BLIK payments can be configured in several ways, the simplest of which is redirection. Customers enter a six-digit code on the BLIK website and confirm the payment in their bank's mobile application. However, BLIK payments can be even faster and more convenient, thanks to a transparent integration with PayU.
Each of these solutions (payment with redirection to eblik.pl or with a transparent integration) require a separate POS.
Possible test scenarios:
Scenario 1.
BLIK level 0 (transparent payment with a T6 code)
The six-digit code, which customers start their payment with, doesn't have to be entered on the BLIK website. Merchant can retrieve the code on their website while accepting the order.
Scenario 2.
BLIK level 0 with token registration (transparent payment with T6 code)
Each time a customer enters the T6 code, merchant can send a request to register BLIK token. Then, when confirming the transaction in the bank's mobile application, a customer will have an additional option to save the BLIK payment (no additional buttons are needed on the merchant's website).
Scenario 3.
BLIK OneClick (transparent payment with a token)
If customers saved a token durign their last BLIK payment, they can now pay with OneClick without entering a new code.
Scenario 4.
Handling ambiguity (transparent payment with more than a single token)
Customers can have accounts in several banks and use BLIK in each of them. If a merchant saves a BLIK token from one bank, ambiguity occurs after an attempt to make a BLIK payment from another bank. PayU allows to handle such exception and lets the customer choose from many saved OneClick options.
Handling ambiguity can be tested in two stages. Steps 1-3 show ambiguity generation. Steps 4-6 simulate OneClick payment when ambiguity occurs.
Information related to testing this service can be found in the Sandbox section.
BLIK OneClick additionally requires OAuth authorization in
"grant_type=trusted_merchant". Therefore, please contact your
sales representative in PayU before the integration.
curl -X POST https://secure.snd.payu.com/pl/standard/oauth/authorize \
-d 'grant_type=client_credentials&client_id=300746&client_secret=2ee86a66e5d97e3fadc400c9f19b065d'
Sample response:
{
"access_token": "f24bbf9b-30f0-4460-864f-aaadc07d1e34",
"token_type": "bearer",
"expires_in": 43199,
"grant_type": " client_credentials"
}
BLIK level 0 order creation is consistent with standard integration method via REST
API: Creating new order. Standard OrderCreateRequest should be
extended by payMethod field.
curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
"currencyCode": "PLN",
"totalAmount": "21000",
"description": "Transakcja testowa",
"notifyUrl": "https://your.eshop.com/notify",
"customerIp": "127.0.0.1",
"merchantPosId": "300746",
"products": [
{
"name": "Wireless Mouse for Laptop",
"unitPrice": "21000",
"quantity": "1"
}
],
"payMethods": {
"payMethod": {
"type": "PBL",
"value": "blik",
"authorizationCode": "777123"
}
}
}'
Specification of OrderCreateRequest parameters
| Parameter | Description |
|---|---|
| payMethod/type | Payment method type. |
| payMethod/value | Payment type. |
| payMethod/authorizationCode | For transparent integration of BLIK: this field allows to retrieve a T6 code on the merchant's page without redirecting to the BLIK website. See more about transparent integration. |
After payment is made PayU sends notification to the address specified in
notifyURL parameter. More details about notifications can be
found in Notifications section.
Sample order response:
{
"orderId": "LDTD3S2WWC181109GUEST000P01",
"status": {
"statusCode": "SUCCESS"
}
}
orderId parameter is returned in response to the created order.
orderId is an identifier of a given order and it is used for
Order Retrieve request.
curl -X POST https://secure.snd.payu.com/pl/standard/oauth/authorize \
-d 'grant_type=trusted_merchant&client_id=300746&client_secret=2ee86a66e5d97e3fadc400c9f19b065d&email=johndoe@gmail.com&ext_customer_id=JohnDoe'
Specification of Retrieve OAuth token parameters
| Parameter | Description |
|---|---|
| Buyer e-mail address. | |
| ext_customer_id | Buyer identifier used in merchant system. |
Sample response:
{
"access_token": "f24bbf9b-30f0-4460-864f-aaadc07d1e34",
"token_type": "bearer",
"refresh_token": "b7a4375a-d4fc-41a0-a380-a9dd8c2e9193",
"expires_in": 43199,
"grant_type": "trusted_merchant"
}
In order to allow to save a token for later use with OneClick transactions,
payMethod section should be extended by
blikData field with"register": true flag.
curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
"currencyCode": "PLN",
"totalAmount": "21000",
"description": "Testowa transakcja",
"notifyUrl": "https://your.eshop.com/notify",
"customerIp": "127.0.0.1",
"merchantPosId": "300746",
"buyer": {
"extCustomerId": "JohnDoe",
"email": "johndoe@gmail.com"
},
"products": [
{
"name": "Wireless Mouse for Laptop",
"unitPrice": "21000",
"quantity": "1"
}
],
"payMethods": {
"payMethod": {
"type": "BLIK_TOKEN",
"authorizationCode": "777123",
"blikData": {
"register":true
}
}
}
}'
| Parameter | Description |
|---|---|
| payMethod/blikData/register | Allows to save a token for later use. Possible values:
|
curl -X GET https://secure.snd.payu.com/api/v2_1/paymethods \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47"
The
BLIK token is returned in the blikTokens section:
{
"blikTokens": [
{
"value": "TOKB_nuGYkknycEp3NDWAN2hh1c7FLnXseaLX",
"type": "UID",
"brandImageUrl": "https://static.payu.com/images/mobile/logos/pbl_blik.png"
}
],
"cardTokens": [],
"pexTokens": [],
"payByLinks": [
{
"value": "blik",
"brandImageUrl": "https://static.payu.com/images/mobile/logos/pbl_blik.png",
"name": "BLIK",
"status": "ENABLED"
},
{
"value": "p",
"brandImageUrl": "https://static.payu.com/images/mobile/logos/pbl_p.png",
"name": "Płacę z iPKO",
"status": "ENABLED"
},
{
"value": "m",
"brandImageUrl": "https://static.payu.com/images/mobile/logos/pbl_m.png",
"name": "mTransfer",
"status": "ENABLED"
},
... //pojawiają się pozostałe dostępne metody płatności
{
"value": "c",
"brandImageUrl": "https://static.payu.com/images/mobile/logos/pbl_c.png",
"name": "Płatność online kartą płatniczą",
"status": "ENABLED"
}
],
"status": {
"statusCode": "SUCCESS"
}
}
PayMethods Retrieve - response parameters specification:
For blikTokens section:
| Parameter | Description |
|---|---|
| value | Token value. |
| type | Token type. |
| brandImageUrl | Reference to the graphic file on the PayU server, representing the payment type. |
A token generated during first transaction is passed in the
payMethod field. The payer doesn't have to enter the T6
code.
curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
"currencyCode": "PLN",
"totalAmount": "21000",
"description": "Transakcja testowa",
"notifyUrl": "https://your.eshop.com/notify",
"customerIp": "127.0.0.1",
"merchantPosId": "300746",
"buyer": {
"extCustomerId": "JohnDoe",
"email": "johndoe@gmail.com"
},
"products": [
{
"name": "Wireless Mouse for Laptop",
"unitPrice": "21000",
"quantity": "1"
}
],
"payMethods": {
"payMethod": {
"type": "BLIK_TOKEN",
"value": "TOKB_nuGYkknycEp3NDWAN2hh1c7FLnXseaLX"
}
}
}'
OrderCreateRequest parameters specification
| Parametr | Description |
|---|---|
| payMethod/value | BLIK token value. |
curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
"currencyCode": "PLN",
"totalAmount": "21000",
"description": "Transakcja testowa",
"notifyUrl": "https://your.eshop.com/notify",
"customerIp": "127.0.0.1",
"merchantPosId": "300746",
"buyer": {
"extCustomerId": "JohnDoe",
"email": "johndoe@gmail.com"
},
"products": [
{
"name": "Wireless Mouse for Laptop",
"unitPrice": "21000",
"quantity": "1"
}
],
"payMethods": {
"payMethod": {
"type": "BLIK_TOKEN",
"value": "SIMULATE_ALIAS_NON_UNIQUE",
"authorizationCode": "777123",
"blikData": {
"register":true
}
}
}
}'
| Parameter | Description |
|---|---|
| payMethod/blikData/register | Allows to save a token for later use. Possible values:
|
| payMethod/value | A unique identifier that allows to test ambiguity. For testing purposes its value should be set to: "SIMULATE_ALIAS_NON_UNIQUE" + a random string of digits and/or characters. |
Sample BLIK OrderCreateRequest with introduced alternative.
curl -X POST https://secure.snd.payu.com/api/v2_1/orders \
-H "Authorization: Bearer d9a4536e-62ba-4f60-8017-6053211d3f47" \
-H "Content-Type: application/json" \
-d '{
"currencyCode": "PLN",
"totalAmount": "21000",
"description": "Transakcja testowa",
"notifyUrl": "https://your.eshop.com/notify",
"customerIp": "127.0.0.1",
"merchantPosId": "300746",
"buyer": {
"extCustomerId": "JohnDoe",
"email": "johndoe@gmail.com"
},
"products": [
{
"name": "Wireless Mouse for Laptop",
"unitPrice": "21000",
"quantity": "1"
}
],
"payMethods": {
"payMethod": {
"type": "BLIK_TOKEN",
"value": "SIMULATE_ALIAS_NON_UNIQUE",
"blikData": {
"appKey":"930872"
}
}
}
}'
| Parameter | Description |
|---|---|
| payMethod/blikData/appKey | Optional BLIK mobile application key. |
If an invalid request is sent, the response will contain an error status, code and description according to the following table.
| HTTP status | StatusCode/ CodeLiteral |
Description |
|---|---|---|
| 400 |
ERROR_TOKEN/ AUTH_TOKEN_NONUNIQUE |
The used payment token is assigned to several devices/bank
applications. It is required to provide an alternative to the used
token. List of available alternatives is shown in
OrderCreateResponse:
{
"blikData":{
"alternatives":[
{
"appKey":"alternative key1",
"appLabel":"alternative label1"
},
{
"appKey":"alternative key2",
"appLabel":"alternative label2"
}
]
}
}
|
| 400 | ERROR_TOKEN/ AUTH_TOKEN_NOT_FOUND |
The specified payment token does not exist. |
| 400 | ERROR_TOKEN/ AUTH_TOKEN_EXISTS |
The user already has a payment token with a different value. If
the user has another active token, it should be retrieved via
payMethods. In case the user has another token,
which has not yet been activated, its value will be displayed in the
response:
{
"blikData":{
"tokens":[
{
"value":"token value",
"type":"token type"
}
]
}
}
|
| 400 | ERROR_TOKEN/ AUTH_TOKEN_NOT_ACTIVE |
The used payment token was not saved by the user. |
| 400 | ERROR_AUTHORIZATION_CODE/ AUTH_CODE_EXPIRED |
The authorization code has expired. |
| 400 | ERROR_AUTHORIZATION_CODE/ AUTH_CODE_EXCEEDED |
The authorization code limit has been exceeded. |
| 400 | ERROR_AUTHORIZATION_CODE/ AUTH_CODE_CANCEL |
The authorization code has been cancelled. |
| 400 | ERROR_AUTHORIZATION_CODE/ AUTH_CODE_USED |
The authorization code has already been used. |
| 400 | ERROR_AUTHORIZATION_CODE/ AUTH_CODE_INVALID |
Invalid authorization code. |
| 201* | WARNING_CONTINUE_TOKEN | |
| 201* | WARNING_CONTINUE_AUTHORIZATION_CODE | |
| 400 | ERROR_VALUE_MISSING/ MISSING_AUTHORIZATION_CODE. |
Validation error, authorization code required. |
| 400 | ERROR_VALUE_MISSING/ MISSING_REGISTER_FLAG |
Validation error, token registration flag required. |
| 400 | ERROR_VALUE_MISSING/ MISSING_AUTHORIZATION_CODE_OR_TOKEN |
Validation error, authorization data required: authorization code or token. |
| 400 | ERROR_VALUE_MISSING/ INVALID_CURRENCY_CODE |
Currency code invalid. Supported currency: PLN. |
| 400 | ERROR_VALUE_MISSING/ MISSING_BUYER |
Validation error, buyer section missing. |
| 400 | ERROR_VALUE_MISSING/ MISSING_BUYER_EMAIL |
Validation error, missing email field in buyer section. |
| 400 | ERROR_VALUE_MISSING/ MISSING_BUYER_EXT_CUSTOMER_ID |
Validation error, missing extCustomerId field in
buyer section. |
*To be implemented when the PSP delivers the change on their side. From the start merchant must be prepared to accept both response statuses. In the first integration phase, merchant supports (ERROR_AUTH_TOKEN, WARNING_CONTINUE_AUTH_TOKEN) in the same way.
It is possible to test this service on sandbox environment. For this purpose you can use the already prepared Postman collection.
Depending on the T6 code used (authorizationCode) it is possible to
obtain:
| T6 Code | StatusCode | CodeLiteral |
|---|---|---|
| 700701 | ERROR_AUTHORIZATION_CODE | AUTH_CODE_EXPIRED |
| 700702 | ERROR_AUTHORIZATION_CODE | AUTH_CODE_CANCEL |
| 700703 | ERROR_AUTHORIZATION_CODE | AUTH_CODE_USED |