Authorization

prepare

Initialize a QiCard agreement authorization request.

Overview

POST /v1/authorizations/prepare issues an authUrl that merchants use to launch the QiCard signing experience. Supply the agreement scope and descriptive metadata; upon success the API returns a hosted URL for qicardSignContract.

To view the end-to-end diagram, see the Agreement Payment flow.

Endpoint

MethodPath
POST/v1/authorizations/prepare

API Structure

A message consists of a header and body. The following sections are focused on the body structure. For the header structure, see: OpenAPIs Overview.

Request

FieldTypeRequiredDescription
scopesstringYesScope to authorize. Use AGREEMENT_PAY to initiate agreement payments. Max length 16 characters.
extendInfostringYesJSON string describing the contract. Max length 4096 characters; disallow @, #, ?. Include keys such as language ("en-US" or "ar-IQ") and contractDesc.
{
  "scopes": "AGREEMENT_PAY",
  "extendInfo": "{\"language\":\"en-US\",\"contractDesc\":\"agreement payment description.\"}"
}

Response

FieldTypeRequiredDescription
resultobjectYesOutcome metadata with status and codes.
authUrlstringNoHosted authorization URL to pass into qicardSignContract. Returned when result.resultStatus is S. Max length 256 characters.
{
  "result": {
    "resultCode": "SUCCESS",
    "resultStatus": "S",
    "resultMessage": "success"
  },
  "authUrl": "https://xxxxx.wallet.iq?authId=xxxxx"
}

Result Processing Logic

StatusDescription
SRequest succeeded. The merchant can redirect users via authUrl.
UResult unknown (resultCode: UNKNOWN_EXCEPTION). Retry or inspect Common error codes.
FRequest failed. Check resultCode and the Error codes table.

Error Codes

Error CodeResult StatusMessageNext Step
INVALID_SCOPEFThe provided scope is invalid.Use a supported scope such as AGREEMENT_PAY.
PARAM_ILLEGALFRequest parameters are invalid (e.g., non-numeric fields, malformed JSON).Validate payload fields before retrying.