Overview
Signature Generation
; as a separator: the name of the called script (from the last / to the end of the string or ?).All message fields in alphabetical order, including the random string pg_salt (consisting of any number of digits and Latin letters), with the following rules:
The payment password (secret_key), which is set in the merchant’s settings and known only to the merchant and the Aggregator.
The resulting concatenated string is used to compute an MD5 hash, which is then added to the request or response as an additional parameter sig. The MD5 hash is written as a lowercase hexadecimal string (32 characters).
Signature Generation Script (for Testing)
Error codes
| Error Code | Description | Condition |
|---|---|---|
| 4001 | Multiple payments found for the order | More than one payment with pg_order_id exists |
| 4002 | Payment not found for the given data | No payment matches pg_order_id |
| 4003 | Invalid status for refund | Payment is not in success status |
| 4004 | Refund already initiated for this payment | A refund process is already running; new refunds are rejected (no pg_sig in response). |
| 4005 | No permission to refund this payment | Merchant lacks refund rights |
| 4006 | Invalid refund amount (insufficient funds) | Amount exceeds available balance |
| 4007 | Unknown error during refund processing | Internal refund creation error |