BLIK

1 Introduction

BLIK payment can be integrated and authorized in several ways. The basic authorization method is with a BLIK code, generated by the customer in the bank's mobile application. Also it is possible to authorize BLIK payment with UID token, which allows for one-click payments - without leaving the shop's website. Choosing authorization method is dependant on the payment integration scenario:

  • Redirecting to the BLIK payment page – after choosing BLIK payment method and placing an order, the customer is redirected to the BLIK website, where they enter a BLIK authorization code and then confirm the payment in the bank's mobile app. The integration is limited to a standard pay-by-link service.
  • Transparent payment with a BLIK authorization code – the customer enters a BLIK authorization code while still on the shop's website, and confirms the payment in the bank's mobile app after placing the order. The integration requires support for entering a BLIK authorization code on the shop's website. In return, the customer receives a simpler and more secure payment authorization process, without having to be redirected outside the shop.
  • Transparent payment with the UID token – the customer authorizes the payment with one click on the shop's website. Confirmation of payment in the bank's mobile application may not be necessary. Choosing this service requires a full implementation of: the token registration process on the shop side, the token payment and BLIK authorization code input handling. As a result, the customer will receive the payment options with one-click and a BLIK authorization code.
The UID token payment service is not available by default and requires meeting certain requirements as well as going through a boarding process accordingly. Therefore, before proceeding with the integration, contact your account manager at PayU.
Every BLIK service except for the Redirecting to the BLIK payment page requires a special point of sale configuration by the PayU. The configuration allowing „Transparent payment with a BLIK authorization code” and „Transparent payment with the UID token” is not compatible with „Redirecting to the BLIK payment page” and it requires a separate point of sale.

2 Integration scenarios

2.1 Payment with redirection to the BLIK payment page

Placing an order with redirection to the BLIK payment page:

  1. The customer selects the BLIK payment method.
  2. The shop authenticates with PayU by retrieving an OAuth token.
  3. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  4. PayU registers transaction with BLIK and returns an OrderCreateResponse to the shop with the ID of the created order.
  5. The shop redirects the customer to the BLIK payment page.
  6. The customer enters a BLIK authorization code.
  7. BLIK sends a notification to the mobile application of the customer's bank, from which the BLIK authorization code was generated, that the payment must be authorized.
  8. The customer authorizes the payment in the bank's mobile application.
  9. The customer is notified of the transaction status and is redirected to the shop page.

2.2 Payment with redirection to the PayU payment page

Placing an order with redirection to the PayU payment page:

  1. The shop authenticates with PayU by retrieving an OAuth token.
  2. The customer is redirected to the PayU payment page
  3. The customer selects the BLIK payment method.
  4. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  5. PayU registers transaction with BLIK and returns an OrderCreateResponse to the shop with the ID of the created order.
  6. The customer is redirected to the BLIK payment page.
  7. The customer enters a BLIK authorization code.
  8. BLIK sends a notification to the mobile application of the customer's bank, from which the BLIK authorization code was generated, that the payment must be authorized.
  9. The customer authorizes the payment in the bank's mobile application.
  10. The customer is notified of the status of the transaction and is redirected to the shop page.

2.3 Payment with a BLIK authorization code

When placing an order, the customer has the option to enter a BLIK authorization code on the shop's website. The shop should be able to handle basic service scenarios:

Placing an order for the transparent payment with BLIK authorization code:

  1. The shop presents field to enter a BLIK authorization code.
  2. The customer generates a BLIK authorization code in the bank's mobile application, and enters it on the shop's website.
  3. The shop authenticates with PayU by retrieving an OAuth token.
  4. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  5. PayU registers transaction with BLIK and returns an OrderCreateResponse to the shop with the ID of the created order.
  6. The shop displays relevant information to the customer.
  7. BLIK sends a notification to the mobile application of the customer's bank, from which the BLIK authorization code was generated, that the payment must be authorized.
  8. The customer authorizes the payment in the bank's mobile application.
  9. The shop receives a notification that the payment has been authorized.

Unsuccessful order request for transparent payment with BLIK authorization code - invalid BLIK code:

  1. The shop presents field to enter a BLIK authorization code.
  2. The customer generates a BLIK authorization code in the bank's mobile application, and enters it on the shop's website.
  3. The shop authenticates with PayU by retrieving an OAuth token.
  4. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  5. PayU registers transaction with BLIK and receives information about invalid BLIK code.
  6. PayU returns an OrderCreteResponse with appropriate error code and the ID of created order.
  7. The shop displays an error message to the customer.

2.4 UID token payment

Before displaying available payment methods, the shop retrieves them and checks if the customer has the UID token.

If the customer already has the UID token, the default service presented in the shop, for the BLIK payment method, should be the UID token payment. Additionally, the customer should have a possibility to optionally enter a BLIK authorization code on the shop's website - this option is necessary for the service to work as intended.

The UID token allows payment authorization by assigning the customer's bank mobile application to the token. When the customer selects UID token payment, the BLIK sends notification to the token-associated mobile application, where the customer can authorize the payment. If the customer cannot confirm the payment on the mobile application originally associated with the UID token, they can choose to enter a BLIK authorization code - what allows them to continue the payment process.

Entering a BLIK authorization code from a different bank's mobile application than the one associated with the token, will result in another bank's mobile application being linked to it. A list of banks mobile applications associated with the customer's UID token is returned during retrieving payment methods. If the customer has more than one bank mobile application asociated with the UID token, the shop is required to display a list of available associations. It is neccessary so that the customer knows which bank's mobile application they need to authorize the payment.

NOTE! In the previous version of this process, information about the assignment of more than one bank mobile application to the UID token was sent to the shop in an error response (OrderCreateResponse). Within this response the shop received a complete list of the banks mobile applications associated with the UID token. To complete the order the shop sent new OrderCreateRequest with the customer chosen, specific bank's mobile application.

The UID token registration requires the customer to save it at the payment authorization stage in the bank mobile application. Token registration always takes place in the context of a BLIK code authorization, so the token is associated with the bank's mobile application in which the BLIK code was generated.

De-registration of the UID token is done at the request of the customer in their bank mobile application. The token will be deleted once all of its associations with mobile bank applications have been removed.

When paying with BLIK while using the UID token, customer can pay without the need to authorize payments in the bank's mobile application. Ask your PayU account manager about details of such solution.

Placing an order for transparent payment with a BLIK authorization code and the UID token registration:

  1. The shop authenticates with PayU in context of the customer by retrieving an OAuth token.
  2. The shop uses returned OAuth token to send a new request for retrieving payment methods.
  3. PayU does not return the UID token.
  4. The shop presents payment with a BLIK authorization code as a default BLIK payment option.
  5. The customer pays for the order by entering a BLIK authorization code from the bank's mobile application.
  6. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  7. PayU registers transaction with BLIK, along with the request to create the UID token, and returns an OrderCreateResponse to the shop with the ID of the created order.
  8. The shop displays relevant information to the customer.
  9. BLIK sends a payment authorization notification to the bank mobile application which has been associated with the UID token during its registration.
  10. The customer authorizes the payment in the bank's mobile application and saves the UID token.
  11. The shop receives a payment authorization notification.
  12. PayU receives information from BLIK that the customer has saved the UID token
  13. PayU activates the UID token for the customer.

Placing an order for the transparent payment with the UID token:

  1. The shop authenticates with PayU in context of the customer by retrieving an OAuth token.
  2. The shop uses returned OAuth token to send a new request for retrieving payment methods.
  3. PayU returns the UID token, associated with a single bank's mobile application.
  4. The shop presents the UID token payment as a default service within BLIK payment method.
  5. The customer pays for the order by selecting the UID token payment.
  6. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  7. PayU registers transaction with BLIK and returns an OrderCreateResponse to the shop with the ID of the created order.
  8. The shop displays relevant information to the customer.
  9. BLIK sends a notification about required payment authorization to the bank's mobile application which was associated with the UID token during its registration.
  10. The customer authorizes payment in the bank's mobile application.
  11. The shop receives payment authorization notification.

Placing an order for the transparent payment with the UID token, without customer's confirmation:

  1. The shop authenticates with PayU in context of the customer by retrieving an OAuth token.
  2. The shop uses returned OAuth token to send a new request for retrieving payment methods.
  3. PayU returns the UID token, associated with single bank's mobile application.
  4. The shop presents the UID token payment as a default service within BLIK.
  5. The customer pays for the order by selecting the UID token payment.
  6. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  7. PayU registers transaction with BLIK and returns an OrderCreateResponse to the shop with the ID of the created order.
  8. The shop displays relevant information to the customer.
  9. The shop receives a payment authorization notification.

Placing an order for the transparent payment with a BLIK authorization code, with the UID token registration for the customer who already has a token:

  1. The shop authenticates with PayU in context of the customer by retrieving an OAuth token.
  2. The shop uses returned OAuth token to send a new request for retrieving payment methods.
  3. PayU returns the UID token, associated with single bank's mobile application.
  4. The shop presents the UID token payment as a default service within BLIK.
  5. The customer chooses authorization by BLIK authorization code in the bank's mobile application.
  6. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  7. PayU registers transaction with BLIK along with a request to link another bank's mobile application and returns an OrderCreateResponse to the shop with the ID of the created order.
  8. The shop displays relevant information to the customer.
  9. BLIK sends a request to save the UID token to the banking mobile application, where the BLIK code was generated, along with a notification to authorize the payment.
  10. The customer authorizes the payment in the bank's mobile application and saves the UID token.
  11. The shop receives a payment authorization notification.
  12. PayU receives information from BLIK about the assignment of the UID token to the next mobile banking application.

Placing an order for the transparent payment with multiple banking mobile applications associated with the UID token:

  1. The shop authenticates with PayU in context of the customer by retrieving an OAuth token.
  2. The shop uses returned OAuth token to send a new request for retrieving payment methods.
  3. PayU returns the UID token, associated with single mobile banking application.
  4. The shop presents the UID token payment as a default service within BLIK, along with a list of associated mobile banking applications.
  5. The customer pays for the order by selecting the UID token payment for the specific bank's mobile application.
  6. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  7. PayU registers transaction with BLIK and returns an OrderCreateResponse to the shop with the ID of the created order.
  8. The shop displays relevant information to the customer.
  9. BLIK sends a notification about required payment authorization to the bank's mobile application which was chosen during payment process.
  10. The customer authorizes payment in the bank's mobile application.
  11. The shop receives a payment authorization notification.

Placing an order for the transparent payment with the UID token, when the token is associated with multiple bank mobile applications - previous process version (ambiguity):

  1. The shop authenticates with PayU in context of the customer by retrieving an OAuth token.
  2. The shop uses returned OAuth token to send a new request for retrieving payment methods.
  3. PayU returns the UID token, without associated mobile banking applications.
  4. The shop presents the UID token payment as a default service within BLIK.
  5. The customer pays for the order by selecting the UID token payment.
  6. The shop creates the order by sending an OrderCreateRequest with the OAuth token received from PayU.
  7. PayU registers transaction with BLIK and receives an ambiguity error - the request does not specify to which bank's mobile application the authorization notification should be sent.
  8. PayU returns an OrderCreateResponse with the corresponding error code and a list of banking mobile apps assigned to the used token.
  9. The shop displays a list of available mobile banking applications to the customer.
  10. The buyer chooses the bank's mobile app.
  11. The shop creates a new order by sending an OrderCreateRequest with information about the selected bank's mobile application.
  12. PayU registers transaction with BLIK and returns an OrderCreateResponse to the shop with the ID of the created order.
  13. The shop displays relevant information to the customer.
  14. BLIK sends a notification about required payment authorization to the bank's mobile application which was chosen during payment process.
  15. The customer authorizes the payment in bank's mobile application.
  16. The shop receives a payment authorization notification.

3 API integration

3.1 Payment with redirection to the BLIK page

Payment processing is done by creating an order in the form of OrderCreateRequest within REST API integration.

Request should be authorized with an OAuth token in grant_type=client_credentials mode included in the request header.

Created request should be consistent with following guidelines:

Authorization: Bearer <token oauth for grant_type=client_credentials>
Content-Type: application/json

Standard OrderCreateRequest should be expanded with payMethods section:

"payMethods": {
    "payMethod": {
        "type": "PBL",
        "value": "blik"
    }
}

Response for successful payment with redirection to the BLIK payment page:

{
    "status": {
        "statusCode": "SUCCESS"
    },
    "redirectUri": "<redirection address>",
    "orderId": "<id of created order>"
}

3.2 BLIK authorization code payment

Payment processing is done by creating an order in the form of OrderCreateRequest within REST API integration.

Request should be authorized with an OAuth token in grant_type=client_credentials mode included in the request header.

Created request should be consistent with following guidelines:

Authorization: Bearer <token oauth for grant_type=client_credentials>
Content-Type: application/json

Standard OrderCreateRequest should be expanded with buyer and payMethods section:

"buyer": {
    "email": "<customer's email address>"
},
"payMethods": {
    "payMethod": {
        "type": "BLIK_AUTHORIZATION_CODE",
        "value": "<BLIK authorization code>"
    }
}
Section Parameter Required Format Description
payMethod value Yes Number: 6 digits BLIK authorization code.

Older variants which will be discontinued in the future:

"payMethods": {
    "payMethod": {
        "type": "PBL",
        "value": "blik",
        "authorizationCode": "<BLIK authorization code>",
    }
}
"payMethods": {
    "payMethod": {
        "type": "BLIK_TOKEN",
        "authorizationCode": "<BLIK authorization code>",
    }
}

Responses for payment with BLIK authorization code:

{
    "status": {
        "statusCode": "SUCCESS"
    },
    "orderId": "<id of created order>"
}
{
    "status": {
        "statusCode": "<error group code>",
        "codeLiteral": "<error code>",
        "statusDesc": "<error description>"
    },
    "orderId": "<id of the created order>”
}
Http status Status code / Code literal Description
400 ERROR_AUTHORIZATION_CODE /
AUTH_CODE_EXPIRED
The authorization code has expired.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_EXCEEDED
The limit of the authorization code has been exceeded.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_CANCEL
The authorization code has been canceled.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_USED
The authorization code has been used already.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_INVALID
Incorrect authorization code.
ERROR_VALUE_INVALID /
INVALID_BLIK_CODE
Syntactically incorrect BLIK authorization code. BLIK authorization code should consist of 6 digits.
ERROR_VALUE_INVALID /
INVALID_AUTHORIZATION_CODE_USAGE
authorizationCode field cannot be used in this context.
ERROR_VALUE_INVALID /
INVALID_ALIAS_LABEL_PROPOSAL_USAGE
aliasLabelProposal field cannot be used during token payment.
ERROR_VALUE_INVALID /
INVALID_RECOMMENDED_AUTH_LEVEL_USAGE
recommendedAuthLevel field cannot be used in this context.
ERROR_VALUE_INVALID /
INVALID_APP_KEY_USAGE
appKey field cannot be used in this context.
ERROR_VALUE_MISSING /
MISSING_AUTHORIZATION_CODE
Validation error, the authorization code is expected.
ERROR_VALUE_MISSING /
INVALID_CURRENCY_CODE
Incorrect currency code. Supported currency: PLN.
ERROR_VALUE_MISSING /
MISSING_BUYER_EMAIL
Validation error, missing email field in buyer section.

3.3 Payment with a BLIK authorization code and the UID token registration

Payment processing is done by creating an order in the form of OrderCreateRequest within REST API integration.

Request should be authorized with an OAuth token in grant_type=trusted_merchant mode included in the request header.

Created request should be consistent with following guidelines:

Authorization: Bearer <token oauth for grant_type=trusted_merchant>
Content-Type: application/json

Standard OrderCreateRequest should be expanded with payMethods and buyer sections:

"buyer": {
    "extCustomerId": "<customer identifier in merchant system>",
    "email": "<customer email address>"
},
"payMethods": {
    "payMethod": {
        "type": "BLIK_AUTHORIZATION_CODE",
        "value": "<BLIK authorization code>",
        "blikData": {
            "aliasLabelProposal":"<label proposal given by a merchant>",
            "register": true
        }
    }
}
Section Parameter Required Format Description
buyer extCustomerId Yes The identifier of the customer in the merchant's system, within which the alias will be created.

The same extCustomerId must be used when retrieving oauth token
email Yes Customer's email address.
payMethod value Yes Number: 6 digits BLIK authorization code.
blikData aliasLabelProposal No String: 35 characters Alias label proposal associated with given mobile application.

This field can be used only during token registration.
register Yes Boolean: true, false Set to true specifies that an alias registration request will be sent. Set to false will result in payment with a T6 authorization code without token registration.

Older variants which will be discontinued in the future:

"buyer": {
    "extCustomerId": "<customer identifier in merchant system>",
    "email": "<customer email address>"
},
"payMethods": {
    "payMethod": {
        "type": "BLIK_TOKEN",
        "authorizationCode ": "<BLIK authorization code>",
        "blikData": {
            "register":true
        }
    }
}

Responses for payment with a BLIK authorization code and UID token registration:

{
    "status": {
        "statusCode": "SUCCESS"
    },
    "orderId": "<identifier of the created order>"
}
{
    "status": {
        "statusCode": "<błędów error group code>",
        "codeLiteral": "<error code>",
        "statusDesc": "<error description>"
    },
    "orderId": "<identifier of the created order>”,
    "blikData": { <specific data dependent on a particular error> }
}
Http Status Status code / Code literal Description
400 BUSINESS_ERROR /
TOKEN_PAYMENT_NOT_ALLOWED
Token payment flows requires additional agreement and configuration.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_EXPIRED
The authorization code has expired.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_LIMIT_EXCEEDED
The limit of the authorization code has been exceeded.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_CANCEL
The authorization code has been canceled.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_USED
The authorization code has been used already.
ERROR_AUTHORIZATION_CODE /
AUTH_CODE_INVALID
Incorrect authorization code.
ERROR_VALUE_MISSING /
MISSING_AUTHORIZATION_CODE
Validation error, the authorization code is expected.
ERROR_VALUE_INVALID /
INVALID_BLIK_CODE
Syntactically incorrect BLIK authorization code. BLIK authorization code should consist of 6 digits.
ERROR_VALUE_INVALID /
INVALID_AUTHORIZATION_CODE_USAGE
authorizationCode field cannot be used in this context.
ERROR_VALUE_INVALID /
INVALID_RECOMMENDED_AUTH_LEVEL_USAGE
recommendedAuthLevel field cannot be used in this context.
ERROR_VALUE_INVALID /
INVALID_APP_KEY_USAGE
appKey field cannot be used in this context.
ERROR_VALUE_MISSING /
INVALID_CURRENCY_CODE
Incorrect currency code. Supported currency: PLN.
ERROR_VALUE_MISSING /
MISSING_BUYER_EMAIL
Validation error, missing email field in buyer section.
ERROR_VALUE_MISSING /
MISSING_BUYER_EXT_CUSTOMER_ID
Validation error, missing extCustomerId field in buyer section.
ERROR_TOKEN /
AUTH_TOKEN_EXISTS
User with given extCustomerId already has an active payment token with a different value. When the user has another active token, it should be retrieved via paymethods. If the user has another token that has not been saved, a tokens array with the token value will appear in the response in the blikData object:
"tokens":[
  {
    "value":"<token value>",
    "type":"<token type>"
  }
]
                                
ERROR_TOKEN /
AUTH_TOKEN_NOT_ACTIVE
Used payment token has not beed saved by the customer.

3.4 UID token payments

Payment processing is done by creating an order in the form of OrderCreateRequest within REST API integration.

Request should be authorized with an OAuth token in grant_type=trusted_merchant mode included in the request header.

Created request should be consistent with following guidelines:

Authorization: Bearer <token oauth for grant_type=trusted_merchant>
Content-Type: application/json

Standard OrderCreateRequest should be expanded with payMethods and buyer sections:

"buyer": {
    "extCustomerId": "<customer identifier in the merchant system>",
    "email": "<customer email address>"
},
"payMethods": {
    "payMethod": {
        "type": "BLIK_TOKEN",
        "value": "<value of the token used for the authorization>",
        "blikData": {
            "appKey":"<identifier of the associated bank's mobile application>",
            "recommendedAuthLevel":"<NO_CONFIRMATION|REQUIRED_CONFIRMATION>",
        }
    }
}
Section Parameter Required Format Description
buyer extCustomerId Yes Customer identifier in merchant's system within which alias will be created.

The same extCustomerId must be used to retrieve oauth token.
email Yes Customer email address.
payMethod value Yes String: 64 characters UID token value which will be used for authorization, retrieved using the payMethods service.
blikData appKey Yes String: 20 characters The identifier of the customer's chosen bank mobile application within which the transaction authorization will take place.

In previous version of this process, where the merchant received an error regarding ambiguity (AUTH_TOKEN_NONUNIQUE) this field is not mandatory. This field is filled with the blikData/alternatives/appKey value returned with the error message.
recommendedAuthLevel No Possible values:
  • NO_CONFIRMATION,
  • REQUIRED_CONFIRMATION.
Proposed transaction authorization level, where NO_CONFIRMATION means no need for the buyer to confirm the transaction in the bank's mobile application.

The use of this parameter requires signing an appropriate annex and meeting certain compliance requirements. For more information, contact your PayU account manager.

Responses for payment with UID token:

{
    "status": {
        "statusCode": "SUCCESS"
    },
    "orderId": "<identifier of the created order>"
}
{
    "status": {
        "statusCode": "<error group code>",
        "codeLiteral": "<error code>",
        "statusDesc": "<error description>"
    },
    "orderId": "<identifier of the created order>",
    "blikData": { <specific data dependent on the particular error> }
}
Http Status Status code / Code literal Description
400 ERROR_TOKEN /
AUTH_CODE_NOT_FOUND
Specified payment token does not exist.
ERROR_TOKEN /
AUTH_TOKEN_NONUNIQUE
Used payment token is associated with multiple mobile banking applications. It is required to specify the specific mobile application to which the authorization request will be sent.
A list of banking applications assigned to the token will be returned along with an error in the OrderCreateResponse, in the blikData section.
"alternatives":[
  {
    "appKey":"<app id>",
    "appLabel":"<label>"
  },
  {
    "appKey":"<ap id>",
    "appLabel":"<label>"
 }
]
              
                                
ERROR_VALUE_MISSING /
INVALID_CURRENCY_CODE
Incorrect currency code. Supported currencies: PLN
ERROR_VALUE_MISSING /
MISSING_APPKEY
Validation error, bank's mobile application identifer is missing.
ERROR_VALUE_MISSING /
MISSING_BUYER_EMAIL
Validation error, email field missing in buyer section.
ERROR_VALUE_MISSING /
MISSING_BUYER_EXT_CUSTOMER_ID
Validation error, extCustomerId field missing in buyer section.
ERROR_VALUE_MISSING /
MISSING_AUTHORIZATION_CODE_OR_TOKEN
Validation error, authorization data is required - missing token.
ERROR_VALUE_INVALID /
INVALID_ALIAS_LABEL_PROPOSAL_USAGE
aliasLabelProposal field cannot be used during token payment.
ERROR_VALUE_INVALID /
AMBIGUOUS_AUTHORIZATION_USAGE
Two authorization methods have been specified; for token payment, only the value field, where the token will be placed, should be filled.
BUSINESS_ERROR /
RECOMMENDED_AUTH_LEVEL_NOT_ALLOWED
The option to select the authorization level has not been made available to the merchant. Please contact our customer service.
BUSINESS_ERROR /
RECOMMENDED_AUTH_LEVEL_USAGE_NOT_ALLOWED
RecommendedAuthLevel requires specific agreement and configuration.

4 Supporting services

This section provides information on services that allow to properly build and send a BLIK payment request.

4.1 OAuth token retrieval

Executing a UID token payment requires an OAuth token retrieval in grant_type=trusted_merchant mode, in ext_customer_id and email context. Description of the authentication service can be found in Signing API calls section.

4.2 Payment methods retrieval

Payment methods retrieval service also returns payment instruments, including the UID token. Using this service is necessary for the correct integration of the UID token payment process.

"blikTokens": [
    {
        "value": "<token value>",
        "type": "UID",
        "brandImageUrl": "<image file url address>",
        "bankApplicationReferences": [
            {
                "key": "<assignment identifier of a particaular mobile banking application>",
                "label": "<mobile banking application assignment label>"
            }
        ]
    }
]

blikTokens array specification:

Section Parameter Format Description
value String: 64 characters Token value.
type UID Token type.
brandImageUrl url A reference to an image file on the PayU server, representing the payment type.
bankApplicationReferences key String: 20 characters Unique key for assignment of particular banking application to a token.
The value of this field is inserted in the order in payMethod.blikData.appKey field.
label String: 35 characters The value of the label for assigning a particular banking application to a token.
A list of values for these fields is presented to the customer for selection when paying with the UID token.

4.3 Transaction data retrieval

Transaction data of particular order can be retrieved with transaction data retrieve service.

The resultCode field and the blik section may not appear if the handling of a particular transaction has not yet been completed:

{
    "transactions": [
        {
            "payMethod": {
                "value": "blik"
            },
            "paymentFlow": "<payment method handling mode>",
            "resultCode": "<result code np. REG_ERROR_AUTH_CODE_EXPIRED>".
            "blik”: {
                "txRef": "<transaction identifier assigned by BLIK>",
                "extTxRef": "<transaction identifier assigned by PayU>"
            }
        }
    ]
}

Description of parameters received in a response to the BLIK transaction data request for a given order:

Section Parameter Format Description
paymentFlow
  • BLIK_PBL
  • BLIK_AUTHORIZATION_CODE
  • BLIK_AUTHORIZATION_CODE_​_WITH_UID_TOKEN_REGISTERING
  • BLIK_UID_TOKEN
Defines how payments are handled.
resultCode Dictionary value Transaction handling result code.
payMethod value blik Payment method type.
blik txRef String The transaction identifier assigned by the BLIK system.
extTxRef String Transaction identifier assigned by PayU.

resultCode field specification, the value of which is one of the BLIK transaction result codes:

resultCode codeDescription
REG_ERROR_TOKEN_NONUNIQUE Used payment token is associated with multiple devices / banking applications. It is required to specify, in the appKey field, the identifier of banking application associated with the payment token. A list of available alternatives (banking applications) is returned in the response to OrderCreateRequest. A list of available alternatives can also be retrieved with the paymethods method, but only if merchant supports ambiguity handling.
REG_ERROR_TOKEN_NOT_FOUND Used payment token does not exist. Re-registration of the token with BLIK authorization code is required.
AUT_ERROR_TOKEN_DECLINED Refusal of the transaction processing for the submitted token, for security reasons. Re-registration of the token with BLIK authorization code is required.
REG_ERROR_AUTH_CODE_EXPIRED BLIK authorization code has expired.
REG_ERROR_AUTH_CODE_LIMIT_EXCEEDED The limit for the BLIK authorization code has been exceeded.
REG_ERROR_AUTH_CODE_CANCELED BLIK authorizaton code has beed canceled.
REG_ERROR_AUTH_CODE_USED BLIK authorization code has already been used.
REG_ERROR_AUTH_CODE_INVALID Incorrect BLIK authorization code.
REG_ERROR_USER_APP_NOT_ACTIVE User's banking application han not been registerd correctly. Contact bank to complete transaction.
REG_ERROR_ISSUER_TEMPORARY The bank selected by the user to process the payment has a technical break or temporary problems. Try to process the payment later or choose another bank.
REG_ERROR_ISSUER_TOKEN_NOT_SUPPORTED Chosen bank does not support tokens within processed payment.
REG_ERROR_BLIK_INTERNAL Internal error on the BLIK's side. The user can try again to request proccessing of a new transaction.
AUT_ERROR_BLIK_INTERNAL Internal error on the BLIK's side. The user can try again to request proccessing of a new transaction.
REG_ERROR_VALIDATION Refusal to start the transaction due to incorrect data in the request. Please correct the data before retrying the payment.
REG_ERROR_INTERNAL Internal error on PayU's side. The user can try again to request proccessing of a new transaction. In case of another failed attempt, please contact PayU.
AUT_ERROR_INTERNAL Internal error on PayU's side. The user can try again to request proccessing of a new transaction. In case of another failed attempt, please contact PayU.
AUT_ERROR_USER_TIMEOUT The payment was not confirmed in time in the bank's application.
AUT_ERROR_LIMIT_EXCEEDED Payment rejected due to exceeding the limit.
AUT_ERROR_INSUFFICIENT_FUNDS Payment rejected due to lack of funds.
AUT_ERROR_USER_DECLINED Payment rejected by the user in bank's mobile application.
AUT_ERROR_ISSUER_DECLINED Payment rejected by bank.
AUT_ERROR_BLIK_DECLINED Payment rejected by BLIK.
OK Transaction successful - settled or unclaimed by the merchant.
REG_ERROR_ANTIFRAUD_DECLINED Transaction rejected at the registration stage by the antifraud system.
AUT_ERROR_ANTIFRAUD_DECLINED Transaction rejected at the authorization stage by the antifraud system.
AUT_ERROR_NO_AUTHORIZATION Authorization was not received, transaction cancelled.

5 Sandbox

You can test BLIK payments integration in the sandbox environment. This section includes test authorization codes and the UID token prefixes that can be used to simulate specific types of payments, as well as transaction request examples.

The test requests have been supplemented with sample data, which you can change using the specification presented earlier in this document:

A list of BLIK authorization codes simulating a specific behavior ( current version ):

To receive the described responses, the special configuration "Transparent payment with a BLIK authorization code" or "Transparent payment with the UID token" described in the Introduction section is required.
  • 200201 - positive authorization with token registration,
  • 500500 - negative authorization,
  • 777xxx - positive authorization without token registration,
  • 700701 - BLIK authorization code has expired,
  • 700702 - BLIK authorization code has been cancelled,
  • 700703 - BLIK authorization code has already been used.

Some codes change their purpose in time. Their function in the previous version of the service is included in the list below:

  • 777xxx - positive authorization with token registration,

A list of the UID token prefixes, simulating a specific behavior:

  • SIMULATE_ALIAS_NON_UNIQUE - for simulating ambiguity - previous version of the process.

To simulate specific behavior, insert chosen prefix and a random characters string in payMethod.value field.

Before sending test request, generate an OAuth token (using https://secure.snd.payu.com/pl/standard/user/oauth/authorize url address) for used point of sale (POS).

5.1 Payment with redirection to the BLIK payment page

An example of a test payment request with a redirection to the BLIK payment page:

curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
    "currencyCode": "PLN",
    "totalAmount": "21000",
    "description": "Test transaction",
    "notifyUrl": "https://your.eshop.com/notify",
    "customerIp": "127.0.0.1",
    "merchantPosId": "300746",
    "products": [
        {
            "name": "Wireless Mouse for Laptop",
            "unitPrice": "21000",
            "quantity": "1"
        }
    ],
    "payMethods": {
        "payMethod": {
            "type": "PBL",
            "value": "blik"
        }
    }
}'

5.2 Payment with a BLIK authorization code

An example of a test payment request with a BLIK authorization code:

curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
    "currencyCode": "PLN",
    "totalAmount": "21000",
    "description": "Test transaction",
    "notifyUrl": "https://your.eshop.com/notify",
    "customerIp": "127.0.0.1",
    "merchantPosId": "300746",
    "products": [
        {
            "name": "Wireless Mouse for Laptop",
            "unitPrice": "21000",
            "quantity": "1"
        }
    ],
    "payMethods": {
        "payMethod": {
            "type": "BLIK_AUTHORIZATION_CODE",
            "value": "777654"
        }
    }
}'

The response to the request depends on the BLIK authorization code used in the authorizationCode field. You can use one of the test codes for simulation.

5.3 UID token payment

An example of a test request for the UID token registration:

curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
    "currencyCode": "PLN",
    "totalAmount": "21000",
    "description": "Test transaction",
    "notifyUrl": "https://your.eshop.com/notify",
    "customerIp": "127.0.0.1",
    "merchantPosId": "300746",
    "products": [
        {
            "name": "Wireless Mouse for Laptop",
            "unitPrice": "21000",
            "quantity": "1"
        }
    ],
    "buyer": {
        "extCustomerId": "customer123",
        "email": "john.doe@email.com"
    },
    "payMethods": {
        "payMethod": {
            "type": "BLIK_AUTHORIZATION_CODE",
            "value": "777123",
            "blikData": {
                "aliasLabelProposal":"token for eshop.pl",
                "register": true
            }
        }
    }
}

The response to the request depends on the BLIK authorization code used in the authorizationCode field. You can use one of the test codes for simulation.

An example of a BLIK payment test request with a UID token:

curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
    "currencyCode": "PLN",
    "totalAmount": "21000",
    "description": "Test transaction",
    "notifyUrl": "https://your.eshop.com/notify",
    "customerIp": "127.0.0.1",
    "merchantPosId": "300746",
    "products": [
        {
            "name": "Wireless Mouse for Laptop",
            "unitPrice": "21000",
            "quantity": "1"
        }
    ],
    "buyer": {
        "extCustomerId": "customer123",
        "email": "john.doe@email.com"

    },
    "payMethods": {
        "payMethod": {
            "type": "BLIK_TOKEN",
            "value": "SIMULATE_ALIAS_AMBIGUITY-5690871207003",
            "blikData": {
                "appKey": "22222662",
                "recommendedAuthLevel": "NO_CONFIRMATION",
            }
        }
    }
}'