API Payment
  • 06 Jun 2024
  • 20 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

API Payment

  • Dark
    Light
  • PDF

Article summary

This message is used to perform a payment and it is based on the API Communication Model described in the Communication Model section. The merchant should handle the authentication process for credit cards after performing an API Payment and the returned ‘Response.StatusCode’ parameter is (20001 or 20002).

If the cases mentioned above are valid, an API Approve message must follow to pass any authentication data to the payment gateway. Otherwise, there is no need for an API Approve following an API Payment. You can refer to the appendix for further details about the credit card. 

If you wish to use the Apple Pay payment method with API Payment or API Pre-Authorization, you need to send Apple Pay Merchant Validation Message before validating the merchant and requesting Apple Pay Session. 

Request Parameters

ParameterDescription
MessageID
required

An alphanumeric value that represents the action for defined unique numbers as mentioned below: 

  • 8 for API Payment   
  • Field Type: Alphanumeric
  • Length: 2
  • Sample Data: 8
TransactionID
required

The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces.

  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: 1440954863817
MerchantID
required
An alphanumeric value that represents the unique Merchant ID at SmartRoute. The Payment Gateway operation team provides this value based on the merchant enrollment.
  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: MID0001

Amount
required
A numeric value that contains the ISO Formatted item purchase invoice amount with no decimal point. For example, 100 for 1.00 USD.
  • Field Type: Numeric
  • Length: 9
  • Sample Data: 100
CurrencyISOCode
required
A numeric value that contains the ISO formatted code for the currency, not the character value. For example, 840 for USD.
  • Field Type: Numeric 
  • Length: 3
  • Sample Data: 840
PaymentMethod
required
An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows:   
  • 1 ➔  It will be a Card payment.
  • Field Type: Numeric 
  • Length: 1
  • Sample Data: 1
SecureHash
required
An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all parameters (required parameters and optional parameters - if available) are ordered alphabetically. By parameter’s name should be part of the secure hash, with no separators and no terminating character.

Appendix B: Secure Hash – API Payment; for more information, see secure hash generation. 

  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data: e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e

ClientIPaddress
required
An alphanumeric value that represents the client’s public IP Address.
  • Field Type: Alphanumeric
  • Length: 19
  • Sample Data: 79.183.118.666 
CardNumber
conditional
The customer’s card number isused in the payment. If they sent PaymentMethod parameter is 1 (Card), this parameter is required. 
  • Field Type: Numeric
  • Length: 19
  • Sample Data: 4111111111111111
ExpiryDateYear
conditional 
The customer’s card expiry date (year)digits that are used in the payment. The format of this parameter should be in the form (YY). This parameter is required if the sent PaymentMethod parameter is 1 (Card). 
  • Field Type: Numeric 
  • Length: 2
  • Sample Data: 17
ExpiryDateMonth
conditional 
The customer’s card expiry date (month) digits are used in the payment. The format of this parameter should be in the form (MM). If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.
  • Field Type: Numeric 
  • Length: 2
  • Sample Data: 02
SecurityCode
conditional
he customer’s card Security Code (e.g. CVV or CVC) depends on the Card Type used in the payment. If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required. 
  • Field Type: Numeric 
  • Length: 4
  • Sample Data: 123
AgreementID
conditional

The agreement Id represents a unique identifier for the agreement between the merchant and the payer where the payer authorizes the merchant to perform subsequent transactions (i.e. recurring) without their active participation. The subsequent transactions shall share the same agreement Id provided in this first transaction. The value is generated by the merchant and should be unique per recurring series. 

  • Field Type: Alphanumeric
  • Length: 20
  • Sample Data: 17b61316feafe09feb
Note:
The same value should be provided while performing a recurring payment across the recurring series for this payer.
AgreementType
conditional

Alphabetical value represents the type of subsequent transactions, if any, that will be initiated based on this first transactions.

Possible values are: 

  • Recurring 
  • Unscheduled
  • Other
  • Field Type: Alphanumeric
  • Length: -
  • Sample Data: Recurring
ApplePayToken
Conditional

The Apple Pay Token is used in the payment. This value should be UTF-8 encoded when it is entered in+to the secure hash generation process. 

If the sent PaymentMethod parameter is 3 (Apple Pay), this parameter is required. 

  • Field Type: Alphanumeric
  • Length: -
  • Sample Data:

{"token": 

  { 

    "paymentData": 

      { 

"data":"IE04dN1WYNK9cyQmZBfKiHdqbdUw3UkkSD+Jn9ofXZ7dGxY46OCDmjhhiHmm==", 

"signature":"MIAGCSqGSIb3DQEHAqMIACAQExcTyz2vgqrktgeKPs41BMUMAAAAAAAA=", 

 "header": 

          { "publicKeyHash":"R4drnWP1KTDdE6DASH6Do6m4K5mVjFblDDwE=", 

            "ephemeralPublicKey":"MFkwEwYHKoZIzjbVNqfo/ptu2gSMgo1F5ZMo3kEBGw5qj8gag==",

            "transactionId":"1c1360f5cd31b3b08411b2ddc933faf948703f5a835de8e203a07" }, 

 "version":"EC_v1" 

      }, 

 "paymentMethod": 

             {  "displayName":"MasterCard 1470", 

                 "network":"MasterCard", 

                 "type":"credit" }, 

 "transactionIdentifier":"1C1360F5CD31B3B08411B2DDC933FAF948703F5A835DE8E203A" 

  } 

}

PaymentDescription 
optional

An alphanumeric string that contains a narrative Payment Description of the invoice, which uses the language specified in the language parameter. This value should be UTF-8 encoded. It is entered into the secure hash generation process. 

  • Field Type: Alphanumeric
  • Length: 100
  • Sample Data: SamplePayment
CardHolderName
conditional

The customer’s cardholder name is used in the payment. If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.

  • Field Type: Alphabetic
  • Length: 64
  • Sample Data: Card Holder Name
ItemID
optional
An alphanumeric value that represents the custom item ID.
  • Field Type: Alphanumeric
  • Length: 25
  • Sample Data: Item1
Channel
optional

The Channel to be used by SmartRoute System. It could be one of the following: 

  • 0 for E-Commerce
  • 1 for IVR
  • 2 for POS
  • Field Type: Numeric
  • Length: 1
  • Sample Data: 0
Quantity
optional
A numeric value greater than ZERO represents the quantity of purchased Items.
  • Field Type: Numeric
  • Length: 5
  • Sample Data: 1
Version
optional

A numeric value with (.) separator represents the command's version to be used. If this value is not provided, SmartRoute will consider its default value which is 1.0

Possible version values:

-  2.0 or higher: an additional response field will be returned from SmartRoute to merchant that represents the payment method used "Response.PaymentMethod"

-  2.1 or higher: indicates that the merchant will provide the AgreementID and AgreementType fields.

- 3.1: An additional response field will be returned from SmartRoute to the merchant that represents the Issuer Name used "Response.IssuerName"

  • Field Type: Numeric
  • Length: 5
  • Sample Data: 1.0
FrameworkInfo
optional
An alphanumeric value that represents the client’s used framework
  • Field Type: Alphanumeric
  • Length: 30
  • Sample Data: Android 7.0 
GenerateToken 
optional

This flag indicates whether to generate a token for the entered card information or not. It accepts the values “Yes” and “No”. Sending this field as “No” acts like when the field is not sent at all. 

This parameter is a part of the tokenization. For more information, see Tokenization.

  • Field Type: Alphabetic
  • Length: 3
  • Sample Data: Yes
Token
optional
The token is used in this request; to represent previously used card information. This parameter is a part of the tokenization parameters. For more information, see Tokenization.
  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data:

17b61316feafe09feb806ce33cdbfc85aed1b4173ed604f8fd5fa3cf72a02e27 

googlePayResponse 
optional

The googlePayResponse is used in the payment. This value should be URL encoded when it is entered in+to the secure hash generation process. 

If the sent PaymentMethod parameter is 9 (Google Pay), this parameter is required.

  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data:

Google Pay Response before encoding:

{

    "apiVersion": 2,

    "apiVersionMinor": 0,

     "paymentMethodData": {

        "description": "Test Card: Mastercard •••• 4444",

        "info": {

             "assuranceDetails": {

                "accountVerified": true,

                 "cardHolderAuthenticated": false

            },

             "cardDetails": "4444",

             "cardNetwork": "MASTERCARD"

        },

         "tokenizationData": {

            "token": "{\"signature\":\"MEQCIDC159UT+3Xl38+kdreAB7ow2cUX3oIXj/jniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl+6vvu8y89b7g\\u003d\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX/I4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1703580845307\\\"}\",\"signatures\":[\"MEUCIDi9oNLgx4V+DGJ1HkcDQvjtrE3GMfsiD24TZqmqpLOZAiEA+G4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X/OBMA\\u003d\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"0OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR+OT25cDFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R/06WBXJzVRw1zoj8N+UAP0E9dRdCgDtZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc+a50/Yy6b1B/1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlPAJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB+SEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI3e8clgB2O0XARVJFxR4uvb5/Q7Fikb4F17k33mpkphaycaAmFI2uhRSqxj/4w3gsP12wOGmdKl0gGVED17pXN/GToYj7xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ/zgC0HBNVUsJJdPP25bp8L4xYNsdNAzgysmbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK\\\",\\\"ephemeralPublicKey\\\":\\\"BNJaGHqKX0XU50/dwmIX63TLQI8sMteYmJS7/72yf2S8DUZlHu6WT6vXS1nUq74Oh8k/QwrYM4UwVais0sH+hDU\\\\u003d\\\",\\\"tag\\\":\\\"c1j/VsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo\\\\u003d\\\"}\"}",

            "type": "PAYMENT_GATEWAY"

        },

        "type": "CARD"

    }

}

Google Pay Response after encoding:

"%7B%22apiVersion%22%3A2%2C%22apiVersionMinor%22%3A0%2C%22paymentMethodData%22%3A%7B%22description%2

2%3A%22Test%20Card%3A%20Mastercard%E2%80%86%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%8644

44%22%2C%22info%22%3A%7B%22assuranceDetails%22%3A%7B%22accountVerified%22%3Atrue%2C%22cardHolderAuthent

icated%22%3Afalse%7D%2C%22cardDetails%22%3A%224444%22%2C%22cardNetwork%22%3A%22MASTERCARD%22%7D

%2C%22tokenizationData%22%3A%7B%22token%22%3A%22%7B%5C%22signature%5C%22%3A%5C%22MEQCIDC159UT%

2B3Xl38%2BkdreAB7ow2cUX3oIXj%2FjniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl%2B6vvu8y89b7g%5C%5Cu003d%5C%5

Cu003d%5C%22%2C%5C%22intermediateSigningKey%5C%22%3A%7B%5C%22signedKey%5C%22%3A%5C%22%7B%5C%5

C%5C%22keyValue%5C%5C%5C%22%3A%5C%5C%5C%22MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX

%2FI4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ%5C%5C%5C%5Cu003d%5C%5C

%5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22keyExpiration%5C%5C%5C%22%3A%5C%5C%5C%22170358084530

7%5C%5C%5C%22%7D%5C%22%2C%5C%22signatures%5C%22%3A%5B%5C%22MEUCIDi9oNLgx4V%2BDGJ1HkcDQvjtrE3

GMfsiD24TZqmqpLOZAiEA%2BG4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X%2FOBMA%5C%5Cu003d%5C%22%5D%7D%2C

%5C%22protocolVersion%5C%22%3A%5C%22ECv2%5C%22%2C%5C%22signedMessage%5C%22%3A%5C%22%7B%5C%5

C%5C%22encryptedMessage%5C%5C%5C%22%3A%5C%5C%5C%220OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR%2BOT25c

DFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R%2F06WBXJzVRw1zoj8N%2BUAP0E9dRdCgD

tZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc%2Ba50%2FYy6b1B%2F1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlP

AJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB%2BSEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI

3e8clgB2O0XARVJFxR4uvb5%2FQ7Fikb4F17k33mpkphaycaAmFI2uhRSqxj%2F4w3gsP12wOGmdKl0gGVED17pXN%2FGToYj7

xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ%2FzgC0HBNVUsJJdPP25bp8L4xYNsdNAzgys

mbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK%5C%5C%5C%22%2C%5C%5C%5C%22ephe

meralPublicKey%5C%5C%5C%22%3A%5C%5C%5C%22BNJaGHqKX0XU50%2FdwmIX63TLQI8sMteYmJS7%2F72yf2S8DUZlH

u6WT6vXS1nUq74Oh8k%2FQwrYM4UwVais0sH%2BhDU%5C%5C%5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22tag

%5C%5C%5C%22%3A%5C%5C%5C%22c1j%2FVsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo%5C%5C%5C%5Cu003d%5C%

5C%5C%22%7D%5C%22%7D%22%2C%22type%22%3A%22PAYMENT_GATEWAY%22%7D%2C%22type%22%3A%22CARD

%22%7D%7D"

 


Sample Request Code (Java)

// if the Card was 3DS Enrolled, APIPayment Will be Divided into two requests. 
//in the response, if the received status code was “20001” or “20002” this means 
//that the Payment is 3DS supported, which means you need to authenticate with the 
//Bank site, all needed parameters for 3DS in will be included in the response,  
//and after Authentication, you will send APIApprove Request to SmartRoute. 
//Note: The Difference between 3DS payment and none-3DS Payment, will start after getting the APIPayment response. 
 
StringBuffer requestQuery = new StringBuffer(); 
 
requestQuery        
.append("TransactionID").append("=").append(transactionId).append("&") 
.append("MerchantID").append("=").append("ANBRedirectM").append("&") 
.append("Amount").append("=").append("2000").append("&") 
.append("CurrencyISOCode").append("=").append("840").append("&") 
.append("MessageID").append("=").append("8").append("&") 
.append("Quantity").append("=").append("1").append("&") 
.append("Channel").append("=").append("0").append("&") 
.append("PaymentMethod").append("=").append("1").append("&") 
.append("ClientIPaddress").append("=").append("127.0.0.1").append("&") 
 
//for Card Payment (conditional.append("&")paymentMethod=1) 
.append("CardNumber").append("=").append("4012001045873335").append("&") 
.append("ExpiryDateYear").append("=").append("01").append("&") 
.append("ExpiryDateMonth").append("=").append("19").append("&") 
.append("SecurityCode").append("=").append("123").append("&") 
.append("CardHolderName").append("=").append("1").append("&") 
 
//for Sadad Payment (conditional.append("&")paymentMethod=2) 
//.append("SadadOlpId").append("=").append("testSadad").append("&") 
//.append("mfu","https://MerchantSite/RedirectPaymentRequestPage").append("&") 
 
 
//fill some optional parameters 
.append("Language").append("=").append("en").append("&") 
.append("ThemeID").append("=").append("1000000001").append("&") 
.append("Version").append("=").append("1.0") 
.append("SecureHash").append("=").append(secureHash); 
 
//Send the request 
URL url = new URL("https://SR_URL"); 
URLConnection conn = url.openConnection(); 
conn.setDoOutput(true); 
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream(), "UTF-8"); 
 
//write parameters 
writer.write(requestQuery.toString()); 
writer.flush(); 

Response Parameters

ParameterDescription

Response.StatusCode 
required

An alphanumeric value that represents the response code that covers errors generated by the SmartRoute.  

Appendix A: API Payment Response Codes for descriptive details about Response Codes. 

  • Field Type: Alphanumeric
  • Length: 5
  • Sample Data: 00000
Response.StatusDescription 
required

An alphanumeric value that represents a message describing the response status received from SmartRoute. This parameter is filled only after a complete execution process using the language specified in the request. This value should be UTF-8 encoded when it is entered into the secure hash generation process.

  • Field Type: Alphanumeric
  • Length: 100
  • Sample Data: Payment processed successfully
Response.Amount
required

A numeric value that contains the purchase amount of the item.
The value is in ISO format with no decimal point. Also. For example, 100 for 1.00 USD.

  • Field Type: Numeric
  • Length: 9
  • Sample Data: 100
Response.CurrencyISOCode 
required

The numeric value is in ISO format for the currency. The value should be neither character value nor decimal point.

For example, 840 for US Dollar, 400 for JOD.

  • Field Type: Numeric
  • Length: 3
  • Sample Data: 840
Response.MerchantID 
required
An alphanumeric value that represents the unique ID of the merchant at SmartRoute. The SmartRoute operation team provides this value upon merchant enrollment. 
  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: MID0001
Response.TransactionID 
required
The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces.
  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: 201508180000001
Response.MessageID 
required

An alphanumeric value that represents the action for defined unique numbers as mentioned below: 

  • 8 for API Payment   
  • Field Type: Alphanumeric
  • Length: 2
  • Sample Data: 8
Response.CardNumber
optional
An alphanumeric value represents the masked Card Number.
  • Field Type: Alphanumeric
  • Length: 19
  • Sample Data: 4747******123

Response.SecureHash 
required

An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all parameters (required parameters and optional parameters - if available) are ordered alphabetically. By parameter’s name should be part of the secure hash, with no separators and no terminating character.

Appendix B: Secure Hash – API Payment; for more information, see secure hash generation. 

  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data:e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e 
Response.PaymentMethod  
Conditional

An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows:  

If Version is 1.0 : 

  • 1 ➔  It will be a Card payment.
  • Field Type: Alphanumeric
  • Length: 42
  • Sample Data: 1
Condition:
The SmartRoute operations team, upon merchant enrollment, provides possible Card Names.  It will return if the provided version is 3.1
Response.PaReq 
conditional

Payment Authentication Request Used for 3DS payment.

Appendix D: 3D-Secure Implementation for more information, see 3D-Secure.

This parameter is required if the sent PaymentMethod parameter is 1 (Card) and the Transaction requires authentication (API Approve).

  • Field Type: Alphanumeric
  • Length: N/A
  • Sample Data: eJxVUttu4jAQ/ZWqH4AvJCxBgyVIkJo
Response.GatewayStatusCode 
optional
An alphanumeric value that represents the gateway response code. This code covers errors generated by the chosen gateway. 
  • Field Type: Alphanumeric
  • Length: 15
  • Sample Data: 0000
Response.GatewayStatusDescription 
optional

An alphanumeric value that represents a message describing the response status received from the chosen gateway using the language specified in the request.

After completing the execution process, this parameter is filled in. This value should be UTF-8 encoded when it is entered into the secure hash generation process. 

  • Field Type: Alphanumeric
  • Length: 100
  • Sample Data: Sample Gateway Description 
Response.GatewayName 
optional
This value represents the gateway name that processed the transaction. It can be alphanumeric with special characters like space, ‘@’ and ‘_’.
  • Field Type: Alphanumeric and Some Special
  • Length: 40
  • Sample Data: TestGateway
Response.RRN 
optional
An alphanumeric value that represents a Receipt Reference Number for the current payment transaction. This value is returned if the value is provided from the gateway.
  • Field Type: Alphanumeric
  • Length: 60
  • Sample Data: 201508201600462840000000000
Response.ApprovalCode 
optional

Approval Code received from Payment Processor such as Visa. The values are returned in the following cases:

  • Only after a successful transaction
  • Value is provided from the gateway
  • Field Type: Alphanumeric
  • Length: 10
  • Sample Data: 12345678
Response.AuthenticationURL 
optional
The Authentication URL represents the 3D-Secure URL that the Merchant will use to redirect the customer to authenticate the payment.
Response.Token 
optional
The token that is assigned to the entered card information; responds to a “GenerateToken” flag with the value “Yes”. This parameter is a part of the tokenization parameters; for more information, see Tokenization.
  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data: 17b61316feafe09feb806ce33cdbfc85aed1b4173ed604f8fd5fa3cf72a02e27
Response.IssuerName
Conditional

An Alphanumeric value indicates the Bank Issuer Name.  

  • Field Type: Alphanumeric
  • Length
  • Sample Data: Test Bank
Condition:
This parameter will be provided back to the merchant if the provided version in the request is 3.1

Sample Response Code (Java)

// Get the response 
StringBuffer output = new StringBuffer(); 
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8")); 
String line; 
while ((line = reader.readLine()) != null) { 
    output.append(line); 
} 
writer.close(); 
reader.close(); 
 //Output the response 
System.out.println(output.toString()); 
 
// this string is formatted as a "Query String" - name=value&name2=value2....... 
String outputString=output.toString(); 
 
 
// To read the output string you might want to split it  
// on '&' to get pairs then on '=' to get name and value 
// and for a better and ease on verifying secure hash you should put them in a TreeMap 
String [] pairs=outputString.split("&"); 
 
Map<String,String> result=new TreeMap<String,String>(); 
 
// now we have separated the pairs from each other {"name1=value1","name2=value2",....} 
for(String pair:pairs){ 
 
    // now we have separated the pair to {"name","value"}    
    String[] nameValue=pair.split("="); 
 
    String name=nameValue[0];//first element is the name 
    String value=nameValue[1];//second element is the value 
 
    // put the pair in the result map 
    result.put(name,value); 
} 
 
 
// Now that we have the map, order it to generate secure hash and compare it with the received one 
 
 
StringBuilder responseOrderdString = new StringBuilder(); 
responseOrderdString.append(AUTHENTICATION_TOKEN); 
for (String treeMapKey : result.keySet()) { 
    responseOrderdString.append(result.get(treeMapKey)); 
} 
 
System.out.println("Response Orderd String is  " + responseOrderdString.toString()); 
 
// Generate SecureHash with SHA256 
// Using DigestUtils from appache.commons.codes.jar Library 
String generatedsecureHash = new String(DigestUtils.sha256Hex(responseOrderdString.toString()).getBytes()); 
 
// get the received secure hash from result map 
String receivedSecurehash=result.get("Response.SecureHash"); 
 
 
if(!receivedSecurehash.equals(generatedsecureHash)){ 
 
    //IF they are not equal then the response shall not be accepted   
    System.out.println("Received Secure Hash does not Equal generated Secure hash"); 
} 
else{ 
    // Complete the Action get other parameters from result map and do your processes  
    // please refer to The Integration Manual to See the List of The Received Parameters 
    String status=result.get("Response.Status"); 
    System.out.println("Status is :"+ status); 
 
    if ("20001".equalsIgnoreCase(status)) { 
        // if the received status code was 20001 this means that this transaction needs 3DS    
        //Authentication , the parameters you need are received with the response too. 
// prepare parameters to send to JSP , to Send it to 3DS in A Post Request 
        String bankUrl= (String)result.get("Response.AcsURL"); 
        String PaRequestMessage= (String)result.get("Response.PaRequestMessage"); 
     
        // 3DS Response page ( the url that you want 3DS Authentication to forword the request to) 
        String Merchant3DSResponseURL= "http://yoursite/your3DSResponsepage";   
     
        request.setAttribute("ACSURL", bankUrl); 
        request.setAttribute("3DSPaMessage", PaRequestMessage); 
        request.setAttribute("TERMURL_PREFIX", Merchant3DSResponseURL); 
     
        // Verification Enrollment Result Used for 3DS payment. 
        String veResult= (String)result.get("Response.ResponseVeResult"); 
     
        /***************************************************************************/ 
        /***************************************************************************/ 
        /***************************************************************************/ 
        /*STORE veResult IN DATABASE OR ANY SAFE PLACE TO USE IT IN APPROVE REQUEST*/ 
        /***************************************************************************/ 
        /***************************************************************************/ 
        /***************************************************************************/ 
     
         request.getRequestDispatcher("RedirectTo3DS.jsp").forward(request, response); 
    } 
    // this means that the transaction needs Sadad Authentication 
    else if("20002".equalsIgnoreCase(status)) { 
        String responseEstn = result.get("Response.estn"); 
        String responseMfu = result.get("Response.mfu"); 
        String responseAuthenticationUrl = result.get("Response.AuthenticationURL"); 
         
        request.setAttribute("responseEstn", responseEstn); 
        request.setAttribute("responseMfu", responseMfu); 
        request.setAttribute("responseAuthenticationUrl", responseAuthenticationUrl); 
     
        request.getRequestDispatcher("AuthenticateSadad.jsp").forward(request, response); 
     
    } 
    else { 
        // then the card is not 3ds enrolled  
        // this means your payment has been completed 
        System.out.println("Status is :"+ status);       
        }       
    } } 

Other Sample Request Code (.Net /PHP)

Sample Request Code (.Net)

1.    //in the response, if the received status code was “20002” it needs Sadad authentication, 
2.  //and after Authentication, you will send APIApprove Request to SmartRoute. 
3.          StringBuilder requestQuery = new StringBuilder(); 
4.          requestQuery 
5.                .Append("TransactionID").Append("=").Append(transactionId).Append("&") 
6.                .Append("MerchantID").Append("=").Append("ANBRedirectM").Append("&") 
7.                .Append("Amount").Append("=").Append("2000").Append("&") 
8.                .Append("CurrencyISOCode").Append("=").Append("840").Append("&") 
9.                .Append("MessageID").Append("=").Append("9").Append("&") 
10.          .Append("Quantity").Append("=").Append("1").Append("&") 
11.          .Append("Channel").Append("=").Append("0").Append("&") 
12.          .Append("PaymentMethod").Append("=").Append("1").Append("&") 
13.          .Append("ClientIPaddress").Append("=").Append("127.0.0.1").Append("&") 
14.          //for Card Payment (conditional.Append("&")paymentMethod=1) 
15.          .Append("CardNumber").Append("=").Append("4012001045873335").Append("&") 
16.          .Append("ExpiryDateYear").Append("=").Append("01").Append("&") 
17.          .Append("ExpiryDateMonth").Append("=").Append("19").Append("&") 
18.          .Append("SecurityCode").Append("=").Append("123").Append("&") 
19.          .Append("CardHolderName").Append("=").Append("1").Append("&") 
20.          .Append("SecureHash").Append("=").Append(secureHash).Append("&") 
21.          //for Sadad Payment (conditional.Append("&")paymentMethod=2) 
22.          //.Append("SadadOlpId").Append("=").Append("testSadad").Append("&") 
23.          //.Append("mfu","https://MerchantSite/RedirectPaymentRequestPage").Append("&") 
24.          //fill some optional parameters 
25.          .Append("Language").Append("=").Append("en").Append("&") 
26.          .Append("ThemeID").Append("=").Append("1000000001").Append("&") 
27.          .Append("Version").Append("=").Append("1.0") 
28.          .Append("SecureHash").Append("=").Append(secureHash); 
29.    
30.          //Send the request 
31.          string data = requestQuery.ToString().ToString(); 
32.          byte[] dataStream = Encoding.UTF8.GetBytes(data); 
33.          string urlPath = "https://SR_URL"; 
34.          string request = urlPath; 
35.          WebRequest webRequest = WebRequest.Create(request); 
36.          webRequest.Method = "POST"; 
37.          webRequest.ContentType = "application/x-www-form-urlencoded"; 
38.          webRequest.ContentLength = dataStream.Length; 
39.          Stream newStream = webRequest.GetRequestStream(); 
40.          // Send the data. 
41.          newStream.Write(dataStream, 0, dataStream.Length); 
42.          newStream.Close(); 

Sample Request Code (PHP)

1.        //Step 1: Generate Secure Hash 
2.        $SECRET_KEY = "Y2FkMTdlOWZiMzJjMzY4ZGFkMzhkMWIz"; // Use Yours, Please Store Your Secret Key in safe Place(e.g. database) 
3.        // put the parameters in a array to have the parameters to have them sorted alphabetically via ksort. 
4.        $parameters = []; 
5.        $transactionId = (int)microtime(true)*1000; //output to be like: 1495004320389 
6.        // fill required parameters 
7.        $parameters["TransactionID"] = $transactionId; 
8.        $parameters["MerchantID"] = "ANBRedirectM"; 
9.        $parameters["Amount"] = "2000"; 
10.  $parameters["CurrencyISOCode"] = "840"; 
11.  $parameters["MessageID"] = "9"; 
12.  $parameters["Quantity"] = "1"; 
13.  $parameters["Channel"] = "0"; 
14.  $parameters["PaymentMethod"] = "1"; 
15.  $parameters["ClientIPaddress"] = "127.0.0.1"; 
16.  //for Card Payment (conditional;paymentMethod=1) 
17.  $parameters["CardNumber"] = "4012001045873335"; 
18.  $parameters["ExpiryDateYear"] = "01"; 
19.  $parameters["ExpiryDateMonth"] = "19"; 
20.  $parameters["SecurityCode"] = "123"; 
21.  $parameters["CardHolderName"] = "1"; 
22.  //for Sadad Payment (conditional;paymentMethod=2) 
23.  //$parameters["SadadOlpId"] = "testSadad"; 
24.  //$parameters["mfu"] = "https://MerchantSite/RedirectPaymentRequestPage"; 
25.    
26.  //fill some optional parameters 
27.  $parameters["Language"] = "en"; 
28.  $parameters["ThemeID"] = "1000000001"; 
29.  $parameters["Version"] = "1.0"; 
30.  //Create an Ordered String of The Parameters Map with Secret Key 
31.    
32.  ksort($parameters); 
33.  $orderedString = $SECRET_KEY; 
34.  foreach($parameters as $param){ 
35.          $orderedString .= $param; 
36.  } 
37.  echo ("orderdString ". $orderedString); 
38.  // Generate SecureHash with SHA256 
39.  // Using DigestUtils from appache.commons.codes.jar Library 
40.  $secureHash = hash('sha256', $orderedString, false); 
41.    

//  API Payment Request  
1.  //in the response, if the received status code was “20002” it needs Sadad authentication, 
2.  //and after Authentication, you will send APIApprove Request to SmartRoute. 
3.  $requestQueryArr = [ 
4.                "TransactionID" => $transactionId, 
5.                "MerchantID" => "ANBRedirectM", 
6.                "Amount" => "2000", 
7.                "CurrencyISOCode" => "840", 
8.                "MessageID" => "9", 
9.                "Quantity" => "1", 10.          "Channel" => "0", 
11.          "PaymentMethod" => "1", 
12.          "ClientIPaddress" => "127.0.0.1", 
13.          //for Card Payment (conditional.append("&")paymentMethod=1) 
14.          "CardNumber" => "4012001045873335", 
15.          "ExpiryDateYear" => "01", 
16.          "ExpiryDateMonth" => "19", 
17.          "SecurityCode" => "123", 
18.          "CardHolderName" => "1", 
19.          "SecureHash" => $secureHash, 
20.          
21.          //for Sadad Payment (conditional.append("&")paymentMethod=2) 
22.          "SadadOlpId" => "testSadad", 
23.          "mfu" => "https://MerchantSite/RedirectPaymentRequestPage", 
24.          
25.          //fill some optional parameters 
26.          "Language" => "en", 
27.          "ThemeID" => "1000000001", 
28.          "Version" => "1.0", 
29.          "SecureHash" => $secureHash, 
30.  ]; 
31.  //configure query string 
32.  $newRequestQuery = http_build_query($requestQueryArr); 
33.    
34.  //Send the request 
35.  $ch = curl_init("https://SR_URL"); 
36.  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
37.  curl_setopt($ch,CURLOPT_POST, true); 
38.  curl_setopt($ch,CURLOPT_POSTFIELDS, $newRequestQuery); 
39.    

Other Sample Response Code (.Net /PHP)

Sample Response Code (.Net)

43.          // Get the response 
44.          WebResponse webResponse = webRequest.GetResponse(); 
45.          String output = webResponse.ToString(); 
46.          //Output the response 
47.          Console.WriteLine(output); 
48.    
49.          // this string is formatted as a "Query String" - name=value&name2=value2....... 
50.          String outputString = output.ToString(); 
51.    
52.          // To read the output string you might want to split it 
53.          // on '&' to get pairs then on '=' to get name and value 
54.          // and for a better and ease on verifying secure hash you should put them in a SortedDictionary 
55.          SortedDictionary<string, string> result = new SortedDictionary<String, String>(StringComparer.Ordinal); 
56.          NameValueCollection qscoll = HttpUtility.ParseQueryString(output); 
57.          foreach (String kv in qscoll.AllKeys ) 
58.            { 
59.                result.Add(kv, qscoll[kv]); 
60.            } 
61.    
62.          // Now that we have the SortedDictionary, order it to generate secure hash and compare it with the received one 
63.          StringBuilder responseOrderdString = new StringBuilder(); 
64.          responseOrderdString.Append(AUTHENTICATION_TOKEN); 
65.          foreach (KeyValuePair<string, string> kv in result) 
66.          { 
67.  if(!"Response.SecureHash".Equals(kv.Key)) 
68.     { 
69.       
70.      if("Response.StatusDescription".Equals(kv.Key) || "Response.GatewayStatusDescription".Equals(kv.Key))  
71.      { 
72.            responseOrderdString.Append(HttpUtility.UrlEncode(kv.Value, System.Text.Encoding.UTF8));     
73.          } 
74.        else 
75.        { 
76.            responseOrderdString.Append(kv.Value); 
77.        } 
78.     } 
79.          } 
80.          
81.          Console.WriteLine("Response Orderd String is " + responseOrderdString.ToString()); 
82.          // Generate SecureHash with SHA256 
83.    
84.          // Generate SecureHash with SHA256 from responseOrderedString 
85.          bytes = Encoding.UTF8.GetBytes(responseOrderdString.ToString().ToString()); 
86.          sha256 = SHA256Managed.Create(); 
87.          hash = sha256.ComputeHash(bytes); 
88.          String generatedsecureHash = String.Empty; 
89.          foreach (byte x in hash) 
90.          { 
91.              generatedsecureHash += String.Format("{0:x2}", x); 
92.          } 
93.    
94.          // get the received secure hash from result dictionary 
95.          String receivedSecurehash = result["Response.SecureHash"]; 
96.          if (receivedSecurehash != generatedsecureHash.ToString()) 
97.          { 
98.              //IF they are not equal then the response shall not be accepted 
99.              Console.WriteLine("Received Secure Hash does not Equal generated Secure hash"); 
100.          } 
101.          else 
102.          { 
103.              // complete the Action get other parameters from result dictionary and do your processes 

Sample Response Code (PHP)

40.  // Get the response 
41.  $output = curl_exec($ch); 
42.  curl_close($ch); 
43.    
44.  //Output the response 
45.  echo ($output); 
46.  // this string is formatted as a "Query String" - name=value&name2=value2....... 
47.    
48.  // To read the output string you might want to split it 
49.  // on '&' to get pairs then on '=' to get name and value using parse_str then order it using ksort 
50.  $result = []; 
51.  parse_str($output, $result); 
52.  ksort($result); 
53.    
54.  // Now that we have the map, order it to generate secure hash and compare it   with the received one 
55.  $responseOrderdString = $AUTHENTICATION_TOKEN; 
56.  foreach($result as $resParam) { 
57.          $responseOrderdString .= $resParam; 
58.  } 
59.  echo "Response Orderd String is " . $responseOrderdString; 
60.    
61.  // Generate SecureHash with SHA256 
62.  $generatedsecureHash = hash('sha256',$responseOrderdString); 
63.    
64.  // get the received secure hash from result map 
65.  $receivedSecurehash = $result['Response.SecureHash']; 
66.    
67.  if($receivedSecurehash !== $generatedsecureHash){ 
68.          //IF they are not equal then the response shall not be accepted 
69.          echo ("Received Secure Hash does not Equal generated Secure hash"); 
70.  }else{ 
71.          // complete the Action get other parameters from result map and do your processes 
72.          // please refer to The Integration Manual to See The List of The Received Parameters 
73.          $status= $result["Response.Status"]; 
74.          echo ("Status is :". $status); 
75.          if("20002" == $status) { 
76.                  $responseEstn = $result["Response.estn"]; 
77.                  $responseMfu = $result["Response.mfu"]; 
78.                  $responseAuthenticationUrl = $result["Response.AuthenticationURL"]; 
79.                  $_SESSION["responseEstn"] = $responseEstn; 
80.                  $_SESSION["responseMfu"] = $responseMfu; 
81.                  $_SESSION["responseAuthenticationUrl"] = $responseAuthenticationUrl; 
82.                  header("location: AuthenticateSadad.php"); 
83.                  exit(); 
84.          }else { 
85.                  // then the card is not 3ds enrolled 
86.                  // this means your payment has been completed 
87.                  echo ("Status is :". $status); 
88.          } 
89.  } 
90.    

Additional Conditional Request Parameters:

Tabby Payment Method Parameters:

Parameter
Description
email 
optional

This parameter is required if the sent PaymentMethod parameter is 8 (Tabby), and should be UTF-8 encoded when it is entered into the secure hash generation process. 

  • Field Type: email
  • Length: -
  • Sample Data: test@payone.io 
phoneNumber 
optional

This parameter is required if the sent PaymentMethod parameter is 8 (Tabby), and should be UTF-8 encoded when it is entered into the secure hash generation process. 

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 0500000001


EMKAN Payment Method Parameters:

Parameter
Description
EmkanCustomerId 
conditional

The customer’s National number or Iqama, this parameter is required if the sent PaymentMethod parameter is 7 (Emkan) and should be UTF-8 encoded when it is entered into the secure hash generation process. 

  • Field Type: String
  • Length: 10
  • Sample Data: 1539535482
voucherCode 
conditional
A code generated by Emkan for the customer, This parameter is required if the sent PaymentMethod parameter is 7 (Emkan), and should be UTF-8 encoded when it is entered into the secure hash generation process.
  • Field Type: String
  • Length: 10
  • Sample Data: 1539535482
applicationId 
conditional
The number of the application generated by Emkan for the customer, This parameter is required if the sent PaymentMethod parameter is 7 (Emkan), and should be UTF-8 encoded when it is entered into the secure hash generation process.
  • Field Type: String
  • Length: 1-10
  • Sample Data: 1927282


STCPay, URPay Payment Method Parameters:

Parameter
Description
Mobile 
optional

The customer’s mobile number, used to reference the customer’s eWallet. This parameter is required if the sent PaymentMethod parameter is 5 (STCPay), and should be UTF-8 encoded when it is entered into the secure hash generation process. 

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 0500000001


SADAD Billing Payment Method Parameters:

Parameter
Description
userType 
conditional

If they sent the PaymentMethod parameter is 6 (Sadad Billing), this parameter is required.

User type is a DDL field with two options Individual and Enterprise, and based on the selected option certain fields will be displayed. 

  • Field Type: DDL
  • Length
  • Sample Data: Individual or Enterprise
NationalID 
conditional
Customer National Number. 

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 1234567890
FirstNameAr 
conditional

First name in Arabic

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Alphabetic
  • Length: 29
  • Sample Data:  
FatherNameAr 
conditional

Father's name in Arabic

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Alphabetic
  • Length: 29
  • Sample Data:  
GrandFatherNameAr 
conditional

Grandfather's name in Arabic

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Alphabetic
  • Length: 29
  • Sample Data:
LastNameAr 
conditional

Last name in Arabic

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Alphabetic
  • Length: 29
  • Sample Data:
Email 
conditional

Customer Email.

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Email
  • Length: -
  • Sample Data: example@gmail.com
MobileNo 
conditional

Customer mobile number.

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 0500000001
DateofBirth 
conditional
Client date of birth yyyy-MM-DD

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 2017-09-15
RegistrationNo  
conditional
Company registration number

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Enterprise, this parameter is required.

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 1234567890
NameAr 
conditional
Company name in Arabic.

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Enterprise, this parameter is required.

  • Field Type: Alphabetic
  • Length: 29
  • Sample Data:
NameEn 
conditional
Company name in English.

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Enterprise, this parameter is required.

  • Field Type: Alphabetic
  • Length: 29
  • Sample Data:
CommissionerNationalID  
conditional
Commissioner National Number.

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Enterprise, this parameter is required.

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 1234567890 
CommissionerName  
conditional
Commissioner name in English.

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Enterprise, this parameter is required.

  • Field Type: Alphabetic
  • Length: 29
  • Sample Data:

CommissionerEmail  
conditional

Commissioner Email

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Email
  • Length: -
  • Sample Data: example@gmail.com 
CommissionerMobileNo   
conditional

Customer mobile number

If they sent the PaymentMethod parameter is 6 (Sadad Billing) and selected "userType" is Individual, this parameter is required.

  • Field Type: Numeric
  • Length: 10
  • Sample Data: 0500000001