fumopay docs (beta)

Refund transaction

Request

For below {code} needs to be replaced with your transaction's code.

Live

POST https://fumopay.app/transaction/refund/{code}

Test

POST https://fumopay.dev/transaction/refund/{code}

Payload

{
    "profile_key": "your public key",
    "amount": 100,
    "currency": "GBP",
    "transaction_id": "transaction code",
    "to_account": {
        "name": "name",
        "scheme": "Number scheme",
        "number": "number",
        "bank_id": 1,
    },
    "signature": "Signed fields"
}

Field descriptions

fieldusage
profile_keyThis is your public key from the profile that you are using
amountThe amount in minor units, eg. £1.34 is 134
currency3 digit ISO currency code. This currently only accepts GBP
transaction_idTransaction code
to_accountThis is the account where the returns should be sent to. Retrieve this detail via the get endpoint
nameThe customer's account name
schemeUK.OBIE.SortCodeAccountNumber or UK.OBIE.IBAN. See number for more details
numberIf scheme above is UK.OBIE.SortCodeAccountNumber then number follows the format {sort code}{account number} for a total of 6+8=14 numeric digits. If it is UK.OBIE.IBAN then this needs to contain the customer's IBAN
bank_idThe bank id for the customer's bank as retrieved from bank API. Please note that the bank must support refunds. This is checked via the existence of the receive_only field
signatureThe signed request which is detailed below

Request signing

The signature is the concatenation of certain fields which is then given a SHA512 hash which is finally base64 encoded. In pseudo code as follows:

strToHash = transaction_id + profile_key + currency + amount + secret_key
hash = sha512(strToHash)
signature = base64.encode(hash)

The secret key is from the profile that you are using.

See code examples below.

Response

{
    "result": "1",
    "error": "error description",
    "url": "a fumopay url"
}

Field descriptions

fieldusage
resultThe result of the call. Please see status codes
errorThe error message if not successful
urlThe url to complete the refund.

Signing Code examples

JavaScript

let toHash = `${transaction_id}${profile_key}${currency}${amount}${secret_key}`
const msgUint8 = new TextEncoder().encode(toHash)
const hashBuffer = await crypto.subtle.digest("SHA-512", msgUint8)
let signature = window.btoa(String.fromCharCode(...new Uint8Array(hashBuffer)))

PHP

$strToHash = implode('',[$transaction_id, $profile_key, $currency, $amount, $secret_key]);
$hashed = hash("sha512", $strToHash, true);
$signature = base64_encode($hashed);

Golang

stringToHash := fmt.Sprintf("%s%s%s%s%s", transaction_id, profile_key, currency, amount, secretKey)
hash := sha512.New()
hash.Write([]byte(stringToHash))
signature := base64.StdEncoding.EncodeToString(hash.Sum(nil))

Python

stringToHash = "".join([transaction_id, profile_key, currency, amount, secretKey])
hash = hashlib.sha512(stringToHash.encode('utf-8'))
signature =  base64.b64encode(hash.digest()).decode("utf-8")

Dart

final strtoHash = transaction_id + profile_key + currency + amount + secretKey;
var bytes = utf8.encode(strtoHash);
var digest = sha512.convert(bytes);
var signature = base64.encode(digest.bytes);