MPAY — Elektron pulqabı: OpenData wallet integration & protocol analysis (com.mpayapp)
We map MPAY’s mobile flows into integration-ready interfaces: balances, transfers, bill catalogs, and NFC-driven utility workflows—aligned with Azerbaijan’s evolving open banking account information services expectations.
Turn MPAY’s wallet ledger into governed, queryable data for finance, ops, and compliance teams
MPAY centralizes cashless payments across utilities, banking channels, internet and retail categories, and peer transfers initiated by phone number. That concentration makes MPAY transaction history export and balance visibility valuable for reconciliation, customer support automation, and spend analytics—especially when paired with terminal top-ups and card-funded payments.
Screenshots
Each thumbnail opens a larger preview without leaving the page. This keeps the default layout calm while still letting stakeholders inspect UI context for field labels, filters, and payment categories.
Feature modules we build around MPAY-like wallets
Session establishment & step-up reporting
We document the OTP chain, password gates, and any step-up events so your backend can mirror the same assurance level the app enforces. In August 2024 coverage highlighted SIMA İmza being used to remove limits for higher-value MPAY activity, which is a concrete pattern to encode as step_up_required flags in integration logs rather than treating authentication as a single static token.
Transaction history API (ledger paging)
We implement paging over wallet debits and credits with stable sorting keys, because finance teams rarely want “the last screenful”; they want bounded date windows for month-close. The module returns normalized fields such as amount_azn, counterparty_msisdn, service_code, and channel (card vs balance vs terminal).
Bill catalog synchronization
Utilities and multi-category payments depend on provider lists that change seasonally. We ship a sync job that refreshes identifiers and display names, then stores them in your integration database so invoice ingestion does not break when MPAY adds a new operator row.
NFC utility workflows (Android-first patterns)
Where NFC top-ups exist for meter cards, we capture the client-side sequence names surfaced in MPAY marketing (Azeriqaz, Azersu, Azerishiq and related NFC programs) so Android fleet deployments can prefetch the correct flow metadata before field staff go onsite.
Reconciliation exports for accounting
We generate CSV and JSON endpoints that match accountant expectations: gross amounts, fees (if any), VAT-relevant receipt pointers when present, and external reference tokens for bank statement matching.
Webhook fan-out for payment completion
When your product needs near-real-time reactions—unlocking a subscription, issuing a receipt, or notifying a CRM—we translate completion signals into signed webhooks with idempotency keys derived from provider references.
Data available for integration (OpenData perspective)
The table below is intentionally grounded in MPAY’s public positioning: wide bill-pay coverage, transfers by number, card and terminal balance increases, and wallet-first spending. Granularity labels describe what a third-party integration typically needs, not what MPAY publicly documents as a merchant API.
| Data type | Source (screen / feature) | Granularity | Typical use |
|---|---|---|---|
| Wallet ledger lines | History views with filters (as described on MPAY storefront pages) | Per transaction, timestamped | Month-close reconciliation, duplicate payment detection, dispute support |
| Available balance & reserved amounts | Wallet home / balance panel | Per account, near-real-time | Spend controls, treasury snapshots, low-balance alerts for field teams |
| Peer transfer destinations | Send-by-number flows | Per transfer, MSISDN keyed | Partner payouts, payroll-like disbursals, AML-style velocity checks |
| Bill-pay provider metadata | Utilities, bank, internet, store credit categories | Per provider record | ERP cost centers, usage analytics, churn on specific services |
| Funding events | Bank card loads, terminal cash-in paths | Per funding attempt | Cashier auditing, float management, interchange-related reporting |
| Step-up / assurance metadata | High-value authentication (SIMA-related coverage) | Per session or per payment boundary | Policy engines that must prove strong customer authentication occurred |
Typical integration scenarios
1) Corporate utilities desk with centralized visibility
Business context: Facilities teams pay Azeriqaz, Azersu, and Azerishiq across many properties. Data involved: provider identifiers, contract or subscriber numbers, payment confirmation tokens, and wallet debits. OpenData mapping: Treat each provider row as an open data service catalog entry, then attach payments as time-stamped observations consumable by your data warehouse.
2) Fintech dashboard combining bank and wallet activity
Business context: Users keep part of liquidity inside MPAY for fast bill pay while salaries land in bank apps. Data involved: MPAY ledger exports plus bank CSV references. OpenFinance mapping: Align field names with Azerbaijan’s Central Bank (CBA) direction on payment account information services so future bank APIs and wallet aggregators share one consent model.
3) Accounting automation for store-credit and retail categories
Business context: Retail chains want SKU-level spend elsewhere, but wallet statements still provide category anchors. Data involved: category codes, amounts, timestamps. OpenData mapping: Publish a curated “statement API integration” facade that accountants query with OAuth-style user consent records attached.
4) Compliance archive for high-value transfers
Business context: Internal audit must show which authentication path was used when thresholds were crossed. Data involved: session identifiers, step-up markers, payment totals in AZN. Mapping: Store immutable event logs compatible with SIMA digital signature payment compliance narratives your legal team already uses.
5) Partner marketplace payouts by phone number
Business context: Gig workers receive payouts to MSISDN-linked wallets. Data involved: destination numbers, statuses, reversal codes. OpenFinance mapping: Model payouts as payment initiation adjacent workflows without claiming access to non-public rails—your integration remains explicitly user-authorized.
Technical implementation (pseudocode-level)
Public MPAY developer API manuals were not surfaced in our research pass; the snippets below illustrate how we structure deliverables after protocol analysis—typed payloads, explicit auth headers, and error surfaces your engineers can implement in Python or Node.js.
Snippet A — OTP login handoff
POST /integrations/mpay/v1/auth/otp/start
Content-Type: application/json
{
"msisdn": "+994501234567",
"locale": "az-AZ"
}
201 Response
{
"challenge_id": "ch_9fd21a",
"expires_at": "2026-04-17T05:23:00Z",
"cooldown_seconds": 45
}
POST /integrations/mpay/v1/auth/otp/verify
Authorization: Bearer <SERVER_API_KEY>
{
"challenge_id": "ch_9fd21a",
"otp": "482193"
}
200 Response
{
"session": {
"access_token": "mpay_at_…",
"refresh_token": "mpay_rt_…",
"assurance_level": "A2"
}
}
400 Response
{ "error": "otp_invalid", "retry_allowed": true, "retry_after": 32 }
Snippet B — Wallet statement slice
GET /integrations/mpay/v1/wallet/statement?from=2026-03-01&to=2026-03-31&cursor=eyJpIjoxMjN9
Authorization: Bearer mpay_at_…
200 Response
{
"currency": "AZN",
"rows": [
{
"id": "txn_77aa",
"posted_at": "2026-03-18T11:02:11+04:00",
"type": "bill_pay",
"amount": -37.40,
"provider_code": "AZERSU_RES",
"subscriber_ref": "****821",
"balance_after": 212.55
}
],
"next_cursor": "eyJpIjoyNTZ9"
}
401 Response
{ "error": "session_expired", "hint": "refresh_or_reauth" }
Snippet C — Webhook on payment settled
POST https://your.api/hooks/mpay
MPAY-Signature: t=1744888085,v1=a13f…
{
"event": "payment.settled",
"idempotency_key": "idem_9c21",
"wallet_id": "wlt_441b",
"amount": -12.00,
"currency": "AZN",
"provider_code": "MOB_AZERCELL",
"external_reference": "acr_88331"
}
// Handler must return 2xx within 3s and verify signatures using
// rotating webhook secrets stored in your vault.
Compliance & privacy
Regulatory anchors
Azerbaijan’s Central Bank has been formalizing open banking-style requirements, including provisions tied to the Law on Payment Services and Payment Systems and resolutions addressing payment account information services, payment initiation services, and open data services for standardized participant interfaces. Separately, the Law on Personal Data governs transparency, purpose limitation, and security measures for identifiers flowing through mobile wallets.
Operational posture
We ship integrations only where authorization is explicit, logging is minimization-aware, and retention windows are agreed in writing. When step-up tools such as SIMA-related flows appear in public reporting, we model them as auditable gates rather than bypassing them—your security team receives sequence diagrams, not opaque scripts.
Data flow / architecture
Client applications you operate call our integration service over TLS. That service performs authorized session maintenance against MPAY’s mobile interfaces, normalizes responses, and writes immutable ledger copies into your object store. Downstream, analytics jobs aggregate by provider_code while CRM hooks subscribe to webhooks. A four-node mental model keeps reviews fast: Client App → Integration API → Storage → Consumers, with an optional Consent registry sitting beside storage when banks demand proof of purpose.
Market positioning & user profile
MPAY targets Azerbaijani consumers and small businesses that want a smartphone-first wallet for everyday bill pay, phone-number transfers, and terminal or card balance top-ups, with storefront positioning referencing 500K+ installs on Google Play and broad iOS availability. English, Azerbaijani, and Russian language support signals a domestic core plus expatriate and cross-border household use. Device focus spans Android (including NFC-heavy utility scenarios) and modern iOS releases, which matters when you plan hardware attestations or MDM deployments.
Similar apps & integration landscape
Teams researching Azerbaijan wallet API integration rarely stop at one brand. The ecosystem below shares overlapping data types—utility catalogs, MSISDN transfers, card-backed loads—so unified models pay dividends.
Pulz
Pulz emphasizes diaspora-friendly transfers and multi-bank card consolidation; its bill-pay rows resemble MPAY’s category splits, which helps when you design a single “provider_code” vocabulary across wallets.
eManat
eManat’s terminal network complements MPAY’s own top-up story; joint users often generate correlated funding events that reconciliation engines should detect rather than double-count.
Birbank
Birbank bundles Kapital Bank accounts with rich retail payments; finance teams pairing Birbank CSVs with MPAY exports frequently ask for deterministic timezone rules across both sources.
MilliÖn
MilliÖn’s template-driven payments produce repeat metadata; mapping those templates to MPAY favorites fields reduces UX friction when users migrate partially between apps.
ABB Mobile
ABB Mobile’s 24/7 utility coverage overlaps MPAY categories; integration planners often want shared risk scores for delinquent utilities regardless of which app initiated payment.
akart
akart’s Azercell-linked wallet introduces telco-centric rewards data; when users split bills between MPAY and akart, loyalty ledgers benefit from cross-app identifiers you control.
PASHA Bank
PASHA Bank’s mobile flows include SIMA-oriented loan signing; teams standardizing digital signature evidence alongside MPAY payment logs gain a single audit narrative.
Leobank
Leobank’s mobile-only positioning attracts younger spenders who still use MPAY for specific billers; combined exports support cohort analyses without forcing one app to disappear.
API integration instructions (what you send us)
Required inputs
- Target app name: MPAY — Elektron pulqabı (already scoped here).
- Concrete scenarios: which ledgers, which providers, which export cadence.
- Environment constraints: Android-only NFC workers, cloud region, PII retention cap.
- Acceptance tests: sample month of expected totals in AZN for reconciliation sign-off.
Deliverables checklist
- OpenAPI specification for the integration façade we expose to you.
- Protocol and auth-flow report with sequence diagrams.
- Runnable Python or Node.js service containers with health checks.
- Postman collection or automated pytest covering OTP, statements, and webhooks.
- Runbook for incident response and credential rotation.
Pricing models
Source code delivery from $300 includes the repository, documentation, and test plans; you settle after reviewing a staging deployment. Pay-per-call API billing suits pilots that want metered access to our hosted endpoints without upfront capital, shifting cost to actual statement pulls or webhook deliveries.
About our studio
We are a technical services studio focused on authorized app interface integration across Android and iOS, with senior engineers from mobile banking and payments. Our engagements routinely combine protocol analysis with open finance documentation habits: explicit consent capture, typed payloads, and operational logging.
- Interface refactoring when legacy SOAP or JSON variants coexist.
- Open data integration where catalogs must sync on schedule.
- Third-party interface integration into ERP, CRM, and data lakes.
- Automated scripting for regression suites and synthetic monitoring.
Contact
Send the target app name plus requirements through our contact page; we respond with a scoped timeline and test plan outline.
Workflow
- Discovery workshop: which MPAY categories matter first, and which assurance levels apply.
- Protocol analysis: network trace review, device attestation needs, pagination quirks.
- Build: façade APIs, storage writers, and webhook signers.
- Hardening: chaos tests on session expiry, OTP throttling, and clock skew.
- Handover: docs, dashboards, and training for your on-call rotation.
FAQ
Do you need official MPAY partner status?
Not for our analysis phase, but production traffic should always follow contracts your legal team approves; we assist with technical evidence packs when you negotiate access.
Can you mirror NFC-only flows on iOS?
Hardware capabilities differ; we document platform-specific branches instead of pretending feature parity where Apple’s NFC stack blocks a given meter workflow.
How do you reflect regulatory changes?
We track CBA publications—for example, late-2024 open banking requirement announcements—and map new obligations to integration backlog items such as consent receipts or participant identifiers.
Original app overview (collapsed)
MPAY positions itself as an electronic wallet that brings terminal-style payments onto the smartphone and improves cashless convenience for Azerbaijani users. According to the official description you supplied, MPAY enables transfers to other accounts using a phone number, and supports payments across utilities, banking, internet, store credit, and additional categories numbering in the hundreds.
Funding is flexible: users may pay using bank cards or MPAY balance, and they may increase MPAY balance through bank cards or terminals. The marketing line “MPAY ödəniş vaxtında yanındadır” underscores always-on availability, which integration teams should interpret as an expectation for resilient session refresh rather than one-off scrapes.
Third-party reporting in 2024 noted SIMA İmza being promoted for higher-value MPAY usage, illustrating how authentication depth can change with amount thresholds. Separately, industry coverage in late 2024 described Central Bank of Azerbaijan moves to codify open banking-style services—useful context when you explain to stakeholders why wallet aggregations should follow structured consent and interface standards even before every bank publishes identical endpoints.