paycheck API v1

1. Autentifikatsiya (HMAC)

Har so'rovga 3 ta sarlavha qo'shing:

• X-Merchant-Key — API key (pk_...)
• X-Timestamp — joriy unix vaqt (sekund). ±5 daqiqa amal qiladi.
• X-Signature — HMAC_SHA256(secret, "{timestamp}.{rawBody}") (hex)

Idempotency uchun (ixtiyoriy): Idempotency-Key: <unikal> — takror so'rovda eski to'lov qaytadi.

# PHP imzo namunasi
$ts   = time();
$body = json_encode(["amount"=>50000,"order_id"=>"A-1001"]);
$sig  = hash_hmac("sha256", $ts.".".$body, $secret);

2. To'lov yaratish

POST https://paycheck.inpay.uz/api/v1/create

{
  "amount": 50000,
  "order_id": "A-1001",
  "description": "Buyurtma #1001",
  "callback_url": "https://sayt.uz/webhook",   // ixtiyoriy
  "return_url": "https://sayt.uz/success"       // ixtiyoriy
}

Javob:

{
  "success": true,
  "data": {
    "payment_id": "uuid...",
    "order_id": "A-1001",
    "amount": 50000, "commission": 1000, "net_amount": 49000,
    "status": "created",
    "checkout_url": "https://paycheck.inpay.uz/checkout/..."
  }
}

Foydalanuvchini checkout_urlga yo'naltiring.

3. Holatni so'rash

POST https://paycheck.inpay.uz/api/v1/status — {"payment_id":"..."} yoki {"order_id":"A-1001"}

status: created → pending → paid / failed / expired / refunded

4. Balans va pul chiqarish

POST https://paycheck.inpay.uz/api/v1/balance → {balance, available, currency}

POST https://paycheck.inpay.uz/api/v1/payout — {"amount":100000,"method":"card","details":"8600...."}

POST https://paycheck.inpay.uz/api/v1/refund — {"payment_id":"..."}

5. Webhook (bizdan sizga)

To'lov holati o'zgarganda callback_urlga POST yuboramiz:

• X-Paycheck-Event: payment.paid | payment.refunded
• X-Paycheck-Signature: HMAC_SHA256(secret, rawBody) — tekshiring!

2xx qaytaring. Aks holda 1,5,15,60,360 daqiqada qayta urinamiz.

Xato formati

{ "success": false, "error": { "code": "amount", "message": "..." } }