API mPayment
  • 06 Jun 2024
  • 16 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

API mPayment

  • Dark
    Light
  • PDF

Article summary

API mPayment is based on the API communication model described in the Communication Model section. 

This message is used to perform a payment without the need of performing 3DS authentication for credit card payments. However, some payment methods rather than credit card require authentication. 

The merchant should handle the authentication if required if the returned ‘Response.StatusCode’ parameter is (20002).

Then, an API Approve message must follow to pass any authentication data to the payment gateway. Otherwise, there is no need for an API Approve following an API mPayment.

Request Parameters

ParameterDescription
MessageID
required

An alphanumeric value that represents the action for defined unique numbers as mentioned below: 

  • 9 for API mPayment 
  • Field Type: Alphanumeric
  • Length: 2
  • Sample Data: 9

TransactionID
required

The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces.

  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: 1440954863817
MerchantID
required
An alphanumeric value that represents the unique Merchant ID at SmartRoute. The Payment Gateway operation team provides this value based on the merchant enrollment.
  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: MID0001
Amount
required
A numeric value that contains the ISO Formatted item purchase invoice amount with no decimal point. For example, 100 for 1.00 USD.
  • Field Type: Numeric
  • Length: 9
  • Sample Data: 100
CurrencyISOCode
required
A numeric value that contains the ISO formatted code for the currency, not the character value. For example, 840 for USD.
  • Field Type: Numeric 
  • Length: 3
  • Sample Data: 840
PaymentMethod
required

An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows:   

  • 1 ➔  It will be a Card payment.
  • Field Type: Numeric 
  • Length: 1
  • Sample Data: 1

SecureHash
required

An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token.

Then all parameters (required parameters and optional parameters - if available) are ordered alphabetically. By parameter’s name should be part of the secure hash, with no separators and no terminating character.

Appendix B: Secure Hash – APY mPayment; for more information, see Response Codes. 

  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data: e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e
ClientIPaddress
required
An alphanumeric value that represents the client’s public IP Address.
  • Field Type: Alphanumeric
  • Length: 19
  • Sample Data: 79.183.118.666
CardNumber
conditional
The customer’s card number isused in the payment. If they sent PaymentMethod parameter is 1 (Card), this parameter is required. 
  • Field Type: Numeric
  • Length: 19
  • Sample Data: 4111111111111111
ExpiryDateYear
conditional
The customer’s card expiry date (year) digits are used in the payment. The format of this parameter should be in the form (YY). This parameter is required if the sent PaymentMethod parameter is 1 (Card). 
  • Field Type: Numeric 
  • Length: 2
  • Sample Data: 17
ExpiryDateMonth
conditional
The customer’s card expiry date (month) digits are used in the payment. The format of this parameter should be in the form (MM).
If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.
  • Field Type: Numeric 
  • Length: 2
  • Sample Data: 02
SecurityCode
conditional
The customer’s card Security Code (e.g. CVV or CVC) depends on the Card Type used in the payment. If the PaymentMethod parameter is 1 (Card) is sent.
  • Field Type: Numeric 
  • Length: 4
  • Sample Data: 123
PaymentDescription 
optional

An alphanumeric string that contains a narrative Payment Description of the invoice, which uses the language specified in the language parameter. This value should be UTF-8 encoded. It is entered into the secure hash generation process. 

  • Field Type: Alphanumeric
  • Length: 100
  • Sample Data: SamplePayment
CardHolderName
conditional

The customer’s cardholder name is used in the payment. If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.

  • Field Type: Alphabetic
  • Length: 64
  • Sample Data: Card Holder Name
ItemID
optional
An alphanumeric value that represents the custom item ID.
  • Field Type: Alphanumeric
  • Length: 25
  • Sample Data: Item1
Channel
optional

The Channel to be used by SmartRoute System. It could be one of the following: 

  • 0 for WEB
  • 1 for Mobile
  • 2 for POS
  • Field Type: Numeric
  • Length: 1
  • Sample Data: 0
Quantity
optional
A numeric value greater than ZERO represents the quantity of purchased Items.
  • Field Type: Numeric
  • Length: 5
  • Sample Data: 1
Version
optional

A numeric value with (.) separator represents the command's version to be used. If this value is not provided, SmartRoute will consider its default value which is 1.0

Possible version values:

-  2.0 or higher: an additional response field will be returned from SmartRoute to merchant that represents the payment method used "Response.PaymentMethod"
- 3.1: An additional response field will be returned from SmartRoute to the merchant that represents the Issuer Name used "Response.IssuerName"

  • Field Type: Numeric
  • Length: 5
  • Sample Data: 1.0
FrameworkInfo
optional
An alphanumeric value that represents the client’s used framework
  • Field Type: Alphanumeric
  • Length: 30
  • Sample Data: Android 7.0 
GenerateToken 
optional

This flag indicates whether to generate a token for the entered card information or not. It accepts the values “Yes” and “No”. Sending this field as “No” acts like when the field is not sent at all. 

This parameter is a part of the tokenization. For more information, see Tokenization.

  • Field Type: Alphabetic
  • Length: 3
  • Sample Data: Yes
Token
optional
The token is used in this request; to represent previously used card information. This parameter is a part of the tokenization parameters. For more information, see Tokenization.
  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data:17b61316feafe09feb806ce33cdbfc85aed1b4173ed604f8fd5fa3cf72a02e27 
googlePayResponse
optional
The googlePayResponse is used in the payment. This value should be URL encoded when it is entered in+to the secure hash generation process.
If the sent PaymentMethod parameter is 9 (Google Pay), this parameter is required.
  • Field Type: Alphanumeric 
  • Length: -
  • Sample Data

Google Pay Response before encoding:

{

    "apiVersion": 2,

    "apiVersionMinor": 0,

     "paymentMethodData": {

        "description": "Test Card: Mastercard •••• 4444",

        "info": {

             "assuranceDetails": {

                "accountVerified": true,

                 "cardHolderAuthenticated": false

            },

             "cardDetails": "4444",

             "cardNetwork": "MASTERCARD"

        },

         "tokenizationData": {

            "token": "{\"signature\":\"MEQCIDC159UT+3Xl38+kdreAB7ow2cUX3oIXj/jniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl+6vvu8y89b7g\\u003d\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX/I4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1703580845307\\\"}\",\"signatures\":[\"MEUCIDi9oNLgx4V+DGJ1HkcDQvjtrE3GMfsiD24TZqmqpLOZAiEA+G4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X/OBMA\\u003d\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"0OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR+OT25cDFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R/06WBXJzVRw1zoj8N+UAP0E9dRdCgDtZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc+a50/Yy6b1B/1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlPAJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB+SEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI3e8clgB2O0XARVJFxR4uvb5/Q7Fikb4F17k33mpkphaycaAmFI2uhRSqxj/4w3gsP12wOGmdKl0gGVED17pXN/GToYj7xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ/zgC0HBNVUsJJdPP25bp8L4xYNsdNAzgysmbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK\\\",\\\"ephemeralPublicKey\\\":\\\"BNJaGHqKX0XU50/dwmIX63TLQI8sMteYmJS7/72yf2S8DUZlHu6WT6vXS1nUq74Oh8k/QwrYM4UwVais0sH+hDU\\\\u003d\\\",\\\"tag\\\":\\\"c1j/VsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo\\\\u003d\\\"}\"}",

            "type": "PAYMENT_GATEWAY"

        },

        "type": "CARD"

    }

}

Google Pay Response after encoding:

"%7B%22apiVersion%22%3A2%2C%22apiVersionMinor%22%3A0%2C%22paymentMethodData%22%3A%7B%22description%2

2%3A%22Test%20Card%3A%20Mastercard%E2%80%86%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%A2%E2%80%8644

44%22%2C%22info%22%3A%7B%22assuranceDetails%22%3A%7B%22accountVerified%22%3Atrue%2C%22cardHolderAuthent

icated%22%3Afalse%7D%2C%22cardDetails%22%3A%224444%22%2C%22cardNetwork%22%3A%22MASTERCARD%22%7D

%2C%22tokenizationData%22%3A%7B%22token%22%3A%22%7B%5C%22signature%5C%22%3A%5C%22MEQCIDC159UT%

2B3Xl38%2BkdreAB7ow2cUX3oIXj%2FjniWtseQtjAiApuboiYh3f20ro82cbvtwvxvCIYwjiLl%2B6vvu8y89b7g%5C%5Cu003d%5C%5

Cu003d%5C%22%2C%5C%22intermediateSigningKey%5C%22%3A%7B%5C%22signedKey%5C%22%3A%5C%22%7B%5C%5

C%5C%22keyValue%5C%5C%5C%22%3A%5C%5C%5C%22MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtQ7kcUmrUkwroX

%2FI4aW62jYTSYbyrP1NTHVZzV91w5NVohF5cqY1LcF4FfGiPLPdSf7IkTlRTZzOrd8takdyVQ%5C%5C%5C%5Cu003d%5C%5C

%5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22keyExpiration%5C%5C%5C%22%3A%5C%5C%5C%22170358084530

7%5C%5C%5C%22%7D%5C%22%2C%5C%22signatures%5C%22%3A%5B%5C%22MEUCIDi9oNLgx4V%2BDGJ1HkcDQvjtrE3

GMfsiD24TZqmqpLOZAiEA%2BG4MPIp7DfXqDeb1HSRtUa2Bp6jJNjUk0fxf9X%2FOBMA%5C%5Cu003d%5C%22%5D%7D%2C

%5C%22protocolVersion%5C%22%3A%5C%22ECv2%5C%22%2C%5C%22signedMessage%5C%22%3A%5C%22%7B%5C%5

C%5C%22encryptedMessage%5C%5C%5C%22%3A%5C%5C%5C%220OtVdk8Nrz2LR7kjB48fkxZz6nqFIpYSlJ6ygR%2BOT25c

DFiDrON7dvTveW1RS2lpOyGlnWDNafGosJhxyzRJJEoYgKaDfHkujBSiA5OTwf3R%2F06WBXJzVRw1zoj8N%2BUAP0E9dRdCgD

tZX24GKUTTqjidq4sZ8omJWvOFtdAw1vK6oxn5wdrhc%2Ba50%2FYy6b1B%2F1SocptruLn9Z3bcec5fNJSWFLhIGzl3thhLzGzBlP

AJZl84KWbJzWlBbPD6JZYyXbDwEBqFGr6KB%2BSEVetljFR3O3Izu6a0YHYrnbrrMh53Bxyg7BlmxhgtoAZC1BQfrfctdMVP5Ar9QI

3e8clgB2O0XARVJFxR4uvb5%2FQ7Fikb4F17k33mpkphaycaAmFI2uhRSqxj%2F4w3gsP12wOGmdKl0gGVED17pXN%2FGToYj7

xqnHrQ2pEsyj8qt0NxG5oADgqqB0r0JT6ZzruR1aksbmJrcCsDeDMRWmZCoYsqJ%2FzgC0HBNVUsJJdPP25bp8L4xYNsdNAzgys

mbBBTCuaypIz7969eElomC3cXLy7133hPhtrNG0J83jDtBHkkTMPBEjHIoaWfnHdK%5C%5C%5C%22%2C%5C%5C%5C%22ephe

meralPublicKey%5C%5C%5C%22%3A%5C%5C%5C%22BNJaGHqKX0XU50%2FdwmIX63TLQI8sMteYmJS7%2F72yf2S8DUZlH

u6WT6vXS1nUq74Oh8k%2FQwrYM4UwVais0sH%2BhDU%5C%5C%5C%5Cu003d%5C%5C%5C%22%2C%5C%5C%5C%22tag

%5C%5C%5C%22%3A%5C%5C%5C%22c1j%2FVsH6JbgicJpcgr8ucc5zrKyYdBigXUwJEafCkqo%5C%5C%5C%5Cu003d%5C%

5C%5C%22%7D%5C%22%7D%22%2C%22type%22%3A%22PAYMENT_GATEWAY%22%7D%2C%22type%22%3A%22CARD

%22%7D%7D"

Sample Request Code (Java)

//in the response, if the received status code was “20002” it needs Sadad authentication, 
//and after Authentication, you will send APIApprove Request to SmartRoute. 
StringBuffer requestQuery = new StringBuffer(); 
 
requestQuery        
.append("TransactionID").append("=").append(transactionId).append("&") 
.append("MerchantID").append("=").append("ANBRedirectM").append("&") 
.append("Amount").append("=").append("2000").append("&") 
.append("CurrencyISOCode").append("=").append("840").append("&") 
.append("MessageID").append("=").append("9").append("&") 
.append("Quantity").append("=").append("1").append("&") 
.append("Channel").append("=").append("0").append("&") 
.append("PaymentMethod").append("=").append("1").append("&") 
.append("ClientIPaddress").append("=").append("127.0.0.1").append("&") 
 
//for Card Payment (conditional.append("&")paymentMethod=1) 
.append("CardNumber").append("=").append("4012001045873335").append("&") 
.append("ExpiryDateYear").append("=").append("01").append("&") 
.append("ExpiryDateMonth").append("=").append("19").append("&") 
.append("SecurityCode").append("=").append("123").append("&") 
.append("CardHolderName").append("=").append("1").append("&") 
.append("SecureHash").append("=").append(secureHash).append("&"); 
 
//for Sadad Payment (conditional.append("&")paymentMethod=2) 
//.append("SadadOlpId").append("=").append("testSadad").append("&") 
//.append("mfu","https://MerchantSite/RedirectPaymentRequestPage").append("&") 
 
 
//fill some optional parameters 
.append("Language").append("=").append("en").append("&") 
.append("ThemeID").append("=").append("1000000001").append("&") 
.append("Version").append("=").append("1.0") 
.append("SecureHash").append("=").append(secureHash); 
 
//Send the request 
URL url = new URL("https://SR_URL"); 
URLConnection conn = url.openConnection(); 
conn.setDoOutput(true); 
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream(), "UTF-8"); 
 
//write parameters 
writer.write(requestQuery.toString()); 
writer.flush(); 

Response Parameters

ParameterDescription

Response.StatusCode 
required

An alphanumeric value that represents the response code that covers errors generated by the SmartRoute.  

Appendix A: API mPayment Response Codes for descriptive details about Response Codes. 

  • Field Type: Alphanumeric
  • Length: 5
  • Sample Data: 00000
Response.StatusDescription 
required

An alphanumeric value that represents a message describing the response status received from SmartRoute. This parameter is  filled only after a complete execution process using the language specified in the request. This value should be UTF-8 encoded when it is entered into the secure hash generation process.

  • Field Type: Alphanumeric
  • Length: 100
  • Sample Data: Payment processed successfully
Response.Amount
required

A numeric value that contains the purchase amount of the item.
The value is in ISO format with no decimal point. Also. For example, 100 for 1.00 USD.

  • Field Type: Numeric
  • Length: 9
  • Sample Data: 100
Response.CurrencyISOCode 
required

The numeric value is in ISO format for the currency. The value should be neither character value nor decimal point.

For example, 840 for US Dollar, 400 for JOD.

  • Field Type: Numeric
  • Length: 3
  • Sample Data: 840
Response.MerchantID 
required
An alphanumeric value that represents the unique ID of the merchant at SmartRoute. The SmartRoute operation team provides this value upon merchant enrollment. 
  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: MID0001
Response.TransactionID 
required
The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces.
  • Field Type: Alphanumeric
  • Length: 40
  • Sample Data: 201508180000001
Response.MessageID 
required

An alphanumeric value that represents the action for defined unique numbers as mentioned below: 

  • 9 for API mPayment 
  • Field Type: Alphanumeric
  • Length: 2
  • Sample Data: 9
Response.SecureHash 
required

An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all response parameters appended in alphabetical order based on the parameter’s name, with no separators and no terminating character. 

Appendix B: Secure Hash – API mPayment; for more information, see secure hash generation. 

  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data: e9fbb3c46ec9c7dec2a318edc283bbbea27bc5d7bf7da30f4f2e62b89df74a2e 
Response.PaymentMethod  
Conditional

An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows:  

If Version is 1.0 : 

  • 1 ➔  It will be a Card payment.
  • Field Type: Alphanumeric
  • Length: 1
  • Sample Data: 1
Condition:
The SmartRoute operation team, upon merchant enrollment, provides possible Card Names.  
Response.GatewayStatusCode 
optional
An alphanumeric value that represents the gateway response code. This code covers errors generated by the chosen gateway. 
  • Field Type: Alphanumeric
  • Length: 15
  • Sample Data: 0000
Response.GatewayStatusDescription 
optional

An alphanumeric value that represents a message describing the response status received from the chosen gateway using the language specified in the request.

After completing the execution process, this parameter is filled in. This value should be UTF-8 encoded when it is entered into the secure hash generation process. 

  • Field Type: Alphanumeric
  • Length: 100
  • Sample Data: Sample Gateway Description 
Response.GatewayName 
optional
This value represents the gateway name that processed the transaction. It can be alphanumeric with special characters like space, ‘@’ and ‘_’.
  • Field Type: Alphanumeric and Some Special
  • Length: 40
  • Sample Data: TestGateway
Response.RRN 
optional
An alphanumeric value that represents a Receipt Reference Number for the current payment transaction. This value is returned if the value is provided from the gateway.
  • Field Type: Alphanumeric
  • Length: 60
  • Sample Data: 201508201600462840000000000
Response.ApprovalCode 
optional

Approval Code received from Payment Processor such as Visa. The values are returned in the following cases:

  • Only after a successful transaction
  • Value is provided from the gateway
  • Field Type: Alphanumeric
  • Length: 10
  • Sample Data: 12345678
Response.AuthenticationURL 
optional
The Authentication URL represents the 3D-Secure URL that the Merchant will use to redirect the customer to authenticate the payment.
Response.Token 
optional
The token that is assigned to the entered card information; responds to a “GenerateToken” flag with the value “Yes”. This parameter is a part of the tokenization parameters; for more information, see Tokenization.
  • Field Type: Alphanumeric
  • Length: 64
  • Sample Data: 17b61316feafe09feb806ce33cdbfc85aed1b4173ed604f8fd5fa3cf72a02e27

Response.CardNumber
optional
An alphanumeric value represents the masked Card Number.
  • Field Type: Alphanumeric
  • Length: 19
  • Sample Data: 4747******123
Response.IssuerName
Conditional

An Alphanumeric value indicates the Bank Issuer Name.  

  • Field Type: Alphanumeric
  • Length
  • Sample Data: Test Bank
Condition:
This parameter will be provided back to the merchant if the provided version in the request is 3.1

Sample Response Code (Java)

// Get the response 
StringBuffer output = new StringBuffer(); 
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8")); 
String line; 
while ((line = reader.readLine()) != null) { 
    output.append(line); 
} 
writer.close(); 
reader.close(); 
 
//Output the response 
System.out.println(output.toString()); 
 
// this string is formatted as a "Query String" - name=value&name2=value2....... 
String outputString=output.toString(); 
 
 
// To read the output string you might want to split it  
// on '&' to get pairs then on '=' to get name and value 
// and for a better and ease on verifying secure hash you should put them in a TreeMap 
String [] pairs=outputString.split("&"); 
 
Map<String,String> result=new TreeMap<String,String>(); 
 
// now we have separated the pairs from each other {"name1=value1","name2=value2",....} 
for(String pair:pairs){ 
 
    // now we have separated the pair to {"name","value"}    
    String[] nameValue=pair.split("="); 
 
    String name=nameValue[0];//first element is the name 
    String value=nameValue[1];//second element is the value 
 
    // put the pair in the result map 
    result.put(name,value); 
} 
 
 
// Now that we have the map, order it to generate secure hash and compare it with the received one 
 
 
StringBuilder responseOrderdString = new StringBuilder(); 
responseOrderdString.append(AUTHENTICATION_TOKEN); 
for (String treeMapKey : result.keySet()) { 
    responseOrderdString.append(result.get(treeMapKey)); 
} 
 
System.out.println("Response Orderd String is  " + responseOrderdString.toString()); 
 
// Generate SecureHash with SHA256 
// Using DigestUtils from appache.commons.codes.jar Library 
String generatedsecureHash = new 
String(DigestUtils.sha256Hex(responseOrderdString.toString()).getBytes()); 
 
// get the received secure hash from result map 
String receivedSecurehash=result.get("Response.SecureHash"); 
 
 
if(!receivedSecurehash.equals(generatedsecureHash)){ 
 
    //IF they are not equal then the response shall not be accepted   
    System.out.println("Received Secure Hash does not Equal generated Secure hash"); 
} 
else{ 
    // complete the Action get other parameters from result map and do your processes  
    // please refer to The Integration Manual to See The List of The Received Parameters 
    String status=result.get("Response.Status"); 
    System.out.println("Status is :"+ status); 
 
if("20002".equalsIgnoreCase(status)) { 
        String responseEstn = result.get("Response.estn"); 
        String responseMfu = result.get("Response.mfu"); 
        String responseAuthenticationUrl = result.get("Response.AuthenticationURL"); 
         
        request.setAttribute("responseEstn", responseEstn); 
        request.setAttribute("responseMfu", responseMfu); 
 request.setAttribute("responseAuthenticationUrl", responseAuthenticationUrl); 
     
        request.getRequestDispatcher("AuthenticateSadad.jsp").forward(request, response); 
     
    } 
    else { 
        // then the card is not 3ds enrolled  
        // this means your payment has been completed 
        System.out.println("Status is :"+ status);       
        }       
    } } 

Other Sample Request Code (.Net /PHP)

Sample Request Code (.Net)

1.  // if the Card was 3DS Enrolled, APIPayment Will be Divided into two requests. 
2.  //in the response, if the received status code was “20001” or “20002” this means 
3.  //that the Payment is 3DS supported, which means you need to authenticate with the 
4.  //Bank site, all needed parameters for 3DS in will be included in the response, 
5.  //and after Authentication, you will send APIApprove Request to SmartRoute. 
6.  //Note: The Difference between 3DS payment and none-3DS Payment, will start after 
7.  // getting the APIPayment response. 
8.          StringBuilder requestQuery = new StringBuilder(); 
9.          requestQuery 
10.          .Append("TransactionID").Append("=").Append(transactionId).Append("&") 
11.          .Append("MerchantID").Append("=").Append("ANBRedirectM").Append("&") 
12.          .Append("Amount").Append("=").Append("2000").Append("&") 
13.          .Append("CurrencyISOCode").Append("=").Append("840").Append("&") 
14.          .Append("MessageID").Append("=").Append("8").Append("&") 
15.          .Append("Quantity").Append("=").Append("1").Append("&") 
16.          .Append("Channel").Append("=").Append("0").Append("&") 
17.          .Append("PaymentMethod").Append("=").Append("1").Append("&") 
18.          .Append("ClientIPaddress").Append("=").Append("127.0.0.1").Append("&") 
19.          //for Card Payment (conditional.Append("&")paymentMethod=1) 
20.          .Append("CardNumber").Append("=").Append("4012001045873335").Append("&
") 
21.          .Append("ExpiryDateYear").Append("=").Append("01").Append("&") 
22.          .Append("ExpiryDateMonth").Append("=").Append("19").Append("&") 
23.          .Append("SecurityCode").Append("=").Append("123").Append("&") 
24.          .Append("CardHolderName").Append("=").Append("1").Append("&") 
25.          //for Sadad Payment (conditional.Append("&")paymentMethod=2) 
26.          //.Append("SadadOlpId").Append("=").Append("testSadad").Append("&") 
27.          //.Append("mfu","https://MerchantSite/RedirectPaymentRequestPage").Append("&") 
28.          //fill some optional parameters 
29.          .Append("Language").Append("=").Append("en").Append("&") 
30.          .Append("ThemeID").Append("=").Append("1000000001").Append("&") 
31.          .Append("Version").Append("=").Append("1.0") 
32.          .Append("SecureHash").Append("=").Append(secureHash); 
33.    
34.          //Send the request 
35.          string data = requestQuery.ToString().ToString(); 
36.          byte[] dataStream = Encoding.UTF8.GetBytes(data); 
37.          string urlPath = "https://SR_URL"; 
38.          string request = urlPath; 
39.          WebRequest webRequest = WebRequest.Create(request); 
40.          webRequest.Method = "POST"; 
41.          webRequest.ContentType = "application/x-www-form-urlencoded"; 
42.          webRequest.ContentLength = dataStream.Length; 
43.          Stream newStream = webRequest.GetRequestStream(); 
44.          // Send the data. 
45.          newStream.Write(dataStream, 0, dataStream.Length); 
46.          newStream.Close(); 

Sample Request Code (PHP)

1.  // if the Card was 3DS Enrolled, APIPayment Will be Divided into two requests. 
2.  //in the response, if the received status code was “20001” or “20002” this means 
3.  //that the Payment is 3DS supported, which means you need to authenticate with the 
4.  //Bank site, all needed parameters for 3DS in will be included in the response, 
5.  //and after Authentication, you will send APIApprove Request to SmartRoute. 
6.  //Note: The Difference between 3DS payment and none-3DS Payment, will start after getting the APIPayment response. 
7.    
8.  $queryStringArr = [ 
9.                "TransactionID" => $transactionId, 
10.          "MerchantID" => "ANBRedirectM", 
11.          "Amount" => "2000", 
12.          "CurrencyISOCode" => "840", 
13.          "MessageID" => "8", 
14.          "Quantity" => "1", 
15.          "Channel" => "0", 
16.          "PaymentMethod" => "1", 
17.          "ClientIPaddress" => "127.0.0.1", 
18.          //for Card Payment (conditional.append("&")paymentMethod=1) 
19.          "CardNumber" => "4012001045873335", 
20.          "ExpiryDateYear" => "01", 
21.          "ExpiryDateMonth" => "19", 
22.          "SecurityCode" => "123", 
23.          "CardHolderName" => "1", 
24.          //for Sadad Payment (conditional.append("&")paymentMethod=2) 
25.          "SadadOlpId" => "testSadad", 
26.          "mfu" => "https://MerchantSite/RedirectPaymentRequestPage", 
27.          //fill some optional parameters 
28.          "Language" => "en", 
29.          "ThemeID" => "1000000001", 
30.          "Version" => "1.0", 
31.          "SecureHash" => $secureHash, 
32.  ]; 
33.    
34.  //Send the request 
35.  $newRequestQuery = http_build_query($queryStringArr); 
36.    
37.  $url = "https://SR_URL"; 
38.  $ch = curl_init($url); 
39.  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
40.  //write parameters 
41.  curl_setopt($ch,CURLOPT_POST, true); 
42.  curl_setopt($ch,CURLOPT_POSTFIELDS, $newRequestQuery); 
43.    

Other Sample Response Code (.Net /PHP)

Sample Response Code (.Net)

47.          // Get the response 
48.          WebResponse webResponse = webRequest.GetResponse(); 
49.          String output = webResponse.ToString(); 
50.          //Output the response 
51.          Console.WriteLine(output); 
52.    
53.          // this string is formatted as a "Query String" - name=value&name2=value2....... 
54.          String outputString = output.ToString(); 
55.    
56.          // To read the output string you might want to split it 
57.          // on '&' to get pairs then on '=' to get name and value 
58.          // and for a better and ease on verifying secure hash you should put them in a SortedDictionary 
59.          SortedDictionary<string, string> result = new SortedDictionary<String, String>(StringComparer.Ordinal);   
60.          NameValueCollection qscoll = HttpUtility.ParseQueryString(output); 
61.          foreach (String kv in qscoll.AllKeys) 
62.          { 
63.              result.Add(kv, qscoll[kv]); 
64.          } 
65.   
66.          
67.          // Now that we have the SortedDictionary, order it to generate secure hash and compare it with the received one 
68.          StringBuilder responseOrderdString = new StringBuilder(); 
69.          responseOrderdString.Append(AUTHENTICATION_TOKEN); 
70.          foreach (KeyValuePair<string, string> kv in result) 
71.          { 
72.              if(!"Response.SecureHash".Equals(kv.Key)) 
73.     { 
74.       
75.      if("Response.StatusDescription".Equals(kv.Key) || "Response.GatewayStatusDescription".Equals(kv.Key))  
76.      { 
77.            responseOrderdString.Append(HttpUtility.UrlEncode(kv.Value, System.Text.Encoding.UTF8));     
78.          } 
79.        else 
80.        { 
81.            responseOrderdString.Append(kv.Value); 
82.        } 
83.     }         
84.        } 
85.    
86.          Console.WriteLine("Response Ordered String is " + responseOrderdString.ToString()); 
87.    
88.          // Generate SecureHash with SHA256 from responseOrderedString 
89.          bytes = Encoding.UTF8.GetBytes(responseOrderdString.ToString().ToString()); 
90.          sha256 = SHA256Managed.Create(); 
91.          hash = sha256.ComputeHash(bytes); 
92.          String generatedsecureHash = String.Empty; 
93.          foreach (byte x in hash) 
94.          { 
95.              generatedsecureHash += String.Format("{0:x2}", x); 
96.          } 
97.    
98.          // get the received secure hash from result dictionary 
99.          String receivedSecurehash = result["Response.SecureHash"]; 
100.    
101.          if (receivedSecurehash != generatedsecureHash.ToString()) 
102.          { 
103.              //IF they are not equal then the response shall not be accepted 
104.              Console.WriteLine("Received Secure Hash does not Equal generated Secure hash"); 
105.          } 
106.          else 
107.          { 
108.              // Complete the Action get other parameters from result dictionary and do your processes 
109.              // please refer to The Integration Manual to See the List of The Received Parameters 
110.              String status = result["Response.Status"]; 
111.              Console.WriteLine("Status is :" + status); 
112.              if ("20001" == status) 
113.              { 
114.                  // if the received status code was 20001 this means that this transaction needs 3DS 
115.                  //Authentication , the parameters you need are received with the response too.16 | P a g e 
116.                  // prepare parameters to send to ASP , to Send it to 3DS in A Post Request 
117.                  String bankUrl = (String)result["Response.AcsURL"]; 
118.                  String PaRequestMessage = (String)result["Response.PaRequestMessage"]; 
119.                  // 3DS Response page ( the url that you want 3DS Authentication to forword the request to) 
120.                  String Merchant3DSResponseURL = "http://yoursite/your3DSResponsepage"; 
121.                  
122.                  this.Context.Items.Add("ACSURL", bankUrl); 
123.                  this.Context.Items.Add("3DSPaMessage", PaRequestMessage); 
124.                  this.Context.Items.Add("TERMURL_PREFIX", Merchant3DSResponseURL); 
125.                  // Verification Enrollment Result Used for 3DS payment. 
126.                  String veResult = (String)result["Response.ResponseVeResult"]; 
127.                  /***********************************************************/ 
128.                  /***********************************************************/ 
129.                  /***********************************************************/ 
130.                  /*STORE veResult IN DATABASE OR ANY SAFE PLACE TO USE IT IN APPROVE REQUEST*/ 
131.                  /************************************************************/ 
132.                  /************************************************************/ 
133.                  /************************************************************/
                 
134.                  this.Server.Transfer("RedirectTo3DS.aspx", true); 
135.              } 
136.              // this means that the transaction needs Sadad Authentication 
137.              else if ("20002" == status) 
138.              { 
139.                  String responseEstn = result["Response.estn"]; 
140.                  String responseMfu = result["Response.mfu"]; 
141.                  String responseAuthenticationUrl = result["Response.AuthenticationURL"]; 
142.                  this.Context.Items.Add("responseEstn", responseEstn); 
143.                  this.Context.Items.Add("responseMfu", responseMfu); 
144.                  this.Context.Items.Add("responseAuthenticationUrl", responseAuthenticationUrl);                 
145.                  this.Server.Transfer("AuthenticateSadad.aspx", true); 
146.              } 
147.              else 
148.              { 
149.                  // then the card is not 3ds enrolled 
150.                  // this means your payment has been completed 
151.                  Console.WriteLine("Status is :" + status); 
152.              } 
153.          } 

Sample Response Code (PHP)

44.  // Get the response 
45.  $output = curl_exec($ch); 
46.  curl_close($ch); 
47.  //Output the response 
48.  echo $output; 
49.    
50.  // To read the output string you might want to split it 
51.  // on '&' to get pairs then on '=' to get name and value 
52.  // and for a better and ease on verifying secure hash you should put 
53.  $result = []; 
54.  parse_str($output, $result); 
55.  ksort($result); 
56.    
57.  // Now that we have the map, order it to generate secure hash and compare it with the received one 
58.  $responseOrderdString = $AUTHENTICATION_TOKEN; 
59.  foreach($result as $res_k=>$result_v){ 
60.      $responseOrderdString .= $result_v; 
61.  } 
62.    
63.  echo "-- Response Orderd String --".chr(10); 
64.  echo $responseOrderdString.chr(10); 
65.    
66.  // Generate SecureHash with SHA256 
67.  $generatedsecureHash = hash('sha256',$responseOrderdString); 
68.    
69.  // get the received secure hash from result map 
70.  $receivedSecurehash = $result['Response.SecureHash']; 
71.    
72.  if($receivedSecurehash == $generatedsecureHash){ 
73.      // IF they are not equal then the response shall not be accepted 
74.      echo "Received Secure Hash does not Equal generated Secure hash".chr(10); 
75.  }else{ 
76.    
77.      // Complete the Action get other parameters from result map and do 
78.      // your processes 
79.      // Please refer to The Integration Manual to See The List of The 
80.      // Received Parameters 
81.      $status = $result["Response.Status"]; 
82.      echo "Status is :" . $status.chr(10);     
83.          if ("20001" === $status) { 
84.                  // if the received status code was 20001 this means that this transaction needs 3DS 
85.                  //Authentication, the parameters you need are received with the response too. 
86.                  // prepare parameters to send to JSP , to Send it to 3DS in A Post Request 
87.                  $bankUrl = (String)$result["Response.AcsURL"]; 
88.                  $PaRequestMessage = (String)$result["Response.PaRequestMessage"]; 
89.                  // 3DS Response page ( the url that you want 3DS Authentication to forword the request to) 
90.                  $Merchant3DSResponseURL= "http://yoursite/your3DSResponsepage"; 
91.                  $_SESSION["ACSURL"] = $bankUrl; 
92.                  $_SESSION["3DSPaMessage"] = $PaRequestMessage; 
93.                  $_SESSION["TERMURL_PREFIX"] = $Merchant3DSResponseURL; 
94.                  
95.                  // Verification Enrollment Result Used for 3DS payment. 
96.                  $veResult= (String)$result["Response.ResponseVeResult"]; 
97.                  
98.                  /***********************************************************/ 
99.                  /***********************************************************/ 
100.                  /***********************************************************/ 
101.                  /*STORE veResult IN DATABASE OR ANY SAFE PLACE TO USE IT IN APPROVE REQUEST*/ 
102.                  /***********************************************************/ 
103.                  /***********************************************************/ 
104.                  /***********************************************************/ 
105.                  header("location: RedirectTo3DS.php"); 
106.                  exit(); 
107.          }else if("20002" === $status) { 
108.                  // this means that the transaction needs Sadad Authentication 
109.                  $responseEstn = $result["Response.estn"]; 
110.                  $responseMfu = $result["Response.mfu"]; 
111.                  $responseAuthenticationUrl = $result["Response.AuthenticationURL"]; 
112.                  $_SESSION["responseEstn"] = $responseEstn; 
113.                  $_SESSION["responseMfu"] = $responseMfu; 
114.                  $_SESSION["responseAuthenticationUrl"] = $responseAuthenticationUrl; 
115.                  
116.                  header("location: AuthenticateSadad.php"); 
117.                  exit();         
118.          }else { 
119.                  // then the card is not 3ds enrolled 
120.                  // this means your payment has been completed 
121.                  echo "Status is :". $status; 
122.          } 
123.  } 

What's Next