API Approve
- 05 Dec 2023
- 10 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
API Approve
- Updated on 05 Dec 2023
- 10 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This message is used after performing API Payment, API mPayment or API Pre-Authorization and the returned status code was (20001 or 20002). This message can be considered as a complementary message after the above mentioned messages when proceeding with transaction's processing requires extra information from the user such as credit card authentication. This message is based on the API communication model as described in the Communication Model section.
Request Parameters
| Parameter | Description |
|---|---|
| MessageID required | An alphanumeric value that represents the action for defined unique numbers as mentioned below:
|
| TransactionID required | The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces. For example: For API Approve the TransactionID, shall be the same one used for the API Payment or API mPayment.
|
| MerchantID required | An alphanumeric value that represents the unique Merchant ID at SmartRoute. The Payment Gateway operation team provides this value based on the merchant enrollment.
|
| PaymentMethod required | An Alphanumeric value indicates the payment method. Supported values depend on the requested version as follows:
|
| SecureHash required | An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all parameters (required parameters and optional parameters - if available) are ordered alphabetically. By parameter’s name should be part of the secure hash, with no separators and no terminating character. Appendix B: Secure Hash – API Approve; for more information, see secure hash generation.
|
| CardNumber conditional | The customer’s card number is used in the payment. If they sent PaymentMethod parameter is 1 (Card), this parameter is required.
|
| ExpiryDateYear conditional | The customer’s card expiry date (year) digits are used in the payment. The format of this parameter should be in the form (YY). This parameter is required if the sent PaymentMethod parameter is 1 (Card).
|
| ExpiryDateMonth conditional | The customer’s card expiry date (month) digits are used in the payment. The format of this parameter should be in the form (MM). If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.
|
| SecurityCode conditional | The customer’s card Security Code (e.g. CVV or CVC) depends on the Card Type used in the payment. If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.
|
| AgreementID optional | The agreement Id represents a unique identifier for the agreement between the merchant and the payer where the payer authorizes the merchant to perform subsequent transactions (i.e. recurring) without their active participation. The subsequent transactions shall share the same agreement Id provided in this first transaction. The value is generated by the merchant and should be unique per recurring series.
Note: The same value should be provided while performing a recurring payment across the recurring series for this payer. |
| AgreementType optional | Alphabetical value represents the type of subsequent transactions, if any, that will be initiated based on this first transactions. Possible values are:
|
| PARes conditional | Payment Authentication Response used in 3DS payment process. This parameter is required if the PaymentMethod is 1 (Card) and while approving an API Payment.
|
| CardHolderName conditional | The customer’s cardholder name is used in the payment. If the PaymentMethod parameter is 1 (Card) is sent, this parameter is required.
|
Sample Request Code (Java)
StringBuffer requestQuery = new StringBuffer();
requestQuery
.append("TransactionID").append("=").append(transactionId).append("&")
.append("MerchantID").append("=").append("ANBRedirectM").append("&")
.append("MessageID").append("=").append("1").append("&")
.append("PaymentMethod").append("=").append("1").append("&")
//for Sadad Payment (conditional.append("&")paymentMethod=2)
//.append("estn").append("=").append("Test123").append("&")
//for Card Payment (conditional.append("&")paymentMethod=1)
.append("CardNumber").append("=").append("4012001045873335").append("&")
.append("ExpiryDateYear").append("=").append("01").append("&")
.append("ExpiryDateMonth").append("=").append("19").append("&")
.append("SecurityCode").append("=").append("123").append("&")
.append("CardHolderName").append("=").append("1").append("&")
.append("SecureHash").append("=").append(secureHash).append("&");
.append("PARes").append("=").append(URLEncoder.encode("eJzFV2mTokoW/Ssd9T4a3ewiHZQvkh2","UTF-8")).append("&");
//Send the request
URL url = new URL("https://SR_URL");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream(), "UTF-8");
//write parameters
writer.write(requestQuery.toString());
writer.flush(); Response Parameters
| Parameter | Description |
|---|---|
Response.StatusCode required | An alphanumeric value that represents the response code that covers errors generated by the SmartRoute. Appendix A: API Approve Response Codes for descriptive details about Response Codes.
|
| Response.StatusDescription required | An alphanumeric value that represents a message describing the response status received from SmartRoute. This parameter is filled only after a complete execution process using the language specified in the request. This value should be UTF-8 encoded when it is entered into the secure hash generation process.
|
| Response.Amount required | A numeric value that contains the purchase amount of the item.
|
| Response.CurrencyISOCode required | The numeric value is in ISO format for the currency. The value should be neither character value nor decimal point. For example, 840 for US Dollar, 400 for JOD.
|
| Response.MerchantID required | An alphanumeric value that represents the unique ID of the merchant at SmartRoute. The SmartRoute operation team provides this value upon merchant enrollment.
|
| Response.TransactionID required | The merchant generates the Transaction ID. It represents a unique identifier for the transaction and is alphanumeric which must not include special characters or spaces.
|
| Response.MessageID required | An alphanumeric value that represents the action for defined unique numbers as mentioned below:
|
| Response.SecureHash required | An alphanumeric value that represents the generated hex-encoded hash using hashing algorithm SHA-2 (256) by concatenating parameters as a single string starting with the merchant’s Merchant Authentication Token. Then all response parameters appended in alphabetical order based on the parameter’s name, with no separators and no terminating character. Appendix B: Secure Hash – API Approve; for more information, see secure hash generation.
|
| Response.GatewayStatusCode optional | An alphanumeric value that represents the gateway response code. This code covers errors generated by the chosen gateway.
|
| Response.GatewayStatusDescription optional | An alphanumeric value that represents a message describing the response status received from the chosen gateway using the language specified in the request. After completing the execution process, this parameter is filled in. This value should be UTF-8 encoded when it is entered into the secure hash generation process.
|
| Response.GatewayName optional | This value represents the gateway name that processed the transaction. It can be alphanumeric with special characters like space, ‘@’ and ‘_’.
|
| Response.RRN optional | An alphanumeric value that represents a Receipt Reference Number for the current payment transaction. This value is returned if the value is provided from the gateway.
|
| Response.ApprovalCode optional | Approval Code received from Payment Processor such as Visa. The values are returned in the following cases:
|
| Response.Token optional | The token that is assigned to the entered card information; responds to a “GenerateToken” flag with the value “Yes”. This parameter is a part of the tokenization parameters; for more information, see Tokenization.
|
| Response.CardNumber optional | An alphanumeric value represents the masked Card Number.
|
Sample Response Code (Java)
// Get the response
StringBuffer output = new StringBuffer();
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "UTF-8"));
String line;
while ((line = reader.readLine()) != null) {
output.append(line);
}
writer.close();
reader.close();
//Output the response
System.out.println(output.toString());
// this string is formatted as a "Query String" - name=value&name2=value2.......
String outputString=output.toString();
// To read the output string you might want to split it
// on '&' to get pairs then on '=' to get name and value
// and for a better and ease on verifying secure hash you should put them in a TreeMap
String [] pairs=outputString.split("&");
Map<String,String> result=new TreeMap<String,String>();
// now we have separated the pairs from each other {"name1=value1","name2=value2",....}
for(String pair:pairs){
// now we have separated the pair to {"name","value"}
String[] nameValue=pair.split("=");
String name=nameValue[0];//first element is the name
String value=nameValue[1];//second element is the value
// put the pair in the result map
result.put(name,value);
}
// Now that we have the map, order it to generate secure hash and compare it with the received one
StringBuilder responseOrderdString = new StringBuilder();
responseOrderdString.append(AUTHENTICATION_TOKEN);
for (String treeMapKey : result.keySet()) {
responseOrderdString.append(result.get(treeMapKey));
}
System.out.println("Response Orderd String is " + responseOrderdString.toString());
// Generate SecureHash with SHA256
// Using DigestUtils from appache.commons.codes.jar Library
String generatedsecureHash = new String(DigestUtils.sha256Hex(responseOrderdString.toString()).getBytes());
// get the received secure hash from result map
String receivedSecurehash=result.get("Response.SecureHash");
if(!receivedSecurehash.equals(generatedsecureHash)){
//IF they are not equal then the response shall not be accepted
System.out.println("Received Secure Hash does not Equal generated Secure hash");
}
else{
// Complete the Action get other parameters from result map and do your processes
// please refer to The Integration Manual to See The List of The Received Parameters
String status=result.get("Response.Status");
System.out.println("Status is :"+ status);
} Other Sample Request Code (.Net /PHP)
Sample Request Code (.Net)
1. StringBuilder requestQuery = new StringBuilder();
2. requestQuery
3. .Append("TransactionID").Append("=").Append(transactionId).Append("&")
4. .Append("MerchantID").Append("=").Append("ANBRedirectM").Append("&")
5. .Append("MessageID").Append("=").Append("1").Append("&")
6. .Append("PaymentMethod").Append("=").Append("1").Append("&")
7. //for Sadad Payment (conditional.Append("&")paymentMethod=2)
8. //.Append("estn").Append("=").Append("Test123").Append("&")
9. //for Card Payment (conditional.Append("&")paymentMethod=1)
10. .Append("CardNumber").Append("=").Append("4012001045873335").Append("&")
11. .Append("ExpiryDateYear").Append("=").Append("01").Append("&")
12. .Append("ExpiryDateMonth").Append("=").Append("19").Append("&")
13. .Append("SecurityCode").Append("=").Append("123").Append("&")
14. .Append("CardHolderName").Append("=").Append("1").Append("&")
15. .Append("SecureHash").Append("=").Append(secureHash).Append("&")
16. .Append("PARes").Append("=").Append(HttpContext.Current.Server.UrlEncode("eJzFV2mTokoW/Ssd9T4a3ewiHZQvkh2"))
17. .Append(" & ");
18.
19. //Send the request
20. string data = requestQuery.ToString().ToString();
21. byte[] dataStream = Encoding.UTF8.GetBytes(data);
22. string urlPath = "https://SR_URL";
23. string request = urlPath;
24. WebRequest webRequest = WebRequest.Create(request);
25. webRequest.Method = "POST";
26. webRequest.ContentType = "application/x-www-form-urlencoded";
27. webRequest.ContentLength = dataStream.Length;
28. Stream newStream = webRequest.GetRequestStream();
29. // Send the data.
30. newStream.Write(dataStream, 0, dataStream.Length);
31. newStream.Close(); Sample Request Code (PHP)
1. $requestQuery = [
2. "TransactionID" => $transactionId,
3. "MerchantID" => "ANBRedirectM",
4. "MessageID" => "1",
5. "PaymentMethod" => "1",
6.
7. //for Sadad Payment (conditional paymentMethod => "2")
8. // "estn" => "Test123",
9.
10. //for Card Payment (paymentMethod => 1)
11. "CardNumber" => "4012001045873335",
12. "ExpiryDateYear" => "01",
13. "ExpiryDateMonth" => "19",
14. "SecurityCode" => "123",
15. "CardHolderName" => "1",
16. "SecureHash" => $secureHash,
17. "PARes" => urlencode("eJzFV2mTokoW/Ssd9T4a3ewiHZQvkh2"),
18.
19. ];
20. $newRequestQuery = http_build_query($requestQuery);
21.
22. //Send the request
23. $ch = curl_init("https://SR_URL");
24. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
25. //write parameters
26. curl_setopt($ch,CURLOPT_POST, true);
27. curl_setopt($ch,CURLOPT_POSTFIELDS, $newRequestQuery);
28. Other Sample Response Code (.Net /PHP)
Sample Response Code (.Net)
32. // Get the response
33. WebResponse webResponse = webRequest.GetResponse();
34. String output = webResponse.ToString();
35. //Output the response
36. Console.WriteLine(output);
37.
38. // this string is formatted as a "Query String" - name=value&name2=value2.......
39.
40.
41. // To read the output string you might want to split it
42. // on '&' to get pairs then on '=' to get name and value
43. // and for a better and ease on verifying secure hash you should put them in a SortedDictionary
44. SortedDictionary<string, string> result = new SortedDictionary<String, String>(StringComparer.Ordinal);
45. NameValueCollection qscoll = HttpUtility.ParseQueryString(output);
46. foreach (KeyValuePair<string, string> kv in qscoll)
47. {
48. result.Add(kv.Key, kv.Value);
49. }
50.
51. // Now that we have the SortedDictionary, order it to generate secure hash and compare it with the received one
52. StringBuilder responseOrderdString = new StringBuilder();
53. responseOrderdString.Append(AUTHENTICATION_TOKEN);
54. foreach (KeyValuePair<string, string> kv in result)
55. {
56. if(!"Response.SecureHash".Equals(kv.Key))
57. {
58.
59. if("Response.StatusDescription".Equals(kv.Key) || "Response.GatewayStatusDescription".Equals(kv.Key))
60. {
61. responseOrderdString.Append(HttpUtility.UrlEncode(kv.Value, System.Text.Encoding.UTF8));
62. }
63. else
64. {
65. responseOrderdString.Append(kv.Value);
66. }
67. }
68. }
69.
70. Console.WriteLine("Response Orderd String is " + responseOrderdString.ToString());
71.
72. // Generate SecureHash with SHA256 from responseOrderedString
73. bytes = Encoding.UTF8.GetBytes(responseOrderdString.ToString().ToString());
74. sha256 = SHA256Managed.Create();
75. hash = sha256.ComputeHash(bytes);
76. String generatedsecureHash = String.Empty;
77. foreach (byte x in hash)
78. {
79. generatedsecureHash += String.Format("{0:x2}", x);
80. }
81.
82. // get the received secure hash from result sorted dictionary
83. String receivedSecurehash = result["Response.SecureHash"];
84. if (generatedsecureHash.ToString() != receivedSecurehash)
85. {
86. //IF they are not equal then the response shall not be accepted
87. Console.WriteLine("Received Secure Hash does not Equal generated Secure hash");
88. }
89. else
90. {
91. // Complete the Action get other parameters from result sorted dictionary and do your processes
92. // please refer to The Integration Manual to See The List of The Received Parameters
93. String status = result["Response.Status"];
94. Console.WriteLine("Status is :" + status);
95. } Sample Response Code (PHP)
29. // Get the response
30. $output = curl_exec($ch);
31. curl_close($ch);
32.
33.
34. //Output the response
35. echo ($output);
36. // this string is formatted as a "Query String" - name=value&name2=value2.......
37. $result = [];
38. parse_str($output, $result);
39. ksort($result);
40.
41. // Now that we have the map, order it to generate secure hash and compare it with thereceived one
42. $responseOrderdString = $AUTHENTICATION_TOKEN;
43. foreach($result as $result_v) {
44. $responseOrderdString .= $result_v;
45. }
46. echo ("Response Orderd String is " . $responseOrderdString);
47.
48. // Generate SecureHash with SHA256
49. $generatedsecureHash = hash('sha256',$responseOrderdString);
50.
51. // get the received secure hash from result map
52. $receivedSecureHash = $result["Response.SecureHash"];
53. if($generatedsecureHash !== $receivedSecureHash){
54. //IF they are not equal then the response shall not be accepted
55. echo ("Received Secure Hash does not Equal generated Secure hash");
56. }else{
57. // Complete the Action get other parameters from result map and do your processes
58. // please refer to The Integration Manual to See The List of The Received Parameters
59. $status = $result["Response.Status"];
60. echo ("Status is :". $status);
61. } Additional Conditional Request Parameters:
URPay, STCPay, EMKAN Payment Method Parameters:
Parameter | Description |
OTP conditional | If they sent the PaymentMethod parameter is 4 (URPay), is 5 (STCPay) or 7(Emkan), this parameter is required. The OTP sent to the customer’s mobile number, used to authenticate the payer STCPay OTP length can be 4 – 6 digits
|