POLi

Learn how to accept POLi payments.

POLi is a real-time online payment service. It integrates with major banks throughout Australia and enables consumers to pay easily online, directly from their internet banking accounts. The automated payment process uses cleared funds from a debit account to pay for consumer purchases, without accessing any sensitive personal data. Once a transaction is successful, POLi provides both the consumer and merchant with real-time receipts.

Supported banks include ANZ, Bank of Melbourne, BOQ, BankSA, Bankwest, Bendigo Bank, Citibank, Commonwealth Bank, CUA, IMB Building Society, ME Bank, NAB, Newcastle Permanent, People's Choice Credit Union, St. George Bank, Suncorp, Westpac.

Payment typeOnline banking
MarketAustralia, New Zealand
Customer currenciesAUD, NZD
Processing currenciesAUD, NZD
RefundsNo

General flow:

POST Request -> to /payment_preauthorize
<- Response (direct, synchronous) with status=0&errormessage=pending and redirect_url
Customer is redirected to redirect_url to complete payment
<- Response (direct, synchronous) with status=0 (or decline) to return_url
<- Callback (asynchronous) with errorcode=0 to notification_url

Step 1. Make a transaction request

From your server, make a POST /payment_preauthorize request.

POST https://sandbox.payabl.com/pay/backoffice/payment_preauthorize

Include in request:

ParameterFormatDescription
merchantid40 charactersMerchant identification number assigned during account creation
orderidmax. 30 charactersThe field orderid is optional and exclusively for the merchants' convenience
amountdigits only, either no decimals or two decimal places (e.g. 8 or 8.50)Transaction’s total amount that will be deducted from the customer
currency3 characters. ISO 4217The currency field contains the alpha-3 currency code for the transaction. Links to ISO. Supported currencies: AUD, NZD
payment_method5payabl. Payment methods IDs
signature40 charactersSignature Calculation2
bankcountry2 characters. ISO 3166-1Customer country. Supported countries: CN
custom2poliThe name of payment method
accountname3-100 charactersCustomer account name
emailmax. 50 charactersCustomer email. An RFC 822 compliant email address
firstnamemax. 50 charactersFirst name of the customer
lastnamemax. 50 charactersLast name of the customer
url_returnmax. 255 characters starting with http or httpsURL for customer redirection

You can see a full list of parameters in Pre-Authorization.

Request example:

merchantid=gateway_test&orderid=Payabl-Test&amount=19.99&currency=AUD&payment_method=5&language=en&customerip=2.22.75.244&[email protected]&
firstname=John&lastname=Doe&zip=4702&street=Walder Crescent&house=95&city=Alton Downs&country=AUS&accountname=John Doe&bankcountry=AU&custom2=poli&
url_return=http://dev-sim-ng.inatec.local/~simdad/InatecResponse/redirect_response.php&notification_url=https://api.powercash.de/simulation/billing_response.php&
signature=d3d1731c52fdb5ca6d52ac85ba535f53be63ec9d

🚧

Public Sandbox information

Do not use your personal email address, Order ID with sensitive information, real customer details and credit card data in the public Sandbox. For email field you may use [email protected].

📘

Redirection to url_return does not confirm that the transaction is successful. Always check the transaction via notification_url or use the diagnose interface to get the final status of the transaction.

Step 2. Handle the redirect

To complete the payment, you need to redirect the customer to the URL provided in the response.

Response example:

transactionid=104582141&transid=104582141&status=0&errormessage=pending&errmsg=pending&amount=19.99&price=19.99&currency=AUD&
orderid=Payabl-Test&payment_method=5&fail_reason=&redirect_secret=GFUFPbxIoHK7O8Dad1kO8Qzu9AkWAPqe&ppro_id=877698470&
payment_guarantee=&redirect_url=https%3A%2F%2Fr3.girogate.de%2Fti%2Fsimideal%3Ftx%3D877698470%26rs%3DQjAoDRjCYKJ5kdcubbO0
j59KnZwZ47Em%26cs%3Deac6b9d3a19918d3fcc28ee9397a6bd939a7eddc6940699de89e50731f0a52eb&user_id=506801

Response fields reference:

ParameterDescription
transactionidpayabl. internal transaction id. Please use this transaction id when referring to the transaction in communications with the payabl. team
transidThe same as transactionid
statusTransaction error code
errormessageBrief explanation of transaction decline reason (empty on success)
errmsgThe same as errormessage
amountTransaction amount
priceThe same as amount
currencyTransaction currency
orderidOptional transaction identifier given by the merchant
ppro_idPayment system's transaction id
fail_reasonPayment system's explanation of fail reason
redirect_secretSignature for redirection to the payment system's iframe (no actions needed)
redirect_urlURL for customer redirection to finalize the payment (URL encoded)
payment_guaranteePayment system technical field
user_idPayment system user identifier

Step 3. Receive the final status

Once the customer completes the payment, we will send a notification with the transaction's final status to the notification_url specified by you.

📘

Payment methods that are connected through PPRO have a callback structure different from other payment methods. Please note that payabl. transaction ID is not passed in them, so you will need to identify the transaction in question by the Order ID (which is passed in the TXID field). Also, notification signature for PPRO is calculated in the same way as signature for requests.

Notification example:

TAG=poli&TXID=Payabl-Test&PAYMENTGUARANTEE=NONE&REQUESTSTATUS=SUCCEEDED&HASH=f057cb4f37ef03e60f461bcfaf6c3ff40eb4ce2d&
STATUS=SUCCEEDED&ERRMSG=

Notification fields reference:

ParameterDescription
TAGPPRO payment method identifier
PAYMENTGUARANTEEPayment system technical field
REQUESTSTATUSRequest status (technical field)
STATUSTransaction status (SUCCEEDED for success)
ERRMSGBrief explanation of transaction decline reason (empty on success)
TXIDpayabl. order ID - optional transaction identifier given by the merchant
HASHSignature to verify the authenticity of the notification. You can find more information here

📘

url_return and notification_url should be passed by you in the Pre-authorization request.

Alternatively, you can communicate a notification_url to be used by default to payabl. technical team. By doing so, you won't need to send it in every request.