Skip to content

EasyPay / ePay.bg — Authentication & Access

Status: from official docs (kb.epay.bg/en). Credentials are per-merchant and issued on contract.

Environments

Env Base URL Notes
Demo https://demo.epay.bg "Demo package" (sample files) downloadable under the login button
Production https://www.epay.bg

Billing API requires HTTPS + TLS 1.2.

Model

Every request is authenticated with two per-merchant values plus a checksum — there is no OAuth/bearer token:

Credential Meaning
CIN / MERCHANTID Customer Identification Number (WEB API calls it MIN/CIN; Billing calls it MERCHANTID)
SECRET Alphanumeric secret word, 64 chars

Both are visible in the merchant's ePay.bg profile and cannot be changed by the merchant.

Checksum

All signed payloads use:

CHECKSUM = hmac_sha1_hex(request_data, SECRET)
  • WEB API: HMAC-SHA1 over the Base64-ENCODED payload.
  • Billing API: HMAC-SHA1 over all incoming params, each KEY + VALUE concatenated, one per line, sorted ascending by key, joined with \n (trailing \n included).

To obtain credentials / go live

  1. Register as a Legal Entity at https://epay.bg/.
  2. Submit "Request to register as a merchant" (Settings menu) — commercial team then makes contact.
  3. Sign the service contract (post to 16 Ivan Vazov, 1000 Sofia — Commercial Dept, or e-sign to merchant@epay.bg).
  4. Provide company logo (PNG/JPEG, 300×300).
  5. Register a notification URL — email the Commercial Dept your CIN + notification URL (ports 80/HTTP, 443/HTTPS).
  6. Technical integration support: msupport@datamax.bg.

Notes for sandbox testing

  • Simulate an EasyPay-office payment in demo: GET https://demo.epay.bg/ezp/pay_bill.cgi?ACTION=PAY&IDN=<10-digit-code> → expect STATUS=PAID on your notification URL.
  • [confirm on onboarding]: whether a separate demo CIN/SECRET is issued or the production pair is reused against demo.epay.bg.