Developer API

Parameters which are required to be sent when calling API.

Name Required parameter Description
app_id + Application identifier, assigned upon creation
method + API method name of a general list of functions
sig + Signature which is created for security purposes. Creation method is described below. Parameter is not taken into account when creating a signature!
format Format of returnable data - XML or JSON. JSON on default.
sid +

Session identifier, aquired in flashVars or GET in iframe applications.

In methods, giving public data, SID is not required.

In case it is sent, in those places where links to internal pages of the system are given – an url of the current partner will be placed. If SID is not sent, %PARTNER_URL% will be found in the link instead of partner's url (here it is completely up to a developer to put partner's url, it can be found in application initialization data in partner_url)
secure Secret data sending or not. 0 — not secret (protocol client-server), 1 - secret (protocol server-server)

All the API calls must contain required parameters enumerated above, plus parameters required for a selected method. In case SID is sent incorrectly – server response will be negative (in those methods where it is required), thus an application may not be functioning properly. SID key is valid for 4 hours since the last API call!

Creating an application a developer gets two keys - secret_key and private_key, required for signing sent parameters. They are made available on the page of application settings after initial data are saved.
secret_key — is used when a call to server API is made from the server, i.e. a call from application server to API server.
private_key — is used when a call to server API is made from a client. Is also used when signing in auth_key (see below). This key is also used when signing parameters being sent to an application.

After creating an application and setting initial parameters, keys are displayed in its settings.

Signing of calls are carried out according to the following algorithms (sig)

  1. Server - server (secret_key):
    private function sign_server_server(array $request_params, $secret_key){
            $params = ‘’;
            foreach ($request_params as $key => $value) {
                $params .= "$key=$value";
            return md5($params . $secret_key);
  2. Client - server (private_key):
    private function sign_client_server(array $request_params, $oid, $private_key){
            $params = ‘’;
            foreach ($request_params as $key => $value) {
                $params .= "$key=$value";
            return md5($oid . $params . $private_key);

Server response format:

        "status": "",
        "data": {},
        "message": ""

status - operation status (in case of successful accomplishment =0)
data - call data
message - system operation message

Error codes

A list of error codes (error code is displayed in status, description – in message)
Error code Error description
1 «Unknown error»
2 «known method»
3 «One of the parameters is missing or incorrect»
4 «Requested data not found»
5 «Authorization error: invalid session key»
6 «Application №* not found»
7 «Signature error»
8 «Access error for this user»
9 «Access error for this application»
10 «Method is available only in a secure mode (secure=1)»
11 «Wrong data format is requested»
12 «Outdated method»
In case of successful operation accomplishment:
status — 0
message — empty

API Methods