Interaction format
This is an old version of the API. Switch to the YooMoney API.
HTTPS protocol is used for interaction with YooMoney. TLSv1.2 is the minimum version of SSL. You need to get a client certificate at a YooMoney authentication center (upon request) for authentication. To learn more, see the Interaction over SSL
During the interaction with YooMoney you will be exchanging information placed in a crypto container with an e-signature (digital signature, an alternative to handwritten signatures). The crypto container must not have certificate chains. Data compression and encryption are not used. The crypto container must be encrypted in the PEM (OpenSSL) format.
In order to execute each operation, you need to send a separate HTTP request, containing a crypto package in the PKCS#7 format.
A request to YooMoney can be made in several steps: Forming a request to YooMoney consists of several steps.
An order is created as a document under the XML 1.0 (Fifth Edition) standard. The document must be created using UTF-8 encoding in compliance with the ISO 10646 standard.
Server address for calling operations
https://payouts.yookassa.ru:9094
The created document is placed in a crypto container in the PKCS#7 format in compliance with the RFC 5652 standard. Detailed requirements for the crypto container described above.
The certificate that you are using to create a crypto container must meet the requirements of the X.509 Version 3 standard.
You make a POST request under the HTTP/1.1 protocol (see also HTTP Over TLS and TLS). The crypto container can be transferred in two ways:
- In the body of the POST request, MIME type:
application/pkcs7-mime. - As a multipart-data attachment. MIME type:
application/pkcs7-mime. The POST request must have only one'part', and the crypto container must be attached as a file. Such request can be sent using a standard HTML form for sending a file to a server (learn more in the RFC 7578 standard).
In order to authorize requests, YooMoney checks the crypto container’s e-signature.
Unique transaction identifiers (clientOrderId) are used to prevent unnecessary repetitions of the transaction.
Example of a formed request
POST /webservice/deposition/api/makeDeposition HTTP/1.1 Content-Type: application/pkcs7-mime Content-Length: 572 -----BEGIN PKCS7----- MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA JIAEDEhlbGxvIFdvcmxkIQAAAAAAADGCAS8wggErAgEBMCowJTEWMBQGA1UECgwN Qm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUCAQIwCQYFKw4DAhoFAKBdMBgGCSqG SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEwMDgwNjE1MzE0 M1owIwYJKoZIhvcNAQkEMRYEFC73veYIzlQE6X1fBC+V+J8cIyhxMA0GCSqGSIb3 DQEBAQUABIGAEgIfi0XDEZwbdC8i0I5EPUnFe1PUnBMiRs3heYxdK+oXaG6v3axO Zr+VNG3tnW1W8M2xWtOcM4PdSTwx98WR1mWN8XDb2Wl9HiG6CGbmE7k4TgcDKhcg iZmLV+7anBv302qTprTbKY9vChaaVwclSdQBkjPvxhlPnpBM0C9YdYQAAAAAAAA= -----END PKCS7-----
YooMoney will respond with an XML document, which contains the result of the processed request. MIME type:
application/pkcs7-mime. The document will be placed in a crypto container in the PKCS#7 format.Upon receipt of the response, you need to check its e-signature to make sure the response was sent by YooMoney and its contents were not modified by a third party.
The response can contain additional parameters not described in the documents. Please ignore them.
See also