Initiating a Payment
To initiate an APM payment, send an HTTP POST request to the Exirom APM payments endpoint. In production, the endpoint URL will be something like:
POST https://${host}/api/v1/payments/apmReplace ${host} with the appropriate API hostname (for example, api.exirom.com for the live environment).
Request Headers
Include the following HTTP headers in your payment request:
Content-Type: application/jsonAuthorization: Bearer <AUTH_TOKEN>– Replace<AUTH_TOKEN>with the actual API token obtained from Exirom’s authorization service.Referer: <REFERER_URL>– Replace<REFERER_URL>with your website’s URL or the relevant referring page URL (used by Exirom for security and context).
Request Body Fields
The body of the request should be a JSON object containing the following fields:
| Field | Type | Required | Description |
|---|---|---|---|
requestId | String | Yes | A unique identifier for the payment request (generated by you to track the request). |
accountId | String | Yes | Your merchant account identifier with Exirom. |
apmPayload | Object (ApmPayload) | Yes | Payment method-specific payload details. This object will contain fields required by the specific APM being used (consult the documentation for that payment method). |
amount | String | Yes | Transaction amount as a string. (Use string format to preserve decimal precision.) |
currency | String | Yes | Currency code in ISO 4217 format (e.g., "USD", "EUR"). |
metadata | Map<String, String> | No | Additional metadata as key–value pairs (optional custom data related to the transaction). |
order | Object (Order) | Yes | Order information for this transaction (see Order object details below). |
billingDetails | Object (ApmBillingDetails) | Yes | Customer billing details (see ApmBillingDetails object details below). |
device | Object (Device) | Yes | Device and browser information (see Device object details below). |
callbackUrl | String | No* | URL on your server to receive callback notifications about transaction status (e.g., payment completed or failed). |
successRedirectUrl | String | No* | URL to which the customer should be redirected after a successful payment (typically a “thank you” or order confirmation page). |
failureRedirectUrl | String | No* | URL to which the customer should be redirected after a failed payment. |
checksum | String | Yes | HMAC-SHA256 signature of the request data used for verifying the request’s integrity. (See Exirom’s Checksum Authentication Guide for how to compute this.) |
Note: Fields marked with No* are not required for every integration by default, but certain payment methods or configurations may require them. For example, some APM providers might mandate a
callbackUrlto be set, or specific billing details to be provided. Always check the requirements of the specific APM you are integrating.
The billingDetails, device, and order fields in the request body are objects that contain detailed sub-fields as described below:
ApmBillingDetails Object
This object contains information about the customer’s billing details. Fields are typically optional unless required by a specific payment method or regional regulation:
| Field | Type | Required | Description |
|---|---|---|---|
externalUserId | String | No* | An external identifier for the customer (e.g., a user ID in your system). |
firstName | String | No* | Customer’s first name. |
lastName | String | No* | Customer’s last name. |
address1 | String | No* | Billing address line 1 (street address). |
city | String | No* | City of the billing address. |
state | String | No* | State or province of the billing address. |
country | String | No* | Country of the billing address (ISO 3166-1 alpha-2 country code, e.g., "US" or "GB"). |
postalCode | String | No* | ZIP or postal code. |
phone | String | No* | Customer’s phone number. |
email | String | No* | Customer’s email address (in a valid email format). |
dateOfBirth | String | No* | Customer’s date of birth (often required for certain payment methods). |
ssn | String | No* | Social Security Number or similar national ID (if applicable). |
identityCode | String | No* | Other government-issued identity code or national ID (if applicable). |
Note: Billing detail fields are generally optional by default, but specific APMs or local regulations may require some of them (for example, certain methods might require
firstName/lastNameor anidentityCode. Refer to the documentation of the specific APM provider to determine which of these fields are necessary.
Device Object
The device object carries information about the customer’s device and browser, often used for fraud prevention or additional authentication:
| Field | Type | Required | Description |
|---|---|---|---|
deviceId | String | No* | A unique identifier for the device (if available). |
fingerprintData | String | No* | Device/browser fingerprint data for risk analysis. |
ip | String | No* | IP address of the customer’s device. |
accept | String | No* | HTTP Accept header sent by the browser. |
acceptLanguage | String | No* | HTTP Accept-Language header from the browser. |
acceptHeader | String | No* | Full contents of the HTTP Accept header. |
userAgent | String | No* | User-Agent string of the browser. |
javaEnabled | Boolean | No* | Whether Java is enabled in the browser. |
javaScriptEnabled | Boolean | No* | Whether JavaScript is enabled in the browser. |
deviceLanguage | String | No* | Language setting of the device or browser. |
colorDepth | String | No* | Color depth of the device’s screen (in bits). |
screenHeight | String | No* | Screen height in pixels. |
screenWidth | String | No* | Screen width in pixels. |
deviceTimezone | String | No* | Timezone of the device (typically offset or region name). |
Note: As with billing details, all device fields are optional by default. However, providing as many as possible can help with risk assessment and may be required by some payment methods for compliance or fraud checks.
Order Object
The order object contains information about the purchase or order related to the payment:
| Field | Type | Required | Description |
|---|---|---|---|
date | String | No* | Date when the order was created (e.g., "2025-07-29T12:34:56Z" or another standard format). |
orderId | String | No* | A unique identifier for the order (generated by you). |
title | String | No* | A brief title of the order (e.g., "Payment for Order #1234"). |
siteId | String | No* | Identifier for the website or store where the order was placed (if you operate multiple sites or platforms). |
name | String | No* | Name associated with the order (this could be a customer name or a project name, depending on context). |
domainName | String | No* | Domain name of the site where the order was placed (e.g., "example.com"). |
Note: Order fields are optional by default. The
itemsarray can be used to pass detailed breakdown of the order (for example, list of products or services purchased), though not all integrations require it. If provided, each item initemscan include fields likename,quantity,price(as illustrated in the example below).
Example Payment Request
{
"requestId": "req-123456789",
"accountId": "12345",
"apmPayload": {
"paymentMethod": "ExPay", //All the payment methods are defined in the section below
"paymentType": "E_WALLET" //All the payment types are defined in the section below
// Additional ExPay-specific fields would go here
},
"amount": "100.00",
"currency": "USD",
"callbackUrl": "https://merchant.example.com/callbacks/payments",
"billingDetails": {
"firstName": "John",
"lastName": "Doe",
"email": "[email protected]",
"phone": "+1234567890",
"address1": "123 Main St",
"city": "New York",
"state": "NY",
"country": "US",
"postalCode": "10001"
},
"order": {
"date": "2025-08-06T09:30:30Z",
"orderId": "order-345678",
"title": "Affiliate Payment",
"siteId": "site-123",
"name": "August Affiliate Payment",
"domainName": "affiliates.example.com"
},
"metadata": {
"customField1": "value1",
"customField2": "value2"
},
"checksum": "<HMAC-SHA256 signature>"
}
In the above example:
- The paymentMethod and paymentType in
apmPayloadspecify the APM (ExPay e-wallet in this case). - The
checksumwould be computed by your server using a secret (not shown) according to Exirom’s checksum guidelines. callbackUrlis set so that the merchant’s server will receive a notification when the payment completes.successRedirectUrlandfailureRedirectUrlare omitted in this example, meaning the customer will remain on the APM’s page or default flow after payment (or you will handle redirection via the response data, explained next).
Updated 8 days ago