popup close image popup close image
We use cookies in order to personalize website content and analyze traffic on our website.
I agree

API Documentation

Home pageHelp & Support
Ready plugins plugins Api integration guide Api SCI/Merchant integration guide SCI
If you need help please do not hesitate to contact our support service.

Introduction

Worldcore Application Programming Interface (API) is used to implement interaction with some services provided by Worldcore. It is commonly used to automate such operations as making payments, getting payment history or fetching account balances.

Worldcore API is RESTful based and uses POST and GET methods with some JSON data in interaction.

Authorization

Every API request has authorization information in its HTTP-headers. Credentials used in generating authorization headers is set under Member's area of Worldcore web-site.

Here is some authorization example to show how API authorization works.

Authorization header example:

Authorization: wauth key=2JKP2P7K52VLL6MU6DF7BHP95Q, hash=A7AFBE3C4C74BC7AB311E2CA05473E877A9C39194C4B55B8805A135C4EFD9E54

PHP
C#
Ruby
Python
<?php
// These values should be filled according API page of Worldcore Member's area:
define('API_KEY', '1234567890'); // Worldcore API key
define('API_PASSWORD', 'some pass phrase'); // Worldcore API password
$request_body=json_encode(array(
	'param1' => 'some value',
));
$hash_in=strtoupper(hash('sha256', $request_body.API_PASSWORD));
$auth_header='Authorization: wauth key='.API_KEY.', hash='.$hash_in;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://api.worldcore.eu/v1/...');
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=utf-8', $auth_header));
curl_setopt($curl, CURLOPT_POSTFIELDS, $request_body);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if($curl_response==false){
	$error_msg = curl_error($curl);
	echo $error_msg;	
}else{		
	list($response_headers, $json_response)=explode("\r\n\r\n", $curl_response, 2);
	preg_match("/^WSignature: ([A-Z0-9]{64})\r$/m", $response_headers, $hash_outputed);
	$hash_check=strtoupper(hash('sha256', $json_response.API_PASSWORD));
	if($hash_outputed[1]!=$hash_check){ // signature check
		echo "Hash not match!";
	}else{
		$decoded_response=json_decode($json_response, true);
		print_r($decoded_response);
	}
}
curl_close($curl);       
    
var baseAddress = new Uri("https://api.worldcore.eu/v1/");
using (var httpClient = new HttpClient {BaseAddress = baseAddress})
{
    var paramerters = new
    {
        account = "Some account",
        // ...
    };
    var json = JsonConvert.SerializeObject(paramerters);
    var content = new StringContent(json, Encoding.UTF8, "application/json");
    var appKey = "YOUR API KEY";
    var appPassword = "YOUR API PASSWORD";
    var authHeader = string.Format("wauth key={0}, hash={1}", appKey, ArrayToHexString(ComputeHash(json + appPassword)));
    httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", authHeader);
    using (var response = await httpClient.PostAsync("... SOME API URL ...", content))
    {
        if (response.StatusCode == HttpStatusCode.OK)
        {
            var responseData = await response.Content.ReadAsStringAsync();
            IEnumerable<string> signatures;
            response.Headers.TryGetValues("WSignature", out signatures);
            var returnedSignature = signatures != null ? signatures.SingleOrDefault() : null;
            var actualSignature = ArrayToHexString(ComputeHash(responseData + appPassword));
            if (returnedSignature != actualSignature)
            {
                // Signatures mismatch. Do something when signature is invalid
            }
            else
            {
                // do something useful here
            }
        }
        else
        {
           // something went wrong
        }
    }
}
// ...
public static byte[] ComputeHash(string str)
{
    var bytes = Encoding.ASCII.GetBytes(str);
    using (var algorithm = SHA256.Create())
    {
        return algorithm.ComputeHash(bytes);
    }
}
public static string ArrayToHexString(IEnumerable<byte> array)
{
    var result = new StringBuilder();
    foreach (var item in array)
    {
        result.AppendFormat("{0:X2}", item);
    }
    return result.ToString();
}
api_key = '1234567'
api_password = 'some password'
request_str = {
	'param1' => 'some value',
}.to_json
hash_in = Digest::SHA256.hexdigest "#{request_str}#{api_password}"
hash_in = hash_in.upcase
uri = URI.parse('https://api.worldcore.eu/v1/...')
connection = Net::HTTP::new(uri.host, uri.port)
connection.use_ssl = true
req = Net::HTTP::Post.new(uri.path, initheader = {
	'Content-Type' => 'application/json; charset=utf-8',
	'Authorization' => "wauth key=#{api_key}, hash=#{hash_in}"
})
req.body = request_str
res = connection.request(req)
hash_out = res.get_fields('WSignature')
hash_check = Digest::SHA256.hexdigest "#{res.body}#{api_password}"
hash_check = hash_check.upcase
if not "[\"#{hash_check}\"]".eql? "#{hash_out}"
	render :text => "hash hot match"
else	
	response = JSON.parse res.body
	if response["error"]
		render :text => "error occurred: #{response["error"]}"
	else
		render :text => response["data"]
	end		
end
    
import json
import hashlib
# These values should be filled according API page of Worldcore Member's area:
API_KEY='1234567'
API_PASSWORD='some password'
input_params={
	"param1": "some value"
}
request_str=json.dumps(input_params)
h = hashlib.new('sha256')
h.update((request_str+API_PASSWORD).encode())
hash_in=h.hexdigest().upper()
auth_header="Authorization: wauth key="+API_KEY+", hash="+hash_in
import pycurl
from StringIO import StringIO
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, "https://api.worldcore.eu/v1/...") 
c.setopt(c.HTTPHEADER, ["Content-Type: application/json; charset=utf-8", auth_header])
c.setopt(c.POSTFIELDS, request_str)
c.setopt(c.WRITEFUNCTION, buffer.write)
c.perform()
# Fetch	response
code = c.getinfo(c.RESPONSE_CODE)
response = buffer.getvalue().split("\r\n\r\n", 2)
headers = response[0]
body = response[1]
# Fetch checking hash
import re
m=re.search("^WSignature: ([A-Z0-9]{64})\r$", headers, re.M)
hash_out=m.group(1)
h = hashlib.new('sha256')
h.update((body+API_PASSWORD).encode())
hash_check=h.hexdigest().upper()
if hash_out!=hash_check:
	print("BAD HASH")
else:
	# Success
	result = json.loads(body)
	print(result)
c.close()
    

As shown above authorization information is sent as HTTP-header, containing Worldcore API key and uppercased sha256 hash generated from request body and API password concatenated (for GET requests just API password).

Worldcore sends WSignature as a header of HTTP-response to check against hash, which is generated from response body and API password concatenated.

Data formats

Worldcore API uses JSON format on input and output.

Every API request uses own set of parameters (see "API requests" sections below).

Output data has different format depending on request result.

Decimal Amount and Fee are always truncated to max. 8 digits after decimal point. Exact values are shown in amountString and feeString parameters.

In case of successfull result, output data has the following format:
{
    "data": {
        "param1": "value1",
        "param2": "value2",
		...
    }
}
In case of error, output data are returned in the following format:
{
    "error": {
        "type": "errorID",
        "message": "Error description"
    }
}

API requests

The list of Worldcore services it is possible to interact via API provided below.

Making payments

This API method is used to make Worldcore payments. All types of payments are done using POST requests to the following URL:

https://api.worldcore.eu/v1/payment

Sending Worldcore API payment requests supposes passing the following set of parameters in JSON format:

Parameter Description
type (string)*
Payment type. Indicates the type of payment. Must be one of the following:
  • bankWire
  • internalTransfer
  • prepaidCard
  • anyCard
  • crypto
  • token
account (string) *
Account ID to send payment from.
amount (decimal) *
This parameter is required for all types of payments.
comment (string) *
This parameter is required for all types of payments except prepaidCard, anyCardParams ones.
customField (string)
Custom parameter can be any string up to 100 characters
bankWireParams *
This parameter is required for bankWire type only and consists of the following fields:
  • feePayer Indicates fee payer. Must be one of the following:
    • "Sender" - fee is paid by payment sending customer
    • "Shared" - fee is paid equally by sending and receiving sides
  • urgency Must be one of the following:
    • standard
    • express
  • beneficiaryName (string)
  • beneficiaryAccount (string)
  • beneficiaryAddress (string)
  • beneficiaryCity (string)
  • beneficiaryCountry (ISO country code)
  • bankName (string)
  • bankAddress (string)
  • bankCity (string)
  • bankSwiftCode (string)
  • bankCountry (string)
  • intermediaryBank (boolean)
  • intermediaryBankName (string) Passed if only intermediaryBank is true.
  • intermediaryBankAccount (string) Passed if only intermediaryBank is true.
  • intermediaryBankAddress (string) Passed if only intermediaryBank is true.
  • intermediaryBankCity (string) Passed if only intermediaryBank is true.
  • intermediaryBankSwiftCode (string) Passed if only intermediaryBank is true.
  • intermediaryBankCountry (string) Passed if only intermediaryBank is true.
internalTransferParams *
This parameter is required for internalTransfer type only and consists of the following field:
  • recipientAccount (string) Worldcore account ID to send money to
prepaidCardParams *
This parameter is required for prepaidCard type only and consists of the following field:
  • email (string) Email address prepaid card registered to.
anyCardParams *
This parameter is required for anyCard type only and consists of the following fields:
  • number (string) Card number consisting 16 digits.
  • name (string) Name as it is on the card
  • expiryMonth (integer) Card expiration month (1-2 digits)
  • expiryYear (integer) Card expiration year (4 digits)
cryptoParams *
This parameter is required for crypto type only and consists of the following fields:
  • recipientAddress (string) Address of recipient's crypto account
  • ethereum
    This parameter is optional and consists of parameters for Ethereum payment (see the table below). If omitted, system values are used leading to fast transaction confirmation
tokenParams *
This parameter is required for token type only and consists of the following fields:
  • recipientAddress (string) Address of recipient's crypto account
  • contractAddress (string) Token contract address
  • gasPrice (int)
    Price of Ethereum gas unit (Gwei). If omitted, system value is used leading to fast transaction confirmation
  • gasLimit (int)
    Maximum amount of Gas that transaction can consume. If omitted, system estimated value is used

Cryptocurrency specific parameters:

Parameter Description
ethereum
This parameter may be specified for Ethereum payments only and consists of the following fields:
  • gasPrice (int)
    Price of Ethereum gas unit (Gwei). If omitted, system value is used leading to fast transaction confirmation

In reply to request the following data may be returned:

Parameter Description
track (string)
Worldcore payment tracking ID
dateCreated (string)
Date of payment creation (example: 2015-07-08T21:15:34Z)
type (string)
Payment type. Indicates the type of created payment. May be one of the following:
  • OutgoingBankWire
  • OutgoingInternalTransfer
  • OutgoingPrepaidCard
  • OutgoingAnyCard
  • OutgoingCrypto
  • OutgoingToken

Corresponds to type value passed on input.

amount (decimal)
Indicates the amount of created payment. (example: -1212.34) May be truncated.
amountString (string)
Indicates exact amount of created payment
fee (decimal)
Indicates the fee of payment. (example: 1.23) May be truncated.
feeString (string)
Indicates the exact fee of payment
status (string)
Indicates actual status of payment. May be one of the following:
  • Created
  • Pending
  • Completed
  • Rejected
customField (string)
Custom parameter
outgoingBankWireParams
This parameter is present for bankWire payment type only and consists of the following fields:
  • feePayer Indicates fee payer of created payment. May be one of the following:
    • "Sender" - fee were paid by payment sending customer
    • "Shared" - fee were paid equally by sending and receiving sides

    Normally should be the same value as passed on input.

  • urgency May be one of the following:
    • standard
    • express
    Normally should be the same value as passed on input.
  • beneficiaryName (string)
  • beneficiaryAccount (string)
  • beneficiaryAddress (string)
  • beneficiaryCity (string)
  • beneficiaryCountry (ISO country code)
  • bankName (string)
  • bankAddress (string)
  • bankCity (string)
  • bankSwiftCode (string)
  • bankCountry (string)
  • intermediaryBank (boolean)
  • intermediaryBankName (string) Present only if intermediaryBank is true
  • intermediaryBankAccount (string) Present only if intermediaryBank is true
  • intermediaryBankAddress (string) Present only if intermediaryBank is true
  • intermediaryBankCity (string) Present only if intermediaryBank is true
  • intermediaryBankSwiftCode (string) Present only if intermediaryBank is true
  • intermediaryBankCountry (string) Present only if intermediaryBank is true
  • Above should be the same values as passed on input.

outgoingInternalTransferParams
This parameter is present for internalTransfer payment type only and consists of the following field:
  • recipientAccount (string) Worldcore account ID money has been sent to
outgoingPrepaidCardParams
This parameter is present for prepaidCard payment type only and consists of the following field:
  • email (string) Email address prepaid card registered to
outgoingAnyCardParams
This parameter is present for anyCard payment type only and consists of the following fields:
  • number (string) Card number consisting 16 digits.
  • name (string) Name as it is on the card
  • expiryMonth (integer) Card expiration month (1-2 digits)
  • expiryYear (integer) Card expiration year (4 digits)

Above should be the same values as passed on input.

outgoingCryptoParams
This parameter is present for crypto payment type only and consists of the following fields:
  • recipientAddress (string) Address of recipient's crypto account
  • transactionId (string) Unique ID of transaction in corresponding blockchain
outgoingTokenParams
This parameter is present for token payment type only and consists of the following fields:
  • recipientAddress (string) Address of recipient's crypto account
  • transactionId (string) Unique ID of transaction in corresponding blockchain

In case of payment creation failure system returns error info:

Parameter Example Value
errorType (string)
amountExceeds
errorMessage (string)
Not enough money.

Example of sending and handling payment request

PHP
C#
Ruby
Python
<?php
// These values should be filled according API page of Worldcore Member's area:
define('API_KEY', '1234567890');
define('API_PASSWORD', 'some pass phrase');
$post_str=json_encode(array(
	'type' => 'bankWire',
	'account' => 'S1234567',
	'amount' => 1920.53,
	'comment' => 'Some information about payment order',
	'BankWireParams' => array(
		'feePayer' => 'Sender',
		'urgency' => 'standard',
		'beneficiaryName' => 'Name Surname or Company name',
		'beneficiaryAccount' => 'Bank account',
		'beneficiaryAddress' => 'address',
		'beneficiaryCity' => 'city',
		'beneficiaryCountry' => 'RO',
		'bankName' => 'The Bank',
		'bankAddress' => 'Bank street address',
		'bankCity' => 'Bank city',
		'bankSwiftCode' => 'Bank SWIFT code',
		'bankCountry' => 'RO',
		'intermediaryBank' => true,
		'intermediaryBankName' => 'Intermediary Bank Name',
		'intermediaryBankAccount' => 'Intermediary Bank Account',
		'intermediaryBankAddress' => 'Intermediary Bank address',
		'intermediaryBankCity' => 'Intermediary Bank city',
		'intermediaryBankSwiftCode' => 'Intermediary Bank SWIFT code',
		'intermediaryBankCountry' => 'DE',
	)
));
$hash_in=strtoupper(hash('sha256', $post_str.API_PASSWORD));
$auth_header='Authorization: wauth key='.API_KEY.', hash='.$hash_in;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://api.worldcore.eu/v1/payment');
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=utf-8', $auth_header));
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_str);
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if($curl_response==false){
	$error_msg = curl_error($curl);
	echo $error_msg;
}else{
	list($response_headers, $json_response)=explode("\r\n\r\n", $curl_response, 2);
	preg_match("/^WSignature: ([A-Z0-9]{64})\r$/m", $response_headers, $hash_outputed);
	$hash_check=strtoupper(hash('sha256', $json_response.API_PASSWORD));
	if($hash_outputed[1]!=$hash_check){
		echo "Hash not match!";
	}else{
		$decoded_response=json_decode($json_response, true);
		if(isset($decoded_response['error'])){
			echo 'Error occurred: '.print_r($decoded_response['error'], true);
		}else{
			print_r($decoded_response['data']);
		}
	}
}
curl_close($curl);
var baseAddress = new Uri("https://api.worldcore.eu/v1/");
using (var httpClient = new HttpClient {BaseAddress = baseAddress})
{
    var paramerters = new
    {
        type = "BankWire",
        account = "S1234567",
        amount = 300m,
        comment = "Some comment",
        bankWireParams = new
        {
            feePayer = "Sender",
            urgency = "Standard",
            beneficiaryName = "...",
            beneficiaryAccount = "...",
            beneficiaryAddress = "...",
            beneficiaryCity = "...",
            beneficiaryCountry = "US",
            bankName = "...",
            bankAddress = "...",
            bankCity = "...",
            bankSwiftCode = "...",
            bankCountry = "RU",
        },
    };
    var json = JsonConvert.SerializeObject(paramerters);
    var content = new StringContent(json, Encoding.UTF8, "application/json");
    var appKey = "YOUR API KEY";
    var appPassword = "YOUR API PASSWORD";
    var authHeader = string.Format("wauth key={0}, hash={1}", appKey, ArrayToHexString(ComputeHash(json + appPassword)));
    httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", authHeader);
    using (var response = await httpClient.PostAsync("payment", content))
    {
        if (response.StatusCode == HttpStatusCode.OK)
        {
            var responseData = await response.Content.ReadAsStringAsync();
            IEnumerable<string> signatures;
            response.Headers.TryGetValues("WSignature", out signatures);
            var returnedSignature = signatures != null ? signatures.SingleOrDefault() : null;
            var actualSignature = ArrayToHexString(ComputeHash(responseData + appPassword));
            if (returnedSignature != actualSignature)
            {
                // Signatures mismatch. Do something when signature is invalid
            }
            else
            {
                var responseObject = JsonConvert.DeserializeObject<ApiResponse>(responseData);
                if (responseObject.Data != null)
                {
                    // do something useful
                }
                else {
                    // do some error handling here
                }
            }
        }
        else
        {
           // something went wrong with your request
        }
    }
}
// ...
public static byte[] ComputeHash(string str)
{
    var bytes = Encoding.ASCII.GetBytes(str);
    using (var algorithm = SHA256.Create())
    {
        return algorithm.ComputeHash(bytes);
    }
}
public static string ArrayToHexString(IEnumerable<byte> array)
{
    var result = new StringBuilder();
    foreach (var item in array)
    {
        result.AppendFormat("{0:X2}", item);
    }
    return result.ToString();
}
// ...
public class ApiResponse
{
    public ErrorInfo Error { get; set; }
    public PaymentResponse Data { get; set; }
}
public class ErrorInfo
{
    public string Type { get; set; }
    public string Message { get; set; }
}
public class PaymentResponse
{
    public string Track { get;set;}
    public string DateCreated{get;set;}
    public string Type{get;set;}
    public string Ip{get;set;}
    // ...
}
require 'digest'
require 'json'
require 'uri'
require 'net/http'
require 'net/https'
# These values should be filled according API page of Worldcore Member's area:
api_key = '1234567'
api_password = 'some password'
	
post_str={
	'type' => 'bankWire',
	'account' => 'S1234567',
	'amount' => 1920.53,
	'comment' => 'Some information about payment order',
	'BankWireParams' => {
		'feePayer' => 'Sender',
		'urgency' => 'standard',
		'beneficiaryName' => 'Name Surname or Company name',
		'beneficiaryAccount' => 'Bank account',
		'beneficiaryAddress' => 'address',
		'beneficiaryCity' => 'city',
		'beneficiaryCountry' => 'RO',
		'bankName' => 'The Bank',
		'bankAddress' => 'Bank street address',
		'bankCity' => 'Bank city',
		'bankSwiftCode' => 'Bank SWIFT code',
		'bankCountry' => 'RO',
		'intermediaryBank' => true,
		'intermediaryBankName' => 'Intermediary Bank Name',
		'intermediaryBankAccount' => 'Intermediary Bank Account',
		'intermediaryBankAddress' => 'Intermediary Bank address',
		'intermediaryBankCity' => 'Intermediary Bank city',
		'intermediaryBankSwiftCode' => 'Intermediary Bank SWIFT code',
		'intermediaryBankCountry' => 'DE',
	}
}.to_json
hash_in = Digest::SHA256.hexdigest "#{post_str}#{api_password}"
hash_in = hash_in.upcase
uri = URI.parse('https://api.worldcore.eu/v1/payment')
connection = Net::HTTP::new(uri.host, uri.port)
connection.use_ssl = true
req = Net::HTTP::Post.new(uri.path, initheader = {
	'Content-Type' => 'application/json; charset=utf-8',
	'Authorization' => "wauth key=#{api_key}, hash=#{hash_in}"
})
req.body = post_str
res = connection.request(req)
hash_out = res.get_fields('WSignature')
hash_check = Digest::SHA256.hexdigest "#{res.body}#{api_password}"
hash_check = hash_check.upcase
if not "[\"#{hash_check}\"]".eql? "#{hash_out}"
	render :text => "hash hot match"
else	
	response = JSON.parse res.body
	if response["error"]
		render :text => "error occurred: #{response["error"]}"
	else
		render :text => response["data"]
	end		
end
    
#!/usr/bin/python
print("Content-Type: text/html;charset=utf-8\n")
import sys
import json
import hashlib
# These values should be filled according API page of Worldcore Member's area:
API_KEY='1234567'
API_PASSWORD='some password'
input_params={
	"type": "bankWire",
	"account": "S1234567",
	"amount": 1920.53,
	"comment": "Some information about payment order",
	"BankWireParams": {
		"feePayer": "Sender",
		"urgency": "standard",
		"beneficiaryName": "Name Surname or Company name",
		"beneficiaryAccount": "Bank account",
		"beneficiaryAddress": "address",
		"beneficiaryCity": "city",
		"beneficiaryCountry": "RO",
		"bankName": "The Bank",
		"bankAddress": "Bank street address",
		"bankCity": "Bank city",
		"bankSwiftCode": "Bank SWIFT code",
		"bankCountry": "RO",
		"intermediaryBank": True,
		"intermediaryBankName": "Intermediary Bank Name",
		"intermediaryBankAccount": "Intermediary Bank Account",
		"intermediaryBankAddress": "Intermediary Bank address",
		"intermediaryBankCity": "Intermediary Bank city",
		"intermediaryBankSwiftCode": "Intermediary Bank SWIFT code",
		"intermediaryBankCountry": "DE",
	}
}
request_str=json.dumps(input_params)
h = hashlib.new('sha256')
h.update((request_str+API_PASSWORD).encode())
hash_in=h.hexdigest().upper()
auth_header="Authorization: wauth key="+API_KEY+", hash="+hash_in
import pycurl
from StringIO import StringIO
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, "https://api.worldcore.eu/v1/payment") 
c.setopt(c.HEADER, 1)
c.setopt(c.POST, 1)
c.setopt(c.HTTPHEADER, ["Content-Type: application/json; charset=utf-8", auth_header])
c.setopt(c.POSTFIELDS, request_str)
c.setopt(c.TIMEOUT, 10)
c.setopt(c.WRITEFUNCTION, buffer.write)
try:
	c.perform()
except pycurl.error, e:
	print('curl error: '+e)
	sys.exit()
# Fetch	response
code = c.getinfo(c.RESPONSE_CODE)
response = buffer.getvalue().split("\r\n\r\n", 2)
headers = response[0]
body = response[1]
if code == 200:
	import re
	m=re.search("^WSignature: ([A-Z0-9]{64})\r$", headers, re.M)
	hash_out=m.group(1)
	h = hashlib.new('sha256')
	h.update((body+API_PASSWORD).encode())
	hash_check=h.hexdigest().upper()
	if hash_out!=hash_check:
		print("BAD HASH")
	else:
		result = json.loads(body)
		if result.get('error'):
			print("error occurred: "+str(result.get('error')))
		else:
			# Process payment here
			print(result.get('data'))
else:
	print("error occurred: "+body)
c.close()    
    

Checking balances

This API method is used to check Worldcore account balances. Fetching balances are done by GET requests to

https://api.worldcore.eu/v1/account

Fetching account balance requires passing its ID

Parameter Example Value
account (string) *
ET123456

In reply to request Worldcore returns account balance

Parameter Example Value
number (string)
ET123456
amount (decimal)
12.12345679
amountString (string)
12.12345678912
currency (string)
ETH

Example of sending and handling account balance fetching

PHP
C#
Ruby
Python
<?php
// These values should be filled according API page of Worldcore Member's area:
define('API_KEY', '1234567890');
define('API_PASSWORD', 'some pass phrase');
$account='S1234567';
$hash_in=strtoupper(hash('sha256', API_PASSWORD));
$auth_header='Authorization: wauth key='.API_KEY.', hash='.$hash_in;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://api.worldcore.eu/v1/account/'.$account);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_HTTPGET, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header));
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if($curl_response==false){
	$error_msg = curl_error($curl);
	echo $error_msg;
}else{
	list($response_headers, $json_response)=explode("\r\n\r\n", $curl_response, 2);
	preg_match("/^WSignature: ([A-Z0-9]{64})\r$/m", $response_headers, $hash_outputed);
	$hash_check=strtoupper(hash('sha256', $json_response.API_PASSWORD));
	if($hash_outputed[1]!=$hash_check){
		echo "Hash not match!";
	}else{
		$decoded_response=json_decode($json_response, true);
		if(isset($decoded_response['error'])){
			echo 'Error occurred: '.print_r($decoded_response['error'], true);
		}else{
			print_r($decoded_response['data']);
		}
	}
}
curl_close($curl);
var baseAddress = new Uri("https://api.worldcore.eu/v1/");
using (var httpClient = new HttpClient {BaseAddress = baseAddress})
{
    string account = "S1234567";
    var appKey = "YOUR API KEY";
    var appPassword = "YOUR API PASSWORD";
    var authHeader = string.Format("wauth key={0}, hash={1}", appKey, ArrayToHexString(ComputeHash(appPassword)));
    httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", authHeader);
    using (var response = await httpClient.GetAsync("account/"+account))
    {
        if (response.StatusCode == HttpStatusCode.OK)
        {
            var responseData = await response.Content.ReadAsStringAsync();
            IEnumerable<string> signatures;
            response.Headers.TryGetValues("WSignature", out signatures);
            var returnedSignature = signatures != null ? signatures.SingleOrDefault() : null;
            var actualSignature = ArrayToHexString(ComputeHash(responseData + appPassword));
            if (returnedSignature != actualSignature)
            {
                // Signatures mismatch. Do something when signature is invalid
            }
            else
            {
                var responseObject = JsonConvert.DeserializeObject<ApiResponse>(responseData);
                if (responseObject.Data != null)
                {
                    // do something useful
                }
                else {
                    // do some error handling here
                }
            }
        }
        else
        {
           // something went wrong with your request
        }
    }
}
// ...
public static byte[] ComputeHash(string str)
{
    var bytes = Encoding.ASCII.GetBytes(str);
    using (var algorithm = SHA256.Create())
    {
        return algorithm.ComputeHash(bytes);
    }
}
public static string ArrayToHexString(IEnumerable<byte> array)
{
    var result = new StringBuilder();
    foreach (var item in array)
    {
        result.AppendFormat("{0:X2}", item);
    }
    return result.ToString();
}
// ...
public class ApiResponse
{
    public ErrorInfo Error { get; set; }
    public AccountInfo Data { get; set; }
}
public class ErrorInfo
{
    public string Type { get; set; }
    public string Message { get; set; }
}
public class AccountInfo
{
    public string Number { get; set; }
    public decimal Amount { get; set; }
    public string Currency { get; set; }
}
require 'digest'
require 'json'
require 'uri'
require 'net/http'
require 'net/https'
# These values should be filled according API page of Worldcore Member's area:
api_key = '1234567'
api_password = 'some password'
account = 'S1234567'
hash_in = Digest::SHA256.hexdigest "#{api_password}"
hash_in = hash_in.upcase
uri = URI.parse("https://api.worldcore.eu/v1/account/#{account}")
connection = Net::HTTP::new(uri.host, uri.port)
connection.use_ssl = true
req = Net::HTTP::Get.new(uri.path, initheader = {
	'Content-Type' => 'application/json; charset=utf-8',
	'Authorization' => "wauth key=#{api_key}, hash=#{hash_in}"
})
res = connection.request(req)
hash_out = res.get_fields('WSignature')
hash_check = Digest::SHA256.hexdigest "#{res.body}#{api_password}"
hash_check = hash_check.upcase
if not "[\"#{hash_check}\"]".eql? "#{hash_out}"
	render :text => "hash hot match"
else	
	response = JSON.parse res.body
	if response["error"]
		render :text => "error occurred: #{response["error"]}"
	else
		render :text => response["data"]
	end		
end
    
#!/usr/bin/python
print("Content-Type: text/html;charset=utf-8\n")
import sys
import json
import hashlib
# These values should be filled according API page of Worldcore Member's area:
API_KEY='1234567'
API_PASSWORD='some password'
account='S1234567'
h = hashlib.new('sha256')
h.update(API_PASSWORD.encode())
hash_in=h.hexdigest().upper()
auth_header="Authorization: wauth key="+API_KEY+", hash="+hash_in
import pycurl
from StringIO import StringIO
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, "https://api.worldcore.eu/v1/account/"+account) 
c.setopt(c.HEADER, 1)
c.setopt(c.HTTPGET, 1)
c.setopt(c.HTTPHEADER, ["Content-Type: application/json; charset=utf-8", auth_header])
c.setopt(c.TIMEOUT, 10)
c.setopt(c.WRITEFUNCTION, buffer.write)
try:
	c.perform()
except pycurl.error, e:
	print('curl error: '+e)
	sys.exit()
# Fetch	response
code = c.getinfo(c.RESPONSE_CODE)
response = buffer.getvalue().split("\r\n\r\n", 2)
headers = response[0]
body = response[1]
if code == 200:
	import re
	m=re.search("^WSignature: ([A-Z0-9]{64})\r$", headers, re.M)
	hash_out=m.group(1)
	h = hashlib.new('sha256')
	h.update((body+API_PASSWORD).encode())
	hash_check=h.hexdigest().upper()
	if hash_out!=hash_check:
		print("BAD HASH")
	else:
		result = json.loads(body)
		if result.get('error'):
			print("error occurred: "+str(result.get('error')))
		else:
			# Process payment here
			print(result.get('data'))
else:
	print("error occurred: "+body)
c.close()
    

Account history

This API method is used to fetch account history. Fetching history are done by sending GET request to

https://api.worldcore.eu/v1/history

Fetching Worldcore account history supposes passing the following parameters in url query string:

Parameter Description
track (string)
Worldcore payment tracking ID
account (string)
Worldcore Account ID (Example: S1234567)
timeStart (string)
Start of time period fetching history for. (example: 2015-07-08T21:15:34Z)
timeEnd (string)
End of time period fetching history for. (example: 2015-07-08T23:59:59Z)
customField (string)
Custom parameter can be any string up to 100 characters
currency (string)

Indicates currency of payments. If passed only payments of the given currency will be fetched. May be one of the following:

  • USD
  • EUR
  • BTC
  • ETH
type (string)

Payment type. Indicates the type of created payment. May be one of the following:

  • IncomingBankWire
  • IncomingInternalTransfer
  • IncomingBitcoinpay
  • IncomingCrypto
  • IncomingToken
  • OutgoingBankWire
  • OutgoingInternalTransfer
  • OutgoingPrepaidCard
  • OutgoingAnyCard
  • OutgoingCrypto
  • OutgoingToken

In reply to request the following data may be returned:

Parameter Description
track (string)
Worldcore payment tracking ID
dateCreated (string)
Date of payment creation (example: 2015-07-08T21:15:34Z)
type (string)
Payment type. May be one of the following:
  • OutgoingBankWire
  • OutgoingInternalTransfer
  • OutgoingPrepaidCard
  • OutgoingAnyCard
  • OutgoingCrypto
  • OutgoingToken
  • IncomingBankWire
  • IncomingInternalTransfer
  • IncomingBitcoinpay
  • IncomingCrypto
  • IncomingToken
amount (decimal)
Amount of created payment. (example: -1212.34) May be truncated.
amountString (string)
Indicates exact amount of created payment
fee (decimal)
The fee of payment. (example: 1.23) May be truncated.
feeString (string)
Indicates the exact fee of payment
comment (string)
Payment description
status (string)
Actual status of payment. May be one of the following:
  • Created
  • Pending
  • Completed
  • Rejected
customField (string)
Custom parameter
outgoingBankWireParams
This parameter is present for bankWire payment type only and consists of the following fields:
  • feePayer Indicates fee payer of payment. May be one of the following:
    • "Sender" - fee were paid by payment sending customer
    • "Shared" - fee were paid equally by sending and receiving sides
  • urgency May be one of the following:
    • standard
    • express
  • beneficiaryName (string)
  • beneficiaryAccount (string)
  • beneficiaryAddress (string)
  • beneficiaryCity (string)
  • beneficiaryCountry (ISO country code)
  • bankName (string)
  • bankAddress (string)
  • bankCity (string)
  • bankSwiftCode (string)
  • bankCountry (string)
  • intermediaryBank (boolean)
  • intermediaryBankName (string) Present only if intermediaryBank is true
  • intermediaryBankAccount (string) Present only if intermediaryBank is true
  • intermediaryBankAddress (string) Present only if intermediaryBank is true
  • intermediaryBankCity (string) Present only if intermediaryBank is true
  • intermediaryBankSwiftCode(string) Present only if intermediaryBank is true
  • intermediaryBankCountry(string) Present only if intermediaryBank is true
outgoingInternalTransferParams
This parameter is present for internalTransfer payment type only and consists of the following field:
  • recipientAccount (string) Worldcore account ID money has been sent to
outgoingPrepaidCardParams
This parameter is present for prepaidCard payment type only and consists of the following field:
  • email (string) Email address prepaid card registered to
outgoingAnyCardParams
This parameter is present for anyCard payment type only and consists of the following fields:
  • number (string) Card number consisting 16 digits.
  • name (string) Name as it is on the card
  • expiryMonth (integer) Card expiration month (1-2 digits)
  • expiryYear (integer) Card expiration year (4 digits)
outgoingCryptoParams
This parameter is present for crypto payment type only and consists of the following fields:
  • recipientAddress (string) Address of recipient's crypto account
  • transactionId (string) Unique ID of transaction in corresponding blockchain
outgoingTokenParams
This parameter is present for token payment type only and consists of the following fields:
  • recipientAddress (string) Address of recipient's crypto account
  • transactionId (string) Unique ID of transaction in corresponding blockchain

Example of sending and handling account history fetching

PHP
C#
Ruby
Python
<?php
// These values should be filled according API page of Worldcore Member's area:
define('API_KEY', '1234567890');
define('API_PASSWORD', 'some pass phrase');
$request_str=http_build_query(array(
	'account' => 'S1234567',
	'TimeStart' => '2015-07-08T21:15:34Z',
	'TimeEnd' => '2015-07-08T23:59:59Z'
));
$hash_in=strtoupper(hash('sha256', API_PASSWORD));
$auth_header='Authorization: wauth key='.API_KEY.', hash='.$hash_in;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://api.worldcore.eu/v1/history?'.$request_str);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_HTTPGET, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header));
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if($curl_response==false){
	$error_msg = curl_error($curl);
	echo $error_msg;
}else{
	list($response_headers, $json_response)=explode("\r\n\r\n", $curl_response, 2);
	preg_match("/^WSignature: ([A-Z0-9]{64})\r$/m", $response_headers, $hash_outputed);
	$hash_check=strtoupper(hash('sha256', $json_response.API_PASSWORD));
	if($hash_outputed[1]!=$hash_check){
		echo "Hash not match!";
	}else{
		$decoded_response=json_decode($json_response, true);
		if(isset($decoded_response['error'])){
			echo 'Error occurred: '.print_r($decoded_response['error'], true);
		}else{
			if($decoded_response['data']['count']>0){
				$data=$decoded_response['data']['items'];
				foreach($data as $value){
					print_r($value);
				}
			}else{
				echo 'Empty response';
			}
		}
	}
}
curl_close($curl);
var baseAddress = new Uri("https://api.worldcore.eu/v1/");
using (var httpClient = new HttpClient {BaseAddress = baseAddress})
{
    string account = "S1234567";
    var appKey = "YOUR API KEY";
    var appPassword = "YOUR API PASSWORD";
    var queryParams = string.Format("account={0}&timeStart={1}&timeEnd={2}",
                account,
                "2015-07-01T00:00:00Z",
                "2015-07-31T23:59:59Z");
    var authHeader = string.Format("wauth key={0}, hash={1}", appKey, ArrayToHexString(ComputeHash(appPassword)));
    httpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", authHeader);
    using (var response = await httpClient.GetAsync("history?"+queryParams))
    {
        if (response.StatusCode == HttpStatusCode.OK)
        {
            var responseData = await response.Content.ReadAsStringAsync();
            IEnumerable<string> signatures;
            response.Headers.TryGetValues("WSignature", out signatures);
            var returnedSignature = signatures != null ? signatures.SingleOrDefault() : null;
            var actualSignature = ArrayToHexString(ComputeHash(responseData + appPassword));
            if (returnedSignature != actualSignature)
            {
                // Signatures mismatch. Do something when signature is invalid
            }
            else
            {
                var responseObject = JsonConvert.DeserializeObject<ApiResponse>(responseData);
                if (responseObject.Data != null)
                {
                    // do something useful
                }
                else {
                    // do some error handling here
                }
            }
        }
        else
        {
           // something went wrong with your request
        }
    }
}
// ...
public static byte[] ComputeHash(string str)
{
    var bytes = Encoding.ASCII.GetBytes(str);
    using (var algorithm = SHA256.Create())
    {
        return algorithm.ComputeHash(bytes);
    }
}
public static string ArrayToHexString(IEnumerable<byte> array)
{
    var result = new StringBuilder();
    foreach (var item in array)
    {
        result.AppendFormat("{0:X2}", item);
    }
    return result.ToString();
}
// ...
public class ApiResponse
{
    public ErrorInfo Error { get; set; }
    public HistoryRecords Data { get; set; }
}
public class ErrorInfo
{
    public string Type { get; set; }
    public string Message { get; set; }
}
public class HistoryRecords
{
    public int Count { get; set; }
    public List<HistoryRecord> Items { get; set; }
}
public class HistoryRecord {
    public string Track { get; set; }
    public string DateCreated { get; set; }
    public string Type { get; set; }
    public string Ip { get; set; }
    public decimal Amount { get; set; }
    // ...    
}
require 'digest'
require 'json'
require 'uri'
require 'net/http'
require 'net/https'
# These values should be filled according API page of Worldcore Member's area:
api_key = '1234567'
api_password = 'some password'
request_str = {
	'account' => 'S1234567',
	'TimeStart' => '2015-07-08T21:15:34Z',
	'TimeEnd' => '2015-07-08T23:59:59Z'
}.to_query
hash_in = Digest::SHA256.hexdigest "#{api_password}"
hash_in = hash_in.upcase
uri = URI.parse("https://api.worldcore.eu/v1/history?#{request_str}")
connection = Net::HTTP::new(uri.host, uri.port)
connection.use_ssl = true
req = Net::HTTP::Get.new(uri.to_s, initheader = {
	'Content-Type' => 'application/json; charset=utf-8',
	'Authorization' => "wauth key=#{api_key}, hash=#{hash_in}"
})
res = connection.request(req)
hash_out = res.get_fields('WSignature')
hash_check = Digest::SHA256.hexdigest "#{res.body}#{api_password}"
hash_check = hash_check.upcase
if not "[\"#{hash_check}\"]".eql? "#{hash_out}"
	render :text => "hash hot match"
else	
	response = JSON.parse res.body
	if response["error"]
		render :text => "error occurred: #{response["error"]}"
	else
		render :text => response["data"]
	end		
end
    
#!/usr/bin/python
print("Content-Type: text/html;charset=utf-8\n")
import sys
import json
import hashlib
import urllib
# These values should be filled according API page of Worldcore Member's area:
API_KEY='1234567'
API_PASSWORD='some password'
input_params={
	"account": "S1234567",
	"TimeStart": "2015-07-08T21:15:34Z",
	"TimeEnd": "2015-07-08T23:59:59Z"
}
request_str=urllib.urlencode(input_params)
h = hashlib.new('sha256')
h.update(API_PASSWORD.encode())
hash_in=h.hexdigest().upper()
auth_header="Authorization: wauth key="+API_KEY+", hash="+hash_in
import pycurl
from StringIO import StringIO
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, "https://api.worldcore.eu/v1/history?"+request_str) 
c.setopt(c.HEADER, 1)
c.setopt(c.HTTPGET, 1)
c.setopt(c.HTTPHEADER, ["Content-Type: application/json; charset=utf-8", auth_header])
c.setopt(c.TIMEOUT, 10)
c.setopt(c.WRITEFUNCTION, buffer.write)
try:
	c.perform()
except pycurl.error, e:
	print('curl error: '+e)
	sys.exit()
# Fetch	response
code = c.getinfo(c.RESPONSE_CODE)
response = buffer.getvalue().split("\r\n\r\n", 2)
headers = response[0]
body = response[1]
if code == 200:
	import re
	m=re.search("^WSignature: ([A-Z0-9]{64})\r$", headers, re.M)
	hash_out=m.group(1)
	h = hashlib.new('sha256')
	h.update((body+API_PASSWORD).encode())
	hash_check=h.hexdigest().upper()
	if hash_out!=hash_check:
		print("BAD HASH")
	else:
		result = json.loads(body)
		if result.get('error'):
			print("error occurred: "+str(result.get('error')))
		else:
			# Process payment here
			print(result.get('data'))
else:
	print("error occurred: "+body)
c.close()