YooMoney API
Old versions of the API
Sign up for YooMoney
Interaction format
HTTPS protocol is used for interaction with YooMoney. TLSv1.2 is the minimum version of SSL. You need to get a client certificate at a YooMoney authentication center (upon request) for authentication. To learn more, see the Interaction over SSL
During the interaction with YooMoney you will be exchanging information placed in a crypto container with an e-signature (digital signature, an alternative to handwritten signatures). The crypto container must not have certificate chains. Data compression and encryption are not used. The crypto container must be encrypted in the PEM (OpenSSL) format.
Forming a request
In order to execute each operation, you need to send a separate HTTP request, containing a crypto package in the PKCS#7 format.
A request to YooMoney can be made in several steps: Forming a request to YooMoney consists of several steps.
Step 1. Ordering to execute an operation
An order is created as a document under the XML 1.0 (Fifth Edition) standard. The document must be created using UTF-8 encoding in compliance with the ISO 10646 standard.
Server address for calling operations
Step 2. Creating a crypto container
The created document is placed in a crypto container in the PKCS#7 format in compliance with the RFC 5652 standard. Detailed requirements for the crypto container described above.
The certificate that you are using to create a crypto container must meet the requirements of the X.509 Version 3 standard.
Step 3. Sending the request to YooMoney
You make a POST request under the HTTP/1.1 protocol (see also HTTP Over TLS and TLS). The crypto container can be transferred in two ways:
  • In the body of the POST request, MIME type: application/pkcs7-mime.
  • As a multipart-data attachment. MIME type: application/pkcs7-mime. The POST request must have only one 'part', and the crypto container must be attached as a file. Such request can be sent using a standard HTML form for sending a file to a server (learn more in the RFC 7578 standard).
In order to authorize requests, YooMoney checks the crypto container’s e-signature.
Example of a formed request
POST /webservice/deposition/api/makeDeposition HTTP/1.1
Content-Type: application/pkcs7-mime
Content-Length: 572

-----BEGIN PKCS7-----
-----END PKCS7-----
Receiving the response
YooMoney will respond with an XML document, which contains the result of the processed request. MIME type: application/pkcs7-mime. The document will be placed in a crypto container in the PKCS#7 format.
Upon receipt of the response, you need to check its e-signature to make sure the response was sent by YooMoney and its contents were not modified by a third party.
See also
HTTP response codes Interaction over SSL Funds deposits Agreement on electronic document flow