Online commerce in Uzbekistan has been growing rapidly in recent years, and nearly every owner of an online store or service website eventually faces the question of how to accept payments. A large share of the country's population uses cards from the national UzCard and Humo payment systems, which means the ability to accept exactly these cards on your site is crucial for your business. In this article we will look at how to technically connect payments to a website, which provider to choose, and how to organize the entire process securely from a practical standpoint.
Let us start with the most important concept: you do not work directly with the UzCard or Humo processing center, but rather interact with them through a payment provider that is already integrated with these systems. The payment provider acts as a bridge between the customer's card and your settlement account โ it takes on the tasks of verifying the card, holding the funds, confirming the transaction, and transferring the money to your bank account. In Uzbekistan the most widespread providers are Payme, Click, and Uzum Bank (formerly Apelsin), each of which has its own advantages and technical characteristics worth considering.
Payment Systems: Payme, Click and Uzum Bank
Payme is one of the most popular payment systems in Uzbekistan and stands out for its convenient user interface and broad audience. When integrating through Payme, the customer selects a product on your site and, after pressing the payment button, is redirected to the Payme window or enters card details directly on the site through a widget. Payme's Merchant API is reasonably well documented, and the availability of many ready-made libraries makes it convenient for developers to work with from the very beginning.
Click, on the other hand, has one of the largest user bases in Uzbekistan and is especially widely used for utility payments and everyday purchases. Click offers two integration models: the SHOP API (the customer pays from the Click app) and the Merchant API (payment inside the site). The advantage of Click is its enormous audience, while a drawback in some cases is its somewhat more confusing documentation. Uzum Bank is a relatively new but rapidly growing system that offers a modern API and convenient integration, which is especially suitable for businesses targeting customers active within the Uzum ecosystem.
The Contract and Connection Process
Before moving on to technical integration, you need to sign an official contract with your chosen provider. This usually requires being registered as a legal entity or individual entrepreneur, having a bank account, and preparing your basic documents. The provider checks your business, agrees on the commission rate, and issues you keys for the test environment (merchant ID, secret key). This process can take anywhere from a few days to one or two weeks, so account for it when planning your project timeline and the launch of your store.
Pay particular attention to the matter of commission. Each provider withholds a certain percentage from every transaction, and this rate depends on the type of your business, your turnover volume, and the terms of the agreement. Typically the commission is deducted from each successful payment, so this must be factored in when setting your prices. Some providers offer a lower rate to clients with high turnover, so before signing a contract it is useful to compare several options and choose the one most advantageous for your particular business model.
Technical Integration: API and Webhook
From a technical perspective, the payment process usually unfolds as follows: the customer confirms the order, your server sends a request to create a payment to the provider's API, and in response receives a payment link or transaction identifier. The customer is then redirected to the payment window or enters card details through a widget. After the payment is made, the provider sends a callback request (webhook) to your server, and this request confirms the status of the payment. Correctly handling this callback is the single most important part of the integration.
The most common mistake when working with callbacks is failing to verify them properly. Never trust a "payment successful" signal coming from the customer's browser, because it is easy to forge. Mark an order as "paid" only based on a webhook that arrives from the provider's server and is confirmed by a signature. Each provider supplies a specific algorithm for signing the request โ you must compute the signature from the received data using your own secret key and compare it with the signature in the request. If they do not match, the request should be rejected as untrustworthy.
Security and Practical Advice
When working with payments, security comes first. Your site must operate over the HTTPS protocol, meaning it must have an SSL certificate installed, otherwise no provider will work with you and customer data will remain unprotected. Never store your secret keys in plain text in the site code or on the frontend โ keep them only on the server side, in environment variables or a protected configuration file. In addition, log every payment request and callback to a file, as this will help you quickly identify a problem in disputed situations and reconcile transactions.
From a practical standpoint, if your audience is broad and diverse, it makes sense to connect several payment systems at once. Most online stores offer Payme and Click together, since this covers a significant share of customers. For a new project, a reasonable approach is to start with one provider, test the integration, and then add the others. Do not forget to test all scenarios in the test environment โ successful payment, cancellation, insufficient funds, and refund โ because when working with real money, mistakes become expensive very quickly.
In summary, although connecting UzCard and Humo payments to a website may seem like a complex task, with the right choice of provider and a reliable implementation of callback confirmation it is entirely possible to build a stable system. If you do not have a technical team, you can use ready-made solutions through sayt.uz and entrust the integration to professionals. The most important thing is to never lose sight of security and to always reliably confirm every payment on the server side.