paycheck API v1
Server-to-server REST API. Barcha so‘rovlar JSON body va HMAC imzo bilan himoyalangan.
1. Autentifikatsiya (HMAC)
Har so'rovga 3 ta sarlavha qo'shing:
X-Merchant-Key— API key (pk_...)X-Timestamp— joriy unix vaqt (sekund). ±5 daqiqa amal qiladi.X-Signature—HMAC_SHA256(secret, "{timestamp}.{rawBody}")(hex)
Idempotency uchun (ixtiyoriy): Idempotency-Key: <unikal> — takror so'rovda eski to'lov qaytadi.
# PHP imzo namunasi
$ts = time();
$body = json_encode(["amount"=>50000,"order_id"=>"A-1001"]);
$sig = hash_hmac("sha256", $ts.".".$body, $secret);
2. To'lov yaratish
POST https://paycheck.uz/api/v1/create
{
"amount": 50000,
"order_id": "A-1001",
"description": "Buyurtma #1001",
"callback_url": "https://sayt.uz/webhook", // ixtiyoriy
"return_url": "https://sayt.uz/success" // ixtiyoriy
}
Javob:
{
"success": true,
"data": {
"payment_id": "uuid...",
"order_id": "A-1001",
"amount": 50000, "commission": 1000, "net_amount": 49000,
"status": "created",
"checkout_url": "https://paycheck.uz/checkout/..."
}
}
Foydalanuvchini checkout_urlga yo'naltiring.
3. Holatni so'rash
POST https://paycheck.uz/api/v1/status — {"payment_id":"..."} yoki {"order_id":"A-1001"}
status: created → pending → paid / failed / expired / refunded
4. Balans va pul chiqarish
POST https://paycheck.uz/api/v1/balance → {balance, available, currency}
POST https://paycheck.uz/api/v1/payout — {"amount":100000,"method":"card","details":"8600...."}
POST https://paycheck.uz/api/v1/refund — {"payment_id":"..."}
5. Webhook (bizdan sizga)
To'lov holati o'zgarganda callback_urlga POST yuboramiz:
X-Paycheck-Event:payment.paid|payment.refundedX-Paycheck-Signature:HMAC_SHA256(secret, rawBody)— tekshiring!
2xx qaytaring. Aks holda 1,5,15,60,360 daqiqada qayta urinamiz.
Xato formati
{ "success": false, "error": { "code": "amount", "message": "..." } }