API mPre-Auth
- 06 Jun 2024
- 16 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
API mPre-Auth
- Updated on 06 Jun 2024
- 16 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
API mPre-Auth is based on the API communication model described in the Communication Model section.
This message is used to perform a payment without the need of performing 3DS authentication for credit card payments. However, some payment methods rather than credit card require authentication.
The merchant should handle the authentication if required if the returned ‘Response.StatusCode’ parameter is (20002).
Then, an API Approve message must follow to pass any authentication data to the payment gateway. Otherwise, there is no need for an API Approve following an API mPre-Auth.
Request Parameters
| Parameter | Description |
|---|---|
| MessageID required | An alphanumeric value that represents the action for defined unique numbers as mentioned below:
|
TransactionID required | The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces.
|
| MerchantID required | An alphanumeric value that represents the unique Merchant ID at SmartRoute. The Payment Gateway operation team provides this value based on the merchant enrollment.
|
| Amount required | A numeric value that contains the ISO Formatted item purchase invoice amount with no decimal point. For example, 100 for 1.00 USD.
|
| CurrencyISOCode required | A numeric value that contains the ISO formatted code for the currency, not the character value. For example, 840 for USD.
|
| PaymentMethod required | An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows:
|
SecureHash required | An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all parameters (required parameters and optional parameters - if available) are ordered alphabetically. By parameter’s name should be part of the secure hash, with no separators and no terminating character. Appendix B: Secure Hash – API mPayment; for more information, see Response Codes.
|
| ClientIPaddress required | An alphanumeric value that represents the client’s public IP Address.
|
| CardNumber conditional | The customer’s card number isused in the payment. If they sent PaymentMethod parameter is 1 (Card), this parameter is required.
|
| ExpiryDateYear conditional | The customer’s card expiry date (year) digits are used in the payment. The format of this parameter should be in the form (YY). This parameter is required if the sent PaymentMethod parameter is 1 (Card).
|
| ExpiryDateMonth conditional | The customer’s card expiry date (month) digits are used in the payment. The format of this parameter should be in the form (MM). If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.
|
| SecurityCode conditional | The customer’s card Security Code (e.g. CVV or CVC) depends on the Card Type used in the payment. If the PaymentMethod parameter is 1 (Card) is sent.
|
| PaymentDescription optional | An alphanumeric string that contains a narrative Payment Description of the invoice, which uses the language specified in the language parameter. This value should be UTF-8 encoded. It is entered into the secure hash generation process.
|
| CardHolderName optional | The customer’s cardholder name is used in the payment. If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.
|
| ItemID optional | An alphanumeric value that represents the custom item ID.
|
| Channel optional | The Channel to be used by SmartRoute System. It could be one of the following:
|
| Quantity optional | A numeric value greater than ZERO represents the quantity of purchased Items.
|
| Version optional | A numeric value with (.) separator represents the command's version to be used. If this value is not provided, SmartRoute will consider its default value which is 1.0 Possible version values: - 2.0 or higher: an additional response field will be returned from SmartRoute to merchant that represents the payment method used "Response.PaymentMethod"
|
| FrameworkInfo optional | An alphanumeric value that represents the client’s used framework.
|
| GenerateToken optional | This flag indicates whether to generate a token for the entered card information or not. It accepts the values “Yes” and “No”. Sending this field as “No” acts like when the field is not sent at all. This parameter is a part of the tokenization. For more information, see Tokenization.
|
| Token optional | The token is used in this request; to represent previously used card information. This parameter is a part of the tokenization parameters. For more information, see Tokenization.
|
| googlePayResponse optional | The googlePayResponse is used in the payment. This value should be URL encoded when it is entered in+to the secure hash generation process. If the sent PaymentMethod parameter is 9 (Google Pay), this parameter is required
Google Pay Response before encoding: { "apiVersion": 2, "apiVersionMinor": 0, "paymentMethodData": { "description": "Test Card: Mastercard •••• 4444", "info": { "assuranceDetails": { "accountVerified": true, "cardHolderAuthenticated": false }, "cardDetails": "4444", "cardNetwork": "MASTERCARD" }, "tokenizationData": { "token": "{\"signature\":\"MEQCIDC159UT+3Xl38+kdreAB7ow2cUX3oIXj/jniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl+6vvu8y89b7g\\u003d\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX/I4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1703580845307\\\"}\",\"signatures\":[\"MEUCIDi9oNLgx4V+DGJ1HkcDQvjtrE3GMfsiD24TZqmqpLOZAiEA+G4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X/OBMA\\u003d\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"0OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR+OT25cDFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R/06WBXJzVRw1zoj8N+UAP0E9dRdCgDtZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc+a50/Yy6b1B/1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlPAJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB+SEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI3e8clgB2O0XARVJFxR4uvb5/Q7Fikb4F17k33mpkphaycaAmFI2uhRSqxj/4w3gsP12wOGmdKl0gGVED17pXN/GToYj7xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ/zgC0HBNVUsJJdPP25bp8L4xYNsdNAzgysmbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK\\\",\\\"ephemeralPublicKey\\\":\\\"BNJaGHqKX0XU50/dwmIX63TLQI8sMteYmJS7/72yf2S8DUZlHu6WT6vXS1nUq74Oh8k/QwrYM4UwVais0sH+hDU\\\\u003d\\\",\\\"tag\\\":\\\"c1j/VsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo\\\\u003d\\\"}\"}", "type": "PAYMENT_GATEWAY" }, "type": "CARD" } } Google Pay Response after encoding: "%7B%22apiVersion%22%3A2%2C%22apiVersionMinor%22%3A0%2C%22paymentMethodData%22%3A%7B%22description%2 2%3A%22Test%20Card%3A%20Mastercard%E2%80%86%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%8644 44%22%2C%22info%22%3A%7B%22assuranceDetails%22%3A%7B%22accountVerified%22%3Atrue%2C%22cardHolderAuthent icated%22%3Afalse%7D%2C%22cardDetails%22%3A%224444%22%2C%22cardNetwork%22%3A%22MASTERCARD%22%7D %2C%22tokenizationData%22%3A%7B%22token%22%3A%22%7B%5C%22signature%5C%22%3A%5C%22MEQCIDC159UT% 2B3Xl38%2BkdreAB7ow2cUX3oIXj%2FjniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl%2B6vvu8y89b7g%5C%5Cu003d%5C%5 Cu003d%5C%22%2C%5C%22intermediateSigningKey%5C%22%3A%7B%5C%22signedKey%5C%22%3A%5C%22%7B%5C%5 C%5C%22keyValue%5C%5C%5C%22%3A%5C%5C%5C%22MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX %2FI4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ%5C%5C%5C%5Cu003d%5C%5C %5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22keyExpiration%5C%5C%5C%22%3A%5C%5C%5C%22170358084530 7%5C%5C%5C%22%7D%5C%22%2C%5C%22signatures%5C%22%3A%5B%5C%22MEUCIDi9oNLgx4V%2BDGJ1HkcDQvjtrE3 GMfsiD24TZqmqpLOZAiEA%2BG4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X%2FOBMA%5C%5Cu003d%5C%22%5D%7D%2C %5C%22protocolVersion%5C%22%3A%5C%22ECv2%5C%22%2C%5C%22signedMessage%5C%22%3A%5C%22%7B%5C%5 C%5C%22encryptedMessage%5C%5C%5C%22%3A%5C%5C%5C%220OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR%2BOT25c DFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R%2F06WBXJzVRw1zoj8N%2BUAP0E9dRdCgD tZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc%2Ba50%2FYy6b1B%2F1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlP AJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB%2BSEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI 3e8clgB2O0XARVJFxR4uvb5%2FQ7Fikb4F17k33mpkphaycaAmFI2uhRSqxj%2F4w3gsP12wOGmdKl0gGVED17pXN%2FGToYj7 xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ%2FzgC0HBNVUsJJdPP25bp8L4xYNsdNAzgys mbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK%5C%5C%5C%22%2C%5C%5C%5C%22ephe meralPublicKey%5C%5C%5C%22%3A%5C%5C%5C%22BNJaGHqKX0XU50%2FdwmIX63TLQI8sMteYmJS7%2F72yf2S8DUZlH u6WT6vXS1nUq74Oh8k%2FQwrYM4UwVais0sH%2BhDU%5C%5C%5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22tag %5C%5C%5C%22%3A%5C%5C%5C%22c1j%2FVsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo%5C%5C%5C%5Cu003d%5C% 5C%5C%22%7D%5C%22%7D%22%2C%22type%22%3A%22PAYMENT_GATEWAY%22%7D%2C%22type%22%3A%22CARD %22%7D%7D" |
Sample Request Code (Java)
//in the response, if the received status code was “20002” it needs Sadad authentication,
//and after Authentication, you will send APIApprove Request to SmartRoute.
StringBuffer requestQuery = new StringBuffer();
requestQuery
.append("TransactionID").append("=").append(transactionId).append("&")
.append("MerchantID").append("=").append("ANBRedirectM").append("&")
.append("Amount").append("=").append("2000").append("&")
.append("CurrencyISOCode").append("=").append("840").append("&")
.append("MessageID").append("=").append("16").append("&")
.append("Quantity").append("=").append("1").append("&")
.append("Channel").append("=").append("0").append("&")
.append("PaymentMethod").append("=").append("1").append("&")
.append("ClientIPaddress").append("=").append("127.0.0.1").append("&")
//for Card Payment (conditional.append("&")paymentMethod=1)
.append("CardNumber").append("=").append("4012001045873335").append("&")
.append("ExpiryDateYear").append("=").append("01").append("&")
.append("ExpiryDateMonth").append("=").append("19").append("&")
.append("SecurityCode").append("=").append("123").append("&")
.append("CardHolderName").append("=").append("1").append("&")
.append("SecureHash").append("=").append(secureHash).append("&");
//for Sadad Payment (conditional.append("&")paymentMethod=2)
//.append("SadadOlpId").append("=").append("testSadad").append("&")
//.append("mfu","https://MerchantSite/RedirectPaymentRequestPage").append("&")
//fill some optional parameters
.append("Language").append("=").append("en").append("&")
.append("ThemeID").append("=").append("1000000001").append("&")
.append("Version").append("=").append("1.0")
.append("SecureHash").append("=").append(secureHash);
//Send the request
URL url = new URL("https://SR_URL");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream(), "UTF-8");
//write parameters
writer.write(requestQuery.toString());
writer.flush(); Response Parameters
| Parameter | Description |
|---|---|
Response.StatusCode required | An alphanumeric value that represents the response code that covers errors generated by the SmartRoute. Appendix A: API mPayment Response Codes for descriptive details about Response Codes.
|
| Response.StatusDescription required | An alphanumeric value that represents a message describing the response status received from SmartRoute. This parameter is filled only after a complete execution process using the language specified in the request. This value should be UTF-8 encoded when it is entered into the secure hash generation process.
|
| Response.Amount required | A numeric value that contains the purchase amount of the item.
|
| Response.CurrencyISOCode required | The numeric value is in ISO format for the currency. The value should be neither character value nor decimal point. For example, 840 for US Dollar, 400 for JOD.
|
| Response.MerchantID required | An alphanumeric value that represents the unique ID of the merchant at SmartRoute. The SmartRoute operation team provides this value upon merchant enrollment.
|
| Response.TransactionID required | The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces.
|
| Response.MessageID required | An alphanumeric value that represents the action for defined unique numbers as mentioned below:
|
| Response.SecureHash required | An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all response parameters appended in alphabetical order based on the parameter’s name, with no separators and no terminating character. Appendix B: Secure Hash – API mPayment; for more information, see secure hash generation.
|
| Response.PaymentMethod Conditional | An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows: If Version is 1.0 :
Condition: The SmartRoute operation team, upon merchant enrollment, provides possible Card Names. |
| Response.GatewayStatusCode optional | An alphanumeric value that represents the gateway response code. This code covers errors generated by the chosen gateway.
|
| Response.GatewayStatusDescription optional | An alphanumeric value that represents a message describing the response status received from the chosen gateway using the language specified in the request. After completing the execution process, this parameter is filled in. This value should be UTF-8 encoded when it is entered into the secure hash generation process.
|
| Response.GatewayName optional | This value represents the gateway name that processed the transaction. It can be alphanumeric with special characters like space, ‘@’ and ‘_’.
|
| Response.RRN optional | An alphanumeric value that represents a Receipt Reference Number for the current payment transaction. This value is returned if the value is provided from the gateway.
|
| Response.ApprovalCode optional | Approval Code received from Payment Processor such as Visa. The values are returned in the following cases:
|
| Response.AuthenticationURL optional | The Authentication URL represents the 3D-Secure URL that the Merchant will use to redirect the customer to authenticate the payment.
|
| Response.Token optional | The token that is assigned to the entered card information; responds to a “GenerateToken” flag with the value “Yes”. This parameter is a part of the tokenization parameters; for more information, see Tokenization.
|
| Response.IssuerName Conditional | An Alphanumeric value indicates the Bank Issuer Name.
Condition: This parameter will be provided back to the merchant if the provided version in the request is 3.1 |
Sample Response Code (Java)
// Get the response
StringBuffer output = new StringBuffer();
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8"));
String line;
while ((line = reader.readLine()) != null) {
output.append(line);
}
writer.close();
reader.close();
//Output the response
System.out.println(output.toString());
// this string is formatted as a "Query String" - name=value&name2=value2.......
String outputString=output.toString();
// To read the output string you might want to split it
// on '&' to get pairs then on '=' to get name and value
// and for a better and ease on verifying secure hash you should put them in a TreeMap
String [] pairs=outputString.split("&");
Map<String,String> result=new TreeMap<String,String>();
// now we have separated the pairs from each other {"name1=value1","name2=value2",....}
for(String pair:pairs){
// now we have separated the pair to {"name","value"}
String[] nameValue=pair.split("=");
String name=nameValue[0];//first element is the name
String value=nameValue[1];//second element is the value
// put the pair in the result map
result.put(name,value);
}
// Now that we have the map, order it to generate secure hash and compare it with the received one
StringBuilder responseOrderdString = new StringBuilder();
responseOrderdString.append(AUTHENTICATION_TOKEN);
for (String treeMapKey : result.keySet()) {
responseOrderdString.append(result.get(treeMapKey));
}
System.out.println("Response Orderd String is " + responseOrderdString.toString());
// Generate SecureHash with SHA256
// Using DigestUtils from appache.commons.codes.jar Library
String generatedsecureHash = new
String(DigestUtils.sha256Hex(responseOrderdString.toString()).getBytes());
// get the received secure hash from result map
String receivedSecurehash=result.get("Response.SecureHash");
if(!receivedSecurehash.equals(generatedsecureHash)){
//IF they are not equal then the response shall not be accepted
System.out.println("Received Secure Hash does not Equal generated Secure hash");
}
else{
// complete the Action get other parameters from result map and do your processes
// please refer to The Integration Manual to See The List of The Received Parameters
String status=result.get("Response.Status");
System.out.println("Status is :"+ status);
if("20002".equalsIgnoreCase(status)) {
String responseEstn = result.get("Response.estn");
String responseMfu = result.get("Response.mfu");
String responseAuthenticationUrl = result.get("Response.AuthenticationURL");
request.setAttribute("responseEstn", responseEstn);
request.setAttribute("responseMfu", responseMfu);
request.setAttribute("responseAuthenticationUrl", responseAuthenticationUrl);
request.getRequestDispatcher("AuthenticateSadad.jsp").forward(request, response);
}
else {
// then the card is not 3ds enrolled
// this means your payment has been completed
System.out.println("Status is :"+ status);
}
} } Other Sample Request Code (.Net /PHP)
Sample Request Code (.Net)
1. // if the Card was 3DS Enrolled, APIPayment Will be Divided into two requests.
2. //in the response, if the received status code was “20001” or “20002” this means
3. //that the Payment is 3DS supported, which means you need to authenticate with the
4. //Bank site, all needed parameters for 3DS in will be included in the response,
5. //and after Authentication, you will send APIApprove Request to SmartRoute.
6. //Note: The Difference between 3DS payment and none-3DS Payment, will start after
7. // getting the APIPayment response.
8. StringBuilder requestQuery = new StringBuilder();
9. requestQuery
10. .Append("TransactionID").Append("=").Append(transactionId).Append("&")
11. .Append("MerchantID").Append("=").Append("ANBRedirectM").Append("&")
12. .Append("Amount").Append("=").Append("2000").Append("&")
13. .Append("CurrencyISOCode").Append("=").Append("840").Append("&")
14. .Append("MessageID").Append("=").Append("16").Append("&")
15. .Append("Quantity").Append("=").Append("1").Append("&")
16. .Append("Channel").Append("=").Append("0").Append("&")
17. .Append("PaymentMethod").Append("=").Append("1").Append("&")
18. .Append("ClientIPaddress").Append("=").Append("127.0.0.1").Append("&")
19. //for Card Payment (conditional.Append("&")paymentMethod=1)
20. .Append("CardNumber").Append("=").Append("4012001045873335").Append("&
")
21. .Append("ExpiryDateYear").Append("=").Append("01").Append("&")
22. .Append("ExpiryDateMonth").Append("=").Append("19").Append("&")
23. .Append("SecurityCode").Append("=").Append("123").Append("&")
24. .Append("CardHolderName").Append("=").Append("1").Append("&")
25. //for Sadad Payment (conditional.Append("&")paymentMethod=2)
26. //.Append("SadadOlpId").Append("=").Append("testSadad").Append("&")
27. //.Append("mfu","https://MerchantSite/RedirectPaymentRequestPage").Append("&")
28. //fill some optional parameters
29. .Append("Language").Append("=").Append("en").Append("&")
30. .Append("ThemeID").Append("=").Append("1000000001").Append("&")
31. .Append("Version").Append("=").Append("1.0")
32. .Append("SecureHash").Append("=").Append(secureHash);
33.
34. //Send the request
35. string data = requestQuery.ToString().ToString();
36. byte[] dataStream = Encoding.UTF8.GetBytes(data);
37. string urlPath = "https://SR_URL";
38. string request = urlPath;
39. WebRequest webRequest = WebRequest.Create(request);
40. webRequest.Method = "POST";
41. webRequest.ContentType = "application/x-www-form-urlencoded";
42. webRequest.ContentLength = dataStream.Length;
43. Stream newStream = webRequest.GetRequestStream();
44. // Send the data.
45. newStream.Write(dataStream, 0, dataStream.Length);
46. newStream.Close(); Sample Request Code (PHP)
1. // if the Card was 3DS Enrolled, APIPayment Will be Divided into two requests.
2. //in the response, if the received status code was “20001” or “20002” this means
3. //that the Payment is 3DS supported, which means you need to authenticate with the
4. //Bank site, all needed parameters for 3DS in will be included in the response,
5. //and after Authentication, you will send APIApprove Request to SmartRoute.
6. //Note: The Difference between 3DS payment and none-3DS Payment, will start after getting the APIPayment response.
7.
8. $queryStringArr = [
9. "TransactionID" => $transactionId,
10. "MerchantID" => "ANBRedirectM",
11. "Amount" => "2000",
12. "CurrencyISOCode" => "840",
13. "MessageID" => "16",
14. "Quantity" => "1",
15. "Channel" => "0",
16. "PaymentMethod" => "1",
17. "ClientIPaddress" => "127.0.0.1",
18. //for Card Payment (conditional.append("&")paymentMethod=1)
19. "CardNumber" => "4012001045873335",
20. "ExpiryDateYear" => "01",
21. "ExpiryDateMonth" => "19",
22. "SecurityCode" => "123",
23. "CardHolderName" => "1",
24. //for Sadad Payment (conditional.append("&")paymentMethod=2)
25. "SadadOlpId" => "testSadad",
26. "mfu" => "https://MerchantSite/RedirectPaymentRequestPage",
27. //fill some optional parameters
28. "Language" => "en",
29. "ThemeID" => "1000000001",
30. "Version" => "1.0",
31. "SecureHash" => $secureHash,
32. ];
33.
34. //Send the request
35. $newRequestQuery = http_build_query($queryStringArr);
36.
37. $url = "https://SR_URL";
38. $ch = curl_init($url);
39. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
40. //write parameters
41. curl_setopt($ch,CURLOPT_POST, true);
42. curl_setopt($ch,CURLOPT_POSTFIELDS, $newRequestQuery);
43. Other Sample Response Code (.Net /PHP)
Sample Response Code (.Net)
47. // Get the response
48. WebResponse webResponse = webRequest.GetResponse();
49. String output = webResponse.ToString();
50. //Output the response
51. Console.WriteLine(output);
52.
53. // this string is formatted as a "Query String" - name=value&name2=value2.......
54. String outputString = output.ToString();
55.
56. // To read the output string you might want to split it
57. // on '&' to get pairs then on '=' to get name and value
58. // and for a better and ease on verifying secure hash you should put them in a SortedDictionary
59. SortedDictionary<string, string> result = new SortedDictionary<String, String>(StringComparer.Ordinal);
60. NameValueCollection qscoll = HttpUtility.ParseQueryString(output);
61. foreach (String kv in qscoll.AllKeys)
62. {
63. result.Add(kv, qscoll[kv]);
64. }
65.
66.
67. // Now that we have the SortedDictionary, order it to generate secure hash and compare it with the received one
68. StringBuilder responseOrderdString = new StringBuilder();
69. responseOrderdString.Append(AUTHENTICATION_TOKEN);
70. foreach (KeyValuePair<string, string> kv in result)
71. {
72. if(!"Response.SecureHash".Equals(kv.Key))
73. {
74.
75. if("Response.StatusDescription".Equals(kv.Key) || "Response.GatewayStatusDescription".Equals(kv.Key))
76. {
77. responseOrderdString.Append(HttpUtility.UrlEncode(kv.Value, System.Text.Encoding.UTF8));
78. }
79. else
80. {
81. responseOrderdString.Append(kv.Value);
82. }
83. }
84. }
85.
86. Console.WriteLine("Response Ordered String is " + responseOrderdString.ToString());
87.
88. // Generate SecureHash with SHA256 from responseOrderedString
89. bytes = Encoding.UTF8.GetBytes(responseOrderdString.ToString().ToString());
90. sha256 = SHA256Managed.Create();
91. hash = sha256.ComputeHash(bytes);
92. String generatedsecureHash = String.Empty;
93. foreach (byte x in hash)
94. {
95. generatedsecureHash += String.Format("{0:x2}", x);
96. }
97.
98. // get the received secure hash from result dictionary
99. String receivedSecurehash = result["Response.SecureHash"];
100.
101. if (receivedSecurehash != generatedsecureHash.ToString())
102. {
103. //IF they are not equal then the response shall not be accepted
104. Console.WriteLine("Received Secure Hash does not Equal generated Secure hash");
105. }
106. else
107. {
108. // Complete the Action get other parameters from result dictionary and do your processes
109. // please refer to The Integration Manual to See the List of The Received Parameters
110. String status = result["Response.Status"];
111. Console.WriteLine("Status is :" + status);
112. if ("20001" == status)
113. {
114. // if the received status code was 20001 this means that this transaction needs 3DS
115. //Authentication , the parameters you need are received with the response too.16 | P a g e
116. // prepare parameters to send to ASP , to Send it to 3DS in A Post Request
117. String bankUrl = (String)result["Response.AcsURL"];
118. String PaRequestMessage = (String)result["Response.PaRequestMessage"];
119. // 3DS Response page ( the url that you want 3DS Authentication to forword the request to)
120. String Merchant3DSResponseURL = "http://yoursite/your3DSResponsepage";
121.
122. this.Context.Items.Add("ACSURL", bankUrl);
123. this.Context.Items.Add("3DSPaMessage", PaRequestMessage);
124. this.Context.Items.Add("TERMURL_PREFIX", Merchant3DSResponseURL);
125. // Verification Enrollment Result Used for 3DS payment.
126. String veResult = (String)result["Response.ResponseVeResult"];
127. /***********************************************************/
128. /***********************************************************/
129. /***********************************************************/
130. /*STORE veResult IN DATABASE OR ANY SAFE PLACE TO USE IT IN APPROVE REQUEST*/
131. /************************************************************/
132. /************************************************************/
133. /************************************************************/
134. this.Server.Transfer("RedirectTo3DS.aspx", true);
135. }
136. // this means that the transaction needs Sadad Authentication
137. else if ("20002" == status)
138. {
139. String responseEstn = result["Response.estn"];
140. String responseMfu = result["Response.mfu"];
141. String responseAuthenticationUrl = result["Response.AuthenticationURL"];
142. this.Context.Items.Add("responseEstn", responseEstn);
143. this.Context.Items.Add("responseMfu", responseMfu);
144. this.Context.Items.Add("responseAuthenticationUrl", responseAuthenticationUrl);
145. this.Server.Transfer("AuthenticateSadad.aspx", true);
146. }
147. else
148. {
149. // then the card is not 3ds enrolled
150. // this means your payment has been completed
151. Console.WriteLine("Status is :" + status);
152. }
153. } Sample Response Code (PHP)
44. // Get the response
45. $output = curl_exec($ch);
46. curl_close($ch);
47. //Output the response
48. echo $output;
49.
50. // To read the output string you might want to split it
51. // on '&' to get pairs then on '=' to get name and value
52. // and for a better and ease on verifying secure hash you should put
53. $result = [];
54. parse_str($output, $result);
55. ksort($result);
56.
57. // Now that we have the map, order it to generate secure hash and compare it with the received one
58. $responseOrderdString = $AUTHENTICATION_TOKEN;
59. foreach($result as $res_k=>$result_v){
60. $responseOrderdString .= $result_v;
61. }
62.
63. echo "-- Response Orderd String --".chr(10);
64. echo $responseOrderdString.chr(10);
65.
66. // Generate SecureHash with SHA256
67. $generatedsecureHash = hash('sha256',$responseOrderdString);
68.
69. // get the received secure hash from result map
70. $receivedSecurehash = $result['Response.SecureHash'];
71.
72. if($receivedSecurehash == $generatedsecureHash){
73. // IF they are not equal then the response shall not be accepted
74. echo "Received Secure Hash does not Equal generated Secure hash".chr(10);
75. }else{
76.
77. // Complete the Action get other parameters from result map and do
78. // your processes
79. // Please refer to The Integration Manual to See The List of The
80. // Received Parameters
81. $status = $result["Response.Status"];
82. echo "Status is :" . $status.chr(10);
83. if ("20001" === $status) {
84. // if the received status code was 20001 this means that this transaction needs 3DS
85. //Authentication, the parameters you need are received with the response too.
86. // prepare parameters to send to JSP , to Send it to 3DS in A Post Request
87. $bankUrl = (String)$result["Response.AcsURL"];
88. $PaRequestMessage = (String)$result["Response.PaRequestMessage"];
89. // 3DS Response page ( the url that you want 3DS Authentication to forword the request to)
90. $Merchant3DSResponseURL= "http://yoursite/your3DSResponsepage";
91. $_SESSION["ACSURL"] = $bankUrl;
92. $_SESSION["3DSPaMessage"] = $PaRequestMessage;
93. $_SESSION["TERMURL_PREFIX"] = $Merchant3DSResponseURL;
94.
95. // Verification Enrollment Result Used for 3DS payment.
96. $veResult= (String)$result["Response.ResponseVeResult"];
97.
98. /***********************************************************/
99. /***********************************************************/
100. /***********************************************************/
101. /*STORE veResult IN DATABASE OR ANY SAFE PLACE TO USE IT IN APPROVE REQUEST*/
102. /***********************************************************/
103. /***********************************************************/
104. /***********************************************************/
105. header("location: RedirectTo3DS.php");
106. exit();
107. }else if("20002" === $status) {
108. // this means that the transaction needs Sadad Authentication
109. $responseEstn = $result["Response.estn"];
110. $responseMfu = $result["Response.mfu"];
111. $responseAuthenticationUrl = $result["Response.AuthenticationURL"];
112. $_SESSION["responseEstn"] = $responseEstn;
113. $_SESSION["responseMfu"] = $responseMfu;
114. $_SESSION["responseAuthenticationUrl"] = $responseAuthenticationUrl;
115.
116. header("location: AuthenticateSadad.php");
117. exit();
118. }else {
119. // then the card is not 3ds enrolled
120. // this means your payment has been completed
121. echo "Status is :". $status;
122. }
123. }