Direct Post Payment

Request message

Input request parameter

Description

Merchant Authentication Token

Y2ExNzE2NDBlZjEyNmZhZjRmMmRmY2Iy

MessageID

TransactionID

12345678901234567890

MerchantID

STSPayOneM

Amount

100

Language

PaymentMethod

CurrencyISOCode

400

PaymentDescription

Sample Payment Description

ResponseBackURL

https://MerchatWebSite/PaymentResponse.do

CardNumber

4111111111111111

ExpiryDateYear

ExpiryDateMonth

SecurityCode

854

CardHolderName

Card Holder

Channel

Quantity

Version

1.0

Parameters Order

Amount, Channel, CurrencyISOCode, Language, MerchantID, MessageID,

PaymentDescription, PaymentMethod, Quantity, ResponseBackURL, TransactionID, Version

Note: The parameters are ordered alphabetically in the secure hash.

The input to the Secure Hash generation routine

Y2ExNzE2NDBlZjEyNmZhZjRmMmRmY2Iy1000400EnSTSPayOneM1Sample+Payment+Descri
ption11https://MerchatWebSite/PaymentResponse.do123456789012345678901.0

Output

3e6a7361eecc30e0a9813f3ee90b845d8dcf4d69564ef2ec64fb809bc8591481

Note:

CardNumber, ExpiryDateYear, ExpiryDateMonth, SecurityCode and CardHolderName are not a part of the Secure Hash.

Response message

Input response parameter

Description

Merchant Authentication Token

Y2ExNzE2NDBlZjEyNmZhZjRmMmRmY2Iy

Response.MessageID

Response.TransactionID

12345678901234567890

Response.StatusCode

00000

Response.StatusDescription

Payment processed successfully

Response.GatewayStatusCode

0000

Response.GatewayName

TestGateway

Response.GatewayStatusDescription

Sample Gateway Description

Response.Amount

100

Response.ApprovalCode

654321

Response.CardExpiryDate

0416

Response.CardHolderName

Card Holder

Response.CurrencyISOCode

400

Response.CardNumber

411111******1111

Response.MerchantID

STSPayOneM

Response.RRN

123456

Parameters Order

Response.Amount, Response.ApprovalCode, Response.CardExpiryDate,
Response.CardHolderName, Response.CardNumber, Response.CurrencyISOCode,
Response.GatewayName, Response.GatewayStatusCode,
Response.GatewayStatusDescription, Response.MerchantID, Response.MessageID ,
Response.RRN, Response.StatusCode, Response.StatusDescription, Response.TransactionID

Note: The parameters are ordered alphabetically in the secure hash.

The input to the Secure Hash generation routine

Y2ExNzE2NDBlZjEyNmZhZjRmMmRmY2Iy1006543210122Card
Holder411111******1111400TestGateway0000Sample+Gateway+DescriptionSTSPayOneM11
2345600000Payment+processed+successfully12345678901234567890

Output

e801dccf0e59fa56517576d10e51a8b6bd5f56c3f14d67c0c446fc10c3a65031

Sample Code (Java)

//Step 1: Generate Secure Hash String SECRET_KEY = "Y2FkMTdlOWZiMzJjMzY4ZGFkMzhkMWIz"; // Use Yours, Please Store Your Secret Key in safe Place (e.g. database) // put the parameters in a TreeMap to have the parameters to have them sorted alphabetically. Map <String,String> parameters = new TreeMap<String,String> (); String transactionId = String.valueOf(System.currentTimeMillis()); // fill required parameters parameters.put("TransactionID", transactionId); parameters.put("MerchantID", "ANBRedirectM"); parameters.put("Amount", "2000"); parameters.put("CurrencyISOCode", "840"); parameters.put("MessageID", "1"); parameters.put("Quantity", "1"); parameters.put("Channel", "0"); parameters.put("PaymentMethod", "1"); //for Card Payment (conditional;paymentMethod=1) parameters.put("CardNumber", "4012001045873335"); parameters.put("ExpiryDateYear", "01"); parameters.put("ExpiryDateMonth", "19"); parameters.put("SecurityCode", "123"); parameters.put("CardHolderName", "1"); //for Sadad Payment (conditional; paymentMethod=2) //parameters.put("SadadOlpId", "testSadad"); //fill some optional parameters parameters.put("Language", "en"); parameters.put("ThemeID", "1000000001"); parameters.put("ResponseBackURL", "https://MerchantSite/RedirectPaymentResponsePage");// if this URL is configured for the merchant it's not required parameters.put("Version", "1.0"); //Create an ordered String of The Parameters Map with Secret Key StringBuilder orderedString = new StringBuilder(); orderedString.append(SECRET_KEY); for (String treeMapKey : parameters.keySet()) { orderedString.append(parameters.get(treeMapKey)); } System.out.println("orderdString: " + orderedString); // Generate SecureHash with SHA256 // Using DigestUtils from appache.commons.codes.jar Library String secureHash = new String(DigestUtils.sha256Hex(orderedString.toString()).getBytes());

Other Request Code (.Net /PHP)

Sample Code (.Net)

1. //Step 1: Generate Secure Hash 2. String SECRET_KEY = " Y2FkMTdlOWZiMzJjMzY4ZGFkMzhkMWIz";// Use Yours, Please Store Your Secret Key in safe Place (eg.database) 3. // get All Request Parameters 4. System.Collections.ICollection parameterNames = this.Context.Items.Keys; 5. // store all response Parameters to generate Response Secure Hash 6. // and get Parameters to use it later in your Code 7. SortedDictionary<string, string> responseParameters = new SortedDictionary <String, String>(StringComparer.Ordinal); 8. 9. for(int i=0; i< parameterNames.Count; i++) 10. { 11. String paramName = (String)parameterNames.GetEnumerator().Current; 12. String paramvalue = (String)this.Context.Items[paramName]; 13. responseParameters.Add(paramName, paramvalue); 14. parameterNames.GetEnumerator().MoveNext(); 15. } 16. // Now that we have the sorted dictionary, order it to generate secure hash and compare it with the received one 17. StringBuilder responseOrderdString = new StringBuilder(); 18. responseOrderdString.Append(SECRET_KEY); 19. foreach (KeyValuePair<string, string> kv in responseParameters) 20. { 21. responseOrderdString.Append(kv.Value); 22. } 23. Console.WriteLine("Response Orderd String is: " + responseOrderdString.ToString()); 24. 25. // Generate SecureHash with SHA256 26. SHA256 sha256; 27. byte[] bytes, hash; 28. string generatedsecureHash = string.Empty; 29. 30. bytes = Encoding.UTF8.GetBytes(responseOrderdString.ToString().ToStr ing()); 31. sha256 = SHA256Managed.Create(); 32. hash = sha256.ComputeHash(bytes); 33. foreach (byte x in hash) 34. { 35. generatedsecureHash += String.Format("{0:x2}", x); 36. } 37. 38. 39. // get the received secure hash from result dictionary 40. String receivedSecurehash = responseParameters["Response.SecureHash"]; 41. if (receivedSecurehash != generatedsecureHash.ToString()) 42. { 43. // IF they are not equal then the response shall not be accepted 44. Console.WriteLine("Received Secure Hash does not Equal generated Secure hash"); 45. } 46. else 47. { 48. // Complete the Action get other parameters from result dictionary and do 49. // your processes 50. // Please refer to The Integration Manual to See The List of The 51. // Received Parameters 52. String status = responseParameters["Response.Status"]; 53. Console.WriteLine("Status is: " + status); 54. }

Sample Code (PHP)

1. <?php 2. $SECRET_KEY = "Y2FkMTdlOWZiMzJjMzY4ZGFkMzhkMWIz"; // Use Yours, Please Store Your Secret Key in safe Place(eg. database) 3. 4. // get All Request Parameters 5. $parameterNames = isset($_REQUEST)?array_keys($_REQUEST):[]; 6. 7. // store all response Parameters to generate Response Secure Hash 8. // and get Parameters to use it later in your Code 9. $responseParameters = []; 10. foreach($parameterNames as $paramName){ 11. $responseParameters[$paramName] = filter_input(INPUT_REQUEST,$paramName) ; 12. } 13. 14. //order parameters by key using ksort 15. ksort($responseParameters); 16. $orderedString = $SECRET_KEY; 17. foreach($responseParameters as $k=>$param){ 18. $orderedString .= $param; 19. } 20. 21. echo "--- Ordered String ---".chr(10); 22. echo $orderedString.chr(10); 23. 24. // Generate SecureHash with SHA256 25. $secureHash = hash('sha256', $orderedString, false); 26. 27. // get the received secure hash from result map 28. $receivedSecureHash = filter_input(INPUT_REQUEST,'Response.SecureHash'); 29. 30. // Now that we have the map, order it to generate secure hash and compare it with the received one 31. if($receivedSecureHash !== $secureHash){ 32. // IF they are not equal then the response shall not be accepted 33. echo "Received Secure Hash does not Equal generated Secure hash"; 34. }else{ 35. // Complete the Action get other parameters from result map and do 36. // your processes 37. // Please refer to The Integration Manual to see the List of The 38. // Received Parameters 39. echo "Status is: ".filter_input(INPUT_REQUEST,'Response.Status'); 40. }