G2S - Secure Payment Page API.pdf - GetACoder
G2S - Secure Payment Page API.pdf - GetACoder
G2S - Secure Payment Page API.pdf - GetACoder
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Secure</strong> <strong>Payment</strong> <strong>Page</strong><br />
Integration Guide<br />
Preliminary pre-release version
CONTENTS<br />
OVERVIEW ...........................................................................................................................................3<br />
FLOW ...................................................................................................................................................3<br />
MERCHANT WEBSITE INTEGRATION .........................................................................................4<br />
INTEGRATION PART I - PRE PROCESSING INTEGRATION...................................................................4<br />
INTEGRATION PART II - POST PROCESSING INTEGRATION................................................................6<br />
INTEGRATION PART III - TRANSACTION VERIFICATION......................................................................6<br />
APPENDICES ........................................................................................................................................8<br />
1.URLS AND REQUIRED INFORMATION .............................................................................................8<br />
2.CHECKSUM PARAMETER ALGORITHM – HOWTO ............................................................................8<br />
3.RETURN OUTPUT ..........................................................................................................................10<br />
4.INPUT PARAMETERS LIST ..............................................................................................................14<br />
5.OUTPUT PARAMETERS LIST ..........................................................................................................16<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
2
Overview<br />
The Gate2Shop <strong>Payment</strong> <strong>Page</strong> is a web page provided by Gate2Shop which<br />
can be used by internet merchant to charge their customers. The <strong>Payment</strong><br />
<strong>Page</strong> provides all the functionality and interfaces needed for the charging and<br />
processing.<br />
Flow<br />
The flow has four steps, the forth step is optional:<br />
1. Redirecting - When the merchant business process reaches the stage<br />
of charging of the end user the merchant is required to redirect the end<br />
user, simply by a web form to the <strong>Payment</strong> <strong>Page</strong>.<br />
2. Charging/Processing - The payment page receives the web form<br />
request. It may collect some additional information from the end user<br />
and then it will try to perform the charging.<br />
At the end of the charging process the payment page will redirect the<br />
end user back to the merchant site. It will be directed to one either two<br />
pages provided by the merchant: one for success and one for failure.<br />
3. Response - The merchant processes the response and proceeds with<br />
its business process.<br />
4. Verification - The fourth step is optional but highly recommended. In<br />
this step the merchant will submit a very small request containing the<br />
transaction ID returned by the <strong>Payment</strong> <strong>Page</strong>. This stage purpose is to<br />
provide a final approval by the merchant in which he verifies the<br />
transaction.<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
3
Merchant website Integration<br />
The Gate2shop <strong>Secure</strong> payment page integration is divided into three parts<br />
Pre Processing integration<br />
Post processing integration<br />
Transaction Verification<br />
Integration Part I - Pre Processing Integration<br />
The pre processing integration is best achieved by the merchant<br />
implementing a web form on the page before the payment page. The form<br />
contains either hidden or graphical input parameters which are to be<br />
submitted by the form to the payment page.<br />
The input parameters are either mandatory or optional.<br />
Mandatory input parameters: Parameters must be provided each time by the<br />
merchant since they can be originated only from the merchant. E.g. total<br />
amount, currency, product-name and product-price.<br />
Optional input parameters. Are parameters that if are not provided by the<br />
merchant can be later collected, if necessary, by the Gate2shop <strong>Payment</strong><br />
<strong>Page</strong>. E.g. the consumer's names, addresses, etc.<br />
Request Authentication - The Checksum Parameter<br />
A unique "pre-processing" input parameter is the Checksum parameters. The<br />
concept behind this parameter is to provide a safe and a certain way of<br />
authenticating the merchant request to the <strong>Payment</strong> <strong>Page</strong>. The checksum is<br />
actually a string value which is an Encryptologic Hashing calculated from<br />
certain parameters. The checksum created is a value that cannot be spoof<br />
or imitated by any hostile third party.<br />
In order to generate the correct value the merchant should concatenate and<br />
then hash using the MD5 hashing algorithm the parameters to follow. These<br />
parameters are also mandatory parameters and should also be passed in<br />
their regular form:<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
4
- Secret string. This is a secret value which will be provided by Gate2shop<br />
and known only to Gate2shop and the merchant.<br />
- Merchant ID. Uniquely identifying the merchant on the Gate2shop<br />
system.<br />
- Currency. Of the amount to charge.<br />
- Amount. Of the transaction<br />
- Time Stamp. Of the transaction.<br />
Important Note: the checksum must be generated on the server side and never on the<br />
client side (on the server script: php, jsp, servlet, asp, aspx, etc. not on the html page -<br />
not by JavaScript). This in order to prevent exposing the algorithm and most<br />
importantly the Secret value.<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
5
Integration Part II - Post Processing Integration<br />
The post processing integration is achieved by the merchant implementing<br />
two web pages that receive the <strong>Payment</strong> <strong>Page</strong> processing result and react to<br />
it according to the merchant business process. Three pages stand, one for<br />
success and the other one for failure. The third back page is called by the<br />
<strong>Payment</strong> <strong>Page</strong> when the end user press back.<br />
When the <strong>Payment</strong> <strong>Page</strong> finishes its process it will redirect the end user either<br />
to the success or failure pages, providing all the transactions output<br />
information by HTTP parameters string.<br />
The HTTP output information includes:<br />
- Transaction status information. E.g. transaction result, declining<br />
reason in case of decline, authorization number in case of approval,<br />
Gate2shop transaction ID and so on.<br />
- End user Information that were collected by the <strong>Payment</strong> <strong>Page</strong>. Such<br />
as the end user's names, addresses, payment method information and<br />
so on.<br />
The back page is intended to allow the end user to return to the merchant<br />
website. Since pressing the browser “Back” button will not necessarily<br />
maintain the end user’s session on the merchant’s site we provide this page<br />
to allow this functionality.<br />
Integration Part III - Transaction Verification<br />
After the transaction response was received by the merchant on his success<br />
page, there is one more optional step to complete the whole <strong>Payment</strong><br />
process. In this Transaction verification step the merchant will verify to<br />
Gate2shop that he received the charge and approves it. This step can be a<br />
strong tool for preventing mismatching between the merchant and Gate2shop<br />
in real time, and in the long run this is an important chargeback preventing<br />
feature.<br />
In order to perform the verification the merchant needs sending an approving<br />
HTTP request to a <strong>Payment</strong> <strong>Page</strong> specific URL. The Verification URL will be<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
6
processed by the <strong>Payment</strong> <strong>Page</strong> and finalized the transaction and then it will<br />
retrieve a pixel image to the requester. This way the merchant is able to<br />
simply add a pixel image to his success page, which will practically be<br />
invisible and this way to achieve the verification.<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
7
Appendices<br />
1. URLs and required information<br />
1.1. To be provided by the merchant<br />
- Success page URL<br />
- Failure page URL<br />
- Back page URL.<br />
1.2. to be provided by Gate2shop<br />
- <strong>Payment</strong> <strong>Page</strong> URL: https://secure.gate2shop.com/ppp/purchase.do<br />
- Checksum secret input parameter value<br />
- Merchant ID. Identifies the merchant to the <strong>Payment</strong> <strong>Page</strong><br />
- Merchant Site ID. Identifies the merchant website to the<br />
<strong>Payment</strong> <strong>Page</strong>.<br />
2. Checksum parameter Algorithm - Howto<br />
Step I: concatenate the hashed values<br />
The checksum is concatenating the following parameters, in the following<br />
order<br />
- secret - a password string which will provided to by Gate2shop. This<br />
is the only parameter which is not also an input parameter.<br />
- merchant_id The same as the input parameter with the same name.<br />
Provided by Gate2shop<br />
- Currency. The currency of the transaction<br />
- total_amount. The amount of the transaction<br />
- Product Array. This array contains the relevant information<br />
regarding the products of the transaction (name, price &<br />
quantity): item_name_X, item_amount_X, quantity_X, where ‘X’<br />
stand for the product index in the array. (please see formula<br />
bellow)<br />
- Time_stamp. The date/time of the transaction. The timestamp format<br />
is YYYY-MM-DD.hh:mm:ss<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
8
Comments:<br />
* The concatenation must be in the mentioned order<br />
* Values are case sensitive and should be identical to the equivalent<br />
parameter in the http request.<br />
* No delimiter between the concatenated values<br />
* Formula: string before MD5 hashing should be concatenated as follows<br />
secret + merchant_id + currency + total_amount +<br />
item_name_1 + item_amount_1 + quantity_1 +<br />
item_name_2 + item_amount_2 + quantity_2 +<br />
. . .<br />
item_name_N + item_amount_N + quantity_N +<br />
time_stamp<br />
Step I: hash the concatenated value<br />
After the values were concatenated you will need to run the value through an<br />
MD5 algorithm function, the result will be the checksum value – a<br />
hexadecimal value you will have to submit to the payment page.<br />
Examples<br />
Example 1 – single item request<br />
Parameters participating in the checksum:<br />
secret=IA9jhabxRVg0kGTDLm0pFKOqoI6eJ8xnUJifRIOy2U79aykdOhfwJ4croJO4Iu<br />
xH<br />
merchant_id=1<br />
currency=USD<br />
total_amount=1.00<br />
(note the when doing the hash sum (MD5) there is difference between 1<br />
and 1.00, because the hash is performed over the string<br />
representation of the number)<br />
item_name_1=test item<br />
(note that items names supported character set is only ISO-8859-1<br />
encoding. This is mainly the Latin alphabet)<br />
item_amount_1=1.00<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
9
time_stamp=2007-09-05.08:50:13<br />
After concatenation:<br />
IA9jhabxRVg0kGTDLm0pFKOqoI6eJ8xnUJifRIOy2U79aykdOhfwJ4croJO4IuxH1USD1<br />
.00test item1.002007-09-05.08:50:13<br />
After MD5 Hash:<br />
65d4b2c8b768b9dda556eb846a28f328<br />
An example HTTP GET request corresponding to the above checksum. Note,<br />
that values are URL Encoded if you are doing HTTP GET.<br />
https://securehost/ppp/purchase.do?checksum=65d4b2c8b768b9dda556eb846<br />
a28f328&time_stamp=2007-09-<br />
05.08%3A50%3A13&merchant_site_id=2302&merchant_id=1&item_amount_1=1.0<br />
0&item_name_1=test%20item&total_amount=1.00¤cy=USD<br />
Example 2 – multiple items example<br />
There is no major difference on how you do single item or multiple items<br />
request. You just need to include all of the item names and amount in the<br />
checksum. It is important to note that the numberofitems parameter is now<br />
mandatory but it is included only in the HTTP GET or POST - but not in the<br />
checksum itself.<br />
Parameters participating in the checksum:<br />
secret=IA9jhabxRVg0kGTDLm0pFKOqoI6eJ8xnUJifRIOy2U79aykdOhfwJ4croJO4Iu<br />
xH<br />
merchant_id=1<br />
currency=USD<br />
total_amount=2.00<br />
(note the when doing the hash sum (MD5) there is difference between 2<br />
and 2.00, because the hash is performed over the string<br />
representation of the number)<br />
item_name_1=test item<br />
(note that items names supported character set is only ISO-8859-1<br />
encoding. This is mainly the Latin alphabet)<br />
item_amount_1=1.00<br />
item_name_2=test item 2<br />
item_amount_2=1.00<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
10
time_stamp=2007-09-05.09:16:02<br />
After concatenation:<br />
IA9jhabxRVg0kGTDLm0pFKOqoI6eJ8xnUJifRIOy2U79aykdOhfwJ4croJO4IuxH1USD2<br />
.00test item1.00test item 21.002007-09-05.09:16:02<br />
After MD5 Hash:<br />
fc654595755ab9af18bed95714fb6423<br />
An example HTTP GET request corresponding to the above checksum. Note,<br />
that values are URL Encoded if you are doing HTTP GET.<br />
https://securehost/ppp/purchase.do?checksum=fc654595755ab9af18bed9571<br />
4fb6423&time_stamp=2007-09-<br />
05.09%3A16%3A02&merchant_site_id=2302&merchant_id=1&item_amount_1=1.0<br />
0&item_name_1=test+item&total_amount=2.00¤cy=USD&numberofitems=<br />
2&item_amount_2=1.00&item_name_2=test+item+2<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
11
Return output<br />
Once the payment process is completed by either of the following ways:<br />
• Transaction approved and completed usefully. The end user is<br />
redirected by the <strong>Payment</strong> <strong>Page</strong> to the Merchant Success URL.<br />
• Transaction was cancelled by the end user, which triggered the<br />
<strong>Payment</strong> <strong>Page</strong> system to redirect the end user to the Merchant<br />
Cancel <strong>Page</strong>.<br />
• Transaction failed and redirected to the Merchant Cancel <strong>Page</strong>.<br />
The redirection to either of the merchant URLs are redirected with HTTP GET<br />
parameters which are divided to four following groups (for the full list please<br />
refer to 4. Input parameters list):<br />
1. Transaction parameters. Information regarding the parameter itself:<br />
transaction id, amount, statuses & errors fields.<br />
2. <strong>Payment</strong> method information. Information regarding the payment<br />
method chosen by the end user. E.g. for Credit Card number it will be<br />
his name on card, expiration date and four last digits of the card<br />
number.<br />
3. Personal information. End user personal information such as names,<br />
address & contact details.<br />
In addition to these parameters there is also a Returned Checksum<br />
Parameter. Similar to the Checksum Input parameter it is an MD5 hash of<br />
several concatenated parameters, this time output parameters.<br />
The importance of this checksum is to make sure that curtail information passed from<br />
the <strong>Payment</strong> <strong>Page</strong> back to the merchant site are not compromised by the end user for<br />
his own benefit.<br />
Checksum generation how to<br />
Step I: concatenate the hashed values<br />
The checksum is concatenating the following parameters, in the following<br />
order:<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
12
- secret - a password string which will provided to by Gate2shop. This<br />
is the only parameter which is not also an input parameter.<br />
- TransactionID.<br />
- ErrCode<br />
- ExErrCode<br />
- Status<br />
Comments:<br />
* The concatenation must be in the mentioned order<br />
* Values are case sensitive and should be identical to the equivalent<br />
parameter in the http request.<br />
* No delimiter between the concatenated values<br />
* Formula: string before MD5 hashing should be concatenated as follows<br />
secret + transactionID + ErrCode + ExErrCode + Status<br />
Step I: hash the concatenated value<br />
After the values were concatenated you will need to run the value through an<br />
MD5 algorithm function, the result will be the checksum value – a<br />
hexadecimal value you will have to submit to the payment page.<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
13
3. Input parameters list<br />
All numeric input parameters, should be presented as Strings, when making the actual<br />
HTTP request to Gate2shop.<br />
IMPORTANT: All parameters are lower case an are case sensitive!<br />
Input Parameter Type Size Mandatory Explanation<br />
merchant_site_id Number 64bits<br />
merchantIp String Char(15)<br />
merchant_id Number 64bits<br />
checksum String Char(102<br />
400)<br />
time_stamp String Char(19)<br />
currency String Char(3)<br />
total_amount Double 64 bits<br />
numberofitems Number 32bits<br />
merchant_unique_id String Char(64)<br />
invoice_id String Char(400)<br />
total_tax Double 64 bits<br />
yes<br />
no<br />
yes<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
depends<br />
No<br />
No<br />
No<br />
The ID, provided by Gate2shop,<br />
which uniquely defines a particular<br />
merchant customization.<br />
The IP address of the merchant site. If<br />
this IP address is not allowed for the<br />
merchant site, the request is canceled.<br />
The unique merchant id supplied by<br />
Gate2shop.<br />
Checksum of the transaction. See the<br />
examples and the Integration guide.<br />
Time stamp of the request.<br />
Format is yyyy-MM-dd.HH:mm:ss<br />
and the time zone is GMT.<br />
The currency (USD, EUR) of the<br />
transaction.<br />
This is the total amount of money for<br />
the transaction. This is the actual<br />
amount that user will be charged<br />
with.<br />
Number of items that will be processed.<br />
If you are submitting just one item, this<br />
parameter can be omitted, because it<br />
has a default value of 1. If you are<br />
submitting more than one item, you<br />
need to specify exactly the count of<br />
your items.<br />
Merchant supplied ID, which identifies<br />
the transaction on merchant side. If the<br />
Merchant does not have a system,<br />
which tracks transactions, this could be<br />
just a random number.<br />
This parameter is used to identify<br />
uniquely each invoice. If merchant<br />
cannot supply such id, it can be just a<br />
random number.<br />
Total amount for taxes. Used only for<br />
statistics purposes.<br />
item_name_N String Char(400)<br />
Yes<br />
The name of the current item.<br />
Currently only ISO-8859-1 character<br />
set encoding is supported for the item<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
14
names.<br />
item_number_N String Char(400) No Current item number.<br />
quantity_N Number 64 bits<br />
No<br />
How many pieces of this item. If you<br />
do not specify this parameter, the<br />
system considers that the quantity is 1<br />
item_amount_N Double 64 bits Yes The cost of the item. Statistics only.<br />
shipping_N Double 64 bits No Shipping per item – statistics only.<br />
payment_method String Char(256)<br />
No<br />
The payment method such as visa,<br />
maestro, ach etc.<br />
Credit Card Data<br />
Token String Char(512) No Credit card token.<br />
cc_card_number String Char(20) Only When token<br />
is being used – the<br />
masked card<br />
number<br />
Credit card number.<br />
cc_name_on_card String Char(70) No Name on credit card.<br />
cc_exp_year Number 2 digits<br />
cc_exp_month Number 2 digits<br />
cc_cvv2 Number 3 or 4<br />
digits<br />
No<br />
No<br />
No<br />
Credit card expiration year in YY<br />
format.<br />
Credit card expiration month in MM<br />
format.<br />
CVV2 number of the credit card.<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
15
4. Output parameters list<br />
Parameter name<br />
Status<br />
TransactionID<br />
ClientUniqueID<br />
ExErrCode<br />
ErrCode<br />
AuthCode<br />
error<br />
Reason<br />
Explanation<br />
Status of the executed transaction: APPROVED, DECLINED, etc. See<br />
Gate2shop gateway specification.<br />
The ID of the executed transaction assigned by Gate2shop.<br />
Matches to the merchant_unique_id, supplied by Merchant in the initial request.<br />
Extended error code if an error occurred while the transaction has been<br />
executed.<br />
Error code if an error occurred while the transaction has been executed.<br />
Gateway authentication code..<br />
Error (text) provided by the PPP system.<br />
A reason that the gateway has returned if the transaction fails.<br />
<strong>Payment</strong> parameters<br />
Token<br />
nameOnCard<br />
cardNumber<br />
expMonth<br />
expYear<br />
cvv2<br />
Credit card token.<br />
The name on the credit card used for the payment transaction.<br />
The masked number of the credit card used for the payment transaction.<br />
The expiration month(format MM) of the credit card used for the payment<br />
transaction.<br />
The expiration year(format YY) of the credit card used for the payment<br />
transaction.<br />
The masked CVV2 of the credit card used for the payment transaction.<br />
Personal info parameters<br />
first_name<br />
last_name<br />
email<br />
address1<br />
city<br />
country<br />
zip<br />
phone1<br />
First name.<br />
Last name.<br />
Email address.<br />
Address.<br />
City<br />
Country<br />
ZIP code.<br />
Primary phone number<br />
© 2007 GTS Online Limited. All Rights Reserved.<br />
16