Leanpay API

Leanpay API allowing merchants to easy integrate new payment option with installments.

Connection to the Leanpay API

Connecting to the Leanpay API requires adding Leanpay as a payment method on your website’s checkout or payment page. When your customer selects Leanpay, you should ensure that they are redirected to the Leanpay Checkout page. An example of an HTML form is shown in section Checkout Page. Before redirecting you will need to submit information about the payment, such as your vendor id, amount to be paid and several other fields.

Leanpay API environments

Demo Production
API https://lapp.leanpay.si https://app.leanpay.si

Payment Flow

When the customer is ready to pay for goods or services on your website, they select the Leanpay payment option on your website.

You request a token by passing payment details (e.g., vendor id, vendor transaction id, amount) to the Leanpay Checkout.

Leanpay returns the generated token.

  • You redirect the customer to the Leanpay Checkout and include the token in the submitted form. Leanpay displays the relevant transaction page.

  • The customer enters their payment information (term, grace) and confirms the transaction.

  • Leanpay platform approves or rejects the transaction.

  • We display the confirmation page, containing the payment result, on the Leanpay Checkout.

  • Leanpay provides you with an asynchronous notification to your status URL confirming the transaction details and status.

  • The customer is then automatically returned to the relevant page on your website.

How to Create Vendor Account

Please see Registrirajte se v Leanpay-Office DEMO okolje

Integration Steps

Leanpay platform uses REST API style. Integration with Leanpay platform contains only two HTTP requests:

  1. Request token for checkout page

  1. Redirect customer to checkout page

First HTTP request must be performed between merchant’s server and Leanpay platform.

After token has been obtained, then merchant’s web app redirects user to Leanpay checkout page with token enclosed as HTML form parameter.

CHECKOUT PAGE - POST /vendor/checkout

After the token has been received, merchant redirects customer to Leanpay checkout page. Redirecting should be performed with submitting to HTML form.

API guide can be found in submenu API - Standard - Customer Check-out


You can also use a light box or iframe to present Leanpay Checkout page.

Status Response

When the payment process is complete Leanpay sends the details of the transaction to the statusUrl that you provided during the vendor account registration process or on your vendor account. This is done with a standard HTTP POST request. The Leanpay server continues to post the status until a response of HTTP OK (200) is received from your server or the number of posts exceeds 10. Your platforom should expose REST web service for receiving transaction status response form Leanpay platform. REST web service for status response is described below.

Status Description Min Status Delivery Time Max Status Delivery Time AVG Status Delivery Time
SUCCESS Successfull transaction 0.01 hours 96 hours 3 hours
CANCELED Customer canceled the transaction by closing application window 0.01 hours 2 hours 0.5 hours
EXPIRED Customer didn’t finish application in 2 hours after starting application or was redirected to /vendor/checkout 2 hours 2 hours 2 hours
FAILED Customers application was rejected or failed 0.01 hours 96 hours 1 hours


For any other status than “SUCCESS” received you can offer the client other payment method or cancel the order to release stock of the order.


If you did not provide your statusUrl, this operaton will not be performed by Leanpay platform.

You can set this parameter on Vendor application, section Company > Development > Status URL

Status response REST service specification

POST https://yourdomain.com/some/arbitrary/url/
Accept: application/json
Content-Type: applic

Request – sent by Leanpay platform

API secret for calculating MD5 is “secret”





Response – sent by your platform

Your status REST web service should respond only with HTTP status 200 with no body.

Validating Status Response

We recommend that you validate the transaction details in the status response. This can be done as follows:

  1. Create a pending transaction or order for a fixed amount on your website.
  2. Redirect the customer to the Leanpay Checkout, where they complete the transaction.
  3. Leanpay will post the transaction confirmation to your statusUrl. This will include the ‘amount’ parameter.
  4. Your website should validate the parameters received by calculating the md5 signature (see section MD5 Signature). If successful, it should compare the value in the confirmation post (amount parameter) to the one from the pending transaction or order on your website. You can also compare other parameters such as ‘vendorTransactionId’.
  5. Once you have validated the transaction data you can process the transaction, for example, by dispatching the goods ordered.

MD5 Signature

A text field called md5Signature is included in the JSON submitted to your server statusUrl. The value of this field is a 128-bit message digest, expressed as a string of thirty-two hexadecimal digits in LOWERCASE. The md5Signature is constructed by performing an MD5 calculation on a string built up by concatenating the fields returned to your statusUrl page.

This includes:

  • leanPayTransactionId
  • vendorTransactionId
  • the MD5 value of the ASCII equivalent of the secret word assigned to your Leanpay account
  • amount
  • status

The purpose of the ‘md5Signature’ field is to ensure the integrity of the data posted back to your server. You should always compare the ‘md5Signature’ field’s value posted by Leanpay’s servers with the one you calculated. To calculate the md5 signature value, you need to take the values of the fields listed above in same order as they were posted back to you, concatenate them and perform a MD5 calculation on this string.

Sample in JAVA on how to calculate MD5 signature

package com.leanpay.core.test.example;
import org.springframework.util.DigestUtils;
import java.math.BigDecimal;
import java.security.NoSuchAlgorithmException;
import java.text.DecimalFormat;
public class Md5SignatureExample {
    public static void main(String[] args) throws NoSuchAlgorithmException {
        String leanPayTransactionId = "123456789";
        String vendorTransactionId = "987654321";
        String secret = "secret";
        BigDecimal amount = BigDecimal.valueOf(100);
        String status = "SUCCESS";
        String hash = generateSignature(leanPayTransactionId, vendorTransactionId, secret, amount, status);
        // 403d15c591f9b6db781936b003acb25e
    private static String generateSignature(String leanPayTransactionId, String vendorTransactionId, String secret,
            BigDecimal amount, String status) throws NoSuchAlgorithmException {
        StringBuilder sb = new StringBuilder();
        // LeanPay transaction ID.
        // Vendor transaction ID.
        // 123456789987654321
        // Vendor API secret word - MD5 value.
        String secretMd5 = DigestUtils.md5DigestAsHex(secret.getBytes());
        // 1234567899876543215ebe2294ecd0e0f08eab7690d2a6ee69
        // Amount.
        // 1234567899876543215ebe2294ecd0e0f08eab7690d2a6ee69100.00
        // Status.
        // 1234567899876543215ebe2294ecd0e0f08eab7690d2a6ee69100.00SUCCESS
        return DigestUtils.md5DigestAsHex(sb.toString().getBytes());
    private static String formatTwoDecimals(BigDecimal number) {
        return new DecimalFormat("0.00").format(number);


Force amount to two decimal format.

If we posted back to you ‘status’ which IS NOT „SUCCESS“, then you should use „null“ value for ‘leanPayTransactionId’ field during MD5 signature calculation.

Potrebujete pomoč pri implementaciji ali imate vprašanje?