Interaction format
 
Forming a request
To active the YooMoney service and send requests, you need a special certificate (for more information, see the Interaction over SSL).
The Counterparty’s system and the YooMoney server interact over the HTTPS protocol. For each operation, the Counterparty sends a separate HTTP request containing a PKCS#7 cryptographic message. YooMoney responds to each request for deposit with a message about the result of the operation included in the PKCS#7 cryptographic message.
The communication channel is also cryptographically secured using the SSL (HTTPS) protocol with client certificate authentication.
Forming a request to the server includes several steps.
Step 1. Request to execute an operation
The request is formed as an XML 1.0 (Fifth Edition) document in UTF‑8 encoding in conformance with the standard.
Server address for calling operations
https://deposit.yoomoney.ru:9094
Step 2. Making the cryptographic message
The prepared document is placed in a PKCS#7 cryptographic message container according to the CMS standard. The cryptographic message container must contain a digital signature (equivalent to a handwritten signature). The cryptographic message container must not contain certificate authority chains. Data compression is not used. Encryption is not used. The cryptographic message must be encoded in PEM format (OpenSSL). The certificate of the Counterparty that is used for preparing the cryptographic message must conform to the X.509 Version 3.
Step 3. Sending the request to the YooMoney server
The counterparty’s system generates a POST request over the HTTP/1.1 Protocol (see HTTP/1.1, HTTP Over TLS, TLS). The cryptographic message can be passed in one of two ways:
  • The cryptographic message is placed in the body of a POST request with the MIME type: application/pkcs7-mime.
  • The cryptographic message is passed as a multipart/form-data attachment. MIME-type: application/pkcs7-mime. POST request must have just one 'part' and the cryptographic message must be attached as a file. Such a request can be sent from a standard HTML form for sending a file to the server (file upload, see multipart/form-data).
To authorize requests to the server, YooMoney verifies the digital signature on the cryptographic message.
Example of a formed request
POST /webservice/deposition/api/makeDeposition HTTP/1.1
Content-Type: application/pkcs7-mime
Content-Length: 572

-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
JIAEDEhlbGxvIFdvcmxkIQAAAAAAADGCAS8wggErAgEBMCowJTEWMBQGA1UECgwN
Qm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUCAQIwCQYFKw4DAhoFAKBdMBgGCSqG
SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEwMDgwNjE1MzE0
M1owIwYJKoZIhvcNAQkEMRYEFC73veYIzlQE6X1fBC+V+J8cIyhxMA0GCSqGSIb3
DQEBAQUABIGAEgIfi0XDEZwbdC8i0I5EPUnFe1PUnBMiRs3heYxdK+oXaG6v3axO
Zr+VNG3tnW1W8M2xWtOcM4PdSTwx98WR1mWN8XDb2Wl9HiG6CGbmE7k4TgcDKhcg
iZmLV+7anBv302qTprTbKY9vChaaVwclSdQBkjPvxhlPnpBM0C9YdYQAAAAAAAA=
-----END PKCS7-----
Receiving the response
The result of request execution is returned by YooMoney in the response to the HTTP request. MIME type: application/pkcs7-mime. Data is placed in a PKCS#7 cryptographic message container. The cryptographic message container contains a digital signature (equivalent to a handwritten signature). The cryptographic message container does not contain certificate authority chains. Data compression is not used. Encryption is not used. The cryptographic message is encoded in PEM format (OpenSSL). The cryptographic message container contains an XML document with the result of request processing.
When receiving the server response, the Counterparty’s system checks the signature on the response to verify that the response was sent by the YooMoney server and its content was not altered by a third party. Note that the response may include additional fields not described in this protocol that do not interfere with compatibility.
See also
HTTP response codes Error codes Interaction over SSL