Payerpin API
Raqamli mahsulotlarni dasturiy ravishda buyurtma qiling. REST, JSON, X-API-Key. Barcha pul qiymatlari so'mda (UZS, butun qiymat — tiyin EMAS).
Autentifikatsiya
Har bir so'rovga X-API-Key header qo'shing.
Kalit qanday olinadi
Dashboard → API kalitlar boʻlimidan yangi kalit yarating. Kalit faqat bir marta koʻrsatiladi — xavfsiz saqlang. Har bir kalitga scope (ruxsat) biriktiriladi.
- read — profil, balans, katalog, buyurtmalarni oʻqish
- order — buyurtma yaratish
- balance — balans operatsiyalari
curl https://api.payerpin.com/api/v2/me \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx"Rate limit
Standart 60 so'rov/min. POST /order — 30 so'rov/min.
Har bir javobda quyidagi headerlar qaytadi. Limit oshsa, 429 + Retry-After (soniyada) qaytadi.
X-RateLimit-Limit— oynadagi umumiy limitX-RateLimit-Remaining— qolgan soʻrovlarX-RateLimit-Reset— reset vaqti (unix, soniya)Retry-After— faqat 429 da
HTTP/1.1 429 Too Many Requests
Retry-After: 12
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1717000060
{
"ok": false,
"error": { "code": "RATE_LIMITED", "message": "Juda ko'p so'rov" }
}Xatolar
Barcha javoblar bir xil konvert shaklida.
// Muvaffaqiyat
{ "ok": true, "data": { /* ... */ } }
// Xato
{
"ok": false,
"error": {
"code": "VALIDATION_FAILED",
"message": "Kiritilgan ma'lumotlar noto'g'ri"
}
}| Code | HTTP | Izoh |
|---|---|---|
| UNAUTHORIZED | 401 | API kalit yo'q yoki noto'g'ri |
| FORBIDDEN_SCOPE | 403 | Kalitda kerakli scope yo'q |
| NOT_FOUND | 404 | Resurs topilmadi |
| VALIDATION_FAILED | 422 | So'rov tanasi noto'g'ri (maydonlar yetishmaydi) |
| IDEMPOTENCY_REQUIRED | 422 | idempotency_key (yoki Idempotency-Key header) majburiy |
| INVALID_ORDER | 422 | Mahsulot/variation topilmadi yoki yaroqsiz |
| INSUFFICIENT_BALANCE | 402 | Balans yetarli emas |
| RATE_LIMITED | 429 | Juda ko'p so'rov — keyinroq urinib ko'ring |
Idempotentlik
Bitta buyurtma ikki marta yaratilmasligi uchun.
POST /api/v2/order da idempotentlik kaliti majburiy. Uni body dagi idempotency_key maydoni yoki Idempotency-Key header orqali yuboring. Bir xil kalit bilan takroriy soʻrov — bir xil natijani qaytaradi, balansdan ikkinchi marta pul yechilmaydi. Kalit boʻsh boʻlsa IDEMPOTENCY_REQUIRED (422) qaytadi.
curl -X POST https://api.payerpin.com/api/v2/order \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx" \
-H "Idempotency-Key: order-2026-05-29-001" \
-H "Content-Type: application/json" \
-d '{"game_key":"mlbb","variation_id":"v1","player_id":"123456789"}'Endpointlar
Base URL: https://api.payerpin.com
/api/v2/mescope: readAPI kalit egasining profili: id, email, name, status, plan.
curl -X GET https://api.payerpin.com/api/v2/me \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx"/api/v2/balancescope: balanceJoriy balans (so'mda, UZS) va valyuta. balance scope talab qilinadi.
curl -X GET https://api.payerpin.com/api/v2/balance \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx"/api/v2/catalogscope: readO'yinlar ro'yxati.
curl -X GET https://api.payerpin.com/api/v2/catalog \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx"/api/v2/catalog/{gameKey}scope: readO'yin mahsulotlari (variationlar), narxlar reja chegirmasi bilan.
gameKeyrequiredO'yin kaliti (path), masalan mlbbcategoryoptionalKategoriya bo'yicha filtr (query)
curl -X GET https://api.payerpin.com/api/v2/catalog/mlbb?category=GLOBAL \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx"/api/v2/orderscope: orderBuyurtma yaratadi va darhol yetkazadi. Limit 30/min.
game_keyrequiredO'yin kaliti (katalogdan)variation_idrequiredTanlangan variation/nominal ID (katalogdan)player_idrequiredO'yinchi ID / loginzone_idoptionalZona ID (faqat MLBB/Magic Chess kabi o'yinlarda)idempotency_keyrequiredTakror-himoya kaliti (yoki Idempotency-Key header)
curl -X POST https://api.payerpin.com/api/v2/order \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{"game_key":"mlbb","variation_id":"v1","player_id":"123456789","idempotency_key":"order-2026-05-29-001"}'/api/v2/order/{id}scope: readBuyurtma holati va yetkazilgan content (faqat egasi).
idrequiredBuyurtma ID — butun son (path)
curl -X GET https://api.payerpin.com/api/v2/order/12345 \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx"/api/v2/ordersscope: readOxirgi buyurtmalar ro'yxati (eng yangisi birinchi).
limitoptionalSoni 1–100 (default 50)
curl -X GET https://api.payerpin.com/api/v2/orders?limit=20 \
-H "X-API-Key: pp_live_xxxxxxxxxxxxxxxx"Webhooklar
Buyurtma holati o'zgarganda Payerpin sizning URL ga POST yuboradi.
Eventlar
Har bir webhook tanasi { event, data } shaklida.
order.completed— Buyurtma bajarildi, content yetkazildiorder.failed— Buyurtma muvaffaqiyatsiz tugadiorder.refunded— Balans qaytarildi (refund)payment.succeeded— Balans to'ldirildi (top-up tasdiqlandi)
Imzo sxemasi (HMAC-SHA256):
X-Payerpin-Signature:sha256=HMAC_SHA256(secret, ts + "." + body)X-Payerpin-Timestamp: unix vaqt
Tekshirishda raw (xom) body ishlating va imzolarni doimiy-vaqt (constant-time) bilan solishtiring. sha256= prefiksini olib tashlashni unutmang.
import crypto from 'node:crypto';
// X-Payerpin-Signature: sha256=<hex>, X-Payerpin-Timestamp: <unix-ms>
function verify(secret, timestamp, rawBody, signatureHeader) {
const expected = crypto
.createHmac('sha256', secret)
.update(`${timestamp}.${rawBody}`)
.digest('hex');
const received = signatureHeader.replace(/^sha256=/, '');
const a = Buffer.from(expected);
const b = Buffer.from(received);
return a.length === b.length && crypto.timingSafeEqual(a, b);
}
// Express misol (raw body kerak!)
app.post('/webhooks/payerpin', express.raw({ type: '*/*' }), (req, res) => {
const raw = req.body.toString('utf8');
const ts = req.header('X-Payerpin-Timestamp');
const sig = req.header('X-Payerpin-Signature');
if (!verify(process.env.WEBHOOK_SECRET, ts, raw, sig)) {
return res.status(401).end();
}
const event = JSON.parse(raw); // { event, data }
res.status(200).end();
});