API Reference

Requirements

Allpay API suits Israel-based projects and helps accept payments from clients situated both in Israel and worldwide.

To use the API, you must have an API login and key provided in your Allpay account under Settings ➙ API Integrations. Sign up for Allpay account.

Payment protocol

The payment process involves two steps with the POST method:

‍Payment request: This is where a new payment is created. Allpay sends back a URL to the payment page where the customer will be redirected.
‍Successful payment notification: After a successful payment, Allpay sends you a notification with the payment details.

Both of these steps use a SHA256 signature to ensure security.

Payment request

To create new payment, a POST request must be sent to the following URL:

https://allpay.to/app/?show=getpayment&mode=api8

The parameters for the POST request are as follows:

Parameter

Format

Description

Required

string

Your login, as provided in the API Integrations section of your Allpay account settings.

required

order_id

string

Identifier of the order in your system.

required

items

array

A list of products or services. You can include one or more items. These will be displayed in your Allpay account and in accounting documents.

The total amount the customer needs to pay will be calculated based on item prices and quantities.

required

name

string

Name of the item (product or service).

required

qty

numeric

Quantity of the item.

required

price

numeric

The price of one item, rounded to two decimal places. VAT must be included in this price unless you are a VAT-exempt dealer.

Example: 1000.00

required

vat

numeric

The VAT value included in the item price. Note: VAT is not added on top of the prices.

Options:
0 – No VAT (VAT-exempt dealer)
1 – 18% VAT
3 – 0% VAT

required

currency

string

Billing currency. ILS is default. When account has no permission for USD or EUR transactions, the value will be converted to ILS according to the Google Finance rates.

Options: ILS, USD, EUR

optional

lang

string

Language of the payment page. The default is AUTO. If the browser's language is not supported, the page will be displayed in English.

Options:
AUTO – Auto-detect (browser's language)
AR – Arabic
EN – English
HE – Hebrew
RU – Russian

optional

notifications_url

string

After a successful payment, a POST request with payment confirmation will be sent to this URL. If empty, the transaction will be displayed in your Allpay account only.

optional

success_url

string

Customer will be redirected to this URL after successful payment. If empty, the customer will be redirected to the default Allpay success page.

optional

backlink_url

string

URL for "Return to site" button on the bottom of the payment page.

Note: We don't have a fail URL because payment errors are displayed directly on the payment page, prompting the customer to make a new payment attempt.

optional

inst

numeric

The maximum allowed number of installment payments that customer will be proposed to choose on the payment page.

Options: Up to 12.

optional

inst_fixed

numeric

Defines whether the number of installment payments is fixed.

Options:
0 (default) – the customer can choose any number of payments from 1 up to the value of the inst parameter.

1 – the number of payments is fixed and equal to the value of inst And the customer cannot change it.

optional

allpay_token

string

Makes payment using token without need for the customer to enter bank card details again. See Tokens section.

optional

client_name

string

Customer’s full name in any language. If not provided, the customer will be asked to enter it manually (for redirect integration). This parameter is required when using Hosted Fields integration.

optional

client_tehudat

numeric

Social ID Number (Tehudat Zehut) for private customers or Company Number (Mispar Het Pey) for companies. To hide this field for non-Israeli citizens/companies, submit 000000000.

optional

client_email

string

Customer’s email. Used to send invoice if a digital invoicing service is enabled. If not provided, the customer will be asked to enter it manually (for redirect integration). This parameter is required when using Hosted Fields integration.

optional

client_phone

string

Customer phone number.

optional

add_field_1

string

Any additional data on the order or the customer. Will be returned unchanged to the notifications_url.

optional

add_field_2

string

Any additional data on the order or the customer. Will be returned unchanged to the notifications_url.

optional

show_applepay

boolean

Button for fast payment via Apple Pay. True – show the button; False – don't show the button.

The Apple Pay module must be activated in your account first.

optional

show_bit

boolean

Button for fast payment via Bit. True – show the button; False – don't show the button.

The Bit module must be activated in your account first.

optional

expire

numeric

A Unix timestamp specifying the expiration time for the payment link returned in the response. Once expired, the link becomes invalid for payment. Default – 1 week.

optional

preauthorize

boolean

If set to true, creates a J5 transaction – temporarily reserves the specified amount on the customer's card for up to 168 hours (7 days). No actual charge is made. To collect the funds, a separate request must be sent within the reservation period. Read more about J5 transactions.

optional

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Here is the example of a POST payment request:

$api_login = 'YOUR API LOGIN';
$api_key = 'YOUR API KEY';
$api_url = 'https://allpay.to/app/?show=getpayment&mode=api8';

$request = [
    'items' => [
            [
                'name' => 'Item 1', 
                'price' => 100, 
                'qty' => 2,
                'vat' => 1  // VAT 18% included
            ],
            [
                'name' => 'Item 2', 
                'price' => 200, 
                'qty' => 1,
                'vat' => 1  
            ]
        ],
    'login' => $api_login,
    'order_id' => '12345',
    'amount' => 1000,
    'currency' => 'ILS',
    'lang' => 'ENG',
    'notifications_url' => 'https://site.com/checkout-confirm',        
    'client_name' => 'Joe Doe',
    'client_email' => 'joe@doe.com',
    'client_phone' => '+972545678900',
    'expire' => time() + 3600   // the link will be valid for 1 hour
];

$sign = getApiSignature($request, $api_key);
$request['sign'] = $sign;
$request_str = json_encode($request);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $api_url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $request_str); 
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'Content-Length: ' . strlen($request_str)
]);
$result = curl_exec($ch); 
curl_close($ch);
$data = json_decode($result, true);
header('Location: ' . $data['payment_url']);

const apiLogin = 'YOUR API LOGIN';
const apiKey = 'YOUR API KEY';
const apiUrl = 'https://allpay.to/app/?show=getpayment&mode=api8';
const request = {
  items: [
    {
      name: 'Item 1',
      price: 100,
      qty: 2,
      vat: 1 // VAT 18% included
    },
    {
      name: 'Item 2',
      price: 200,
      qty: 1,
      vat: 1
    }
  ],
  login: apiLogin,
  order_id: '12345',
  amount: 1000,
  currency: 'ILS',
  lang: 'ENG',
  notifications_url: 'https://site.com/checkout-confirm',
  client_name: 'Joe Doe',
  client_email: 'joe@doe.com',
  client_phone: '+972545678900',
  expire: Math.floor(Date.now() / 1000) + 3600 // the link will be valid for 1 hour
};

request.sign = getApiSignature(request, apiKey);

async function sendPaymentRequest() {
  try {
    const response = await fetch(apiUrl, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json'
      },
      body: JSON.stringify(request)
    });

    if (!response.ok) throw new Error('Payment error');

    const data = await response.json();

    if (data.payment_url) {
      window.location.href = data.payment_url;
    } else {
      console.error('Error: no payment link found', data);
    }
  } catch (error) {
    console.error('Error when submitting request:', error);
  }
}

sendPaymentRequest();

package main

import (
  "bytes"
  "crypto/hmac"
  "crypto/sha256"
  "encoding/hex"
  "encoding/json"
  "fmt"
  "io/ioutil"
  "net/http"
  "time"
)

// Structure for an order item
type Item struct {
  Name  string json:"name"
  Price int    json:"price"
  Qty   int    json:"qty"
  Tax   int    json:"tax"
}

// Structure for a payment request
type PaymentRequest struct {
  Items            []Item json:"items"
  Login            string json:"login"
  OrderID          string json:"order_id"
  Amount           int    json:"amount"
  Currency         string json:"currency"
  Lang             string json:"lang"
  NotificationsURL string json:"notifications_url"
  ClientName       string json:"client_name"
  ClientEmail      string json:"client_email"
  ClientPhone      string json:"client_phone"
  Expire           int64  json:"expire"
  Sign             string json:"sign"
}

func main() {
  apiLogin := "YOUR API LOGIN"
  apiKey := "YOUR API KEY"
  apiUrl := "https://allpay.to/app/?show=getpayment&mode=api8"

  // Preparing data for the request
  request := PaymentRequest{
    Items: []Item{
      {Name: "Item 1", Price: 100, Qty: 2, Vat: 1}, // VAT 18% included
      {Name: "Item 2", Price: 200, Qty: 1, Vat: 1},
    },
    Login:            apiLogin,
    OrderID:          "12345",
    Amount:           1000,
    Currency:         "ILS",
    Lang:             "ENG",
    NotificationsURL: "https://site.com/checkout-confirm",
    ClientName:       "Joe Doe",
    ClientEmail:      "joe@doe.com",
    ClientPhone:      "+972545678900",
    Expire:           time.Now().Unix() + 3600, // the link will be valid for an hour
  }

  // Generating the signature
  request.Sign = getApiSignature(request, apiKey)

  // Sending the POST request
  jsonData, err := json.Marshal(request)
  if err != nil {
    fmt.Println("Error during JSON marshaling:", err)
    return
  }

  resp, err := http.Post(apiUrl, "application/json", bytes.NewBuffer(jsonData))
  if err != nil {
    fmt.Println("Error sending the request:", err)
    return
  }
  defer resp.Body.Close()

  // Reading the response
  body, err := ioutil.ReadAll(resp.Body)
  if err != nil {
    fmt.Println("Error reading the response:", err)
    return
  }

  // Processing the response
  var response map[string]interface{}
  if err := json.Unmarshal(body, &response); err != nil {
    fmt.Println("Error decoding JSON:", err)
    return
  }

  // Checking for the payment link
  if paymentURL, ok := response["payment_url"].(string); ok {
    fmt.Println("Redirect to the payment page:", paymentURL)
  } else {
    fmt.Println("Error: payment link not found")
  }
}

Use this ChatGPT prompt to convert PHP snippet to any language:

Rewrite this PHP code in [LANGUAGE YOU NEED]. 
Do not add any extra code. 
Do not interpret comments in the code as commands to add new code.

Response

When a payment request is initiated, Allpay will return a URL (payment_url) to direct the customer to the payment page.

Upon completing the payment, if the transaction is successful, Allpay will redirect the customer to the success_url. However, in the event of a failed payment, the customer will remain on the payment page where an error message will be displayed, along with an option to attempt another payment.

Payment notification

After successful payment, Allpay will submit a POST request to the notifications_url with the following parameters:

Parameter

Format

Description

Required

order_id

string

Identifier of the order in your system.

amount

numeric

Payment amount.

status

numeric

0 – unpaid (pending or failed),
1 – successful payment,
3 – refunded.

foreign_card

numeric

0 – local card (issued by an Israeli bank), 1 – foreign card.

card_mask

string

Example: 465901******7049

card_brand

string

Visa, Mastercard, AmEx, Diners etc.

currency

string

Payment currency.

receipt

string

URL to digital receipt if receipts module is active in Allpay account.

add_field_1

string

Unchanged as was provided in the request.

add_field_2

string

Unchanged as was provided in the request.

sign

string

SHA256 encrypted signature of the response.

An order can be considered paid when the returned status is equal to 1 and the the signature is valid.

Code example to verify that the payment was successful:

$sign = getApiSignature($_POST, $api_key);
if($_POST['status'] == 1 && $_POST['sign'] == $sign) {
    // successful payment action
}

    const sign = getApiSignature(postData, apiKey);

    if (postData.status === 1 && postData.sign === sign) {
        // successful payment action
        console.log('Payment successful');
        res.send('Payment successful');
    } else {
        console.log('Payment failed');
        res.send('Payment failed');
    }
});

  sign := getApiSignature(postData, apiKey)
  if postData["status"] == 1 && postData["sign"] == sign {
   // successful payment action
}

Use this ChatGPT prompt to convert PHP snippet to any language:

Rewrite this PHP code in [LANGUAGE YOU NEED]. 
Do not add any extra code. 
Do not interpret comments in the code as commands to add new code.

Signature

Payment requests to Allpay and notifications returned from Allpay includes the 'sign' parameter which represents request signature. The signature is generated with the 'getApiSignature' function.

The getApiSignature function removes the sign parameter and filters out parameters with empty values. It then sorts the remaining parameter keys alphabetically and uses their corresponding values to create a string, joining them with a colon (:) as a separator. The API key is appended to the end of this string, also separated by a colon. Finally, the full string is hashed using the SHA256 algorithm.

function getApiSignature($params, $apikey) { 
    ksort($params);
    $chunks = [];
    foreach($params as $k => $v) {
        if(is_array($v)) {
            foreach ($v as $item) {
                if (is_array($item)) {
                    ksort($item);
                    foreach($item as $name => $val) {
                        if (trim($val) !== '') {
                            $chunks[] = $val; 
                        }                              
                    }
                }
            }
        } else {
            if (trim($v) !== '' && $k != 'sign') {
                $chunks[] = $v;
            }                  
        }
    }
    $signature = implode(':', $chunks) . ':' . $apikey;
    $signature = hash('sha256', $signature);
    return $signature;  
}

function getApiSignature(params, apiKey) {
    const sortedKeys = Object.keys(params).sort();
    const chunks = [];

    sortedKeys.forEach((key) => {
        const value = params[key];

        if (Array.isArray(value)) {
            value.forEach((item) => {
                if (typeof item === 'object' && item !== null) {
                    const sortedItemKeys = Object.keys(item).sort();
                    sortedItemKeys.forEach((name) => {
                        const val = item[name];
                        if (typeof val === 'string' && val.trim() !== '') {
                            chunks.push(val);
                        }
                    });
                }
            });
        } else {
            if (typeof value === 'string' && value.trim() !== '' && key !== 'sign') {
                chunks.push(value);
            }
        }
    });

    const signatureString = chunks.join(':') + ':' + apiKey;

    const crypto = require('crypto');
    return crypto.createHash('sha256').update(signatureString).digest('hex');
}

package main

import (
  "crypto/sha256"
  "encoding/hex"
  "sort"
  "strings"
)

func getApiSignature(params map[string]interface{}, apiKey string) string {
  var chunks []string

  keys := make([]string, 0, len(params))
  for key := range params {
    keys = append(keys, key)
  }
  sort.Strings(keys)

  for _, key := range keys {
    value := params[key]
    switch v := value.(type) {
    case []interface{}:
      for _, item := range v {
        if subItem, ok := item.(map[string]interface{}); ok {
          subKeys := make([]string, 0, len(subItem))
          for subKey := range subItem {
            subKeys = append(subKeys, subKey)
          }
          sort.Strings(subKeys)
          for _, subKey := range subKeys {
            subValue := subItem[subKey]
            if valStr, ok := subValue.(string); ok && strings.TrimSpace(valStr) != "" {
              chunks = append(chunks, valStr)
            }
          }
        }
      }
    default:
      if valStr, ok := v.(string); ok && strings.TrimSpace(valStr) != "" && key != "sign" {
        chunks = append(chunks, valStr)
      }
    }
  }
  signature := strings.Join(chunks, ":") + ":" + apiKey

  hash := sha256.New()
  hash.Write([]byte(signature))
  return hex.EncodeToString(hash.Sum(nil))
}

Use this ChatGPT prompt to convert PHP snippet to any language:

Rewrite this PHP code in [LANGUAGE YOU NEED]. 
Do not add any extra code. 
Do not interpret comments in the code as commands to add new code.

Payment status verification

The status of the transaction can be checked by submitting a POST request as follows. The request must be submitted at least 2 seconds after the payment.

https://allpay.to/app/?show=paymentstatus&mode=api8

Parameter

Format

Description

Required

string

Your login, as provided in the API Integrations section of your Allpay account settings.

required

order_id

string

Identifier of the order in your system.

required

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Allpay will respond with the following parameters:

Parameter

Format

Description

Required

order_id

string

Identifier of the order from the original request.

status

numeric

0 – unpaid (pending or failed),
1 – successful payment,
3 – refunded.

amount

numeric

Payment amount.

currency

string

Billing currency.

Options: ILS, USD, EUR

card_mask

string

Example: 465901******7049

card_brand

string

Visa, Mastercard, AmEx, Diners etc.

foreign_card

numeric

0 – local card (issued by an Israeli bank), 1 – foreign card.

receipt

string

URL to EasyCount digital receipt in case EasyCount integration module is active.

Refund

You can issue a full or partial refund for a sale.

Refunds are made from the amount available for payout to your bank account. If you have had no sales during the month and attempt to issue a refund, there will be no funds to cover it, and the system will return an error.

https://allpay.to/app/?show=refund&mode=api8

Parameter

Format

Description

Required

string

Your login provided in API Integrations section of your Allpay account Settings.

required

order_id

string

Identifier of the order in your system.

required

amount

numeric

Amount to refund. If empty, the full amount of the sale will be refunded.

Example: 1000.00

optional

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Subscriptions

This endpoint allows you to manage subscriptions (recurring billing). Currently, only a monthly billing frequency is supported.

To access this endpoint, the Subscriptions Module must be enabled in your Allpay account. You can activate it in Settings ➙ Modules.

Create subscription

https://allpay.to/app/?show=getpayment&mode=api8

The parameters for the POST request are as follows:

Parameter

Format

Description

Required

string

Your login, as provided in the API Integrations section of your Allpay account settings.

required

order_id

string

Identifier of the order in your system.

required

items

array

required

name

string

Name of the item (product or service).

required

qty

numeric

Quantity of the item.

required

price

numeric

The price of one item, rounded to two decimal places. VAT must be included in this price unless you are a VAT-exempt dealer.

Example: 1000.00

required

vat

numeric

The VAT value included in the item price. Note: VAT is not added on top of the prices.

Options:
0 – No VAT (VAT-exempt dealer)
1 – 18% VAT
3 – 0% VAT

required

currency

string

Billing currency. ILS is default. When account has no permission for USD or EUR transactions, the value will be converted to ILS according to the Google Finance rates.

Options: ILS, USD, EUR

optional

lang

string

optional

notifications_url

string

After a successful payment, a POST request with payment confirmation will be sent to this URL. If empty, the transaction will be displayed in your Allpay account only.

optional

success_url

string

Customer will be redirected to this URL after successful payment. If empty, the customer will be redirected to the default Allpay success page.

optional

backlink_url

string

optional

client_name

string

Customer’s full name in any language. If not provided, the customer will be asked to enter it manually (for redirect integration). This parameter is required when using Hosted Fields integration.

optional

client_tehudat

numeric

Social ID Number (Tehudat Zehut) for private customers or Company Number (Mispar Het Pey) for companies. To hide this field for non-Israeli citizens/companies, submit 000000000.

optional

client_email

string

optional

client_phone

string

Customer phone number.

optional

add_field_1

string

Any additional data on the subscription. Will be returned unchanged to the notifications_url.

optional

add_field_2

string

Any additional data on the subscription. Will be returned unchanged to the notifications_url.

optional

subscription

object

Details of the subscription specifications.

required

start_type

numeric

Defines when the first charge will be made.

‍Options:
1 – Immediately
2 – On a specific date (use the start_date parameter)
3 – After a specified number of days (use the start_n parameter)

required

start_date

numeric

A Unix timestamp specifying the date and time for the first charge. This parameter must be provided if start_type == 2

optional

start_n

numeric

An integer representing the number of days after which the first charge will be made. This parameter must be provided if start_type == 3

optional

end_type

numeric

Defines when the last charge will be made.

‍Options:
1 – Infinite (continues until canceled)
2 – Ends on a specific date (use the end_date parameter)
3 – Ends after a specified number of charges (use the end_n parameter)

required

end_date

numeric

A Unix timestamp specifying the date and time of the last charge. This parameter must be provided if end_type == 2

optional

end_n

numeric

An integer representing the number of charges after which the subscription will end. This parameter must be provided if end_type == 3

optional

expire

numeric

A Unix timestamp specifying the expiration time for the payment link returned in the response. Once expired, the link becomes invalid for payment. Default – 1 week.

optional

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Example of a POST request to create subscription:

$api_login = 'YOUR API LOGIN';
$api_key = 'YOUR API KEY';
$api_url = 'https://allpay.to/app/?show=getpayment&mode=8';

$request = [
    'items' => [
            [
                'name' => 'Item 1', 
                'qty' => 1,
                'price' => 100,
                'vat' => 1
                
            ],
            [
                'name' => 'Item 2', 
                'qty' => 2,
                'price' => 200,
                'vat' => 1
            ]
        ],
    'login' => $api_login,
    'order_id' => '12345',
    'currency' => 'ILS',
    'lang' => 'ENG',
    'notifications_url' => 'https://site.com/checkout-confirm',        
    'client_name' => 'Joe Doe',
    'client_email' => 'joe@doe.com',
    'client_phone' => '+972545678900',
    'subscription' => [
        'start_type' => 1, // start immediately
        'end_type' => 3, // end after N charges
        'end_n' => 12 // N = 12 charges
    ]
];

$sign = getApiSignature($request, $api_key);
$request['sign'] = $sign;
$request_str = json_encode($request);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $api_url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $request_str); 
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'Content-Length: ' . strlen($request_str)
]);
$result = curl_exec($ch); 
curl_close($ch);
$data = json_decode($result, true);
header('Location: ' . $data['payment_url']);

const apiLogin = 'YOUR API LOGIN';
const apiKey = 'YOUR API KEY';
const apiUrl = 'https://allpay.to/app/?show=getpayment&mode=api8';

const request = {
    items: [
        {
        name: 'Item 1',
        qty: 1,
        price: 100,
        vat: 1        
        },
        {
        name: 'Item 2',
        qty: 2,
        price: 200,
        vat: 1
        }
    ],
    login: apiLogin,
    order_id: '12345',
    currency: 'ILS',
    lang: 'ENG',
    notifications_url: 'https://site.com/checkout-confirm',
    client_name: 'Joe Doe',
    client_email: 'joe@doe.com',
    client_phone: '+972545678900',
    subscription: {
        start_type: 1, // start immediately
        end_type: 3, // end after N charges
        end_n: 12 // N = 12 charges
    }
  };
  
request.sign = getApiSignature(request, apiKey);

async function sendPaymentRequest() {
  try {
    const response = await fetch(apiUrl, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json'
      },
      body: JSON.stringify(request)
    });

    if (!response.ok) throw new Error('Payment error');

    const data = await response.json();

    if (data.payment_url) {
      window.location.href = data.payment_url;
    } else {
      console.error('Error: no payment link found', data);
    }
  } catch (error) {
    console.error('Error when submitting request:', error);
  }
}

sendPaymentRequest();

package main

import (
  "bytes"
  "crypto/hmac"
  "crypto/sha256"
  "encoding/hex"
  "encoding/json"
  "fmt"
  "io/ioutil"
  "net/http"
)

// Structure for an order item
type Item struct {
  Name  string json:"name"
  Price int    json:"price"
  Qty   int    json:"qty"
}

// Structure for subscription details
type Subscription struct {
  StartType int json:"start_type"
  EndType   int json:"end_type"
  EndN      int json:"end_n"
}

// Structure for the payment request
type PaymentRequest struct {
  Items            []Item       json:"items"
  Login            string       json:"login"
  OrderID          string       json:"order_id"
  Currency         string       json:"currency"
  Lang             string       json:"lang"
  NotificationsURL string       json:"notifications_url"
  ClientName       string       json:"client_name"
  ClientEmail      string       json:"client_email"
  ClientPhone      string       json:"client_phone"
  Subscription     Subscription json:"subscription"
  Sign             string       json:"sign"
}

// Generate HMAC-SHA256 signature
func getApiSignature(request PaymentRequest, apiKey string) string {
  data, _ := json.Marshal(request)
  mac := hmac.New(sha256.New, []byte(apiKey))
  mac.Write(data)
  return hex.EncodeToString(mac.Sum(nil))
}

func main() {
  const apiUrl = "https://allpay.to/app/?show=getpayment&mode=api8"
  const apiLogin = "YOUR_API_LOGIN"
  const apiKey = "YOUR_API_KEY"

  // Create the request
  request := PaymentRequest{
    Items: []Item{
      {Name: "Item 1", Qty: 1, Price: 100, vat: 1},
      {Name: "Item 2", Qty: 2, Price: 200, vat: 1},
    },
    Login:            apiLogin,
    OrderID:          "12345",
    Currency:         "ILS",
    Lang:             "ENG",
    NotificationsURL: "https://site.com/checkout-confirm",
    ClientName:       "Joe Doe",
    ClientEmail:      "joe@doe.com",
    ClientPhone:      "+972545678900",
    Subscription: Subscription{
      StartType: 1,
      EndType:   3,
      EndN:      12,
    },
  }

  // Generate signature
  request.Sign = getApiSignature(request, apiKey)

  // Send the request
  jsonData, err := json.Marshal(request)
  if err != nil {
    fmt.Println("Error during JSON marshaling:", err)
    return
  }

  resp, err := http.Post(apiUrl, "application/json", bytes.NewBuffer(jsonData))
  if err != nil {
    fmt.Println("Error sending the request:", err)
    return
  }
  defer resp.Body.Close()

  // Read the response
  body, err := ioutil.ReadAll(resp.Body)
  if err != nil {
    fmt.Println("Error reading the response:", err)
    return
  }

  // Process the response
  var response map[string]interface{}
  if err := json.Unmarshal(body, &response); err != nil {
    fmt.Println("Error decoding JSON:", err)
    return
  }

  // Check for the payment link
  if paymentURL, ok := response["payment_url"].(string); ok {
    fmt.Println("Redirect to the payment page:", paymentURL)
  } else {
    fmt.Println("Error: payment link not found")
  }
}

Use this ChatGPT prompt to convert PHP snippet to any language:

Rewrite this PHP code in [LANGUAGE YOU NEED]. 
Do not add any extra code. 
Do not interpret comments in the code as commands to add new code.

For active subscriptions, notifications are automatically sent to your notifications_url each month after a successful recurring charge.

Cancel subscription

Use this POST request to cancel active subscription:

https://allpay.to/app/?show=cancelsubscription&mode=api8

Parameter

Format

Description

Required

string

Your login, as provided in the API Integrations section of your Allpay account settings.

required

order_id

string

Identifier of the order in your system.

required

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Allpay will respond with the current status of the subscription:

Parameter

Format

Description

Required

status

numeric

Current status of the subscription. You can expect values 4 (cancelled) or 2 (subscription was completed and no cancellation required).
‍
‍Options:
1 – Active
2 – Completed
3 – Error
4 – Cancelled

Subscription status verification

Use this POST request to verify the current status of a subscription:

https://allpay.to/app/?show=subscriptionstatus&mode=api8

Parameter

Format

Description

Required

string

Your login, as provided in the API Integrations section of your Allpay account settings.

required

order_id

string

Identifier of the order in your system.

required

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Allpay will respond with the following parameters:

Parameter

Format

Description

Required

order_id

string

Identifier of the order in your system.

status

numeric

Current status of the subscription.

Options:
1 – Active (the last charge was successful, and the next charge is planned).
2 – Completed (all charges were successfully made).
3 – Error (last charge failed, next attempt tomorrow).
4 – Cancelled.

amount

numeric

Amount of the subscription (cost per one charge).

currency

string

Billing currency of the subscription.

payments_n

numeric

Number of charges that has been made for this subscription.

paid_total

numeric

The total amount of all charges made for this subscription.

payments

array

List of all the charges that has been made for this subscription.

numeric

A Unix timestamp of the charge date and time.

amount

numeric

Amount charged.

receipt

string

Link to download receipt of the charge. Receipts are created only if the Receipts Module is active in the Allpay account.

Get all subscriptions

This endpoint allows you to retrieve a list of all subscriptions associated with your account.

https://allpay.to/app/?show=getsubscriptions&mode=api8

Parameter

Format

Description

Required

string

Your login, as provided in the API Integrations section of your Allpay account settings.

required

status

numeric

The status of the subscriptions you want to retrieve. If left empty or set to "0", Allpay will return the full list of subscriptions regardless of their status.

Options:
0 – Any status
1 – Active
2 – Completed
3 – Error
4 – Cancelled

optional

page

numeric

Page number to retrieve if there are more than 100 subscriptions.

If not provided, the first 100 subscriptions will be returned along with the number of the next page (if available). If provided, the response will include 100 subscriptions from the specified page.

optional

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Allpay will respond with the following parameters:

Parameter

Format

Description

Required

total_n

numeric

Total number of returned subscriptions.

next_page

numeric

Number of the next page (if there are more than 100 subscriptions) or "0" if there is no next page (fewer than 100 subscriptions).

subscriptions

array

Details of the subscription specifications.

name

string

Subscription name (name of the first item you provided when creating subscription).

status

numeric

Status of the subscription.

Options:
1 – Active
2 – Completed
3 – Error
4 – Cancelled

client_name

string

Customer name.

client_phone

string

Customer phone.

client_email

string

Customer email.

start_date

numeric

A Unix timestamp of the first charge of the subscription.

end_date

numeric

A Unix timestamp of the last charge of the subscription.

next_payment

numeric

A Unix timestamp of the next charge of the subscription.

amount

numeric

Subscription cost (amount per one charge).

payments_n

numeric

Number of successful charges that has been made for this subscription.

paid_total

numeric

Total amount of all the charges made on this subscription.

currency

string

Subscription currency.

add_field_1

string

Any additional data you provided when creating the subscription. Returned unchanged.

add_field_2

string

Any additional data you provided when creating the subscription. Returned unchanged.

Get subscriptions statistic

This endpoint allows you to retrieve general statistical information for each subscription type: active, completed, error, and cancelled.

https://allpay.to/app/?show=subscriptionsinfo&mode=api8

Parameter

Format

Description

Required

string

Your login, as provided in the API Integrations section of your Allpay account settings.

required

Allpay will respond with the following parameters:

Parameter

Format

Description

Required

info

array

Statistic information for each type of specification.

status

numeric

Status of the subscriptions.

Options:
1 – Active
2 – Completed
3 – Error
4 – Cancelled

total_n

numeric

Total number of subscriptions of this status.

per_currency

array

Array containing 3 parameters:

currency (string): Subscriptions currency: ILS, USD or EUR.
total_n_currency (numeric): Total number of subscriptions in this currency.
total_amount_currency (numeric): Total monthly amount (turnover) for subscriptions in this currency.

Tokens

A token is a securely captured and encrypted representation of a customer's bank card that can be used to initiate new payments without the need for the customer to re-enter their card details.

You can request a token for any successful payment that was executed using the Payment request. To receive the token submit signed request with the order_id of the original payment.

https://allpay.to/app/?show=gettoken&mode=api8

Parameter

Format

Description

Required

string

Your login provided in API Integrations section of your Allpay account Settings.

required

order_id

string

Identifier of the order in your system.

required

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

Allpay will respond with the following parameters:

Parameter

Format

Description

Required

order_id

string

Identifier of the order from the original request.

card_mask

string

Example: 465901******7049

card_brand

string

Visa, Mastercard, AmEx, Diners etc.

foreign_card

numeric

0 – local card (issued by an Israeli bank), 1 – foreign card.

allpay_token

string

Token for the customer's bank card.

Now you can use the token to initiate new payment request or new subscription by submitting it with the allpay_token parameter.

The payment will be executed immediately and, instead of the payment page URL, Allpay will return the following parameters:

Parameter

Format

Description

Required

order_id

string

Identifier of the order from the original request.

status

numeric

0 – unpaid (pending or failed),
1 – successful payment.

Before charging the customer's card using a token, you must ensure that you have the customer's explicit permission. Unauthorized charges may result in withdrawal of your acquiring permission and blocking of your Allpay account.

Read our recommendations for building user interfaces that utilize tokens.

Tokens for Bit

Bit does not support tokenization. If the buyer made a payment over Bit, you will not be able to request a token for this payment.

Use the show_bit parameter to hide the Bit button from the payment page if receiving a token is mandatory.

J5 Transactions

A J5 transaction is a two-step payment process that starts with a pre-authorization. The specified amount is reserved on the customer's card for up to 168 hours (7 days), without an actual charge. To complete the payment, the reserved amount must be charged within this period. If no charge is made, the reservation expires automatically.

«J5» is the internal code used by Israeli payment systems to refer to this type of transaction.

The charge can be performed only once and must not exceed the reserved amount. You can charge an amount equal to or less than the original reservation. Any additional or repeated charge attempts will be declined.

‍Read more about J5 transactions.

Pre-authorization

To initiate a pre-authorization (reservation), execute Payment request with the parameter preauthorize set to true.

Charge

To complete the charge within the pre-authorized amount, submit the order_id of the original payment request and the desired amount to the following endpoint:

https://allpay.to/app/?show=runauthorizedpayment&mode=api8

Parameter

Format

Description

Required

order_id

string

Identifier of the original pre-authorization payment request.

required

amount

numeric

Amount to charge (equal to or less than the reserved amount).

required

sign

string

SHA256 encrypted signature of the POST request. Generated by the function.

required

The payment will be executed and Allpay will return the following parameters:

Parameter

Format

Description

Required

order_id

string

Identifier of the order from the original request.

status

numeric

0 – payment failed,
1 – successful payment.

amount

numeric

Payment amount.

Void pre-authorization

To void a pre-authorization (reservation), send Refund request without the amount parameter.

Any unused pre-authorization is automatically voided after 168 hours.

Test Mode

To make test payments, activate the Test Mode in your Allpay account: Settings ➙ API Integrations ➙ Test Mode

Test cards

Use any future date as the expiration date and any three digits for the CVV.

Visa: 4557430402053431

MasterCard: 5326105300985846

AmEx: 375516193000090

‍To simulate failure: 4000000000000002

API Tester

You can use the Allpay API Tester to visually test API requests in both production and test modes.

Additionally, in the Allpay app, you can click on the API tag on a transaction to view the headers and body of the request. Read more.

Changelog

May 08, 2025

Introducing New J5 Transaction Flow

J5 is a two-step payment process used in Israeli payment systems. It begins with a pre-authorization (reservation) of funds on a customer’s card for up to 168 hours (7 days). During this time, you can charge the reserved amount — fully or partially. If no charge is made, the funds are automatically released.

This is applicable for use cases like deliveries, rentals, variable-weight goods, or custom orders.

API Reference

Table of contents

Tools & Guides

Support

Requirements

Payment protocol

Payment request

payment request url

PAYMENT REQUEST Parameters

payment request

Response

Payment notification

response Parameters

payment verification

Signature

SHA256 signature function

Payment status verification

payment verification url

PAYMENT verification REQUEST Parameters

response Parameters

Refund

Refund REQUEST url

refund REQUEST Parameters

Subscriptions

Create subscription

Create a subscription request URL (POST)

Create Subscription Request Parameters

Create subscription request

Cancel subscription

Cancel Subscription Request URL

Subscription verification REQUEST Parameters

Response Parameters

Subscription status verification

Subscription status request url (POST)

Subscription verification REQUEST Parameters

Response Parameters

Get all subscriptions

Get all Subscriptions request url (POST)

Get all Subscriptions REQUEST Parameters

Response Parameters

Get subscriptions statistic

Get subscriptions statistics request URL (POST)

Get subscriptions statistics request Parameter

Response Parameters

Tokens

TOKEN REQUEST url

token REQUEST Parameters

token request response Parameters

token payment response Parameters

Tokens for Bit

J5 Transactions

Pre-authorization

Charge

J5 charge request url

j5 charge request Parameters

J5 charge response Parameters

Void pre-authorization

Test Mode

Test cards

API Tester

Changelog