BLIK Recurring
The API has been extended to support recurring transactions without the buyer's involvement (known as MIT – Merchant Initiated Transaction). To use this functionality, a prior payment involving the buyer (known as CIT – Customer Initiated Transaction) must be registered, resulting in the creation of a PAYID-type payment token.
To activate the service, it is necessary to sign an annex to the existing agreement.
When integrating BLIK recurring payments, it is important to review the documentation and requirements available on the BLIK Recurring Payments page.
The client has the option to delete a token on the bank's side. If a token is removed in this way, it will no longer appear when retrieving the list of available tokens.
General Information about BLIK Recurring Payments
After saving the PAYID token, the merchant gains the ability to initiate recurring transactions, where the merchant determines the frequency and amount of each charge. In this model:
- The merchant can initiate transactions with variable amounts and frequencies.
- The maximum allowable amount for a single transaction is 2000 PLN (transactions exceeding this limit are automatically declined).
- In the event of insufficient funds, exceeded limits, lack of support for recurring payments by the bank, or any other technical issue, the system will return an appropriate error message, and the payment will not be automatically retried — it is the merchant's responsibility to initiate the retry attempt.
Using this transaction model means the merchant assumes responsibility for potential fraud. This is indicated by setting the recommendedAuthLevel parameter to NO_CONFIRMATION. Including this parameter indicates that the merchant is acting knowingly.
Currently, it is not possible to register a recurring payment with a zero amount. If activation involves charging the customer and it is not a fee for a service, the merchant is required to refund the activation charge.
Security Requirements and Recommendations
Before integrating the service, make sure to review the requirements and recommendations provided by our security experts. This will help you safeguard against potential fraud.
BLIK Recurring Payment with PAYID Token Registration
To register a PAYID token, you should extend the standard order with a payMethods section containing a blikData object with the register parameter set to true, and a buyer section extended with extCustomerId. Additionally, you must include a recurring section indicating the type of payment.
{
...
"buyer": {
"extCustomerId": "",
"email": ""
},
"totalAmount": <activation amount>,
"payMethods": {
"payMethod": {
"type": "BLIK_AUTHORIZATION_CODE",
"value": "<t6 code used for authorization>",
"blikData": {
"aliasLabelProposal": "<recurring payment title>",
"register": true,
"recurring": {
"type": "O",
"initializationDate": "<first MIT transaction date>",
"expirationDate": "<PAYID token expiration date>"
}
}
}
}
}
For details on parameters, refer to the Create an Order section in our API Reference.
If you manage your customers tokens yourself, you should include the value of the generated PAYID token in the registerTokenValue field. Otherwise, omit this parameter during token registration — PayU will automatically generate a unique value.
The initializationDate and expirationDate parameters are optional.
The value of aliasLabelProposal should be easily recognizable to the buyer and clearly reference the specific recurring transaction.
Currently, registering a BLIK recurring payment requires submitting a non-zero activation amount. If the activation involves charging the customer and it is not a service fee, the merchant is required to refund the activation charge.
It is possible to include an optional parameter authorizeDespiteRecurringNotSupported (default value: false).
This parameter indicates whether a BLIK transaction should be processed even if the buyer’s bank does not support the recurring payments feature for BLIK.
If a request is sent for a bank that does not support recurring BLIK payments, PayU will return the response:
AUTH_TOKEN_TYPE_NOT_SUPPORTED_BY_ISSUER (as described in the table "Possible Errors for PAYID Token Registration" below).
| Http Status | Status Code | Description |
|---|---|---|
400 | ERROR_AUTHORIZATION_CODE / AUTH_CODE_EXPIRED | The authorization code has expired. |
400 | ERROR_AUTHORIZATION_CODE / AUTH_CODE_LIMIT_EXCEEDED | The limit for the authorization code has been exceeded. |
400 | ERROR_AUTHORIZATION_CODE / AUTH_CODE_CANCEL | The authorization code has been canceled. |
400 | ERROR_AUTHORIZATION_CODE / AUTH_CODE_USED | The authorization code has already been used. |
400 | ERROR_AUTHORIZATION_CODE / AUTH_CODE_INVALID | Invalid authorization code. |
400 | ERROR_VALUE_MISSING / MISSING_AUTHORIZATION_CODE | Validation error, authorization code T6 BLIK required for authorization. |
400 | ERROR_VALUE_INVALID / INVALID_BLIK_CODE | Incorrect authorization code BLIK. The BLIK authorization code should consist of 6 digits. |
400 | ERROR_VALUE_INVALID / INVALID_AUTHORIZATION_CODE_USAGE | authorizationCode field cannot be used in this context. |
400 | ERROR_VALUE_INVALID / INVALID_RECOMMENDED_AUTH_LEVEL_USAGE | recommendedAuthLevel field cannot be used in this context. |
400 | ERROR_VALUE_INVALID / INVALID_APP_KEY_USAGE | appKey field cannot be used in this context. |
400 | ERROR_VALUE_MISSING / MISSING_REGISTER_TOKEN_VALUE | registerTokenValue field is required for merchants maintaining tokens. |
400 | ERROR_VALUE_MISSING / INVALID_CURRENCY_CODE | Incorrect currency code. |
400 | ERROR_VALUE_MISSING / MISSING_BUYER_EMAIL | Validation error, missing email field in the buyer section. |
400 | ERROR_VALUE_MISSING / MISSING_BUYER_EXT_CUSTOMER_ID | Validation error, missing extCustomerId field in the buyer section. |
400 | ERROR_VALUE_INVALID / INVALID_COUNTRY_CODE | Validation error, countryCode field in the blikData section. An unsupported country code was used. |
400 | ERROR_VALUE_INVALID / INVALID_BLIK_RECURRING_TYPE | Validation error, type field in the recurring section. An unsupported type was used. |
400 | ERROR_VALUE_INVALID / MISSING_ALIAS_LABEL_PROPOSAL | Validation error, missing aliasLabelProposal field in the blikData section. |
400 | ERROR_VALUE_INVALID / INVALID_INITIALIZATION_DATE | Validation error, initializationDate field in the recurring section. The date cannot be set to later than value of the expirationDate field. |
400 | ERROR_VALUE_INVALID / INVALID_EXPIRATION_DATE | Validation error, expirationDate field in the recurring section. The date cannot be set to earlier than value of the initializationDate field. If the date is defined, it cannot be set further in the future than 10 years. |
400 | ERROR_TOKEN / AUTH_TOKEN_EXISTS | Registration of the token failed because the token already exists. |
400 | BUSINESS_ERROR / RECURRING_TOKEN_PAYMENT_NOT_ALLOWED | The recurring payment service has not been made available by PayU. |
400 | ERROR_TOKEN / AUTH_TOKEN_TYPE_NOT_SUPPORTED_BY_ISSUER | No possibility to register the token, the selected bank does not support recurring payments. |
BLIK Recurring Payment with PAYID Token
To initiate a subsequent BLIK recurring payment, you need to extend the standard order with a payMethods section containing the PAYID token and a blikData object. In the blikData object, in addition to the bank app identifier appKey, you should include a recurring section specifying the request type.
If the response to the request for available payment methods for the BLIK token (type="PAYID") does not include the bankApplicationReferences field, do not send the appKey field when creating a payment with this token.
You should only include the appKey field if the response for the PAYID token contains the bankApplicationReferences
array, and its objects include the key field. In that case, use the value of key as the value of appKey in your payment creation request.
{
...
"payMethods": {
"payMethod": {
"type": "BLIK_TOKEN",
"value": "<PAYID token value used for authorization>",
"blikData": {
"appKey":"<the identifier of the customer's chosen bank mobile application>",
"recommendedAuthLevel": "NO_CONFIRMATION",
"recurring": {
"type": "O"
}
}
}
}
}
For details on parameters, refer to the Create an Order section in our API Reference.
Including the recommendedAuthLevel parameter with the value NO_CONFIRMATION indicates that the merchant is acting knowingly. The merchant assumes responsibility for any potential fraud.
| Http Status | Status Code | Description |
|---|---|---|
400 | ERROR_TOKEN / AUTH_TOKEN_NOT_FOUND | Given token does not exist. |
400 | ERROR_TOKEN / AUTH_TOKEN_NOT_ACTIVE | Given token is not active. |
400 | ERROR_VALUE_MISSING / INVALID_CURRENCY_CODE | Incorrect currency code. |
400 | ERROR_VALUE_INVALID / INVALID_COUNTRY_CODE | Validation error, countryCode field in the blikData section. An unsupported country code was used. |
400 | ERROR_VALUE_MISSING / MISSING_APPKEY | Validation error, missing appKey field in the blikData section. |
400 | ERROR_VALUE_INVALID / INVALID_ALIAS_LABEL_PROPOSAL_USAGE | The aliasLabelProposal field cannot be used during token payment, in the case of tokens managed by PayU. |
400 | ERROR_VALUE_MISSING / MISSING_ALIAS_LABEL_PROPSAL | The aliasLabelProposal field is required during the PAYID token payment, in the case of tokens managed by merchant. |
400 | ERROR_VALUE_INVALID / INVALID_REGISTER_TOKEN_VALUE_USAGE | The registerTokenValue field cannot be used during PAYID token payment. |
400 | ERROR_VALUE_MISSING / MISSING_AUTHORIZATION_CODE_OR_TOKEN | Validation error, authorization data required - missing token. |
400 | ERROR_VALUE_INVALID / AMBIGUOUS_AUTHORIZATION_USAGE | Two authorization instruments were provided, in order to carry out the payment, only the value field should be filled, in which the token will be placed. |
400 | ERROR_VALUE_MISSING / MISSING_BUYER_EMAIL | Validation error, missing email field in the buyer section. |
400 | ERROR_VALUE_MISSING / MISSING_BUYER_EXT_CUSTOMER_ID | Validation error, missing extCustomerId field in the buyer section. |
400 | ERROR_VALUE_INVALID / INVALID_BLIK_RECURRING_TYPE | Validation error, type field in the recurring section. An unsupported type was used. |
400 | ERROR_VALUE_INVALID / INVALID_INITIALIZATION_DATE_USAGE | The initializationDate field cannot be used during token payment. |
400 | ERROR_VALUE_INVALID / INVALID_EXPIRATION_DATE_USAGE | The expirationDate field cannot be used during token payment. |
400 | ERROR_VALUE_INVALID / TOTAL_AMOUNT_REQUIRE_SCA | The totalAmount field cannot exceed the set threshold for transactions initiated by the merchant. |
400 | BUSINESS_ERROR / RECURRING_TOKEN_PAYMENT_NOT_ALLOWED | The recurring payment service has not been made available by PayU. |
400 | ERROR_VALUE_INVALID / INITIALIZATION_DATE_NOT_MET | Validation error, initializationDate field in the recurring section. Attempt to perform a transaction before the defined time. |
400 | ERROR_VALUE_INVALID / EXPIRATION_DATE_NOT_MET | Validation error, expirationDate field in the recurring section. Attempt to perform a transaction after the defined time. |
400 | ERROR_VALUE_INVALID / NO_CONFIRMATION_AUTH_LEVEL_REQUIRED | Validation error, recommendedAuthLevel field in the blikData section. The value of the field must be set to NO_CONFIRMATION. |