a) Generating a payment link

Build a XML string, cypher it with the SDK appropriate to your technology, submit it to the Link Generation service, decrypt the answer with the same SDK and get a link .

Step 1: XML string

Here is the description of the chain you must build. You can copy and edit the example.


Parent element within the XML string scheme

Contains the parameters to identify the merchant in Centro de Pagos, which make the request

Merchant identifier to which the payment will be associated.
For sandbox use SNBX

Identifier of the Merchant Branch to which the payment will be associated.
For sandbox use 01SNBXBRNCH

User that generates the request. With this user the payment transaction will be processed.
For sandbox use SNBXUSR01

Access password for user authentication.
For sandbox use SECRETO

It contains the parameters with the instructions of the Merchant for register an intention to collect and link them to a payment link.

Unique / unrepeatable reference of the merchant to reconcile a payment with its business logic. Invoice or order number is suggested.

Amount to pay with 2 decimals separated by a point.

Specify the currency for the charge intention, if affiliations for both pesos and dollars ar available in the branch.
Possible values: MXN or USD .

Fixed value, must be W.

If this element is received with the value 0 , the charge made notification will be sent to the cardholder via email, with Centro de Pagos look and feel.
: 0 ó 1 .

If this item is received, it indicates the installments with which a payment can be made, when several affiliations are set in the branch.
In all cases, the cash payment option will always be available.
To force the payment to only cash, you must indicate only C .

If this element is received with the value 1 , the capture of the email will be requested in the payment form.
Valid values: 0 ó 1 .

If this element is present and is received with a date in the future, the intention of collection will be valid until the indicated date.
The default value is 3 months from the intention to collect.

If the element is present, this value will be pre-loaded in the "E-mail" field of the payment form. The cardholder can change it if so wishes. Note: the field st_correo must indicate 1 .

If this element is present, the children elements will be included data in the payment form and will be returned in the response of the result of a charge. If the "display" attribute is specified with the boolean true , these will be shown in the payment form.

<data id="1" display="true">

Group a pair of elements of type label and value, you must specify the attribute "id" to differentiate them. Maximum 6 data of the label-value type.


					<?xml version="1.0" encoding="UTF-8"?>
      <data id="1" display="true">
      <data id="2" display="false">

You will find the XSD and code examples to validate it with your server in GitHub


Step 2: Encrypting the string

Once you have built the chain in clear, you can cypher it in AES-128, with the appropriate SDK to your server, which you can obtain in GitHUB.

String used as a key to encrypt the request.

For sandbox use 5DCC67393750523CD165F17E1EFADD21

The developer will receive the productive credentials of the merchant administrator.


								import AESCrypto
String originalString ="[USE THE CHAIN OF EXAMPLE ONE]";
String key = "5DCC67393750523CD165F17E1EFADD21";
String encryptedString = 
  AESCrypto.encrypt(originalString, key);

$originalString = '[USE THE CHAIN OF EXAMPLE ONE]';
$key = '5dcc67393750523cd165f17e1efadd21'; //128 bits key
$encryptedString = AESCrypto::encriptar($originalString, $key); 
								using AESCrypto.cs
string originalString ="[USE THE CHAIN OF EXAMPLE ONE]";
string key = "5DCC67393750523CD165F17E1EFADD21";
string encryptedString =
  AESCrypto.encrypt(originalString, key);
string finalString = encryptedString.Replace("%", "%25").Replace(" ", "%20").Replace("+", "%2B").Replace("=", "%3D").Replace("/", "%2F");
								import AESCrypto.py
originalString ='[USE THE CHAIN OF EXAMPLE ONE]'
key = '5DCC67393750523CD165F17E1EFADD21'
encryptedString = AESCipher(key).encrypt(originalString)


Step 3: Link Generation Service

To guarantee the security in the transmission of information, Centro de Pagos has HTTPS servers which use the Transport Layer Security TLS protocol v1.2 as a secure transport protocol to carry out transactions. For its part, the merchant must also have TLS v1.2 servers, to ensure the secure exchange of information when making transactions.


This Sandbox endpoint receives the request with instructions from the merchant to record an intention to collect. In response to the request to the Link Generation Service, you will get an encrypted response string.

The implementation is based on sending to the service by POST a string in the xml parameter with the following structure:

  <data0>Fixed string assigned to merchant</data0>
  <data>Encrypted string in AES-128</data>

Fixed chain, assigned to merchant.

For sandbox use SNDBX123

The developer will receive the productive credentials of the merchant administrator.


								// This implementation uses http://unirest.io/java
String encodedString = 
  URLEncoder.encode("<pgs><data0>SNDBX123</data0><data>EBo2s....SBkZDVjWW</data></pgs>", "UTF-8");
HttpResponse<String> response = 
  .header("content-type", "application/x-www-form-urlencoded")
  .header("cache-control", "no-cache")
  .field("xml"  , encodedString,
								// This implementation uses HttpURLConnection
String encodedString = 
  URLEncoder.encode("<pgs><data0>SNDBX123</data0><data>EBo2s....SBkZDVjWW</data></pgs>", "UTF-8");
String postParam = "xml=" + encodedString;  
  URL obj = new URL(POST_URL);
  HttpURLConnection con = (HttpURLConnection) obj.openConnection();
	OutputStream os = con.getOutputStream();
$encodedString = urlencode('<pgs><data0>SNDBX123</data0><data>1OJAHMRu...IJiYtY5OnyQ==</data></pgs>');
$request = new HttpRequest();

  'cache-control' => 'no-cache',
  'content-type' => 'application/x-www-form-urlencoded'

  'xml' => encodedString

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
								// This implementation uses http://restsharp.org v105
string encodedString = 
  HttpUtility.UrlEncode("<pgs><data0>SNDBX123</data0><data>[USE THE CHAIN OF EXAMPLE ONE]</data></pgs>");
string postParam = "xml=" + encodedString;
var client = new RestClient("https://wppsandbox.mit.com.mx/gen");
var request = new RestRequest(Method.POST);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddQueryParameter(postParam, ParameterType.RequestBody);

IRestResponse response = client.Execute(request);
var content = response.Content;


Step 4: Deciphering the response of the Generation Service

Once the service response is obtained, you can decrypt it with the appropriate SDK to your server, and within <nb_url> you will find the payment link or URL, that you must share with your client to receive your payment.


								import webPayPlus.AESCrypto
String originalString ="This is the text to be processed";
String key = "5dcc67393750523cd165f17e1efadd21";
String decryptedString = 
  AESCrypto.decrypt(originalString, key);
$originalString = 'This is the text to be processed';
$key = '5dcc67393750523cd165f17e1efadd21'; //Llave de 128 bits
$decryptedString = AESCrypto::desencriptar($originalString, $key);
								using AESCrypto.cs
string originalString ="This is the text to be processed";
string key = "5DCC67393750523CD165F17E1EFADD21";
string decryptedString = 
  AESCrypto.decrypt(key, originalString);

Catalog of values, element nb_response
nb_response Description Solution
Empty The request was processed correctly
The request is invalid The string structure is invalid, contains invalid characters or is not correctly encrypted Use XSD validation
The data of merchant, branch or user are invalid Authentication failed or user / branch / company status is not active. Contact MIT Attention Center
The company does not have this service authorized, please contact your administrator Failed configuration or user / branch / company status is not correct. Contact MIT Attention Center
It was not possible to generate the reference, please try later An error occurred while processing the request (exception). Contact MIT Attention Center

Step 5: Payment link

From the decrypted answer, you get the payment link in the element nb_url . With the link you can invoke the payment form with GET in a web browser, Webview of an App, or embedding within the commerce portal in an iframe. Thus, you have the freedom to select the best that suits your technology. To find more visit Publish a payment link


To obtain a payment link, decrypt the response obtained in the previous step.

Continue here:

How to generate a link?