Get Payment URL (Two-Step)
Two-step integration is the recommended pattern for mobile apps. You build the signed payment request on your server (where the salt lives) and Omniware returns a one-time URL. Your app then opens that URL — no secrets ever ship inside the app binary.
Flow
- Server: request a URL
POSTto/v2/getpaymentrequesturlwith the same parameters as Payment Request, plus optionalexpiry_in_minutes. Omniware returns a unique URL anduuid. - Client: open the URL
Open the URL in any browser or webview. The customer pays and is redirected back as in the Payment Request flow.
- (Optional) Expire the URL early
If the user abandons your app before paying, call Manually expire to invalidate the URL.
Endpoint
POST https://pgbiz.omniware.in/v2/getpaymentrequesturl
Content-Type: application/x-www-form-urlencoded
Request parameters
All parameters from the standard Payment Request are accepted, plus:
expiry_in_minutesstring (10)URL expiry in minutes. Min 15, max 10080 (7 days). Defaults to 30.
Response
{
"data": {
"url": "https://pgbiz.omniware.in/v2/executepaymentrequesturl/3c1943aa-13be-4866-925ed56c32c62d47",
"uuid": "3c1943aa-13be-4866-925e-d56c32c62d47",
"expiry_datetime": "2019-06-14 16:38:36",
"order_id": "ORD-1001"
}
}
Hand data.url to your mobile app or send it via SMS/email. It is good for a single payment attempt within the expiry window.
Manually expire
POST https://pgbiz.omniware.in/v2/expirepaymentrequesturl
api_keystring (36)requireduuidstring (40)requireduuid from the original response.hashstring (255)required{ "data": { "code": "SUCCESS", "message": "The URL is expired" } }
If a payment is already in progress against that URL:
{ "error": { "code": "TRANSACTION-IN-PROGRESS", "message": "Your request cannot be processed" } }
Why two-step?
The single-step Payment Request requires you to compute the SHA-512 hash with your salt. If you do that inside a mobile app, the salt is in the APK/IPA and an attacker can extract it. Two-step keeps the salt on your server.