Login to the personal account
Login to the personal account
Select the type of user
Business User

SOAP notifications

When connecting via the SOAP scheme, the merchant determines in advance the URL on which SOAP notifications from the «Invoicebox» system will be received.


There are several options for secure interaction between the merchant and the «Invoicebox» system:

  • MD5 - default option;
  • SSL/keys - higher security option.

Please read additional security notes at Information security rules page.


Requests are sent using the HTTP 1.1 POST protocol.

The format for passing parameters to the query:

  • data format SOAP/XML, executed function applyNotify;
  • MIME-type: application/soap+xml;
  • charset: UTF-8.

Request parameters




Merchant ID


Order ID


Unique bill number


Time value format


Payment time in ATOM format


Payment amount


Payment instrument


Payment point


Security sign

Response parameters




Result code number


Result code description

In case of successful processing of payment information, merchant should return resultCode=0. In the event of an error, merchant should return non-zero resultCode and error description in resultMessage parameter.

Check of received parameters

Request sign

When using the default security option with MD5, the «Invoicebox» system adds a parameter with the name sign (security sign). The value of the parameter is MD5 hash from the string collected from the parameter values of query along with API security key.

Upon receipt of a request, it is necessary to verify that the request was sent by the «Invoicebox» system and the data in the request came completely. For this, the merchant checks the value of the sign parameter. If the value does not match the calculation result of the MD5 hash function from the passed parameters, the request must be denied and the error returned.

MD5-hashing is applied to text, which is formed as a sequence of values of query parameters without delimiters. The result of hashing is reduced to the lower case.

The order of the parameters:

participantId+participantOrderId+ucode+timetype+time+amount+agentName+agentPointName+API security key


Source string

Hashing result

131order112345-12345-12345-12345unixtime1231323231000.00Alfa-ClickPassword 446d57eb1d1f2f8fd0221f474a6db785

Request integrity

The merchant must verify the payment amount in the request with the order amount in the accounting system. If the payment amount does not match the order amount, merchant must refuse the request and return the error.

Request source

It is recommended to additionally check the IP address of the sender of the request. The list of «Invoicebox» IP addresses can be found on the page information security rules.

Спасибо за обращение!
Мы свяжемся с вами в ближайшее время.