Skip to main content

Recurring (CoF) payment

Recurring (CoF) payment

To perform recurring (CoF) payments, a PCI DSS merchant should familiarize themselves with the standard workflow for recurring payments and make minimal changes to the requests.

Initial payment

When forming the initial payment for PCI DSS merchants, the algorithm for generating the order signature is modified by adding the wsb_encrypted_data field (the rule for forming this field can be found here) before the SecretKey parameter. The electronic signature wsb_signature must be generated according to the following rule from the values of the following fields:

  • wsb_seed
  • wsb_storeid
  • wsb_customer_id
  • wsb_order_num
  • wsb_test
  • wsb_currency_id
  • wsb_total
  • wsb_operation_type
  • wsb_encrypted_data
  • SecretKey

The fields must be concatenated into a single string, and the concatenation order must not be violated. Then, depending on the specified protocol version (wsb_version), the MD5 hash (if the version is not specified) or the SHA1 hash (for version 2) of the concatenated string is calculated.

Recurring payment (CoF)

When forming a request to perform recurring (CoF) payments, the wsb_signature field can be generated using the standard scheme or by adding the wsb_encrypted_data field (the rule for forming this field can be found here) before the SecretKey parameter:

  • wsb_seed
  • wsb_storeid
  • wsb_customer_id
  • wsb_order_num
  • wsb_test
  • wsb_currency_id
  • wsb_total
  • wsb_operation_type
  • wsb_recurring_token
  • wsb_encrypted_data
  • SecretKey

Unbinding a card from recurring (CoF) payments

The request to unbind a card from recurring (CoF) payments remains unchanged and is performed according to the standard scheme.

Payment using cards previously bound in another PSP

In cases where your payers have payment cards previously bound with another PSP provider and you want subsequent recurring payments to be processed through WEBPAY, you need to do the following:

  1. Form a request to perform a recurring payment.
  2. In the wsb_encrypted_data field (the rule for forming this field can be found here), pass the data of your payer's payment card, excluding the cc_cvv field. The fields cc_pan, cc_exp, cc_name contain the cardholder's data, and the cc_cvv field is left empty.
© 2007 — 2025, WEB PAY Ltd