Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Headers

The following headers (headers) are will be added to all the services called by Merchants in Basket-appInPost Pay (Basket App) in the Merchant's backend. The headers contain the signature of a message subject to verification in accordance with the signature verification algorithm. Currently, they the headers are optional . Eventually Basket-app will have these headers set as required:

x-signature - signature

x-signature-timestamp - ISO8601 datetime string in UTC timezone with time of signature generation ex. 2023-05-11T15:02:23.429Z

x-public-key-ver - version of keys used to generate signature

x-public-key-hash - SHA-256 hash of public key used to generate signature

On this page:

Table of Contents

Signature verification algorithm

 

Signature verification algorithm:

 

  1. Recipient receives signed request with headers:

    1. x-signature - signature

    2. x-signature-timestamp - ISO8601 datetime string in UTC timezone with time of signature generation ex. 2023-05-11T15:02:23.429Z

    3. x-public-key-ver - version of keys used to generate signature

    4. x-public-key-hash - SHA-256 hash of public key used to generate signature

  2. Recipient checks if already have cached public key with given version

    1. key present in cache:

      • recipient checks if public key hash matches calculated as: SHA-256 hash from public_key_base64 field. if verification is:

        • positive - continue

        • negative - reject request with http: 401 {   "error_code": "INVALID_SIGNATURE",   "error_message": "error description" }

    2. key not present in cache:

      • obtain public key from /v1/izi/signing-keys/public/{keyVersion} or /api/v1/izi/signing-keys/public and verify hash as above

  3. Prepare base64 string that consists of DIGEST,external-merchant-id,x-public-key-ver,x-signature-timestamp. Values are separated with commas

    1. x-public-key-ver, x-signature-timestamp from headers, use empty value if header is missing.

    2. merchant_external_id value comes from endpoints /v1/izi/signing-keys/public/{keyVersion} and /v1/izi/signing-keys/public as merchant_external_id field

    3. DIGEST: base64 form of SHA-256 hash (Message Digest) generated from request body. Use empty byte array as request body if body is missing.

  4. Decode base64 signature and verify it with the SHA256withRSA algorithm for the given public key and signature string. If verification:

    1. positive - continue

    2. negative - reject request with http: 401 {   "error_code": "INVALID_SIGNATURE",   "error_message": "error description" }

  5. Recipient compares x-signature-timestamp value to current time. If difference is:

    1. less or equal to 240s - continue

    2. bigger than 240s - reject request with http: 401 {   "error_code": "INVALID_SIGNATURE",   "error_message": "error description" }

Manual signature verification:

  • curl --location 'http://{basket-app-host}/basket-app/api/v1/izi/signing-keys/public/{keyVersion}' replace {Unknown macro: { {keyVersion}}}

    with value from header: x-public-key-ver

  • echo "$PUBLIC_KEY_BASE64" | openssl base64 -d -A | openssl rsa -pubin -inform DER -outform PEM -out pubkey.pem replace $PUBLIC_KEY_BASE64 with value from field: public_key_base64

  • DIGEST=$(echo -n "$(<message_body)" | openssl dgst -sha256 -binary | openssl enc -base64 -A) where message_body is a file with EXACT request body (without any additions, whitespaces etc.)

  • echo -n "$DIGEST,$EXTERNAL_MERCHANT_ID,$KEY_VERSION,$SIGNATURE_TIMESTAMP" | openssl enc -base64 -A -out signature_string where $EXTERNAL_MERCHANT_ID value is from public key endpoint - field merchant_external_id, $KEY_VERSION value is from header x-public-key-ver and $SIGNATURE_TIMESTAMP value is from x-signature-timestamp

  • openssl enc -base64 -d -A -in request_signature -out signature.bin where request_signature is a file with value from header x-signature

  • openssl dgst -sha256 -verify pubkey.pem -signature signature.bin signature_string should print Verified OK

Merchant Backend API

List of methods issued by a merchant intended to communicate with InPost Pay:

 

Method

Description

Basket

Status
colourBlue
titleGET

but will be eventually required.

Header

Description

x-signature

Signature

x-signature-timestamp

ISO8601 date and time string in the UTC time zone with the time when the signature was generated, for instance. 2023-05-11T15:02:23.429Z

x-public-key-ver

The version of the keys used to generate the signature

x-public-key-hash

SHA-256 the hash of the public key used to generate the signature


On this page:

Table of Contents

List of Merchant Backend API methods

The table below contains the list of methods issued by the Merchant's backend intended to communicate with InPost Pay.

Method

Description

Basket

GET /v1/izi/basket/{basketId}

Downloading the details of a basket

Statuscolourtitle

Green

POST

/v1/izi/basket/{basketId}/confirmation

Confirming adding a basket

statustitle

colourGreen

POST

/v1/izi/basket/{basketId}/event

Notifying of a basket update

StatuscolourRedtitle

DELETE

/v1/izi/basket/{basketId}/binding

Basket desynchronization (unpairing the basket from the phone number)

Order

StatuscolourGreentitle

POST

title

/v1/izi/order

Creating an order

StatuscolourBlue

GET

Status
colourGreen
titlePOST

v1/izi/order/{orderId}

Order update

Downloading the details of an order

POST /v1/izi/order/{orderId}/event

Sending information about order update

Confluence open api
 ---
openapi: 3.0.3
info:
  title: Swagger
  description: 'Merchant API. Merchant expose API only for Basket App '
  version: 3.5.5

tags:
  - name: Basket
    description: Provides access to managing baskets.
  - name: Order
    description: Provides access to managing orders.
paths:
  /v1/izi/basket/{basket_id}:
    get:
      tags:
        - Basket
      summary: Reads basket details.
      description: Reads basket details
      operationId: basket
      parameters:
        - name: basket_id
          in: path
          description: ID of basket
          required: true
          style: simple
          explode: false
          schema:
            type: string
      responses:
        "200":
          description: Basket details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/basket_response'
        "401":
          content:
            application/json:
              example:
                error_code: UNAUTHORIZED
                error_message: Given user is not authorized to access the resource.
              schema:
                $ref: '#/components/schemas/error'
          description: Unauthorized.
        "403":
          content:
            application/json:
              example:
                error_code: FORBIDDEN
                error_message: Access to given resource is forbidden for current user.
              schema:
                $ref: '#/components/schemas/error'
          description: Forbidden.
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                internalServerError:
                  $ref: '#/components/examples/internalServerError'
        "400":
          description: Bad request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                argumentNotValidError:
                  $ref: '#/components/examples/argumentNotValidError'
                malformedRequest:
                  $ref: '#/components/examples/malformedRequest'
        "404":
          description: Resource not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                basketNotFound:
                  $ref: '#/components/examples/basketNotFound'
  /v1/izi/basket/{basket_id}/confirmation:
    post:
      tags:
        - Basket
      summary: Basket binding confirmation.
      description: This method creates connection between BasketId and phoneNumber.
      operationId: bindingBasket
      parameters:
        - name: basket_id
          in: path
          description: ID of basket to bind with InPost Mobile App.
          required: true
          style: simple
          explode: false
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/request_browser_binding'
        required: true
      responses:
        "200":
          description: Basket details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/basket'
        "401":
          content:
            application/json:
              example:
                error_code: UNAUTHORIZED
                error_message: Given user is not authorized to access the resource.
              schema:
                $ref: '#/components/schemas/error'
          description: Unauthorized.
        "403":
          content:
            application/json:
              example:
                error_code: FORBIDDEN
                error_message: Access to given resource is forbidden for current user.
              schema:
                $ref: '#/components/schemas/error'
          description: Forbidden.
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                internalServerError:
                  $ref: '#/components/examples/internalServerError'
        "400":
          description: Bad request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                argumentNotValidError:
                  $ref: '#/components/examples/argumentNotValidError'
                malformedRequest:
                  $ref: '#/components/examples/malformedRequest'
        "404":
          description: Resource not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                basketNotFound:
                  $ref: '#/components/examples/basketNotFound'
  /v1/izi/basket/{basket_id}/event:
    post:
      tags:
        - Basket
      summary: Update basket details.
      description: Update basket details. The method allows to change products quantity, promotion codes.
      operationId: basketEvents
      parameters:
        - name: basket_id
          in: path
          description: ID of basket to update
          required: true
          style: simple
          explode: false
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/basket_events'
        required: true
      responses:
        "200":
          description: Get basket details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/basket'
        "401":
          content:
            application/json:
              example:
                error_code: UNAUTHORIZED
                error_message: Given user is not authorized to access the resource.
              schema:
                $ref: '#/components/schemas/error'
          description: Unauthorized.
        "403":
          content:
            application/json:
              example:
                error_code: FORBIDDEN
                error_message: Access to given resource is forbidden for current user.
              schema:
                $ref: '#/components/schemas/error'
          description: Forbidden.
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                internalServerError:
                  $ref: '#/components/examples/internalServerError'
        "400":
          description: Bad request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                argumentNotValidError:
                  $ref: '#/components/examples/argumentNotValidError'
                malformedRequest:
                  $ref: '#/components/examples/malformedRequest'
        "404":
          description: Resource not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                basketNotFound:
                  $ref: '#/components/examples/basketNotFound'
  /v1/izi/basket/{basketId}/binding:
    delete:
      tags:
        - Basket
      summary: Desynchronisation of basket with telephone number
      description: Desynchronisation of basket with telephone number
      operationId: deleteBasket
      parameters:
        - name: basketId
          in: path
          description: ID of basket to delete
          required: true
          style: simple
          explode: false
          schema:
            type: string
      responses:
        "200":
          description: basket deleted
        "401":
          content:
            application/json:
              example:
                error_code: UNAUTHORIZED
                error_message: Given user is not authorized to access the resource.
              schema:
                $ref: '#/components/schemas/error'
          description: Unauthorized.
        "403":
          content:
            application/json:
              example:
                error_code: FORBIDDEN
                error_message: Access to given resource is forbidden for current user.
              schema:
                $ref: '#/components/schemas/error'
          description: Forbidden.
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                internalServerError:
                  $ref: '#/components/examples/internalServerError'
        "400":
          description: Bad request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                argumentNotValidError:
                  $ref: '#/components/examples/argumentNotValidError'
                malformedRequest:
                  $ref: '#/components/examples/malformedRequest'
        "404":
          description: Resource not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                basketNotFound:
                  $ref: '#/components/examples/basketNotFound'
  /v1/izi/order:
    post:
      tags:
        - Order
      summary: Create order.
      operationId: createOrder
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/post_order_request'
        required: true
      responses:
        "201":
          description: Order created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/order_request'
        "401":
          content:
            application/json:
              example:
                error_code: UNAUTHORIZED
                error_message: Given user is not authorized to access the resource.
              schema:
                $ref: '#/components/schemas/error'
          description: Unauthorized.
        "403":
          content:
            application/json:
              example:
                error_code: FORBIDDEN
                error_message: Access to given resource is forbidden for current user.
              schema:
                $ref: '#/components/schemas/error'
          description: Forbidden.
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                internalServerError:
                  $ref: '#/components/examples/internalServerError'
        "400":
          description: Bad request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                argumentNotValidError:
                  $ref: '#/components/examples/argumentNotValidError'
                malformedRequest:
                  $ref: '#/components/examples/malformedRequest'
        "404":
          description: Resource not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                basketNotFound:
                  $ref: '#/components/examples/basketNotFound'
        "409":
          description: Conflict
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                orderNotCreate:
                  $ref: '#/components/examples/orderNotCreate'                  
  /v1/izi/order/{order_id}:
    get:
      tags:
        - Order
      summary: Get order details.
      operationId: getOrder
      parameters:
        - name: order_id
          in: path
          description: ID of order
          required: true
          style: simple
          explode: false
          schema:
            type: string
      responses:
        "200":
          description: Order details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/order_request'
        "401":
          content:
            application/json:
              example:
                error_code: UNAUTHORIZED
                error_message: Given user is not authorized to access the resource.
              schema:
                $ref: '#/components/schemas/error'
          description: Unauthorized.
        "403":
          content:
            application/json:
              example:
                error_code: FORBIDDEN
                error_message: Access to given resource is forbidden for current user.
              schema:
                $ref: '#/components/schemas/error'
          description: Forbidden.
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                internalServerError:
                  $ref: '#/components/examples/internalServerError'
        "400":
          description: Bad request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                argumentNotValidError:
                  $ref: '#/components/examples/argumentNotValidError'
                malformedRequest:
                  $ref: '#/components/examples/malformedRequest'
        "404":
          description: Resource not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                orderNotFound:
                  $ref: '#/components/examples/orderNotFound'
  /v1/izi/order/{order_id}/event:
    post:
      tags:
        - Order
      summary: Update order.
      operationId: updateOrder
      parameters:
        - name: order_id
          in: path
          description: ID of order to update
          required: true
          style: simple
          explode: false
          schema:
            type: string
      requestBody:
        description: Please not that not all event_data payload will be populated on each event. Payload is functionally separated to payment and order status event, thus payment_* fields will be send for payment event, without order_status as it does not change on payment event. For order status change event only order_status will be populated as payment related data does not change with that event.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/request_order_event'
        required: true
      responses:
        "200":
          description: Basket response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/response_order_event_merchant'
        "401":
          content:
            application/json:
              example:
                error_code: UNAUTHORIZED
                error_message: Given user is not authorized to access the resource.
              schema:
                $ref: '#/components/schemas/error'
          description: Unauthorized.
        "403":
          content:
            application/json:
              example:
                error_code: FORBIDDEN
                error_message: Access to given resource is forbidden for current user.
              schema:
                $ref: '#/components/schemas/error'
          description: Forbidden.
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                internalServerError:
                  $ref: '#/components/examples/internalServerError'
        "400":
          description: Bad request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                argumentNotValidError:
                  $ref: '#/components/examples/argumentNotValidError'
                malformedRequest:
                  $ref: '#/components/examples/malformedRequest'
        "404":
          description: Resource not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                orderNotFound:
                  $ref: '#/components/examples/orderNotFound'
        "409":
          description: Conflict
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error'
              examples:
                orderNotFound:
                  $ref: '#/components/examples/orderNotUpdate'                  
components:
  examples:
    merchantDisabledError:
      value:
        error_code: MERCHANT_DISABLE
        error_message: 'Merchant with given id is DISABLED'
      summary: MERCHANT_DISABLE
      description: Service is temporarily disabled, because of to many incorrect requests or manual blockade
    basketBoundError:
      value:
        error_code: BASKET_IS_BINDED
        error_message: 'Basket already bound'
      summary: BASKET_IS_BINDED
      description: Basket already bound.
    basketExpired:
      value:
        error_code: BASKET_EXPIRED
        error_message: 'Basket expired'
      summary: BASKET_EXPIRED
      description: Basket expired and will be removed soon.
    basketNotBoundError:
      value:
        error_code: BASKET_NOT_BOUND
        error_message: 'Basket not bound'
      summary: BASKET_NOT_BOUND
      description: Basket not bound.
    bindingRedundantPhoneError:
      value:
        error_code: ERROR_VALIDATION_PHONE_NUMBER
        error_message: 'Phone number required for PHONE binding method only'
      summary: ERROR_VALIDATION_PHONE_NUMBER
      description: Phone number should not be passed for binding methods other than PHONE.
    bindingPhoneRequiredError:
      value:
        error_code: ERROR_VALIDATION_PHONE_NUMBER_REQUIRED
        error_message: 'Phone number is required'
      summary: ERROR_VALIDATION_PHONE_NUMBER_REQUIRED
      description: Phone number is required for PHONE method binding.
    bindingBrowserRequiredError:
      value:
        error_code: ERROR_VALIDATION_BROWSER_REQUIRED
        error_message: 'Browser is required for PHONE binding method'
      summary: ERROR_VALIDATION_BROWSER_REQUIRED
      description: Browser details are required for PHONE binding method
    phoneBindingMethodUnavailableError:
      value:
        error_code: PHONE_BINDING_METHOD_UNAVAILABLE
        error_message: 'Unavailable'
      summary: PHONE_BINDING_METHOD_UNAVAILABLE
      description: Phone binding method temporarily unavailable for requested number.
    orderStatusError:
      value:
        error_code: STATUS_ORDER_ERROR
        error_message: 'Unavailable'
      summary: STATUS_ORDER_ERROR
      description: Can't be changed ORDER_COMPLETED
    publicKeyNotFound:
      value:
        error_code: PUBLIC_KEY_NOT_FOUND
        error_message: 'Public key version {} not found'
      summary: PUBLIC_KEY_NOT_FOUND
      description: public key not found
    argumentNotValidError:
      value:
        error_code: BAD_REQUEST
        error_message: Invalid request.
      summary: BAD_REQUEST
      description: Request validation error. Error message might optionally contain information about constraint violations.
    malformedRequest:
      value:
        error_code: MALFORMED_REQUEST
        error_message: Request not readable.
      summary: MALFORMED_REQUEST
      description: The server was not able to read the request.
    notFound:
      value:
        error_code: NOT_FOUND
        error_message: Resource not found.
      summary: NOT_FOUND
      description: The server was not able to read the request.
    basketNotFound:
      value:
        error_code: BASKET_NOT_FOUND
        error_message: Basket not found.
      summary: BASKET_NOT_FOUND
      description: Basket not found.
    basketNotUpdate:
      value:
        error_code: BASKET_NOT_UPDATE
        error_message: Basket not update.
      summary: BASKET_NOT_UPDATE
      description: Basket not update.
    orderNotCreate:
      value:    
        error_code: ORDER_NOT_CREATE
        error_message: Merchant reason to present client.
      summary: ORDER_NOT_CREATE
      description: Order not create.    
    orderNotFound:
      value:
        error_code: ORDER_NOT_FOUND
        error_message: Order not found.
      summary: ORDER_NOT_FOUND
      description: Order not found.
    basketDelete:
      value:
        error_code: BASKET_DELETE
        error_message: Basket delete.
      summary: BASKET_DELETE
      description: Basket delete.
    internalServerError:
      value:
        error_code: INTERNAL_SERVER_ERROR
        error_message: Something went wrong. Please try again later.
      summary: INTERNAL_SERVER_ERROR
      description: The server encountered unexpected error.
    orderNotUpdate:
      value:
        error_code: ORDER_NOT_UPDATE
        error_message: Order not update.
      summary: ORDER_NOT_UPDATE
      description: Order not update.    
  schemas:
    error:
      required:
      - errorCode
      type: object
      properties:
        error_code:
          type: string
        error_message:
          type: string   
    basket_response:
      type: object
      required:
        - summary
        - delivery
        - products
        - consents
      properties:
        summary:
          $ref: '#/components/schemas/summary'
        delivery:
          type: array
          items:
            $ref: '#/components/schemas/delivery_basket_response'
        promo_codes:
          type: array
          description: promo codes
          items:
            $ref: '#/components/schemas/promo_codes'
        products:
          type: array
          description: products information
          items:
            $ref: '#/components/schemas/get_products'
        related_products:
          type: array
          description: related product information
          items:
            $ref: '#/components/schemas/get_related_products'
        consents:
          type: array
          description: consents list
          items:
            $ref: '#/components/schemas/consents'
        merchant_store:
           type: object
           required:
             - url
             - cookies
           properties:
            url:
              type: string
              description: Url of the merchant shop or direct address to cart
              example: "https://uat.outofthebox.pl/cart/"
            cookies:
              type: array
              items:
                $ref: '#/components/schemas/cookies'
    basket:
      type: object
      required:
        - summary
        - delivery
        - products
        - consents
      properties:
        summary:
          $ref: '#/components/schemas/basket_summary'
        delivery:
          type: array
          items:
            $ref: '#/components/schemas/delivery_basket_response'
        promo_codes:
          type: array
          description: promo codes
          items:
            $ref: '#/components/schemas/promo_codes'
        products:
          type: array
          description: products information
          items:
            $ref: '#/components/schemas/get_products'
        related_products:
          type: array
          description: related product information
          items:
            $ref: '#/components/schemas/get_related_products'
        consents:
          type: array
          description: consents list
          items:
            $ref: '#/components/schemas/consents'
        merchant_store:
           type: object
           required:
             - url
             - cookies
           properties:
            url:
              type: string
              description: Url of the merchant shop or direct address to cart
              example: "https://uat.outofthebox.pl/cart/"
            cookies:
              type: array
              items:
                $ref: '#/components/schemas/cookies'            
    basket_events:
      type: object
      description: event relating change in customer basket
      required:
        - event_id
        - event_data_time
        - event_type
      properties:
        event_id:
          type: string
          description: event id
        event_data_time:
          type: string
          description: event data time
          format: date-time
        event_type:
          type: string
          description: event type
          enum:
            - PRODUCTS_QUANTITY
            - PROMO_CODES
            - RELATED_PRODUCTS
        phone_number:
          $ref: '#/components/schemas/phone_number'
        quantity_event_data:
          type: array
          description: quantity event
          items:
            $ref: '#/components/schemas/quantity_event_data'
        promo_codes_event_data:
          type: array
          description: promo codes event. If an empty list is provided, it means that customer has deleted the promo code.
          items:
            $ref: '#/components/schemas/promo_codes'
        related_products_event_data:
          type: array
          description: related products event
          items:
            $ref: '#/components/schemas/related_products_event'
    quantity_event_data:
      type: object
      description: quantity event
      required:
        - product_id
        - quantity
      properties:
        product_id:
          type: string
          description: product id
        quantity:
          $ref: '#/components/schemas/quantity'
    related_products_event:
      type: object
      description: related products event
      required:
        - product_id
        - quantity
      properties:
        product_id:
          type: string
          description: product id
        ean:
          type: string
          description: ean code
        quantity:
          $ref: '#/components/schemas/quantity'
    request_browser_binding:
      type: object
      properties:
        status:
          description: status binding
          type: string
          enum:
            - SUCCESS
            - REJECT
        inpost_basket_id:
          type: string
          description: basket id created by BaketApp
        phone_number:
          $ref: '#/components/schemas/phone_number'
        browser:
          $ref: '#/components/schemas/browser'
        masked_phone_number:
          type: string
          description:  masked phone numebr
          example: 60*****00
        name:
          type: string
          description: client name
        surname:
          type: string
          description:  client surname
    browser:
      type: object
      required:
        - browser_trusted
      properties:
        browser_trusted:
          type: boolean
          description: is browser trusted
        browser_id:
          type: string
          description: browser id
    order_request:
      type: object
      required:
        - order_details
        - account_info
        - delivery
        - products
        - consents
      properties:
        order_details:
          $ref: '#/components/schemas/response_orders_details'
        account_info:
          $ref: '#/components/schemas/account_info'
        invoice_details:
          $ref: '#/components/schemas/invoice_details'
        delivery:
          $ref: '#/components/schemas/delivery'
        products:
          type: array
          description: products order list
          items:
            $ref: '#/components/schemas/get_products_order'
        consents:
          type: array
          description: consents list
          items:
            $ref: '#/components/schemas/consents_order'
    post_order_request:
      type: object
      required:
        - order_details
        - account_info
        - products
        - consents
        - delivery
      properties:
        order_details:
          $ref: '#/components/schemas/request_orders_details'
        account_info:
          $ref: '#/components/schemas/account_info_request'
        invoice_details:
          $ref: '#/components/schemas/invoice_details'
        delivery:
          $ref: '#/components/schemas/delivery_order'
        consents:
          type: array
          description: consents list
          items:
            $ref: '#/components/schemas/consents_order'
    request_order_event:
      type: object
      required:
        - event_id
        - event_data_time
        - event_data
      properties:
        event_id:
          type: string
          description: event id
        event_data_time:
          type: string
          format: date-time
          description: event date time
        phone_number:
          $ref: '#/components/schemas/phone_number'
        event_data:
          $ref: '#/components/schemas/event_data'
    get_products:
      type: object
      required:
        - product_id
        - product_name
        - base_price
        - quantity
      properties:
        product_id:
          type: string
          description: product id
        product_category:
          type: string
          description: product category
        ean:
          type: string
          description: ean code
        product_name:
          type: string
          description: product name
        product_description:
          type: string
          description: product description
        product_link:
          type: string
          description: product link
        product_image:
          type: string
          description: product image
        additional_product_images:
          type: array
          description: additional product images. Object available in next version app
          items:
           $ref: '#/components/schemas/product_images'        
        base_price:
          $ref: '#/components/schemas/base_price'
        promo_price:
          $ref: '#/components/schemas/base_price'
        lowest_price:
          $ref: '#/components/schemas/base_price'
        quantity:
          $ref: '#/components/schemas/quantity'
        product_attributes:
          type: array
          description: product attributes
          items:
            $ref: '#/components/schemas/product_attributes'
        variants:
          type: array
          description: variant product ordered list
          items:
            $ref: '#/components/schemas/variants'
        delivery_product:
          type: array
          description: additional delivery information for product - object for use in next version app
          items:
            $ref: '#/components/schemas/delivery_product'
    get_related_products:
      type: object
      required:
        - product_id
        - product_name
        - base_price
        - quantity
      properties:
        product_id:
          type: string
          description: product id
        product_category:
          type: string
          description: product category
        ean:
          type: string
          description: ean code
        product_name:
          type: string
          description: product name
        product_description:
          type: string
          description: product description
        product_link:
          type: string
          description: product link
        product_image:
          type: string
          description: product image
        additional_product_images:
          type: array
          description: additional product images. Object available in next version app
          items:
           $ref: '#/components/schemas/product_images'          
        base_price:
          $ref: '#/components/schemas/base_price'
        promo_price:
          $ref: '#/components/schemas/base_price'
        lowest_price:
          $ref: '#/components/schemas/base_price'
        quantity:
          $ref: '#/components/schemas/quantity'
        product_attributes:
          type: array
          description: product attributes
          items:
            $ref: '#/components/schemas/product_attributes'
        variants:
          type: array
          description: variant product ordered list
          items:
            $ref: '#/components/schemas/variants'
        delivery_related_products:
          type: array
          description: additional delivery information for product - object for use in next version app
          items:
            $ref: '#/components/schemas/delivery_related_products'    
    get_products_order:
      type: object
      required:
        - product_id
        - product_name
        - base_price
        - quantity
      properties:
        product_id:
          type: string
          description: product id
        product_category:
          type: string
          description: product category
        ean:
          type: string
          description: ean code
        product_name:
          type: string
          description: product name
        product_description:
          type: string
          description: product description
        product_link:
          type: string
          description: product link
        product_image:
          type: string
          description: product image
        additional_product_images:
          type: array
          description: additional product images. Object available in next version app
          items:
           $ref: '#/components/schemas/product_images'          
        base_price:
          $ref: '#/components/schemas/base_price'
        quantity:
          $ref: '#/components/schemas/quantity_order'
        product_attributes:
          type: array
          description: product attributes
          items:
            $ref: '#/components/schemas/product_attributes'
        variants:
          type: array
          description: variant product ordered list
          items:
            $ref: '#/components/schemas/variants'
    variants:
      type: object
      description: variant product ordered
      required:
        - variant_id
        - variant_name
      properties:
        variant_id:
          type: string
          description: variant id
        variant_name:
          type: string
          description: variant name
        variant_description:
          type: string
          description: variant description
        variant_type:
          type: string
          description: variant type
        variant_values:
          type: string
          description: variant values
    consents:
      type: object
      description: Consents list
      required:
        - consent_id
        - consent_description
        - consent_version
        - requirement_type
        - consent_link
      properties:
        consent_id:
          type: string
          description: consent id
        consent_link:
          type: string
          description: consent link
        label_link:
          type: string
          description: label link presented in app
        additional_consent_links:
          type: array
          description: Object to additional links on consents. Available in next version of app
          items:
            $ref: '#/components/schemas/additional_consent_links'
        consent_description:
          type: string
          description: consent description
        consent_version:
          type: string
          description: consent version
        requirement_type:
          type: string
          enum:
            - OPTIONAL
            - REQUIRED_ONCE
            - REQUIRED_ALWAYS
          description: information on requirement consent
    additional_consent_links:
      type: object
      required:
        - consent_id
        - consent_link
      properties:
        consent_id:
          type: string
          description: consent id
        consent_link:
          type: string
          description: consent link
        label_link:
          type: string
          description: label link presented in app        
    delivery:
      type: object
      description: delivery information
      required:
        - delivery_type
        - delivery_price
        - delivery_date
      properties:
        delivery_type:
          type: string
          description: delivery type (APM; COURIER)
          enum:
            - APM
            - COURIER
        delivery_date:
          type: string
          format: date-time
          description: delivery date
        delivery_options:
          type: array
          description: delivery options
          items:
            $ref: '#/components/schemas/delivery_options'
        mail:
          type: string
          description: emial
        phone_number:
          $ref: '#/components/schemas/phone_number'
        delivery_point:
          type: string
          description: APM delivery point
        delivery_address:
          $ref: '#/components/schemas/delivery_address'
        delivery_price:
          $ref: '#/components/schemas/base_price'
        courier_note:
          type: string
          description: additional information for courier
    delivery_order:
      type: object
      description: delivery information
      required:
        - delivery_type
      properties:
        delivery_type:
          type: string
          enum:
            - APM
            - COURIER
          description: delivery type (APM; COURIER)
        delivery_codes:
          type: array
          description: delivery options
          items:
            $ref: '#/components/schemas/delivery_code'
        mail:
          type: string
          description: email
        phone_number:
          $ref: '#/components/schemas/phone_number'
        delivery_point:
          type: string
          description: APM delivery point
        delivery_address:
          $ref: '#/components/schemas/delivery_address_request'
        courier_note:
          type: string
          description: additional information for courier
    delivery_code:
      type: string
      description: payment type
      example: PWW
    delivery_address:
      type: object
      description: delivery address
      required:
        - name
        - country_code
        - address
        - city
        - postal_code
      properties:
        name:
          type: string
          description:  name
        country_code:
          type: string
          description: country code
        address:
          type: string
          description:  address
        city:
          type: string
          description: city
        postal_code:
          type: string
          description: postal code
    client_address:
      type: object
      description: delivery address
      required:
        - country_code
        - address
        - city
        - postal_code
      properties:
        country_code:
          type: string
          description: country code
        address:
          type: string
          description:  address
        city:
          type: string
          description: city
        postal_code:
          type: string
          description: postal code
    delivery_basket_response:
      type: object
      required:
        - delivery_type
        - delivery_price
        - delivery_date
      properties:
        delivery_type:
          type: string
          description: delivery type (APM; COURIER)
          enum:
            - APM
            - COURIER
        delivery_date:
          type: string
          format: date-time
          description: delivery date
        delivery_options:
          type: array
          description: delivery options
          items:
            $ref: '#/components/schemas/delivery_options'
        delivery_price:
          $ref: '#/components/schemas/base_price'
        free_delivery_minimum_gross_price:
          type: number
          format: decimal
          description: free delivery minimum gross price          
    delivery_options:
      type: object
      description: additional delivery options
      required:
        - delivery_name
        - delivery_code_value
        - delivery_option_price
      properties:
        delivery_name:
          type: string
          description: delivery name
          example: Paczka w Weekend
        delivery_code_value:
          type: string
          enum:
          - COD
          - PWW
          description: delivery code value. COD - option with payment on delivery, PWW - option with weekend delivery
          example: PWW
        delivery_option_price:
          $ref: '#/components/schemas/base_price'
    basket_summary:
      type: object
      required:
        - basket_base_price
        - currency
        - payment_type
      properties:
        basket_base_price:
          $ref: '#/components/schemas/base_price'
        basket_final_price:
          $ref: '#/components/schemas/base_price'
        basket_promo_price:
          $ref: '#/components/schemas/base_price'
        currency:
          type: string
          description: basket currency
          enum:
            - PLN
        basket_expiration_date:
          type: string
          format: date-time
          description: expiry date of basket
        basket_additional_information:
          type: string
          description: additional information
        payment_type:
          type: array
          description: payment type
          items:
            $ref: '#/components/schemas/payment_type'
        basket_notice:
          $ref: '#/components/schemas/information'
    payment_type:
      type: string
      description: payment type
      enum:
        - CARD
        - CARD_TOKEN
        - GOOGLE_PAY
        - APPLE_PAY
        - BLIK_CODE
        - BLIK_TOKEN
        - PAY_BY_LINK
        - SHOPPING_LIMIT
        - DEFERRED_PAYMENT
        - CASH_ON_DELIVERY
    summary:
      type: object
      required:
        - basket_base_price
        - currency
        - payment_type
      properties:
        basket_base_price:
          $ref: '#/components/schemas/base_price'
        basket_final_price:
          $ref: '#/components/schemas/base_price'
        basket_promo_price:
          $ref: '#/components/schemas/base_price'
        currency:
          type: string
          description: basket currency
          enum:
            - PLN
        basket_expiration_date:
          type: string
          format: date-time
          description: expiry date of basket
        basket_additional_information:
          type: string
          description: additional information
        payment_type:
          type: array
          description: payment type
          items:
            $ref: '#/components/schemas/payment_type'
        basket_notice:
          $ref: '#/components/schemas/information'
    invoice_details:
      type: object
      properties:
        legal_form:
          type: string
          description: legal form of customer
          enum:
            - PERSON
            - COMPANY
        country_code:
          type: string
          description: country code
        tax_id_prefix:
          type: string
          description: tax id prefix
        tax_id:
          type: string
          description: tax id
        company_name:
          type: string
          description: company name
        name:
          type: string
          description: name
        surname:
          type: string
          description: surname
        city:
          type: string
          description: city
        street:
          type: string
          description: street
        building:
          type: string
          description: building
        flat:
          type: string
          description: flat
        postal_code:
          type: string
          description: postal code
        mail:
          type: string
          description: mail
        registration_data_edited:
          type: string
          description: registration data edited
        additional_information:
          type: string
          description: additional information
    account_info:
      type: object
      required:
        - name
        - surname
        - phone_number
        - client_address
        - mail
      properties:
        name:
          type: string
          description: name
        surname:
          type: string
          description: surname
        phone_number:
          $ref: '#/components/schemas/phone_number'
        mail:
          type: string
          description: mail
        client_address:
          $ref: '#/components/schemas/client_address'
    consents_order:
      type: object
      description: consents order list
      required:
        - consent_id
        - consent_version
        - is_accepted
      properties:
        consent_id:
          type: string
          description: consent id
        consent_version:
          type: string
          description: consent version
        is_accepted:
          type: boolean
          description: is accepted consent
    response_orders_details:
      type: object
      required:
        - order_id
        - order_creation_date
        - basket_id
        - payment_status
        - order_merchant_status_description
        - payment_type
        - order_base_price
        - order_final_price
        - currency
        - pos_id
      properties:
        order_comments:
          type: string
          description: order comments
        order_id:
          type: string
          description: order id
        customer_order_id:
          type: string
          description: order ID presented to customer and used for payment. In case of lack of customer_order_id order_id will be used.     
        pos_id:
          type: string
          description: POS identifier provided by Vodeno, allowing merchant to filter payments in the reporting tools
        order_creation_date:
          type: string
          format: date-time
          description: order creation date
        basket_id:
          type: string
          description: basket id
        order_merchant_status_description:
          type: string
          description: order merchant status description
        payment_type:
          type: string
          description: order status
          enum:
            - CARD
            - CARD_TOKEN
            - GOOGLE_PAY
            - APPLE_PAY
            - BLIK_CODE
            - BLIK_TOKEN
            - PAY_BY_LINK
            - SHOPPING_LIMIT
            - DEFERRED_PAYMENT
            - CASH_ON_DELIVERY
        order_base_price:
          type: object
          description: price for order without delivery costs
          required:
            - net
            - gross
            - vat
          properties:
            net:
              type: number
              format: decimal
              description: net price
            gross:
              type: number
              format: decimal
              description: gross price
            vat:
              type: number
              format: decimal
              description: VAT
        order_final_price:
          type: object
          description: total order price with delivery costs
          required:
            - net
            - gross
            - vat
          properties:
            net:
              type: number
              format: decimal
              description: net price
            gross:
              type: number
              format: decimal
              description: gross price
            vat:
              type: number
              format: decimal
              description: VAT
        order_discount:
          type: number
          format: decimal
          description: Value used discount coupons on order       
        currency:
          type: string
          description: basket currency
          enum:
            - PLN
        delivery_references_list:
          type: array
          description: delivery references list
          items:
            $ref: '#/components/schemas/delivery_references'
    delivery_references:
      type: string
      description: delivery references
    request_orders_details:
      type: object
      required:
        - basket_id
        - payment_type
        - currency
        - basket_price
      properties:
        order_comments:
          type: string
          description: order information
        basket_id:
          type: string
          description: basket id
        currency:
          type: string
          description: basket currency
          enum:
            - PLN
        basket_price:
          type: object
          description: total basket price
          required:
            - net
            - gross
            - vat
          properties:
            net:
              type: number
              format: decimal
              description: net price
            gross:
              type: number
              format: decimal
              description: gross price
            vat:
              type: number
              format: decimal
              description: VAT
        payment_type:
          type: string
          description: payment type
          enum:
            - CARD
            - CARD_TOKEN
            - GOOGLE_PAY
            - APPLE_PAY
            - BLIK_CODE
            - BLIK_TOKEN
            - PAY_BY_LINK
            - SHOPPING_LIMIT
            - DEFERRED_PAYMENT
            - CASH_ON_DELIVERY
    promo_codes:
      type: object
      description: promo code
      required:
        - name
        - promo_code_value
      properties:
        name:
          type: string
          description: promo code name
        promo_code_value:
          type: string
          description: promo code value
    product_attributes:
      type: object
      description: product attributes
      required:
        - attribute_name
        - attribute_value
      properties:
        attribute_name:
          type: string
          description: attribute name
        attribute_value:
          type: string
          description: attribute value
    event_data:
      type: object
      description: Data on events
      properties:
        payment_status:
          type: string
          description: payment status. AUTHORIZED - payment successfully completed
          enum:
            - AUTHORIZED
        order_status:
          type: string
          description: order status
          enum:
            - ORDER_REJECTED
        payment_id:
          type: string
          description: payment id
        payment_reference:
          type: string
          description: payment reference
        payment_type:
          type: string
          description: payment type
          enum:
            - CARD
            - CARD_TOKEN
            - GOOGLE_PAY
            - APPLE_PAY
            - BLIK_CODE
            - BLIK_TOKEN
            - PAY_BY_LINK
            - SHOPPING_LIMIT
            - DEFERRED_PAYMENT
            - CASH_ON_DELIVERY
    base_price:
      type: object
      description: price information
      required:
        - net
        - gross
        - vat
      properties:
        net:
          type: number
          format: decimal
          description: net price
        gross:
          type: number
          format: decimal
          description: gross price
        vat:
          type: number
          format: decimal
          description: VAT
    quantity:
      type: object
      description: product quantity information
      required:
        - quantity
      properties:
        quantity:
          type: number
          description: product quantity
        quantity_type:
          type: string
          description: product quantity type
          enum:
            - DECIMAL
            - INTEGER
        quantity_unit:
          type: string
          description: unit quantity
        available_quantity:
          type: number
          format: decimal
          description: product quantity available
        max_quantity:
          type: number
          format: decimal
          description: maximum product quantity
        min_quantity:
          type: number
          format: decimal
          description: minimum product quantity. Field available in next version app          
    quantity_order:
      type: object
      description: product quantity
      required:
        - quantity
      properties:
        quantity:
          type: number
          description: product quantity
        quantity_type:
          type: string
          enum:
            - DECIMAL
            - INTEGER
          description: product quantity type
        quantity_unit:
          type: string
          description: unit quantity
    phone_number:
      type: object
      description: phone number
      required:
        - country_prefix
        - phone
      properties:
        country_prefix:
          type: string
          description: prefix
          example: '+48'
        phone:
          type: string
          example: 600123123
    information:
      type: object
      required:
        - type
        - description
      properties:
        type:
          type: string
          enum:
            - ATTENTION
            - ERROR
          description: type additional notice
        description:
          type: string
          description: basket additional notice
    response_order_event_merchant:
      type: object
      properties:
        order_status:
          type: string
          description: order status - Merchant can change order status to; ORDER_COMPLETED - order completed in merchant's shop, ORDER_REJECTED - order rejected by merchant
          enum:
            - ORDER_COMPLETED
            - ORDER_REJECTED
        order_merchant_status_description:
          type: string
          description: order merchant status description
        delivery_references_list:
          type: array
          description: delivery references list
          items:
            $ref: '#/components/schemas/delivery_references'
    address_details:
      description: This is auto-generated object from single line user input. Correctness of the data is not guaranteed.
      type: object
      properties:
        street:
          type: string
          description: street
        building:
          type: string
          description: Building number. Populated with "_" if not found in the address.
        flat:
          type: string
          description: flat
    account_info_request:
      type: object
      required:
        - name
        - surname
        - phone_number
        - client_address
        - mail
      properties:
        name:
          type: string
          description: name
        surname:
          type: string
          description: surname
        phone_number:
          $ref: '#/components/schemas/phone_number'
        mail:
          type: string
          description: mail
        client_address:
          $ref: '#/components/schemas/client_address_request'
    client_address_request:
      type: object
      description: delivery address
      required:
        - country_code
        - address
        - city
        - postal_code
      properties:
        country_code:
          type: string
          description: country code
        address:
          type: string
          description:  address
        address_details:
          $ref: '#/components/schemas/address_details'
        city:
          type: string
          description: city
        postal_code:
          type: string
          description: postal code
    delivery_address_request:
      type: object
      description: delivery address
      required:
        - name
        - country_code
        - address
        - city
        - postal_code
      properties:
        name:
          type: string
          description:  name
        country_code:
          type: string
          description: country code
        address:
          type: string
          description:  address
        city:
          type: string
          description: city
        postal_code:
          type: string
          description: postal code
        address_details:
          $ref: '#/components/schemas/address_details' 
    delivery_product:
      type: object
      description: additional delivery information for product
      properties:
        delivery_type:
          type: string
          description: delivery type (APM; COURIER)
          enum:
            - APM
            - COURIER
        if_delivery_available:
           type: boolean
           description: if type of delivery available for product
    delivery_related_products:
      type: object
      description: additional delivery information for product
      properties:
        delivery_type:
          type: string
          description: delivery type (APM; COURIER)
          enum:
            - APM
            - COURIER
        if_delivery_free:
          type: boolean
          description: is free delivery for a type of delivery
        if_delivery_available:
          type: boolean
          description: if type of delivery available for product
    product_images:
      type: object
      description: additional product images
      required:
        - small_size
        - normal_size      
      properties:      
        small_size:
          type: string
          description: product image. Preferred size 360 x 352
        normal_size:
          type: string
          description: product image. Preferred size 360 x 504
    cookies:
       required:
        - domain
        - keyValue
        - key
        - value
        - path
       type: object
       properties:
        domain:
          type: string
          description: Domain of the cookie represented by pair key-value
          example: "uat.outofthebox.pl"
        key:
          type: string
          description: Cookie key
          example: "wp_woocommerce_session_f3cd21b400c074e165b59837d7a9d0a4"
        value:
          type: string
          description: Cookie value
          example: "t_f13664beda2ec455d97546c1ddab8b%7C%7C1699438060%7C%7C1699434460%7C%7Cf77d310ce1f0440cb4812f5043736989"
        path:
          type: string
          description: Cookie path
          example: "/"
        expires:
          type: string
          description: Cookie expiration time or maxAge
          example: "2025-01-16T14:17:02.486Z"
        secure:
          type: boolean
          description: Cookie security information
          example: false
        http_only:
          type: boolean
          description: Cookie http information
          example: true
        same_site:
          type: string
          enum:
            - STRICT
            - LAX
            - NONE
          description: Cookie sameSite information
          example: "LAX"
        priority:
          type: string
          enum:
            - LOW
            - MEDIUM
            - HIGH
          description: Cookie priority
          example: "MEDIUM"
        max_age:
          type: integer
          description: Cookie max age
          example: 0