API mPre-Auth

Updated on 26 Dec 2023
16 Minutes to read
Contributors

Print
Share
Dark
Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

API mPre-Auth is based on the API communication model described in the Communication Model section.

This message is used to perform a payment without the need of performing 3DS authentication for credit card payments. However, some payment methods rather than credit card require authentication.

The merchant should handle the authentication if required if the returned ‘Response.StatusCode’ parameter is (20002).

Then, an API Approve message must follow to pass any authentication data to the payment gateway. Otherwise, there is no need for an API Approve following an API mPre-Auth.

Request Parameters

Parameter	Description
MessageID required	An alphanumeric value that represents the action for defined unique numbers as mentioned below: 16 for API mPre-Auth Field Type: Alphanumeric Length: 2 Sample Data: 16
TransactionID required	The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces. Field Type: Alphanumeric Length: 40 Sample Data: 1440954863817
MerchantID required	An alphanumeric value that represents the unique Merchant ID at SmartRoute. The Payment Gateway operation team provides this value based on the merchant enrollment. Field Type: Alphanumeric Length: 40 Sample Data: MID0001
Amount required	A numeric value that contains the ISO Formatted item purchase invoice amount with no decimal point. For example, 100 for 1.00 USD. Field Type: Numeric Length: 9 Sample Data: 100
CurrencyISOCode required	A numeric value that contains the ISO formatted code for the currency, not the character value. For example, 840 for USD. Field Type: Numeric Length: 3 Sample Data: 840
PaymentMethod required	An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows: 1 ➔ It will be a Card payment. Field Type: Numeric Length: 1 Sample Data: 1
SecureHash required	An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all parameters (required parameters and optional parameters - if available) are ordered alphabetically. By parameter’s name should be part of the secure hash, with no separators and no terminating character. Appendix B: Secure Hash – API mPayment; for more information, see Response Codes. Field Type: Alphanumeric Length: 64 Sample Data: e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e
ClientIPaddress required	An alphanumeric value that represents the client’s public IP Address. Field Type: Alphanumeric Length: 19 Sample Data: 79.183.118.666
CardNumber conditional	The customer’s card number isused in the payment. If they sent PaymentMethod parameter is 1 (Card), this parameter is required. Field Type: Numeric Length: 19 Sample Data: 4111111111111111
ExpiryDateYear conditional	The customer’s card expiry date (year) digits are used in the payment. The format of this parameter should be in the form (YY). This parameter is required if the sent PaymentMethod parameter is 1 (Card). Field Type: Numeric Length: 2 Sample Data: 17
ExpiryDateMonth conditional	The customer’s card expiry date (month) digits are used in the payment. The format of this parameter should be in the form (MM). If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required. Field Type: Numeric Length: 2 Sample Data: 02
SecurityCode conditional	The customer’s card Security Code (e.g. CVV or CVC) depends on the Card Type used in the payment. If the PaymentMethod parameter is 1 (Card) is sent. Field Type: Numeric Length: 4 Sample Data: 123
PaymentDescription optional	An alphanumeric string that contains a narrative Payment Description of the invoice, which uses the language specified in the language parameter. This value should be UTF-8 encoded. It is entered into the secure hash generation process. Field Type: Alphanumeric Length: 100 Sample Data: SamplePayment
CardHolderName optional	The customer’s cardholder name is used in the payment. If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required. Field Type: Alphabetic Length: 64 Sample Data: Card Holder Name
ItemID optional	An alphanumeric value that represents the custom item ID. Field Type: Alphanumeric Length: 25 Sample Data: Item1
Channel optional	The Channel to be used by SmartRoute System. It could be one of the following: 0 for WEB 1 for Mobile 2 for POS 3 for MobileSDK Field Type: Numeric Length: 1 Sample Data: 0
Quantity optional	A numeric value greater than ZERO represents the quantity of purchased Items. Field Type: Numeric Length: 5 Sample Data: 1
Version optional	A numeric value with (.) separator represents the command's version to be used. If this value is not provided, SmartRoute will consider its default value which is 1.0 Possible version values: - 2.0 or higher: an additional response field will be returned from SmartRoute to merchant that represents the payment method used "Response.PaymentMethod" Field Type: Numeric Length: 5 Sample Data: 1.0
FrameworkInfo optional	An alphanumeric value that represents the client’s used framework. Field Type: Alphanumeric Length: 30 Sample Data: Android 7.0
GenerateToken optional	This flag indicates whether to generate a token for the entered card information or not. It accepts the values “Yes” and “No”. Sending this field as “No” acts like when the field is not sent at all. This parameter is a part of the tokenization. For more information, see Tokenization. Field Type: Alphabetic Length: 3 Sample Data: Yes
Token optional	The token is used in this request; to represent previously used card information. This parameter is a part of the tokenization parameters. For more information, see Tokenization. Field Type: Alphanumeric Length: 64 Sample Data:17b61316feafe09feb806ce33cdbfc85aed1b4173ed604f8fd5fa3cf72a02e27
googlePayResponse optional	The googlePayResponse is used in the payment. This value should be URL encoded when it is entered in+to the secure hash generation process. If the sent PaymentMethod parameter is 9 (Google Pay), this parameter is required Field Type: Alphanumeric Length: - Sample Data: Google Pay Response before encoding: { "apiVersion": 2, "apiVersionMinor": 0, "paymentMethodData": { "description": "Test Card: Mastercard •••• 4444", "info": { "assuranceDetails": { "accountVerified": true, "cardHolderAuthenticated": false }, "cardDetails": "4444", "cardNetwork": "MASTERCARD" }, "tokenizationData": { "token": "{\"signature\":\"MEQCIDC159UT+3Xl38+kdreAB7ow2cUX3oIXj/jniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl+6vvu8y89b7g\\u003d\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX/I4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1703580845307\\\"}\",\"signatures\":[\"MEUCIDi9oNLgx4V+DGJ1HkcDQvjtrE3GMfsiD24TZqmqpLOZAiEA+G4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X/OBMA\\u003d\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"0OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR+OT25cDFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R/06WBXJzVRw1zoj8N+UAP0E9dRdCgDtZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc+a50/Yy6b1B/1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlPAJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB+SEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI3e8clgB2O0XARVJFxR4uvb5/Q7Fikb4F17k33mpkphaycaAmFI2uhRSqxj/4w3gsP12wOGmdKl0gGVED17pXN/GToYj7xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ/zgC0HBNVUsJJdPP25bp8L4xYNsdNAzgysmbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK\\\",\\\"ephemeralPublicKey\\\":\\\"BNJaGHqKX0XU50/dwmIX63TLQI8sMteYmJS7/72yf2S8DUZlHu6WT6vXS1nUq74Oh8k/QwrYM4UwVais0sH+hDU\\\\u003d\\\",\\\"tag\\\":\\\"c1j/VsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo\\\\u003d\\\"}\"}", "type": "PAYMENT_GATEWAY" }, "type": "CARD" } } Google Pay Response after encoding: "%7B%22apiVersion%22%3A2%2C%22apiVersionMinor%22%3A0%2C%22paymentMethodData%22%3A%7B%22description%2 2%3A%22Test%20Card%3A%20Mastercard%E2%80%86%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%8644 44%22%2C%22info%22%3A%7B%22assuranceDetails%22%3A%7B%22accountVerified%22%3Atrue%2C%22cardHolderAuthent icated%22%3Afalse%7D%2C%22cardDetails%22%3A%224444%22%2C%22cardNetwork%22%3A%22MASTERCARD%22%7D %2C%22tokenizationData%22%3A%7B%22token%22%3A%22%7B%5C%22signature%5C%22%3A%5C%22MEQCIDC159UT% 2B3Xl38%2BkdreAB7ow2cUX3oIXj%2FjniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl%2B6vvu8y89b7g%5C%5Cu003d%5C%5 Cu003d%5C%22%2C%5C%22intermediateSigningKey%5C%22%3A%7B%5C%22signedKey%5C%22%3A%5C%22%7B%5C%5 C%5C%22keyValue%5C%5C%5C%22%3A%5C%5C%5C%22MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX %2FI4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ%5C%5C%5C%5Cu003d%5C%5C %5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22keyExpiration%5C%5C%5C%22%3A%5C%5C%5C%22170358084530 7%5C%5C%5C%22%7D%5C%22%2C%5C%22signatures%5C%22%3A%5B%5C%22MEUCIDi9oNLgx4V%2BDGJ1HkcDQvjtrE3 GMfsiD24TZqmqpLOZAiEA%2BG4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X%2FOBMA%5C%5Cu003d%5C%22%5D%7D%2C %5C%22protocolVersion%5C%22%3A%5C%22ECv2%5C%22%2C%5C%22signedMessage%5C%22%3A%5C%22%7B%5C%5 C%5C%22encryptedMessage%5C%5C%5C%22%3A%5C%5C%5C%220OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR%2BOT25c DFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R%2F06WBXJzVRw1zoj8N%2BUAP0E9dRdCgD tZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc%2Ba50%2FYy6b1B%2F1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlP AJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB%2BSEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI 3e8clgB2O0XARVJFxR4uvb5%2FQ7Fikb4F17k33mpkphaycaAmFI2uhRSqxj%2F4w3gsP12wOGmdKl0gGVED17pXN%2FGToYj7 xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ%2FzgC0HBNVUsJJdPP25bp8L4xYNsdNAzgys mbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK%5C%5C%5C%22%2C%5C%5C%5C%22ephe meralPublicKey%5C%5C%5C%22%3A%5C%5C%5C%22BNJaGHqKX0XU50%2FdwmIX63TLQI8sMteYmJS7%2F72yf2S8DUZlH u6WT6vXS1nUq74Oh8k%2FQwrYM4UwVais0sH%2BhDU%5C%5C%5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22tag %5C%5C%5C%22%3A%5C%5C%5C%22c1j%2FVsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo%5C%5C%5C%5Cu003d%5C% 5C%5C%22%7D%5C%22%7D%22%2C%22type%22%3A%22PAYMENT_GATEWAY%22%7D%2C%22type%22%3A%22CARD %22%7D%7D"

Sample Request Code (Java)

//in the response, if the received status code was “20002” it needs Sadad authentication, 
//and after Authentication, you will send APIApprove Request to SmartRoute. 
StringBuffer requestQuery = new StringBuffer(); 
 
requestQuery        
.append("TransactionID").append("=").append(transactionId).append("&") 
.append("MerchantID").append("=").append("ANBRedirectM").append("&") 
.append("Amount").append("=").append("2000").append("&") 
.append("CurrencyISOCode").append("=").append("840").append("&") 
.append("MessageID").append("=").append("16").append("&") 
.append("Quantity").append("=").append("1").append("&") 
.append("Channel").append("=").append("0").append("&") 
.append("PaymentMethod").append("=").append("1").append("&") 
.append("ClientIPaddress").append("=").append("127.0.0.1").append("&") 
 
//for Card Payment (conditional.append("&")paymentMethod=1) 
.append("CardNumber").append("=").append("4012001045873335").append("&") 
.append("ExpiryDateYear").append("=").append("01").append("&") 
.append("ExpiryDateMonth").append("=").append("19").append("&") 
.append("SecurityCode").append("=").append("123").append("&") 
.append("CardHolderName").append("=").append("1").append("&") 
.append("SecureHash").append("=").append(secureHash).append("&"); 
 
//for Sadad Payment (conditional.append("&")paymentMethod=2) 
//.append("SadadOlpId").append("=").append("testSadad").append("&") 
//.append("mfu","https://MerchantSite/RedirectPaymentRequestPage").append("&") 
 
 
//fill some optional parameters 
.append("Language").append("=").append("en").append("&") 
.append("ThemeID").append("=").append("1000000001").append("&") 
.append("Version").append("=").append("1.0") 
.append("SecureHash").append("=").append(secureHash); 
 
//Send the request 
URL url = new URL("https://SR_URL"); 
URLConnection conn = url.openConnection(); 
conn.setDoOutput(true); 
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream(), "UTF-8"); 
 
//write parameters 
writer.write(requestQuery.toString()); 
writer.flush();

Response Parameters

Parameter	Description
Response.StatusCode required	An alphanumeric value that represents the response code that covers errors generated by the SmartRoute. Appendix A: API mPayment Response Codes for descriptive details about Response Codes. Field Type: Alphanumeric Length: 5 Sample Data: 00000
Response.StatusDescription required	An alphanumeric value that represents a message describing the response status received from SmartRoute. This parameter is filled only after a complete execution process using the language specified in the request. This value should be UTF-8 encoded when it is entered into the secure hash generation process. Field Type: Alphanumeric Length: 100 Sample Data: Payment processed successfully
Response.Amount required	A numeric value that contains the purchase amount of the item. The value is in ISO format with no decimal point. Also. For example, 100 for 1.00 USD. Field Type: Numeric Length: 9 Sample Data: 100
Response.CurrencyISOCode required	The numeric value is in ISO format for the currency. The value should be neither character value nor decimal point. For example, 840 for US Dollar, 400 for JOD. Field Type: Numeric Length: 3 Sample Data: 840
Response.MerchantID required	An alphanumeric value that represents the unique ID of the merchant at SmartRoute. The SmartRoute operation team provides this value upon merchant enrollment. Field Type: Alphanumeric Length: 40 Sample Data: MID0001
Response.TransactionID required	The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces. Field Type: Alphanumeric Length: 40 Sample Data: 201508180000001
Response.MessageID required	An alphanumeric value that represents the action for defined unique numbers as mentioned below: 16 for API mPre-Auth Field Type: Alphanumeric Length: 2 Sample Data: 16
Response.SecureHash required	An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all response parameters appended in alphabetical order based on the parameter’s name, with no separators and no terminating character. Appendix B: Secure Hash – API mPayment; for more information, see secure hash generation. Field Type: Alphanumeric Length: 64 Sample Data: e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e
Response.PaymentMethod Conditional	An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows: If Version is 1.0 : 1 ➔ It will be a Card payment. Field Type: Alphanumeric Length: 1 Sample Data: 1 Condition: The SmartRoute operation team, upon merchant enrollment, provides possible Card Names.
Response.GatewayStatusCode optional	An alphanumeric value that represents the gateway response code. This code covers errors generated by the chosen gateway. Field Type: Alphanumeric Length: 15 Sample Data: 0000
Response.GatewayStatusDescription optional	An alphanumeric value that represents a message describing the response status received from the chosen gateway using the language specified in the request. After completing the execution process, this parameter is filled in. This value should be UTF-8 encoded when it is entered into the secure hash generation process. Field Type: Alphanumeric Length: 100 Sample Data: Sample Gateway Description
Response.GatewayName optional	This value represents the gateway name that processed the transaction. It can be alphanumeric with special characters like space, ‘@’ and ‘_’. Field Type: Alphanumeric and Some Special Length: 40 Sample Data: TestGateway
Response.RRN optional	An alphanumeric value that represents a Receipt Reference Number for the current payment transaction. This value is returned if the value is provided from the gateway. Field Type: Alphanumeric Length: 60 Sample Data: 201508201600462840000000000
Response.ApprovalCode optional	Approval Code received from Payment Processor such as Visa. The values are returned in the following cases: Only after a successful transaction Value is provided from the gateway Field Type: Alphanumeric Length: 10 Sample Data: 12345678
Response.AuthenticationURL optional	The Authentication URL represents the 3D-Secure URL that the Merchant will use to redirect the customer to authenticate the payment. Field Type: Alphanumeric Length: N/A Sample Data: https://anb.com.sa/anb-micro/spring/login
Response.Token optional	The token that is assigned to the entered card information; responds to a “GenerateToken” flag with the value “Yes”. This parameter is a part of the tokenization parameters; for more information, see Tokenization. Field Type: Alphanumeric Length: 64 Sample Data: 17b61316feafe09feb806ce33cdbfc85aed1b4173ed604f8fd5fa3cf72a02e27

Sample Response Code (Java)

// Get the response 
StringBuffer output = new StringBuffer(); 
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8")); 
String line; 
while ((line = reader.readLine()) != null) { 
    output.append(line); 
} 
writer.close(); 
reader.close(); 
 
//Output the response 
System.out.println(output.toString()); 
 
// this string is formatted as a "Query String" - name=value&name2=value2....... 
String outputString=output.toString(); 
 
 
// To read the output string you might want to split it  
// on '&' to get pairs then on '=' to get name and value 
// and for a better and ease on verifying secure hash you should put them in a TreeMap 
String [] pairs=outputString.split("&"); 
 
Map<String,String> result=new TreeMap<String,String>(); 
 
// now we have separated the pairs from each other {"name1=value1","name2=value2",....} 
for(String pair:pairs){ 
 
    // now we have separated the pair to {"name","value"}    
    String[] nameValue=pair.split("="); 
 
    String name=nameValue[0];//first element is the name 
    String value=nameValue[1];//second element is the value 
 
    // put the pair in the result map 
    result.put(name,value); 
} 
 
 
// Now that we have the map, order it to generate secure hash and compare it with the received one 
 
 
StringBuilder responseOrderdString = new StringBuilder(); 
responseOrderdString.append(AUTHENTICATION_TOKEN); 
for (String treeMapKey : result.keySet()) { 
    responseOrderdString.append(result.get(treeMapKey)); 
} 
 
System.out.println("Response Orderd String is  " + responseOrderdString.toString()); 
 
// Generate SecureHash with SHA256 
// Using DigestUtils from appache.commons.codes.jar Library 
String generatedsecureHash = new 
String(DigestUtils.sha256Hex(responseOrderdString.toString()).getBytes()); 
 
// get the received secure hash from result map 
String receivedSecurehash=result.get("Response.SecureHash"); 
 
 
if(!receivedSecurehash.equals(generatedsecureHash)){ 
 
    //IF they are not equal then the response shall not be accepted   
    System.out.println("Received Secure Hash does not Equal generated Secure hash"); 
} 
else{ 
    // complete the Action get other parameters from result map and do your processes  
    // please refer to The Integration Manual to See The List of The Received Parameters 
    String status=result.get("Response.Status"); 
    System.out.println("Status is :"+ status); 
 
if("20002".equalsIgnoreCase(status)) { 
        String responseEstn = result.get("Response.estn"); 
        String responseMfu = result.get("Response.mfu"); 
        String responseAuthenticationUrl = result.get("Response.AuthenticationURL"); 
         
        request.setAttribute("responseEstn", responseEstn); 
        request.setAttribute("responseMfu", responseMfu); 
 request.setAttribute("responseAuthenticationUrl", responseAuthenticationUrl); 
     
        request.getRequestDispatcher("AuthenticateSadad.jsp").forward(request, response); 
     
    } 
    else { 
        // then the card is not 3ds enrolled  
        // this means your payment has been completed 
        System.out.println("Status is :"+ status);       
        }       
    } }

Other Sample Request Code (.Net /PHP)

Sample Request Code (.Net)

1.  // if the Card was 3DS Enrolled, APIPayment Will be Divided into two requests. 
2.  //in the response, if the received status code was “20001” or “20002” this means 
3.  //that the Payment is 3DS supported, which means you need to authenticate with the 
4.  //Bank site, all needed parameters for 3DS in will be included in the response, 
5.  //and after Authentication, you will send APIApprove Request to SmartRoute. 
6.  //Note: The Difference between 3DS payment and none-3DS Payment, will start after 
7.  // getting the APIPayment response. 
8.          StringBuilder requestQuery = new StringBuilder(); 
9.          requestQuery 
10.          .Append("TransactionID").Append("=").Append(transactionId).Append("&") 
11.          .Append("MerchantID").Append("=").Append("ANBRedirectM").Append("&") 
12.          .Append("Amount").Append("=").Append("2000").Append("&") 
13.          .Append("CurrencyISOCode").Append("=").Append("840").Append("&") 
14.          .Append("MessageID").Append("=").Append("16").Append("&") 
15.          .Append("Quantity").Append("=").Append("1").Append("&") 
16.          .Append("Channel").Append("=").Append("0").Append("&") 
17.          .Append("PaymentMethod").Append("=").Append("1").Append("&") 
18.          .Append("ClientIPaddress").Append("=").Append("127.0.0.1").Append("&") 
19.          //for Card Payment (conditional.Append("&")paymentMethod=1) 
20.          .Append("CardNumber").Append("=").Append("4012001045873335").Append("&
") 
21.          .Append("ExpiryDateYear").Append("=").Append("01").Append("&") 
22.          .Append("ExpiryDateMonth").Append("=").Append("19").Append("&") 
23.          .Append("SecurityCode").Append("=").Append("123").Append("&") 
24.          .Append("CardHolderName").Append("=").Append("1").Append("&") 
25.          //for Sadad Payment (conditional.Append("&")paymentMethod=2) 
26.          //.Append("SadadOlpId").Append("=").Append("testSadad").Append("&") 
27.          //.Append("mfu","https://MerchantSite/RedirectPaymentRequestPage").Append("&") 
28.          //fill some optional parameters 
29.          .Append("Language").Append("=").Append("en").Append("&") 
30.          .Append("ThemeID").Append("=").Append("1000000001").Append("&") 
31.          .Append("Version").Append("=").Append("1.0") 
32.          .Append("SecureHash").Append("=").Append(secureHash); 
33.    
34.          //Send the request 
35.          string data = requestQuery.ToString().ToString(); 
36.          byte[] dataStream = Encoding.UTF8.GetBytes(data); 
37.          string urlPath = "https://SR_URL"; 
38.          string request = urlPath; 
39.          WebRequest webRequest = WebRequest.Create(request); 
40.          webRequest.Method = "POST"; 
41.          webRequest.ContentType = "application/x-www-form-urlencoded"; 
42.          webRequest.ContentLength = dataStream.Length; 
43.          Stream newStream = webRequest.GetRequestStream(); 
44.          // Send the data. 
45.          newStream.Write(dataStream, 0, dataStream.Length); 
46.          newStream.Close();

Sample Request Code (PHP)

1.  // if the Card was 3DS Enrolled, APIPayment Will be Divided into two requests. 
2.  //in the response, if the received status code was “20001” or “20002” this means 
3.  //that the Payment is 3DS supported, which means you need to authenticate with the 
4.  //Bank site, all needed parameters for 3DS in will be included in the response, 
5.  //and after Authentication, you will send APIApprove Request to SmartRoute. 
6.  //Note: The Difference between 3DS payment and none-3DS Payment, will start after getting the APIPayment response. 
7.    
8.  $queryStringArr = [ 
9.                "TransactionID" => $transactionId, 
10.          "MerchantID" => "ANBRedirectM", 
11.          "Amount" => "2000", 
12.          "CurrencyISOCode" => "840", 
13.          "MessageID" => "16", 
14.          "Quantity" => "1", 
15.          "Channel" => "0", 
16.          "PaymentMethod" => "1", 
17.          "ClientIPaddress" => "127.0.0.1", 
18.          //for Card Payment (conditional.append("&")paymentMethod=1) 
19.          "CardNumber" => "4012001045873335", 
20.          "ExpiryDateYear" => "01", 
21.          "ExpiryDateMonth" => "19", 
22.          "SecurityCode" => "123", 
23.          "CardHolderName" => "1", 
24.          //for Sadad Payment (conditional.append("&")paymentMethod=2) 
25.          "SadadOlpId" => "testSadad", 
26.          "mfu" => "https://MerchantSite/RedirectPaymentRequestPage", 
27.          //fill some optional parameters 
28.          "Language" => "en", 
29.          "ThemeID" => "1000000001", 
30.          "Version" => "1.0", 
31.          "SecureHash" => $secureHash, 
32.  ]; 
33.    
34.  //Send the request 
35.  $newRequestQuery = http_build_query($queryStringArr); 
36.    
37.  $url = "https://SR_URL"; 
38.  $ch = curl_init($url); 
39.  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
40.  //write parameters 
41.  curl_setopt($ch,CURLOPT_POST, true); 
42.  curl_setopt($ch,CURLOPT_POSTFIELDS, $newRequestQuery); 
43.

Other Sample Response Code (.Net /PHP)

Sample Response Code (.Net)

47.          // Get the response 
48.          WebResponse webResponse = webRequest.GetResponse(); 
49.          String output = webResponse.ToString(); 
50.          //Output the response 
51.          Console.WriteLine(output); 
52.    
53.          // this string is formatted as a "Query String" - name=value&name2=value2....... 
54.          String outputString = output.ToString(); 
55.    
56.          // To read the output string you might want to split it 
57.          // on '&' to get pairs then on '=' to get name and value 
58.          // and for a better and ease on verifying secure hash you should put them in a SortedDictionary 
59.          SortedDictionary<string, string> result = new SortedDictionary<String, String>(StringComparer.Ordinal);   
60.          NameValueCollection qscoll = HttpUtility.ParseQueryString(output); 
61.          foreach (String kv in qscoll.AllKeys) 
62.          { 
63.              result.Add(kv, qscoll[kv]); 
64.          } 
65.   
66.          
67.          // Now that we have the SortedDictionary, order it to generate secure hash and compare it with the received one 
68.          StringBuilder responseOrderdString = new StringBuilder(); 
69.          responseOrderdString.Append(AUTHENTICATION_TOKEN); 
70.          foreach (KeyValuePair<string, string> kv in result) 
71.          { 
72.              if(!"Response.SecureHash".Equals(kv.Key)) 
73.     { 
74.       
75.      if("Response.StatusDescription".Equals(kv.Key) || "Response.GatewayStatusDescription".Equals(kv.Key))  
76.      { 
77.            responseOrderdString.Append(HttpUtility.UrlEncode(kv.Value, System.Text.Encoding.UTF8));     
78.          } 
79.        else 
80.        { 
81.            responseOrderdString.Append(kv.Value); 
82.        } 
83.     }         
84.        } 
85.    
86.          Console.WriteLine("Response Ordered String is " + responseOrderdString.ToString()); 
87.    
88.          // Generate SecureHash with SHA256 from responseOrderedString 
89.          bytes = Encoding.UTF8.GetBytes(responseOrderdString.ToString().ToString()); 
90.          sha256 = SHA256Managed.Create(); 
91.          hash = sha256.ComputeHash(bytes); 
92.          String generatedsecureHash = String.Empty; 
93.          foreach (byte x in hash) 
94.          { 
95.              generatedsecureHash += String.Format("{0:x2}", x); 
96.          } 
97.    
98.          // get the received secure hash from result dictionary 
99.          String receivedSecurehash = result["Response.SecureHash"]; 
100.    
101.          if (receivedSecurehash != generatedsecureHash.ToString()) 
102.          { 
103.              //IF they are not equal then the response shall not be accepted 
104.              Console.WriteLine("Received Secure Hash does not Equal generated Secure hash"); 
105.          } 
106.          else 
107.          { 
108.              // Complete the Action get other parameters from result dictionary and do your processes 
109.              // please refer to The Integration Manual to See the List of The Received Parameters 
110.              String status = result["Response.Status"]; 
111.              Console.WriteLine("Status is :" + status); 
112.              if ("20001" == status) 
113.              { 
114.                  // if the received status code was 20001 this means that this transaction needs 3DS 
115.                  //Authentication , the parameters you need are received with the response too.16 | P a g e 
116.                  // prepare parameters to send to ASP , to Send it to 3DS in A Post Request 
117.                  String bankUrl = (String)result["Response.AcsURL"]; 
118.                  String PaRequestMessage = (String)result["Response.PaRequestMessage"]; 
119.                  // 3DS Response page ( the url that you want 3DS Authentication to forword the request to) 
120.                  String Merchant3DSResponseURL = "http://yoursite/your3DSResponsepage"; 
121.                  
122.                  this.Context.Items.Add("ACSURL", bankUrl); 
123.                  this.Context.Items.Add("3DSPaMessage", PaRequestMessage); 
124.                  this.Context.Items.Add("TERMURL_PREFIX", Merchant3DSResponseURL); 
125.                  // Verification Enrollment Result Used for 3DS payment. 
126.                  String veResult = (String)result["Response.ResponseVeResult"]; 
127.                  /***********************************************************/ 
128.                  /***********************************************************/ 
129.                  /***********************************************************/ 
130.                  /*STORE veResult IN DATABASE OR ANY SAFE PLACE TO USE IT IN APPROVE REQUEST*/ 
131.                  /************************************************************/ 
132.                  /************************************************************/ 
133.                  /************************************************************/
                 
134.                  this.Server.Transfer("RedirectTo3DS.aspx", true); 
135.              } 
136.              // this means that the transaction needs Sadad Authentication 
137.              else if ("20002" == status) 
138.              { 
139.                  String responseEstn = result["Response.estn"]; 
140.                  String responseMfu = result["Response.mfu"]; 
141.                  String responseAuthenticationUrl = result["Response.AuthenticationURL"]; 
142.                  this.Context.Items.Add("responseEstn", responseEstn); 
143.                  this.Context.Items.Add("responseMfu", responseMfu); 
144.                  this.Context.Items.Add("responseAuthenticationUrl", responseAuthenticationUrl);                 
145.                  this.Server.Transfer("AuthenticateSadad.aspx", true); 
146.              } 
147.              else 
148.              { 
149.                  // then the card is not 3ds enrolled 
150.                  // this means your payment has been completed 
151.                  Console.WriteLine("Status is :" + status); 
152.              } 
153.          }

Sample Response Code (PHP)

44.  // Get the response 
45.  $output = curl_exec($ch); 
46.  curl_close($ch); 
47.  //Output the response 
48.  echo $output; 
49.    
50.  // To read the output string you might want to split it 
51.  // on '&' to get pairs then on '=' to get name and value 
52.  // and for a better and ease on verifying secure hash you should put 
53.  $result = []; 
54.  parse_str($output, $result); 
55.  ksort($result); 
56.    
57.  // Now that we have the map, order it to generate secure hash and compare it with the received one 
58.  $responseOrderdString = $AUTHENTICATION_TOKEN; 
59.  foreach($result as $res_k=>$result_v){ 
60.      $responseOrderdString .= $result_v; 
61.  } 
62.    
63.  echo "-- Response Orderd String --".chr(10); 
64.  echo $responseOrderdString.chr(10); 
65.    
66.  // Generate SecureHash with SHA256 
67.  $generatedsecureHash = hash('sha256',$responseOrderdString); 
68.    
69.  // get the received secure hash from result map 
70.  $receivedSecurehash = $result['Response.SecureHash']; 
71.    
72.  if($receivedSecurehash == $generatedsecureHash){ 
73.      // IF they are not equal then the response shall not be accepted 
74.      echo "Received Secure Hash does not Equal generated Secure hash".chr(10); 
75.  }else{ 
76.    
77.      // Complete the Action get other parameters from result map and do 
78.      // your processes 
79.      // Please refer to The Integration Manual to See The List of The 
80.      // Received Parameters 
81.      $status = $result["Response.Status"]; 
82.      echo "Status is :" . $status.chr(10);     
83.          if ("20001" === $status) { 
84.                  // if the received status code was 20001 this means that this transaction needs 3DS 
85.                  //Authentication, the parameters you need are received with the response too. 
86.                  // prepare parameters to send to JSP , to Send it to 3DS in A Post Request 
87.                  $bankUrl = (String)$result["Response.AcsURL"]; 
88.                  $PaRequestMessage = (String)$result["Response.PaRequestMessage"]; 
89.                  // 3DS Response page ( the url that you want 3DS Authentication to forword the request to) 
90.                  $Merchant3DSResponseURL= "http://yoursite/your3DSResponsepage"; 
91.                  $_SESSION["ACSURL"] = $bankUrl; 
92.                  $_SESSION["3DSPaMessage"] = $PaRequestMessage; 
93.                  $_SESSION["TERMURL_PREFIX"] = $Merchant3DSResponseURL; 
94.                  
95.                  // Verification Enrollment Result Used for 3DS payment. 
96.                  $veResult= (String)$result["Response.ResponseVeResult"]; 
97.                  
98.                  /***********************************************************/ 
99.                  /***********************************************************/ 
100.                  /***********************************************************/ 
101.                  /*STORE veResult IN DATABASE OR ANY SAFE PLACE TO USE IT IN APPROVE REQUEST*/ 
102.                  /***********************************************************/ 
103.                  /***********************************************************/ 
104.                  /***********************************************************/ 
105.                  header("location: RedirectTo3DS.php"); 
106.                  exit(); 
107.          }else if("20002" === $status) { 
108.                  // this means that the transaction needs Sadad Authentication 
109.                  $responseEstn = $result["Response.estn"]; 
110.                  $responseMfu = $result["Response.mfu"]; 
111.                  $responseAuthenticationUrl = $result["Response.AuthenticationURL"]; 
112.                  $_SESSION["responseEstn"] = $responseEstn; 
113.                  $_SESSION["responseMfu"] = $responseMfu; 
114.                  $_SESSION["responseAuthenticationUrl"] = $responseAuthenticationUrl; 
115.                  
116.                  header("location: AuthenticateSadad.php"); 
117.                  exit();         
118.          }else { 
119.                  // then the card is not 3ds enrolled 
120.                  // this means your payment has been completed 
121.                  echo "Status is :". $status; 
122.          } 
123.  }

What's Next

API Approve

Table of contents

Request Parameters
Sample Request Code (Java)
Response Parameters
Sample Response Code (Java)
Other Sample Request Code (.Net /PHP)
Other Sample Response Code (.Net /PHP)