2.2. Google Pay™ Integration¶
- General Information
- How to integrate Google Pay through Apropay
- Terms of Service
- Google Pay™ Authentication Types
- Google Pay™ Allowed Networks
- Required Google Pay™ Parameters
- Google Pay™ Account Setup
- Google Pay™ Integration in a Merchant Website
- Google Pay™ Integration in an Android App
2.2.1. General Information¶
Google Pay™ is an electronic wallet system that allows you to make one-click payment using a card stored securely on Google side. There is no need to enter card details during Google Pay™ transaction. Access to the payment mechanism is possible from any device, which supports Google Pay™. After choosing Google Pay™ payment method, the customer will see the form on which he confirms his Google account and card he is going to use to pay for order. If customer didn’t have a previously registered card, he may do it while making payment.
2.2.2. How to integrate Google Pay through Apropay¶
Please contact Apropay support manager to get help with Google Pay test account.
2.2.3. Terms of Service¶
- Google Pay™ for websites overview
- Integration checklist for website integration
- Google Pay™ Web Brand Guidelines
2.2.4. Google Pay™ Authentication Types¶
- PAN_ONLY (non-tokenized) - cards stored in customer`s Google account. These cards available on any device of the customer.The token contains the number and expiration date of the physical card. That is why 3-D Secure authentication is required for these cards. Read more in the Google Pay 3DS Processing section.
- CRYPTOGRAM_3DS (tokenized) - cards that are stored tokenized on the customer’s device. Tokenized cards are only available on the device where the card was added to the Google Pay™ app.The token contains the number and expiration date of the virtual card as well as the 3-D Secure cryptogram. Customer 3-D Secure verification for tokenized cards is not required.
2.2.5. Google Pay™ Allowed Networks¶
2.2.6. Required Google Pay™ Parameters¶
Firstly you must register with Google, accept Google Terms of Service, and receive a Google merchant ID after your website passes a Google review. This process is described in the next section.
Request googleMerchantGatewayID from gateway support, which looks like: eXXX.mXXX.gate.apropay.com, where:
eXXX - endpointIDmXXX - merhcantIDAn example of googleMerchantGatewayID: e123.m567.gate.apropay.comSet gatewayID=google.gatewayid
2.2.7. Google Pay™ Account Setup¶
- Merchant must register in Google Console. Instead of gmail, you can use a corporate email address.
- Then, from the account screen in the console, save the Merchant ID and proceed to the registration of the website in the Google Pay API section.
- Add a website using the “Add website” button.
- Specify screenshots of the checkout and payment form in the website settings, as well as integration type = Gateway and the address of the merchant’s website from where the purchase starts.
- Send the website address and Merchant ID to Apropay support managers.
2.2.8. Google Pay™ Integration in a Merchant Website¶
Integration Required Parameters¶
For integration to a merchant website, one needs the following parameters:
- Required Google Pay™ Parameters
- ENDPOINTID or ENDPOINTGROUPID received from gateway support
- Control-key and merchant login received from gateway support
Implement Purchase Payment Request¶
To make a purchase request one have to send an HTTPS POST request to the URLs and the parameters specified below.
API URLs¶
Integration | Production | |
---|---|---|
sale | https://sandbox.apropay.com/paynet/api/v2/sale-form/ENDPOINTID
https://sandbox.apropay.com/paynet/api/v2/sale-form/group/ENDPOINTGROUPID
|
https://gate.apropay.com/paynet/api/v2/sale-form/ENDPOINTID
https://gate.apropay.com/paynet/api/v2/sale-form/group/ENDPOINTGROUPID
|
preauth | https://sandbox.apropay.com/paynet/api/v2/preauth-form/ENDPOINTID
https://sandbox.apropay.com/paynet/api/v2/preauth-form/group/ENDPOINTGROUPID
|
https://gate.apropay.com/paynet/api/v2/preauth-form/ENDPOINTID
https://gate.apropay.com/paynet/api/v2/preauth-form/group/ENDPOINTGROUPID
|
Request Parameters¶
Note
Request parameter name | Length/Type | Comment | Necessity* |
---|---|---|---|
client_orderid | 128/String | Merchant order identifier. | Mandatory |
order_desc | 64k/String | Brief order description | Mandatory |
first_name | 50/String | Customer’s first name | Mandatory |
last_name | 50/String | Customer’s last name | Mandatory |
ssn | 4/Numeric | Last four digits of the customer’s social security number. | Optional |
birthday | 8/Numeric | Customer’s date of birth, in the format YYYYMMDD. | Optional |
address1 | 50/String | Customer’s address line 1. | Mandatory |
city | 50/String | Customer’s city. | Mandatory |
state | 2/String | Customer’s state (two-letter state code). Please see Country Codes for a list of valid state codes. Mandatory for USA, Canada and Australia | Conditional |
zip_code | 10/String | Customer’s ZIP code | Mandatory |
country | 2/String | Customer’s country(two-letter country code). Please see Country Codes for a list of valid country codes. | Mandatory |
phone | 15/String | Customer’s full international phone number, including country code. | Mandatory |
cell_phone | 15/String | Customer’s full international cell phone number, including country code. | Optional |
50/String | Customer’s email address. | Mandatory | |
purpose | 128/String | Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; gamer0001@ereality.com etc. This value will be used by fraud monitoring system. | Optional |
amount | 10/Numeric | Amount to be charged. The amount has to be specified in the highest units with . delimiter. 10.5 for USD means 10 US Dollars and 50 Cents | Mandatory |
currency | 3/String | Currency the transaction is charged in (three-letter currency code). Sample values are: USD for US Dollar EUR for European Euro | Mandatory |
ipaddress | 45/String | Customer’s IP address, included for fraud screening purposes. | Mandatory |
site_url | 128/String | URL the original sale is made from. | Optional |
control | 40/String | Checksum generated by SHA-1. See Request authorization through control parameter for more details. | Mandatory |
redirect_url | 1024/String | URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. You should not use this parameter to retrieve results from payment gateway gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to your backend use server_callback_url instead. | Mandatory if both redirect_success_url and redirect_fail_url are missing |
redirect_success_url | 1024/String | URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. You should not use this parameter to retrieve results from payment gateway gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to your backend use server_callback_url instead. Pass http://google.com if you use non-3DS schema for transactions processing and you have no need to return customer anywhere. | Mandatory if redirect_url parameter is missing |
redirect_fail_url | 1024/String | URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. You should not use this parameter to retrieve results from payment gateway gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to your backend use server_callback_url instead. Pass http://google.com if you use non-3DS schema for transactions processing and you have no need to return customer anywhere. | Mandatory if redirect_url parameter is missing |
server_callback_url | 1024/String | URL the transaction result will be sent to. Merchant may use this URL for custom processing of the transaction completion, e.g. to collect sales data in Merchant’s database. See more details at Merchant Callbacks | Optional |
preferred_language | 2/String | Customer’s two-letter language code for multi-language payment forms | Optional |
merchant_form_data | 128/String | Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example: testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters[a-zA-Z0-9], parameter value characters[a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark. | Optional |
Request Authorization Through Control Parameter¶
The checksum is used to ensure that it is a particular Merchant (and not a fraudster) that initiates the transaction. This SHA-1 checksum, the parameter control, is created by concatenation of the parameters values in the following order:
- ENDPOINTID/ENDPOINTGROUPID
- client_orderid
- minimal monetary units amount (i.e. cent, penny etc. For amount 0.94 USD value in signing string will be 94, for 10.15 USD value in signing string will be 1015)
- merchant_control
Request Example¶
curl --data "client_orderid=inv7509506r
&order_desc=Test Order Description
&first_name=John
&last_name=Smith
&ssn=1267
&birthday=19820115
&address1=100 Main st
&city=Seattle
&state=WA
&zip_code=98102
&country=US
&phone=+12063582043
&cell_phone=+19023384543
&amount=78
&email=john.smith@gmail.com
¤cy=USD
&ipaddress=65.153.12.232
&site_url=www.google.com
&purpose=user_account1
&redirect_url=https://uat.pne.io/paynet/finish.html
&server_callback_url=https://httpstat.us/200
&merchant_data=VIP customer
&merchant_form_data=testparam%3Dtest1%26mynewparam%3Dtest2
&control=9884afa4a72101046fa7050270f38f819f9d7532"
https://gate.apropay.com/paynet/api/v2/sale-form/27764
A complete control may look as follows:
27764id570231214200example@example.com3E8E45B5-2-42D8-6ECC-FBF6B11B1, where:
Encrypt the control string using SHA-1 algorithm. The resultant string yields the control parameter which is required for request authorization. For the above-mentioned example the control will take the following value:
9aedb776763d569cbbacd2ecef8621b8c0c759bf
Response Parameters¶
Note
Response parameter name | Description |
---|---|
type | The type of response. May be async-form-response, validation-error, error. If type equals validation-error or error, error-message and error-code parameters contain error details. |
paynet-order-id | Order id assigned to the order by payment gateway |
merchant-order-id | Merchant order id |
serial-number | Unique number assigned by payment gateway server to particular request from the Merchant. |
error-message | If status is declined or error this parameter contains the reason for decline or error details |
error-code | The error code in case of declined or error status |
redirect-url | The URL to the page where the Merchant should redirect the client’s browser. Merchant should send HTTP 302 redirect, see Google Pay™ Purchase Flow and Integration Steps |
Response Example¶
type=async-response
&serial-number=00000000-0000-0000-0000-0000000624e8
&merchant-order-id=59e1e3ca-5d44-11e1-b3d6-002522b853b4
&paynet-order-id=94935&end-point-id=223
Implement Final Redirect of Customer¶
Upon completion of Google Pay™ Purchase Flow and Integration Steps by the Customer he/she is automatically redirected to redirect_url provided by Merchant in the purchase request. The redirection is performed as an HTTPS POST request with the parameters specified in the following table.
Redirect parameter name | Description |
---|---|
status | See Status List for details. |
orderid | Order id assigned to the order by payment gateway |
merchant_order | Merchant order id |
client_orderid | Merchant order id |
error_message | If status is declined or error this parameter contains the reason for decline or error details |
control | Checksum used to ensure that it is payment gateway (and not a fraudster) that initiates the request. This is SHA-1 checksum of the concatenation status + orderid + client_orderid + merchant-control. |
descriptor | Gate descriptor |
If Merchant has passed server_callback_url in original Payment Form request payment gateway will call this URL. Merchant may use it for custom processing of the transaction completion, e.g. to collect sales data in Merchant’s database. The parameters sent to this URL are specified in Callback Parameters.
Implement Order Status Request¶
Merchant must use Order status API call to get the customer’s order transaction status. After any type of transaction is sent to payment gateway server and order id is returned, Merchant should poll for transaction status. When transaction is processed on payment gateway server side it returns it’s status back to Merchant and at this moment the Merchant is ready to show the customer transaction result, whether it’s approved or declined.
API URLs¶
Integration | Production | |
---|---|---|
status | https://sandbox.apropay.com/paynet/api/v2/status/ENDPOINTID
https://sandbox.apropay.com/paynet/api/v2/status/group/ENDPOINTGROUPID
|
https://gate.apropay.com/paynet/api/v2/status/ENDPOINTID
https://gate.apropay.com/paynet/api/v2/status/group/ENDPOINTGROUPID
|
Request Parameters¶
Note
Status Call Parameter | Description | Necessity |
---|---|---|
login | Merchant login name | Mandatory |
client_orderid | Merchant order identifier of the transaction for which the status is requested | Mandatory |
orderid | Order id assigned to the order by payment gateway | Conditional |
control | Checksum generated by SHA-1. See Request authorization through control parameter<requestcontrolstatus> for more details. | Mandatory |
by-request-sn | Serial number assigned to the specific request by payment gateway. If this field exist in status request, status response return for this specific request. Include this parameter to get the status response with the particular transaction stage (can be used in specific cases). To get the latest transaction status, don’t include this parameter in status request. | Optional |
Request Authorization Through Control Parameter¶
The checksum is used to ensure that it is Merchant (and not a fraudster) that sends the request to payment gateway. This SHA-1 checksum, the parameter control, is created by concatenating of the values of the parameters in the following order:
- login
- client_orderid
- orderid
- merchant_control
Request Example¶
curl --data "login=logic
&client_orderid=id5702312
&orderid=6823997
&by-request-sn=00000000-0000-0000-0000-000002dba5fe
&control=ea8c6116ebb183e446bbdca3ad86f13c3e34ae5f"
https://gate.apropay.com/paynet/api/v2/status/27764
A complete control may look as follows:
logicid570231268239973E8E45B5-2-42D8-6ECC-FBF6B11B1, where:
Encrypt the control string using SHA-1 algorithm. The resultant string yields the control parameter which is required for request authorization. For the above-mentioned example the control will take the following value:
ea8c6116ebb183e446bbdca3ad86f13c3e34ae5f
Response Parameters¶
Note
Status Response Parameter | Description |
---|---|
type | The type of response. May be status-response |
status | See Status List for details. |
amount | Actual transaction amount. This value can be changed during the purchase flow. |
currency | Currency of the initial transaction. |
paynet-order-id | Order id assigned to the order by payment gateway |
merchant-order-id | Merchant order id |
phone | Customer phone. |
serial-number | Unique number assigned by payment gateway server to particular request from the Merchant. |
last-four-digits | Last four digits of customer credit card number. |
bin | Bank BIN of customer credit card number. |
card-type | Type of customer credit card (VISA, MASTERCARD, etc). |
gate-partial-reversal | Processing gate support partial reversal (enabled or disabled). |
gate-partial-capture | Processing gate support partial capture (enabled or disabled). |
transaction-type | Transaction type (sale, reversal, capture, preauth). |
processor-rrn | Bank Receiver Registration Number. |
processor-tx-id | Acquirer transaction identifier. |
receipt-id | Electronic link to receipt https://gate.apropay.com/paynet/view-receipt/ENDPOINTID/receipt-id/ |
cardholder-name | Cardholder name. |
card-exp-month | Card expiration month. |
card-exp-year | Card expiration year. |
card-hash-id | Unique card identifier to use for loyalty programs or fraud checks. |
card-country-alpha-three-code | Three letter country code of source card issuer. See Country Codes for details |
Customer e-mail. | |
purpose | Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; gamer0001@ereality.com etc. This value will be used by fraud monitoring system. |
bank-name | Bank name by customer card BIN. |
terminal-id | Acquirer terminal identifier to show in receipt. |
paynet-processing-date | Acquirer transaction processing date. |
approval-code | Bank approval code. |
order-stage | The current stage of the transaction processing. See Order Stage for details. |
loyalty-balance | The current bonuses balance of the loyalty program for current operation. if available |
loyalty-message | The message from the loyalty program. if available |
loyalty-bonus | The bonus value of the loyalty program for current operation. if available |
loyalty-program | The name of the loyalty program for current operation. if available |
descriptor | Bank identifier of the payment recipient. |
original-gate-descriptor | Descriptor, which is set on gate level in the system. |
error-message | If status in declined, error, filtered this parameter contains the reason for decline |
error-code | The error code is case status in declined, error, filtered. |
by-request-sn | Serial number assigned to the specific request by payment gateway. If this field exist in status request, status response return for this specific request. |
verified-3d-status | See 3-D Secure Status List for details |
eci | Electronic Commerce Indicator (Visa). |
ips-src-payment-product-code | Code for card set by multinational financial service. (Visa/Mastercard). |
ips-src-payment-product-name | Decrypted code for card set by multinational financial service. (Visa/Mastercard). |
ips-src-payment-type-code | Type of card code set by multinational financial service. (Visa/Mastercard). |
ips-src-payment-type-name | Decrypted code for type of card set by multinational financial service. (Visa/Mastercard) |
initial-amount | Amount, set in initiating transaction, without any fees or commissions. This value can’t change during the purchase flow. |
seller-commission | Total commission for processed transaction. This is optional parameter. Please contact your manager in payment gateway, if you would like to receive it. |
acquirer-commission | Acquirer commission for processed transaction. This is optional parameter. Please contact your manager in payment gateway, if you would like to receive it. |
Response Example¶
type=status-response
&serial-number=00000000-0000-0000-0000-0000005b5eec
&merchant-order-id=6132tc
&processor-tx-id=9568-47ed-912d-3a1067ae1d22
&paynet-order-id=161944
&status=approved
&amount=7.56
&descriptor=no
&original-gate-descriptor=test 12345678 3Ds Bank
&gate-partial-reversal=enabled
&gate-partial-capture=enabled
&transaction-type=cancel
&receipt-id=2050-3c93-a061-8a19b6c0068f
&name=FirstName
&cardholder-name=FirstName
&card-exp-month=3
&card-exp-year=2028
&email=no
&processor-rrn=510458047886
&approval-code=380424
&order-stage=cancel_approved
&last-four-digits=1111
&bin=444455
&card-type=VISA
&phone=%2B79685787194
&bank-name=UNKNOWN
&paynet-processing-date=2015-04-14+10%3A23%3A34+MSK
&by-request-sn=00000000-0000-0000-0000-0000005b5ece
&card-hash-id=1569311
&card-country-alpha-three-code=RUS
&verified-3d-status=AUTHENTICATED
&eci=02
&ips-src-payment-product-code=SAP
&ips-src-payment-product-name=SAP—Platinum Mastercard® Salary– Immediate Debit
&ips-src-payment-type-code=Debit
&ips-src-payment-type-name=MASTERCARD Debit
&initial-amount=7.56
Request Builder¶
This request builder is used to form an order status request
String to sign |
---|
Signature |
---|
|
Configurable Web Form Templates¶
Web forms intends for configuration merchant’s web payment pages. To add new web form merchant need to contact with gateway support. Web form template samples and macros specified in the following tables.
Payment Form Template Sample¶
<html>
<head>
<script type="text/javascript">
function isCCValid(r){var n=r.length;if(n>19||13>n)return!1;
for(i=0,s=0,m=1,l=n;i<l;i++)d=parseInt(r.substring(l-i-1,l-i),10)*m,s+=d>=10?d%10+1:d,1==m?m++:m--;
return s%10==0?!0:!1}
</script>
</head>
<body>
<h3>Order #$!MERCHANT_ORDER_ID - $!ORDERDESCRIPTION</h3>
<h3>Total amount: $!AMOUNT $!CURRENCY to $!MERCHANT</h3>
<form action="${ACTION}" method="post">
<div>Cardholder name: <input name="${CARDHOLDER}" type="text" maxlength="64"/></div>
<div><label for="cc-number">Credit Card Number</label> <input id="cc-number" name="${CARDNO}" type="text" maxlength="19" autocomplete="cc-number"/></div>
<div>Card verification value: <input name="${CVV2}" type="text" maxlength="4" autocomplete="off"/></div>
<div>
Expiration date:
<select class="expiry-month" name="${EXPMONTH}" size="1" autocomplete="cc-exp-month" >
<option value="01">January</option><option value="02">February</option><option value="03">March</option>
<option value="04">April</option><option value="05">May</option><option value="06">June</option>
<option value="07">July</option><option value="08">August</option><option value="09">September</option>
<option value="10">October</option><option value="11">November</option><option value="12">December</option>
</select>
<select class="expiry-year" id="cc-exp-year" name="${EXPYEAR}" size="1" autocomplete="cc-exp-year">
${EXPIRE_YEARS}
</select>
</div>
<div>${GOOGLE_PAY}</div>
$!{INTERNAL_SECTION}
#if($!card_error)
<div style="color: red;">$!card_error</div>
#end
<input name="submit" onclick="return isCCValid(document.getElementById('cardnumber').value);" type="submit" value="Pay"/>
</form>
</body>
</html>
Payment Form Macros¶
Field Name Macro | Description |
---|---|
${GOOGLE_PAY} | Google Pay™ buy button will be available if this macros is used. |
${MERCHANT} | End point display name |
${SKIN_VERSION} | CSS skin version |
${ORDERDESCRIPTION} | Order description |
${CUSTOMER_FIRST_NAME} | Customer first name sent by merchant via input parameters |
${CUSTOMER_LAST_NAME} | Customer last name sent by merchant via input parameters |
${CUSTOMER_EMAIL} | Customer E-mail address sent by merchant via input parameters |
${AMOUNT} | Amount |
${CURRENCY} | Currency |
${PAYNET_ORDER_ID} | payment gateway order id |
${MERCHANT_ORDER_ID} | Merchant order id |
${refresh_interval} | Refresh interval recommended by system |
${uuid} | Internal |
${INTERNAL_SECTION} | Internal for iFrame integration |
${CUSTOMER_IP_COUNTRY_ISO_CODE} | Customer country defined by IP Address |
${PREFERRED_LANGUAGE} | Customer language sent by merchant via input parameters |
${MERCHANT_FORM_DATA} | Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example: testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters[a-zA-Z0-9], parameter value characters[a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark. |
${CUSTOMER_ZIP_CODE} | Generates a ZIP code to send to the processor if it was not received from the client |
Wait Form Template Sample¶
<html>
<head>
<script type="text/javascript">
function fc(t) {
document.getElementById("seconds-remaining").innerHTML = t;
(t > 0) ? setTimeout(function(){fc(--t);}, 1000) : document.checkform.submit();}
</script>
</head>
<body onload="fc($!refresh_interval)">
<h3>Order #$!MERCHANT_ORDER_ID - $!ORDERDESCRIPTION</h3>
<h3>Total amount: $!AMOUNT $!CURRENCY to $!MERCHANT</h3>
Please wait, your payment is being processed, remaining <span id="seconds-remaining"> </span> seconds.
<form name="checkform" method="post">
<input type="hidden" name="tmp" value="$!uuid"/>
$!{INTERNAL_SECTION}
<input type="submit" value="Check" />
</form>
</body>
</html>
Wait Form Macros¶
Field Name Macro | Description |
---|---|
${MERCHANT} | End point display name |
${SKIN_VERSION} | CSS skin version |
${ORDERDESCRIPTION} | Order description |
${AMOUNT} | Amount |
${CURRENCY} | Currency |
${PAYNET_ORDER_ID} | payment gateway order id |
${MERCHANT_ORDER_ID} | Merchant order id |
${refresh_interval} | Refresh interval recommended by system |
${uuid} | Internal |
${INTERNAL_SECTION} | Internal for iFrame integration |
${CUSTOMER_IP_COUNTRY_ISO_CODE} | Customer country defined by IP Address |
${PREFERRED_LANGUAGE} | Customer language send by merchant via input parameters |
${BROWSER_LANGUAGE} | Customer language defined by browser settings |
${CUSTOMER_LANGUAGE} | Customer language send by merchant via input parameters or defined by browser settings if first is not set |
Finish Form Template Sample¶
<!DOCTYPE html>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Processing done</title>
<link rel="stylesheet" type="text/css" href="/paynet-ui-skin/${SKIN_VERSION}/main/css/bootstrap.css">
<link rel="stylesheet" type="text/css" href="/paynet-ui-skin/${SKIN_VERSION}/d/css/processing-form.css"/>
</head>
<body>
<div class="header">
${STATUS}
</div>
</body></html>
Finish Form Macros¶
Field Name Macro | Description |
---|---|
${STATUS} | Order status |
${PAYNET_ORDER_ID} | System order id |
${MERCHANT_ORDER_ID} | Merchant order id |
${ERROR_MESSAGE} | Contains the reason for decline or error details |
${SKIN_VERSION} | CSS skin version |
${CUSTOMER_IP_COUNTRY_ISO_CODE} | Customer country defined by IP Address |
${PREFERRED_LANGUAGE} | Customer language send by merchant via input parameters |
${BROWSER_LANGUAGE} | Customer language defined by browser settings |
${CUSTOMER_LANGUAGE} | Customer language send by merchant via input parameters or defined by browser settings if first is not set |
${AMOUNT} | Amount |
${CURRENCY} | Currency |
${DESCRIPTION} | Transaction description |
${DATE} | Transaction date |
${PAYNET_PROCESSING_DATE} | Paynet processing date |
${RRN} | Reference Retrieval Number |
${AUTH_CODE} | Authorization Code |
2.2.9. Google Pay™ Integration in an Android App¶
Google Pay™ integration in an Android app supports only CRYPTOGRAM_3DS (tokenized) authentication type. All requests using PAN_ONLY (non-tokenized) authentication type will be automatically declined.
Integration Required Parameters¶
For integration to a merchant website, one needs the following parameters:
- Required Google Pay™ Parameters
- ENDPOINTID or ENDPOINTGROUPID received from gateway support
- Control-key and merchant login received from gateway support
Retrieve Google Pay token data¶
Please follow official tutorial from Google in order to implement retrieving of Google Pay token data within mobile application: https://developers.google.com/pay/api/android/guides/tutorial
Implement Purchase Payment Request¶
To make a purchase request one have to send an HTTPS POST request to the URLs and the parameters specified below.
API URLs¶
Integration | Production | |
---|---|---|
sale | https://sandbox.apropay.com/paynet/mapi/v1/sale/ENDPOINTID | https://gate.apropay.com/paynet/mapi/v1/sale/ENDPOINTID |
Request Parameters¶
Note
Request Parameter | Length/Type | Comment | Necessity* |
---|---|---|---|
client_orderid | 128/String | Merchant order identifier. | Mandatory |
order_desc | 64k/String | Brief order description | Mandatory |
first_name | 50/String | Customer’s first name | Optional |
last_name | 50/String | Customer’s last name | Optional |
ssn | 32/Numeric | Last four digits of the customer’s social security number. | Optional |
birthday | 8/Numeric | Customer’s date of birth, in the format MMDDYY. | Optional |
address1 | 50/String | Customer’s address line 1. | Mandatory |
city | 50/String | Customer’s city. | Mandatory |
state | 2-3/String | Customer’s state . Please see Reference for a list of valid state codes. Mandatory for USA, Canada and Australia. | Optional |
zip_code | 10/String | Customer’s ZIP code | Mandatory |
country | 2/String | Customer’s country(two-letter country code). Please see Reference for a list of valid country codes. | Mandatory |
phone | 15/String | Customer’s full international phone number, including country code. | Optional |
cell_phone | 15/String | Customer’s full international cell phone number, including country code. | Optional |
50/String | Customer’s email address. | Mandatory | |
amount | 10/Numeric | Amount to be charged. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents | Mandatory |
currency | 3/String | Currency the transaction is charged in (three-letter currency code). Sample values are: USD for US Dollar EUR for European Euro | Mandatory |
cvv2 | 3-4/Numeric | Customer’s CVV2 code. CVV2 (Card Verification Value) is a three- or four-digit number AFTER the credit card number in the signature area of the card. It used if acquirer provides only E-Commerce connection. | Optional |
ipaddress | 45/String | Customer’s IP address, included for fraud screening purposes. | Mandatory |
purpose | 128/String | Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; gamer0001@ereality.com etc. This value will be used by fraud monitoring system. | Optional |
server_callback_url | 1024/String | URL the transaction result will be sent to. Merchant may use this URL for custom processing of the transaction completion, e.g. to collect sales data in Merchant’s database. See more details at Merchant Callbacks | Optional |
encrypted-type | 32/String | Type of the encryption. Must be googlepay. | Mandatory |
encrypted-data | String | Card tracks data encrypted using encrypted-type encryption and encoded using HEX encoding. In the context of working with Google Pay encrypted-data is Google Pay token. For more info contact support. | Mandatory |
Please note the following characters must be escaped in the parameter values: &, + or \.
Request Authorization Through OAuth Signature¶
Request Signing with RSA-SHA1 Signature Method¶
This signature method doesn’t require shared secret. Merchant just uses his private key to sign requests. Here is an example of how to make a signed request in Java with help of scribe library:
import com.payneteasy.tlv.HexUtil;
import org.scribe.builder.api.DefaultApi10a;
import org.scribe.model.*;
import org.scribe.oauth.OAuth10aServiceImpl;
import org.scribe.oauth.OAuthService;
import org.scribe.services.HMACSha1SignatureService;
import org.scribe.services.SignatureService;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
public class App
{
public String doPost(String url, Map<String, String> parameters) throws ConnectionIOException, ConnectionTimeoutException
{
OAuthConfig config = new OAuthConfig(apiToken, merchantControlKey, OAuthConstants.OUT_OF_BAND, SignatureType.Header, null,null);
OAuthService service = new OAuth10aServiceImpl(new HmacSha1Mapi(), config);
OAuthRequest request = new OAuthRequest(Verb.POST, url);
for (Map.Entry<String, String> entry : parameters.entrySet()) {
request.addBodyParameter(entry.getKey(), entry.getValue());
}
// empty token for 'two-legged'
Token token = new Token("", "");
service.signRequest(token, request);
Response response = request.send();
return response.getBody();
}
private static class HmacSha1Mapi extends DefaultApi10a {
@Override
public String getRequestTokenEndpoint() {
return null; // not used
}
@Override
public String getAccessTokenEndpoint() {
return null; //not used
}
@Override
public String getAuthorizationUrl(Token requestToken) {
return null; // not used
}
@Override
public SignatureService getSignatureService() {
return new HMACSha1SignatureService();
}
}
}
Request Signing with HMAC-SHA1 Signature Method¶
This signature method is always available even without a public key. Merchant control key is used as a secret key. Here is an example of how to make a signed request in Java with help of scribe library:
import org.scribe.builder.api.DefaultApi10a;
import org.scribe.model.*;
import org.scribe.oauth.OAuth10aServiceImpl;
import org.scribe.oauth.OAuthService;
import org.scribe.services.HMACSha1SignatureService;
import org.scribe.services.SignatureService;
import java.util.Map;
public class App {
public String doPost(String url, Map<String, String>parameters) {
OAuthConfig config = new OAuthConfig(apiToken, merchantControlKey, OAuthConstants.OUT_OF_BAND,
SignatureType.Header, null,null);
OAuthService service = new OAuth10aServiceImpl(new HmacSha1Mapi(), config);
OAuthRequest request = new OAuthRequest(Verb.POST,url);
for (Map.Entry < String,String > entry :parameters.entrySet()){
request.addBodyParameter(entry.getKey(), entry.getValue());
} // empty token for 'two-legged'
Token token = new Token("", "");
service.signRequest(token, request);
Response response = request.send();
return response.getBody();
}
private static class HmacSha1Mapi extends DefaultApi10a {
@Override
public String getRequestTokenEndpoint() {
return null; // not used
}
@Override
public String getAccessTokenEndpoint() {
return null; //not used
}
@Override
public String getAuthorizationUrl(Token requestToken) {
return null; // not used
}
@Override
public SignatureService getSignatureService() {
return new HMACSha1SignatureService();
}
}
}
Request Example¶
Ones you retrieve a Google Pay token, it may look like follows:
{
"signature": "MEUCIQCOH1uW2LaQheaE4bg074mqd3QpFIx/BJxG/OGMEhhDqwIgPb6XzlwDwBM+SLzk2HYnAy0h/Pkps8l8Bn13AVc9hQQ\u003d",
"intermediateSigningKey": {
"signedKey": "{"keyValue":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiZi3I+5g0xH3kOXMxiNyoOMMRwU7sD+/qks15AdgSU5+xH2PTFwe9yCQLzn4DSdjo3QKIyc+c5fUG1dkasBvKw\\u003d\\u003d","keyExpiration":"1649766119579"}",
"signatures": [
"MEYCIQDLUKwcyf9AAqyJ6WSLrT5jG+Hd4iKvoXxaayvFUerX8wIhAMzHqN1xyAIRhznjLkkUAOQgbg7cUltK0FH1hvRL7CAN"
]
},
"protocolVersion": "ECv2",
"signedMessage": "{"encryptedMessage":"EOpG0NNX9OpyYzlR5FEe6CMNf4pkeJvEhOOOG94cBD+y1x22LdGE55Le2gBRI3mFRCusQDaQtyCS5PvoLp0/urpWNr8xTxW/EwxjnqkYgUBRFGOmbJQAceA/7MAlPu9w4gs0COY2akgurdCbLQkLasTSc5e/
i6GWmdiXqWAWM8JrNBVklpYnFek3FCeK3W23mYHntedCLyTTPVmbUeMQ4n8rhgzo+8fiWNjKywLjVZlJ2o+oCNxhMVfhG74GdWvob2TfE1uoeXOCXOH02u8towOOvR2fqnAkIBDUfpiUSjpW7MmDTJyYIewc
W4EoWGTE6A+pEyI8jTbA4Y0box39exJbNthQsThqXg5OKJOEDcMNYBPg/lbyNQfY8NjvBMA7fB//QiZqIu8WgZFfSiMJ+j4uXHdCDfLT9biw4pde7bkRuH/Uofd1CabifhQSu64SeEEkj0r87wEY55sNr8Kz
SCAwwOgQP0XYlt/t0A5KT9k172I84WtiWQYr/UNuIVURiH8x08e8Ihx9Nvkgx+Gz/ZyUVQH9RXjEXDRNvm63sSiUMB1TlY9PiMKO0451Uw2yw30c/8SzyKByPYtNdHwmd6iAhfoQSpJAKMTwhYMmKFZC+b8K
HKbx8Ge+NVKv2GpCLwy0WL4wvqWNPk21Jzc0bFcnzztafdTPbbEB1pfY","ephemeralPublicKey":"BGVn0SZ1J5pDZlInHve5nj1Ybj+C0olFcTygynSqU8YqKaZs8ZdHQjVlISrRI10PmskgZSMH
YXdkM0k+/D8/o0o\\u003d","tag":"II0dhcOZtYl26Yln3GNSXTK4yalRylKsKj71RyjZfFM\\u003d"}"
}
Make HEX from the token:
7B0A2020227369676E6174757265223A20224D4555434951434F48317557324C6151686561453462673037346D71643351704649782F424A78472F4F474D4568684471774967506236587A6C774477424D2B534C7A6B3248596E417930682F506B707338
6C38426E3133415663396851515C7530303364222C0A202022696E7465726D6564696174655369676E696E674B6579223A207B0A20202020227369676E65644B6579223A20227B5C226B657956616C75655C223A5C224D466B77457759484B6F5A497A6A
3043415159494B6F5A497A6A30444151634451674145695A6933492B3567307848336B4F584D78694E796F4F4D4D5277553773442B2F716B7331354164675355352B7848325054467765397943514C7A6E344453646A6F33514B4979632B633566554731
646B617342764B775C5C75303033645C5C75303033645C222C5C226B657945787069726174696F6E5C223A5C22313634393736363131393537395C227D222C0A20202020227369676E617475726573223A205B0A202020202020224D4559434951444C55
4B7763796639414171794A3657534C7254356A472B486434694B766F587861617976465565725838774968414D7A48714E317879414952687A6E6A4C6B6B55414F516762673763556C744B304648316876524C3743414E220A202020205D0A20207D2C0A
20202270726F746F636F6C56657273696F6E223A202245437632222C0A2020227369676E65644D657373616765223A20227B5C22656E637279707465644D6573736167655C223A5C22454F7047304E4E58394F7079597A6C523546456536434D4E663470
6B654A7645684F4F4F4739346342442B79317832324C64474535354C653267425249336D465243757351446151747943533550766F4C70302F757270574E7238785478572F4577786A6E716B596755425246474F6D624A51416365412F374D416C507539
7734677330434F5932616B6775726443624C516B4C617354536335652F693647576D646958715741574D384A724E42566B6C70596E46656B334643654B335732336D59486E746564434C79545450566D6255654D51346E387268677A6F2B386669574E6A
4B79774C6A565A6C4A326F2B6F434E78684D566668473734476457766F623254664531756F65584F43584F4830327538746F774F4F76523266716E416B4942445566706955536A7057374D6D44544A7959496577635734456F5747544536412B70457949
386A546241345930626F78333965784A624E746851735468715867354F4B4A4F4544634D4E594250672F6C62794E516659384E6A76424D413766422F2F51695A7149753857675A466653694D4A2B6A34755848644344664C54396269773470646537626B
5275482F556F6664314361626966685153753634536545456B6A307238377745593535734E72384B7A53434177774F6751503058596C742F743041354B54396B313732493834577469575159722F554E75495655526948387830386538496878394E766B
67782B477A2F5A79555651483952586A455844524E766D3633735369554D4231546C593950694D4B4F3034353155773279773330632F38537A794B42795059744E6448776D6436694168666F5153704A414B4D547768594D6D4B465A432B62384B484B62
783847652B4E564B76324770434C777930574C34777671574E506B32314A7A63306246636E7A7A74616664545062624542317066595C222C5C22657068656D6572616C5075626C69634B65795C223A5C224247566E30535A314A3570445A6C496E487665
356E6A3159626A2B43306F6C4663547967796E5371553859714B615A73385A6448516A566C49537252493130506D736B675A534D485958646B4D306B2B2F44382F6F306F5C5C75303033645C222C5C227461675C223A5C224949306468634F5A74596C32
36596C6E33474E5358544B3479616C52796C4B734B6A373152796A5A66464D5C5C75303033645C227D220A7D
Form a request setting encrypted-data equals token HEX and encrypted-type=googlepay:
curl --data "client_orderid=123098
&cvv2=XXX
&amount=114.94
&ipaddress=115.135.52.242
&state=
¤cy=USD
&phone=+6072344354
&zip_code=81200
&order_desc=Super product 1
&email=francislusaikun@yahoo.com
&country=MY
&city=Johor Bahru
&address1=11Jalan Lurah 6 Kg. Kempas Baru
&redirect_url=http://MERCHANT_SITE/payment_update/123098/
&encrypted-type=googlepay
&encrypted-data=7B0A2020227369676E6174757265223A20224D4555434951434F48317557324C6151686561453462673037346D71643351704649782F424A78472F4F474D4568684471774967506236587A6C774477424D2B534C7A6B3248596E4179
30682F506B7073386C38426E3133415663396851515C7530303364222C0A202022696E7465726D6564696174655369676E696E674B6579223A207B0A20202020227369676E65644B6579223A20227B5C226B657956616C75655C223A5C224D466B774577
59484B6F5A497A6A3043415159494B6F5A497A6A30444151634451674145695A6933492B3567307848336B4F584D78694E796F4F4D4D5277553773442B2F716B7331354164675355352B7848325054467765397943514C7A6E344453646A6F33514B4979
632B633566554731646B617342764B775C5C75303033645C5C75303033645C222C5C226B657945787069726174696F6E5C223A5C22313634393736363131393537395C227D222C0A20202020227369676E617475726573223A205B0A202020202020224D
4559434951444C554B7763796639414171794A3657534C7254356A472B486434694B766F587861617976465565725838774968414D7A48714E317879414952687A6E6A4C6B6B55414F516762673763556C744B304648316876524C3743414E220A202020
205D0A20207D2C0A20202270726F746F636F6C56657273696F6E223A202245437632222C0A2020227369676E65644D657373616765223A20227B5C22656E637279707465644D6573736167655C223A5C22454F7047304E4E58394F7079597A6C52354645
6536434D4E6634706B654A7645684F4F4F4739346342442B79317832324C64474535354C653267425249336D465243757351446151747943533550766F4C70302F757270574E7238785478572F4577786A6E716B596755425246474F6D624A5141636541
2F374D416C5075397734677330434F5932616B6775726443624C516B4C617354536335652F693647576D646958715741574D384A724E42566B6C70596E46656B334643654B335732336D59486E746564434C79545450566D6255654D51346E387268677A
6F2B386669574E6A4B79774C6A565A6C4A326F2B6F434E78684D566668473734476457766F623254664531756F65584F43584F4830327538746F774F4F76523266716E416B4942445566706955536A7057374D6D44544A7959496577635734456F574754
4536412B70457949386A546241345930626F78333965784A624E746851735468715867354F4B4A4F4544634D4E594250672F6C62794E516659384E6A76424D413766422F2F51695A7149753857675A466653694D4A2B6A34755848644344664C54396269
773470646537626B5275482F556F6664314361626966685153753634536545456B6A307238377745593535734E72384B7A53434177774F6751503058596C742F743041354B54396B313732493834577469575159722F554E754956555269483878303865
38496878394E766B67782B477A2F5A79555651483952586A455844524E766D3633735369554D4231546C593950694D4B4F3034353155773279773330632F38537A794B42795059744E6448776D6436694168666F5153704A414B4D547768594D6D4B465A
432B62384B484B62783847652B4E564B76324770434C777930574C34777671574E506B32314A7A63306246636E7A7A74616664545062624542317066595C222C5C22657068656D6572616C5075626C69634B65795C223A5C224247566E30535A314A3570
445A6C496E487665356E6A3159626A2B43306F6C4663547967796E5371553859714B615A73385A6448516A566C49537252493130506D736B675A534D485958646B4D306B2B2F44382F6F306F5C5C75303033645C222C5C227461675C223A5C2249493064
68634F5A74596C3236596C6E33474E5358544B3479616C52796C4B734B6A373152796A5A66464D5C5C75303033645C227D220A7D"
https://gate.apropay.com/paynet/mapi/v1/sale/27764
Response Parameters¶
Note
Sale Response Parameter | Description |
---|---|
type | The type of response. May be async-response, validation-error, error. If type equals validation-error or error, error-message and error-code parameters contain error details |
status | See Status List for details |
paynet-order-id | Order id assigned to the order by payment gateway |
merchant-order-id | Merchant order id |
serial-number | Unique number assigned by payment gateway server to particular request from the Merchant |
error-message | If status is error this parameter contains the reason for decline or error details |
error-code | The error code is case of error status |
Response Example¶
type=async-response
&serial-number=00000000-0000-0000-0000-0000000624e8
&merchant-order-id=59e1e3ca-5d44-11e1-b3d6-002522b853b4
&paynet-order-id=94935
Implement order status request¶
See section order status request