ISG PAY - Integration Document - V1 2 Latest
ISG PAY - Integration Document - V1 2 Latest
ISG PAY - Integration Document - V1 2 Latest
Version1.2
January 2018
In-SolutionsGlobalPvtLtd
601,PalmSpring,LinkRoad,
Malad(West)
Mumbai400064
Maharashtra,India
Phone:+91-22-67603200
www.insolutionsglobal.com
INTEGRATIONDOCUMENT
PAYMENT GATEWAY
TABLEOFCONTENTS
1 INTRODUCTION 3
2 TRANSACTION FIELDS 4
2.7 ENCRYPTION 14
3 TRANSACTION TYPES 19
3.1 PURCHASE 19
3.2 REFUND 19
3.3 STATUS 21
4 RESPONSE CODES 23
1 INTRODUCTION
Payment Gateway provides merchants a low integration and customized flow driven solution to integrate
their payment enabled websites and e-commerce applications with the payment networks. It is suitable
for most website hosting environments as merchants can integrate payment capabilities into their
application without installing or configuring any payments software.
This guide describes how to enable payment your e-commerce application or on-line store by using the
functionality of the Payment Gateway.
2 TRANSACTIONFIELDS
Thischaptercoverstheinputfieldsrequiredforbasictransactionswithdescriptionandsamplevalues.
2.1TRANSACTIONREQUEST FIELDS
Table1
3. Amount The amount of the transaction, expressed in the smallest currency unit.The
amount must not contain any decimal points, thousands separators or currency
symbols. For example, Rs. 101.20 is expressed as 10120
This value cannot be negative or zero
8. MCC MCC(Merchant Category Code) is the Code assigned to business by credit card
companies.5974 is used for miscellaneous(different) and specialty retail stores.
11. ReturnURL URL supplied by the merchant .It is used by the Payment Gateway to redirect
the card holder's browser back to the merchant's web site.
It must be a fully qualified URL starting with HTTP:// or HTTPS:// and if
typed into a browser with Internet access, would take the browser to that
web page.
16. CardNumber The number of the card used for the transaction .The format of the Card
Number is based on the Electronic Commerce Modelling Language
(ECML) and , in particular, must not contain white space or formatting
characters
17. ExpiryDate The expiry date of the card in the format MMYYYY. The value must be
expressed as a 6-digit number (integer) with no white space or formatting
characters
For example, an expiry date of May 2017 is represented as 052017
18. CardSecurityCode The Card Security Code (CSC), also known as CVV (Visa), CVC2
(MasterCard) or CID/4DBC (Amex) or CVV2, which is printed, not embossed
on the card.It compares the code with the records held in the card issuing
institution's database
19. BankCode Issuing Bank Id assigned by Payment System for Net-banking Transactions
26. SecureHash This is a hash of the fields sent to ensure integrity of the transaction data.
28. splitPaymentType If merchant wants to split settlement in different account for particular
transaction then this parameter either set to “P” (Split amount in Percentage) or
“A” (Split in Amount)
A fully qualified URL (starting with HTTPS://). It must be included in the merchant's application code to send transaction information to
the Payment Gateway.
Thedetailsofinputfieldswithsamplevaluesareprovidedintable2.
Table2
Mandatory /
Sr. No Field Name Optional / Data Type Length Sample Data
Conditional
1. Version*+ M Numeric 1 1
https://uat-
geniusepay.in/GeniusPGRedi
11. ReturnURL* M Alphanumeric 1-225
rect/merchant/merchant_ema
_dr.jsp
P : Percentage
26. splitPaymentType O Alphabetic 1
A : Amount
When splitPaymentType=P
11110011~YBL0001~50#11
110012~YBL0002~50
When splitPaymentType=A
and Amount=10000 then
27. splitPaymentInfo C* Alphabetic 1-3999 11110011~YBL0001~5000#
11110012~YBL0002~5000
*This parameter is
mandatory when
splitPaymentType parameter
is sent
Note:
The fields marked with asterisk (*) are only mandatory.
Fields marked with Plus (+) are to be send externally along with EncData.
Thedetailsofinputfieldswithsamplevaluesareprovidedintable 3.
Table 3
Sr. No. Field Name Description
1. BankId Unique ID used for identification of bank
Table 4
Sr. No. Field Name Required / Optional Data Type Length Sample Data
/ Conditional
1. BankId M Alphanumeric 6 ISG027
6. ResponseCode M Numeric 2 00
TheSecureHashisaHexencodedSHA-
256outputofaconcatenationofallthedataparameters.Theorderthatthedataparametersarehashedinisextremelyimpo
rtantasdifferenttransactionscontaindifferentdatafieldssoratherthangivingtheexplicitorderforeachparameter,theor
derthatparametersarehashedinshouldfollowthefollowingrules:
TheSecureHashSecretisalwaysfirst.
Thenallparametersareconcatenatedtothesecretinalphabeticalorderoftheparametername.Morespecificall
y,thedatasortshouldbeinascendingorderoftheASCIIvalueofeachparameter'sname,forexample,'Card'com
esbefore'card'.Whereonestringisanexactsubstringofanother,thesmallerstringshouldbeorderedbeforethel
onger,forexample,'Card'shouldcomebefore'CardNum'.
Fieldsmustnothaveanyseparatorsbetweenthemandmustnotincludeanynullterminatingcharactersorthelik
e.Forexample,ifthesecretis
DEC2BEE8967AF2911BE26727A3C6D69B,andtheTransactionRequestincludesonlythefollowingpara
meters:
FieldName ExampleValue
MerchantId TESTMERCHANT001
TxnRefNo TEST-160816111226
Amount 2995
Inascendingalphabeticalorder,theinputtotheSHA-256SecureHashcreationroutinewouldbe:
DEC2BEE8967AF2911BE26727A3C6D69B2995TESTMERCHANT001TEST-160816111226
ThisstringisthenHexencodedandthenpassedthroughthemerchant'sSHA-
256SecureHashgeneratorintheprogramminglanguagethemerchantisusing.Thisoutput(forexample,avalueof
4ec7fdf28fb8da74bebb2edf8f79920e12302d56b3e0a8a2c4fc2a2a53d0901a)isthenincludedintheTransactionRe
questusingtheSecureHashfield.
TheVirtualPaymentClientalsoincludestheSecureHashintheTransactionResponsesothemerchantcancheckthesec
urityofthereceiptdata.ThisisperformedbyfirststrippingofftheSecureHash,andthenperformingthesamestepsascrea
tinganSHA-
256SecureHashfortheTransactionRequest,butusingthereceivedTransactionResponsedatafieldsinstead.Therecei
vedSecureHashisthencomparedwiththeSHA-256SecureHashcalculatedfromtheTransactionResponsedata.
IfbothSHA-
256signaturesarethesame,thedatahasnotbeenchangedintransit.Iftheyaredifferentthedataneedstobedoubledcheck
ed.
The merchantcode encrypts the Transaction Request data.The Payment Gateway also sends back the
Transaction Response to the merchant in encrypted form. The following request parameters are encrypted using
the industry approved AES-256 algorithm.
Amount
PassCode
CardNumber
ExpiryDate
CardSecurityCode
The encrypted value is generated creating the string of the above the request parameters with the parameters
separated by “ :: (double colon)” .The Parameter name and value separated are by “||(double pipes)”
.Fieldsmustnothaveanyseparatorsbetweenthemandmustnotincludeanynullterminatingcharacters. Forexample,
consider the followingparameters:
FieldName ExampleValue
PassCode JJRS7608
Amount 2995
CardNumber 401200XXXX1112
ExpiryDate 012020
CardSecurityCode 123
PassCode||JJRS7608::Amount||100::CardNumber||401200XXXX1112::ExpiryDate||012020::CardSecur
ityCode||123
Note:
The encryption key is provided by the Payment Provider.
Encryption is implemented only for purchase transactions.
You need to encrypt all the request parameter.
Youshouldstore it
inasecureddatabase,orinafilethatisnotdirectlyaccessiblebyyourwebserverandhassuitablesystemsecuritypermissi
ons.
For Java-JSP integration, you will need ISGPayEncDec_v1.0.jar file. This jar will do all encryption /
decryption as well as hashing for you. There are different overloaded methods provided for encryption &
decryption. They are as follow:
For sending request to PG, Jar provides ISGPayEncryption class. This class’s method will
do all your encryption & hashing as per ISGPay PG accepts. There are 3-ways you can
achieve encryption 1st you need to create object of ISGPayEncryption class:
After calling any of the above method, you can get Merchant ID, Terminal ID, Bank ID, Version
Number & Encrypted data with hash included by calling
getMERCHANT_ID(),getTERMINAL_ID(),getBANK_ID(),getVERSION() andgetENC_DATA()
respectively. Here is sample code you can use :
For getting response from PG, jar provides ISGPayDecryption class to help you with the
decryption and hash matching part. There are 2-ways you can do decryption & hash
matching . 1st you need to create object of ISGPayDecryption class. Then you can call
any one of below two methods :
Map you have passed as parameter will only be used to get all decrypted response parameter.
3 TRANSACTION TYPES
This chapter covers the transaction types supported by the ISGPay.
3.1PURCHASE
Request Transaction –
The list of fields required for each Purchase transaction request is listed in table 1 & 2 with appropriate
‘TxnType’ value.
Response Transaction –
The list of fields that will be sent in response for each Purchase transaction request is listed in table 3 & 4
3.2 REFUND
Request Transaction –
The list of fields required for each Refund transaction request is listed in table 5 with appropriate
‘TxnType’ value.
Response Transaction –
The list of fields that will be sent in response for each Refund transaction request is listed in table 6
REFUND REQUEST:
Table 5
Sr. No. Field Name Required / Data Type Length Sample Data
Optional /
Conditional
1. TxnRefNo M Alphanumeric 1-40 TEST-160816111226
REFUND REPONSE:
Table 6
Sr. No. Field Name Required / Data Type Length Sample Data
Optional /
Conditional
1. TxnRefNo M Alphanumeric 1-40 TEST-160816111226
Request Transaction –
The list of fields required for each Status transaction request is listed in table 7 with appropriate ‘TxnType’ value.
Response Transaction –
The list of fields that will be sent in response for each Status transaction request is listed in table 8
STATUS REQUEST:
Table 7
Sr. No. Field Name Required / Data Type Length Sample Data
Optional /
Conditional
1. TxnRefNo M Alphanumeric 1-40 TEST-160816111226
STATUS RESPONSE:
Table 8
Sr. No. Field Name Required / Data Type Length Sample Data
Optional /
Conditional
1. TxnRefNo M Alphanumeric 1-40 TEST-160816111226
6. ResponseCode M Alphanumeric 3 00
4 RESPONSE CODES
This chapter covers the common Response Codes supported by the ISG pay.
04 Capture Card Or Hot listed Card Issuer Specific Decline The card has been
reported lost or stolen
25 Unable To Locate Record In File Issuer does not recognize the card details.
The customer should check the card
information and try processing the
transaction again.
30 Switch ISO Format Error (Invalid Issuer does not recognize the transaction
Acquirer Institute ID) details being entered. This is due to a Data
format error.
FE Switch ISO Format Error (Merchant Issuer does not recognize the transaction
Request Data Format Issue) details being entered. This is due to a Data
format error.
57 Transaction Not Permitted To Issuer Or Issuer has declined the transaction as this
Cardholder card cannot be used for this type of
transaction.
58 Transaction Not Permitted To Acquirer Or Bank has declined the transaction as this
Merchant card cannot be used for this type of
transaction, associated with a test credit
card number. The customer should use an
alternate credit card or contact their bank.
65 Exceeds Withdrawal Count Limit Issuer has declined the transaction as the
customer has exceeded the withdrawal
D2 Visa/master Card Directory Server didn’t Visa / MasterCard Directory server not
Send any Response in Specified Time responded within specified time duration.