EasyPay / ePay.bg — Authentication & Access¶
Status: from official docs (
kb.epay.bg/en). Credentials are per-merchant and issued on contract.
Environments¶
| Env | Base URL | Notes |
|---|---|---|
| Demo | https://demo.epay.bg |
"Demo package" (sample files) downloadable under the login button |
| Production | https://www.epay.bg |
Billing API requires HTTPS + TLS 1.2.
Model¶
Every request is authenticated with two per-merchant values plus a checksum — there is no OAuth/bearer token:
| Credential | Meaning |
|---|---|
CIN / MERCHANTID |
Customer Identification Number (WEB API calls it MIN/CIN; Billing calls it MERCHANTID) |
SECRET |
Alphanumeric secret word, 64 chars |
Both are visible in the merchant's ePay.bg profile and cannot be changed by the merchant.
Checksum¶
All signed payloads use:
CHECKSUM = hmac_sha1_hex(request_data, SECRET)
- WEB API: HMAC-SHA1 over the Base64-
ENCODEDpayload. - Billing API: HMAC-SHA1 over all incoming params, each
KEY+VALUEconcatenated, one per line, sorted ascending by key, joined with\n(trailing\nincluded).
To obtain credentials / go live¶
- Register as a Legal Entity at
https://epay.bg/. - Submit "Request to register as a merchant" (Settings menu) — commercial team then makes contact.
- Sign the service contract (post to 16 Ivan Vazov, 1000 Sofia — Commercial Dept, or e-sign to
merchant@epay.bg). - Provide company logo (PNG/JPEG, 300×300).
- Register a notification URL — email the Commercial Dept your
CIN+ notification URL (ports 80/HTTP, 443/HTTPS). - Technical integration support:
msupport@datamax.bg.
Notes for sandbox testing¶
- Simulate an EasyPay-office payment in demo:
GET https://demo.epay.bg/ezp/pay_bill.cgi?ACTION=PAY&IDN=<10-digit-code>→ expectSTATUS=PAIDon your notification URL. - [confirm on onboarding]: whether a separate demo
CIN/SECRETis issued or the production pair is reused againstdemo.epay.bg.