice-1245
x_description Description of the transaction provided by the merchant String(200) transaction description
x_amount Transaction amount Decimal(10,2) 20.6
x_type Transaction type. AUTH_CAPTURE, REFUND String AUTH_CAPTURE
md5_hash Generated MD5 hash value that may be used to authenticate the transaction response String dsgtdfy515arwgfd
cc_response The CVV response code String ("M", "N", "P", "S", "U") M
additional parameters Additional parameters that were sent will be received in the response.

md5 hash

Calculate md5_hash

echo -n "$x_login$TransactionID$x_amount" | md5sum
$control_string = md5 ( $x_login . $TransactionID . $x_amount );
import java.security.MessageDigest;
import java.math.BigInteger;

public class MD5 {

    public static void main(String[] argv){

        String x_login = "test";
        String Transaction_ID = "12345";
        String x_amount = "12300";
        String concat = x_login.concat(Transaction_ID).concat(x_amount);

        String md5 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("MD5");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            md5 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The md5 of \"" + concat + "\" is:");
        System.out.println( md5 );
        System.out.println();

     }
}

To calculate the md5_hash, you will need to use SHA-1.

The string is the MD5 hash of the concatenation of x_login TransactionID and x_amount

md5_hash = md5 ( $x_login + $TransactionID + $x_amount );

Get Deposit Status

Check the status of a deposit.

API endpoint

POST /verif/transtatus

Try it out/Examples

Request parameters (Form)

Field Description Type Example
x_login
REQUIRED
Your merchant ID in Astropay platform String (15) AsGsd35Grf 1
x_trans_key
REQUIRED
Your merchant password in Astropay platform String (32) D23weF2f4g
x_invoice_num
REQUIRED
Unique identifier of merchant transaction String (20) dsa3jg438n
x_type
OPTIONAL
Original transaction type AUTH_CAPTURE, REFUND AUTH_CAPTURE
x_response_format
OPTIONAL
The response format options “json”, “xml”, “text” string json
x_delim_char
OPTIONAL
Response delimiting char between fields when the response x_response_format is string Char (1)

Response

Field Description Type Example
code Deposit response code Integer 1
subcode Sub code Integer 1
reason_code Reason Code Integer 1
reason_text Description of the transaction result String (200) Transaction OK!
txn_date Date of the transaction String (20) "2013-03-01 21:16:31"
txn_type Type of the transaction String AUTH_CAPTURED
x_amount Transaction amount Decimal (10,2) 20.36
TransactionID Transaction ID provided by AstroPay Integer 1254113
x_invoice_num Invoice number provided by the merchant String (20) invoice-1245
x_description Description of the transaction provided by the merchant String (255) Transaction description
r_result Transaction result String Approved
r_authorization_code Autorization code String (50) abc123
process_status Processing status String Captured
md5hash Generated MD5 hash value that may be used to authenticate the transaction response String dsgtdfy515arwgfd

md5 hash

Calculate md5_hash

echo -n "$x_login$TransactionID$x_amount" | md5sum
$control_string = md5 ( $x_login . $TransactionID . $x_amount );
import java.security.MessageDigest;
import java.math.BigInteger;

public class MD5 {

    public static void main(String[] argv){

        String x_login = "test";
        String Transaction_ID = "12345";
        String x_amount = "12300";
        String concat = x_login.concat(Transaction_ID).concat(x_amount);

        String md5 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("MD5");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            md5 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The md5 of \"" + concat + "\" is:");
        System.out.println( md5 );
        System.out.println();

     }
}

To calculate the md5_hash, you will need to use SHA-1.

The string is the MD5 hash of the concatenation of x_login TransactionID and x_amount

md5_hash = md5 ( $x_login + $TransactionID + $x_amount );

Cashout

Cashout sending a card to a Phone using the user's mobile number

Send a Checkout card to a user's phone, using the user's mobile number.

API endpoint

POST /cashOut/sendCardToMobile

Try it out/Examples

Request Example

curl -X POST \
  https://sandbox-api.astropaycard.com/cashOut/sendCardToMobile \
  -H 'Postman-Token: eed698fb-98d1-4acf-aacb-013e363bd6d4' \
  -H 'cache-control: no-cache' \
  -H 'content-type: multipart/form-data' \
  -F x_amount=1200.95 \
  -F x_control=28a394b3dd37f7614e7204c099b1af2645ba31f7 \
  -F x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG \
  -F x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf \
  -F x_currency=EUR \
  -F x_country=BR \
  -F notification_url=https://www.google.com \
  -F x_mobile_number=099489197
<?php
$request = new HttpRequest();
$request->setUrl('https://sandbox-api.astropaycard.com/cashOut/sendCardToMobile');
$request->setMethod(HTTP_METH_POST);
$request->setHeaders(array(
  'Postman-Token' => '79baf455-0aa4-47c6-b10a-5a4d4a43ea9c',
  'cache-control' => 'no-cache',
  'content-type' => 'multipart/form-data;'
));
$request->setBody('
Content-Disposition: form-data; name="x_amount"
1200.95
Content-Disposition: form-data; name="x_control"
28a394b3dd37f7614e7204c099b1af2645ba31f7
Content-Disposition: form-data; name="x_login"
NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG
Content-Disposition: form-data; name="x_trans_key"
WvbwyqStoyHhbom05EZlwDVrqj4M6sKf
Content-Disposition: form-data; name="x_currency"
EUR
Content-Disposition: form-data; name="x_country"
BR
Content-Disposition: form-data; name="notification_url"
https://www.google.com
Content-Disposition: form-data; name="x_mobile_number"
099489197');
try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "x_amount=1200.95&x_control=28a394b3dd37f7614e7204c099b1af2645ba31f7&x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_currency=EUR&x_country=BR&notification_url=https%3A%2F%2Fwww.google.com&x_mobile_number=099489197");
Request request = new Request.Builder()
  .url("https://sandbox-api.astropaycard.com/cashOut/sendCardToMobile")
  .post(body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .addHeader("cache-control", "no-cache")
  .addHeader("Postman-Token", "35647cf2-4bbb-4d84-b243-dc8f06bfc4f6")
  .build();

Response response = client.newCall(request).execute();

Request parameters (Form)

Field Format Description Example
x_login
REQUIRED
String (32) Your merchant ID in Astropay platform AsGsd35Grf
x_trans_key
REQUIRED
String (32) Your merchant password in Astropay platform D23weF2f4g
x_amount
REQUIRED
Decimal Cashout amount 1200.95
x_currency
REQUIRED
String (3) Cashout currency code EUR
x_mobile_number
REQUIRED
String (20) User mobile number. Include the calling code of the country and do not include "+" at the beginning 598438506
x_name
REQUIRED
String (100) User full name John Smith
x_document
REQUIRED
String (40) User document number L02-04-178005
x_country
REQUIRED
String (2) User country code BR
x_control
REQUIRED
String (40) Control string calculated by you 4s5d4r42R5gJU23F45HQ1ad45Qdg3f5rTqF63g45
x_window
OPTIONAL
Integer The time window in seconds after a transaction is taken as duplicated 60(default:10)
x_reference
OPTIONAL
String (10) Merchant's internal cashout reference cashout_123
notification_url
OPTIONAL
String (200) To be provided if the notification URL is different from the notification URL registered by the merchant. A notification will be sent at every change in cashout's status to the merchant notification URL by POST protocol, with the following parameters mentioned below: see notification http://merchant/confirm(default: URL registered by the merchant)

Control string

Calculate x_control

echo -n "$secret$x_amount$x_currency$x_mobile_number" | openssl sha1
$control_string = sha1 ( $secret . number_format ($x_amount, 2, '.', '') . $x_currency . $x_mobile_number );
import java.security.MessageDigest;
import java.math.BigInteger;

public class SHA1 {

    public static void main(String[] argv){

        String x_login = "test";
        String  = "598123123123";
        String x_amount = "12300";
        String x_currency = "USD";  
        String concat = x_login.concat(Transaction_ID).concat(x_amount);

        String sha1 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            sha1 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The sha1 of \"" + concat + "\" is:");
        System.out.println( sha1 );
        System.out.println();

     }
}

The Control String is used to verify that the data is correct and no data was lost in the process. To calculate it you will need to hash with SHA-1 the secret, found with your credentials on the merchant Panel, the amount and currency and the user's mobile number.

Response

Calculate Response control

echo -n "$secret$id_cashout_card$x_astropay_customer_id$amount$currency" | openssl sha1
$control_string = sha1($secret . $cashout_id . $x_astropay_customer_id . number_format($amount, 2,'.','') . $currency);


Field Description Example
code Response code 200 if success. If not see errors
message Response message "SUCCESS" or error message
response Response of request enum("SUCCESS","ERROR")
id_cashout_card Astropay unique internal ID 12345
mobile_number User's mobile number Value sent in request
amount Cashout amount Value sent in request
currency Cashout currency Value sent in request
control Control signature

Notification

Once the cashout request is sent a cashout is created. The status of this cashout will be PENDING until the cashout is claimed or automatically canceled. For the cashout to be completed the user needs to install the app on the phone. Once the cashout goes to COMPLETED or CANCELED status, a POST request will be sent to the notification specified on notification_url

Calculate control

echo -n "$secret$id_cashout_card$status" | openssl sha1
$control_string = sha1 ( $secret . $id_cashout . $status );
import java.security.MessageDigest;
import java.math.BigInteger;

public class SHA1 {

    public static void main(String[] argv){

        String x_secret = "test";
        String id_cashout_card = "123123";
        String status = "COMPLETED";
        String concat = x_secret.concat(id_cashout_card).concat(status);

        String sha1 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            sha1 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The sha1 of \"" + concat + "\" is:");
        System.out.println( sha1 );
        System.out.println();

     }
}

Notification Request

Field Description
status Response code
id_cashout_card Identifier of the cashout at AstroPay's side
x_reference Identifier of the cashout at the Merchant's side. If the parameter was not sent in the original request, the value will be empty.
control Control signature

Cashout sending a card to a Phone with the app using the User ID

Send a Checkout card to a user's phone, using the user's App User ID.

How to find the appID

You can find your User ID on the app. Once in the app, tap on "more" in the carrousel, and then tap on edit profile.

App User Id

API endpoint

POST /cashOut/sendCardToMobile

Try it out/Examples

Request parameters (Form)

Field Format Description Example
x_login
REQUIRED
String (32) Your merchant ID in Astropay platform AsGsd35Grf
x_trans_key
REQUIRED
String (32) Your merchant password in Astropay platform D23weF2f4g
x_amount
REQUIRED
Decimal Cashout amount 1200.95
x_currency
REQUIRED
String (3) Cashout currency code EUR
x_astropay_customer_id
REQUIRED
String (20) Unique, anonymized identifier of customer in the astropaycard system f69QpQ5UNYmvuQBxKGkR
x_name
REQUIRED
String (100) User full name John Smith
x_document
REQUIRED
String (40) User document number L02-04-178005
x_country
REQUIRED
String (2) User country code BR
x_control
REQUIRED
String (40) Control string calculated by you 4s5d4r42R5gJU23F45HQ1ad45Qdg3f5rTqF63g45
x_window
OPTIONAL
Integer The time window in seconds after a transaction is taken as duplicated 60(default:10)
x_reference
OPTIONAL
String (10) Merchant's internal cashout reference cashout_123
notification_url
OPTIONAL
String (200) To be provided if the notification URL is different from the notification URL registered by the merchant. A notification will be sent at every change in cashout's status to the merchant notification URL by POST protocol, with the following parameters mentioned below: see notification http://merchant/confirm(default: URL registered by the merchant)

Control string

Calculate x_control

echo -n "$secret$x_amount$x_currency$x_astropay_customer_id" | openssl sha1
$control_string = sha1 ( $secret . number_format ($x_amount, 2, '.', '') . $x_currency . $x_astropay_customer_id );
import java.security.MessageDigest;
import java.math.BigInteger;

public class SHA1 {

    public static void main(String[] argv){

        String x_login = "test";
        String  = "598123123123";
        String x_amount = "12300";
        String x_currency = "USD";  
        String concat = x_login.concat(Transaction_ID).concat(x_amount);

        String sha1 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            sha1 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The sha1 of \"" + concat + "\" is:");
        System.out.println( sha1 );
        System.out.println();

     }
}

The Control String is used to verify that the data is correct and no data was lost in the process. To calculate it you will need to hash with SHA-1 the secret, found with your credentials on the merchant Panel, and the Astropay Card customer Id which can be found on the User's app.

Response

Calculate Response control

echo -n "$secret$id_cashout_card$x_astropay_customer_id$amount$currency" | openssl sha1
$control_string = sha1($secret . $cashout_id . $x_astropay_customer_id . number_format($amount, 2,'.','') . $currency);


Field Description Example
code Response code 200 if success. If not see errors
message Response message "SUCCESS" or error message
response Response of request enum("SUCCESS","ERROR")
id_cashout_card Astropay unique internal ID 12345
amount Cashout amount Value sent in request
currency Cashout currency Value sent in request
control Control signature

Notification

Once the cashout request is sent a cashout is created. The status of this cashout will be PENDING until the cashout is claimed or automatically canceled. For the cashout to be completed the user needs to install the app on the phone. Once the cashout goes to COMPLETED or CANCELED status, a POST request will be sent to the notification specified on notification_url

Calculate control

echo -n "$secret$id_cashout_card$status" | openssl sha1
$control_string = sha1 ( $secret . $id_cashout_card . $status );
import java.security.MessageDigest;
import java.math.BigInteger;

public class SHA1 {

    public static void main(String[] argv){

        String x_secret = "test";
        String id_cashout_card = "123123";
        String status = "COMPLETED";
        String concat = x_secret.concat(id_cashout_card).concat(status);

        String sha1 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            sha1 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The sha1 of \"" + concat + "\" is:");
        System.out.println( sha1 );
        System.out.println();

     }
}

Notification Request

Field Description
status Response code
id_cashout_card Identifier of the cashout at AstroPay's side
x_reference Identifier of the cashout at the Merchant's side. If the parameter was not sent in the original request, the value will be empty.
control Control signature

Check a Cashout card Status

Check the current status of a Cashout card

API endpoint

POST /cashOut/checkStatusCashoutCard

Try it out/Examples

Request Example

curl -X POST \
  https://sandbox-api.astropaycard.com/cashOut/checkStatusCashoutCard \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Postman-Token: 9ffd4e7d-633c-4b1e-b423-c1267dff1e18' \
  -H 'cache-control: no-cache' \
  -d 'id_cashout_card=20810&x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_control=07e93436a699b17d02b89db46cf2a59b514d2931'
<?php
$request = new HttpRequest();
$request->setUrl('https://sandbox-api.astropaycard.com/cashOut/checkStatusCashoutCard');
$request->setMethod(HTTP_METH_POST);
$request->setHeaders(array(
  'Postman-Token' => '852606b1-8923-48e3-937d-a205a7c0e5c1',
  'cache-control' => 'no-cache',
  'Content-Type' => 'application/x-www-form-urlencoded'
));
$request->setContentType('application/x-www-form-urlencoded');
$request->setPostFields(array(
  'id_cashout_card' => '20810',
  'x_login' => 'NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG',
  'x_trans_key' => 'WvbwyqStoyHhbom05EZlwDVrqj4M6sKf',
  'x_control' => '07e93436a699b17d02b89db46cf2a59b514d2931'
));
try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "id_cashout_card=20810&x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_control=07e93436a699b17d02b89db46cf2a59b514d2931");
Request request = new Request.Builder()
  .url("https://sandbox-api.astropaycard.com/cashOut/checkStatusCashoutCard")
  .post(body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .addHeader("cache-control", "no-cache")
  .addHeader("Postman-Token", "64964163-fb57-47ed-8d90-0fd18abeb289")
  .build();

Response response = client.newCall(request).execute();

Request parameters (Form)

Field Format Description Example
x_login
REQUIRED
String (32) Your merchant ID in Astropay platform AsGsd35Grf
x_trans_key
REQUIRED
String (32) Your merchant password in Astropay platform D23weF2f4g
id_cashout
REQUIRED
Integer (15) Identifier of the cashout at AstroPay's side 957337594
x_control
REQUIRED
String (40) Control string calculated by you 4s5d4r42R5gJU23F45HQ1ad45Qla0165TqF63g45

Control string

Calculate x_control

echo -n "$secret$id_cashout_card" | openssl sha1
$control_string = sha1 ( $secret . $id_cashout_card );
import java.security.MessageDigest;
import java.math.BigInteger;

public class SHA1 {

    public static void main(String[] argv){

        String secret = "akieofnrshqp";
        String id_cashout_card = "123456"; 
        String concat = secret.concat(id_cashout_card);

        String sha1 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            sha1 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The sha1 of \"" + concat + "\" is:");
        System.out.println( sha1 );
        System.out.println();

     }
}

The Control String is used to verify that the data is correct and no data was lost in the process. To calculate it you will need to hash with SHA-1 the secret, found with your credentials on the merchant Panel, and the Astropay Cashout Card ID.

Response

Field Description Example
code Response code 200 if success. If not see errors
message Response message "SUCCESS" or error message
id_cashout Identifier of the cashout at AstroPay's side 32146
x_cashout_status See below possible cashout card status codes for check cashout status COMPLETED
x_card_status See below possible Astropay Cards status codes

Cancel a Cashout Card

Cancel an emitted Cashout card, the Cashout card needs to be on PENDING status.

API endpoint

POST /cashOut/cancelCashoutCard

Try it out/Examples

Request parameters (Form)

Field Format Description Example
x_login
REQUIRED
String (32) Your merchant ID in Astropay platform AsGsd35Grf
x_trans_key
REQUIRED
String (32) Your merchant password in Astropay platform D23weF2f4g
id_cashout_card
REQUIRED
Integer (15) Identifier of the cashout at AstroPay's side 957337594
x_control
REQUIRED
String (40) Control string calculated by you 4s5d4r42R5gjdn83LsdasddfQdg3f5rTqF63g45a

Control string

Calculate x_control

echo -n "$secret$id_cashout_card" | openssl sha1
$control_string = sha1 ( $secret . $id_cashout_card );
import java.security.MessageDigest;
import java.math.BigInteger;

public class SHA1 {

    public static void main(String[] argv){

        String secret = "akieofnrshqp";
        String id_cashout_card = "123456"; 
        String concat = secret.concat(id_cashout_card);

        String sha1 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            sha1 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The sha1 of \"" + concat + "\" is:");
        System.out.println( sha1 );
        System.out.println();

     }
}

The Control String is used to verify that the data is correct and no data was lost in the process. To calculate it you will need to hash with SHA-1 the secret, found with your credentials on the merchant Panel, and the Astropay Cashout Card ID.

Response

Field Description Example
code Response code 200 if success. If not see errors
message Response message "SUCCESS" or error message

Check if User has the app Installed

This endpoint is used to check if the customer is already registered in the platform by having the mobile application installed. It is recommended to use it before invoking the sendCardToMobile with APP ID. You will need the user's APP ID

API endpoint

POST /cashOut/checkUser

Try it out/Examples

Request Example

curl -X POST \
  https://sandbox-api.astropaycard.com/cashOut/checkUser \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Postman-Token: 13ea2173-ccfc-41ce-957b-f06f69ec4422' \
  -H 'cache-control: no-cache' \
  -d 'x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_astropaycard_customer_id=z54pXIB5&x_control=f236a593484cfa82b49df5687b36ccb41aefbb3b'
<?php
$request = new HttpRequest();
$request->setUrl('https://sandbox-api.astropaycard.com/cashOut/checkUser');
$request->setMethod(HTTP_METH_POST);
$request->setHeaders(array(
  'Postman-Token' => '7698b796-7590-47d8-beb7-8cfacdefe0fd',
  'cache-control' => 'no-cache',
  'Content-Type' => 'application/x-www-form-urlencoded'
));
$request->setContentType('application/x-www-form-urlencoded');
$request->setPostFields(array(
  'x_login' => 'NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG',
  'x_trans_key' => 'WvbwyqStoyHhbom05EZlwDVrqj4M6sKf',
  'x_astropaycard_customer_id' => 'z54pXIB5',
  'x_control' => 'f236a593484cfa82b49df5687b36ccb41aefbb3b'
));
try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}
OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/x-www-form-urlencoded");
RequestBody body = RequestBody.create(mediaType, "x_login=NXE9hDeFLGYjOeN2O9w0HSTJzF8mMGxG&x_trans_key=WvbwyqStoyHhbom05EZlwDVrqj4M6sKf&x_astropaycard_customer_id=z54pXIB5&x_control=f236a593484cfa82b49df5687b36ccb41aefbb3b");
Request request = new Request.Builder()
  .url("https://sandbox-api.astropaycard.com/cashOut/checkUser")
  .post(body)
  .addHeader("Content-Type", "application/x-www-form-urlencoded")
  .addHeader("cache-control", "no-cache")
  .addHeader("Postman-Token", "aa4e5a02-a5dd-4ca9-a134-a7a7e73b6fcf")
  .build();

Response response = client.newCall(request).execute();

Request parameters (Form)

Field Format Description Example
x_login
REQUIRED
String (32) Your merchant ID in Astropay platform AsGsd35Grf
x_trans_key
REQUIRED
String (length: 32 chars) Your merchant password in Astropay platform D23weF2f4g
x_astropaycard_customer_id
REQUIRED
String (20) Unique, anonymized identifier of customer in the astropaycard system f69QpQ5UNYmvuQBxKGkR
x_control
REQUIRED
String (40) Control string calculated by you 4s5d4r42R5gJU23F45HQ1ad45Qdg3f5rTqF63g45

Control string

Calculate x_control

echo -n "$secret$x_astropaycard_customer_id" | openssl sha1
$control_string = sha1 ( $secret . $x_astropaycard_customer_id );
import java.security.MessageDigest;
import java.math.BigInteger;

public class SHA1 {

    public static void main(String[] argv){

        String x_secret = "test";
        String x_astropaycard_customer_id = "testcustomerId";
        String concat = x_secret.concat(x_astropaycard_customer_id);

        String sha1 = "";

        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.reset();
            digest.update(concat.getBytes("utf8"));
            sha1 = String.format("%040x", new BigInteger(1, digest.digest()));
        } catch (Exception e){
            e.printStackTrace();
        }

        System.out.println( "The sha1 of \"" + concat + "\" is:");
        System.out.println( sha1 );
        System.out.println();

     }
}

The Control String is used to verify that the data is correct and no data was lost in the process. To calculate it you will need to hash with SHA-1 the secret, found with your credentials on the merchant Panel, the amount, currency of the transaction and the Astropay Card customer Id which can be found on the User's app.

Response

Field Description Example
code Response code 200: User registered
201: User not registered
300: ERROR
message Response message "SUCCESS" or error message
response Response of request enum("SUCCESS","ERROR")
control Control signature control

Cashout Card Flow

The cashout can be in one of the following states: PENDING, COMPLETED or CANCELED

Cashout Card Flow
  1. Once the cashout card is emitted (we emit the card in PENDING status), we check if that phone exists in our system (this means if it has the app installed).

  2. If it exists, we send the card to that user's app and that's it. The status will be COMPLETED.

  3. If the phone doesn't exists in our system, we send an sms and wait 24 hours for the user to download the app. (meanwhile the status will be PENDING)

  4. If the user downloads the app, then the user will cash the cashout card and the status will be COMPLETED.

  5. If the user doesn't downloads the app in 24 hs, then the card will be CANCELED and the balance will be returned to the merchant.

Deposits Response Codes

Code Subcode Reason Code Reason Text Action
1 1 1 This transaction has been approved. Notify the user that the transaction has been approved.
2 2 2 This transaction has been declined. Insufficient Funds. Notify the user that there are no sufficient funds.
2 3 6 The AstroPay card number is invalid. Notify the user that the card number is invalid.
2 3 6 Invalid Card Status. The card status is not suitable for the operation. Request the user to contact our support team to verify the card status: support@astropay.com
2 3 6 Invalid card owner Status. Request the user to contact our support team to verify the user status: support@astropay.com
2 3 6 Invalid Reseller Status. The AstropayCard issuer is not valid. Please request the user to contact us to verify the status: support@astropay.com
2 3 6 The card owner has been marked as fraud. Request the user to contact our support team to receive more information: support@astropay.com
2 3 6 The card owner has been blacklisted. Request the user to contact our support team to receive more information: support@astropay.com
2 3 6 Invalid Reseller. The AstropayCard issuer is not valid. Please request the user to contact our support team to receive more information: support@astropay.com
2 3 6 The card owner has been greylisted. Request the user to contact our support team to receive more information: support@astropay.com
2 3 7 The AstroPay card was blocked The Astropay Card was blocked because of to many incorrect attempts
3 3 5 A valid amount is required. Notify the user that the amount is invalid. It should be a number bigger or equal to 0.01
3 3 5 Invalid merchant configuration. Integration error: the merchant has no currencies associated.
3 3 5 Invalid Currency conversion Please notify our tech support team about the error occurred: techsupport@astropaycard.com
3 3 7 The credit card expiration date is invalid. Notify the user that the credit card expiration date is invalid.
3 3 7 The card expiration date is invalid. Notify the user that the card expiration date is invalid.
3 3 8 The card has expired. Notify the user that the card has expired.
3 3 9 Invalid card for that merchant. The card can't be used on that merchant because there is a country limitation.
3 3 11 A duplicated transaction has been submitted. Request the user to try again later.
3 3 13 The merchant API Login ID is invalid or the account is inactive. Integration error: Check the login id or contact us to activate the account.
3 3 13 Invalid IP. Integration error: Register the IP in the merchant's panel.
3 3 15 A transaction ID is required but not present. Integration error: The transaction ID must be included.
3 3 26 Invalid Authorization Code. Integration error: the authorization code does not match to the merchant's authorization code.
3 3 42 There is missing or invalid information in a required field. Integration error: Verify that the card code and x_trans_id are correct.
3 3 69 The transaction type is invalid. Integration error: Check that the transaction has one of the valid types.
3 3 72 An authorization code is required but not present. Integration error: The authorization code must be included as it is a mandatory parameter
3 3 78 The Card Code (CVV2/CVC2/CID) is invalid. Notify the user that the card code is invalid.

Cashouts Response Codes

Code Reason Text Action
300 Invalid Currency The Currency is not supported by Astropay
300 Invalid Number The Mobile number is not a valid number
302 Invalid Control String The control string sent in the request is not correct
303 Invalid Country Code The country code sent in the request is not correct
401 Invalid merchant credentials or inactive account The merchant credentials are not correct or they are inactive
402 Unregistered IP address The IP address is not whitelisted
509 Insufficient Balance The merchant account does not have enough balance to do that request
512 Duplicated cashout There was already another identical cashout created less than 120 seconds ago
700 Could not create cashout card There was an error when the cashout card was created. Contact support
705 Please set a notification URL There was no notification url in the request
- Not enough params. There was missing required parameters

Available Currencies

EUR CAD BRL COP TRY MXN RMB BOB
CNY GBP USD PEN INR AED CLP PYG
JPY SAR THB RUB ARS SEK VND NGN
MYR ZAR UYU KES IDR GHS TWD AUD

Test Cards

Card Number CVV Expiration Value Currency
1616548016998793 2249 06-2020 1000 USD
1612692565786334 8551 06-2020 1000 EUR
1614419365800166 3193 06-2020 1000 TRY
1613819743803900 1554 06-2020 1000 BRL

Assets

In order to have our branding in your site, you should add our logos. Below you can find our assets:

Astropay Logo PDF

Astropay Logo PDF

Astropay Logo EPS

Astropay Logo EPS

Black Astropay Logo png

Black Astropay Logo

White Astropay Logo png

White Astropay Logo