2.2. Google Pay™ Integration

2.2.1. General Information

Google Pay™ is an electronic wallet system that allows you to make one-click payment using a card stored securely on Google side. There is no need to enter card details during Google Pay™ transaction. Access to the payment mechanism is possible from any device, which supports Google Pay™. After choosing Google Pay™ payment method, the customer will see the form on which he confirms his Google account and card he is going to use to pay for order. If customer didn’t have a previously registered card, he may do it while making payment.

2.2.2. How to integrate Google Pay through Apropay

Please contact Apropay support manager to get help with Google Pay test account.

2.2.4. Google Pay™ Authentication Types

Merchant can independently choose the card types in Google Pay™ that will be available for payment. The card type is specified in the allowedAuthMethods Google request parameter.
There are two card types (authentication methods):
  1. PAN_ONLY (non-tokenized) - cards stored in customer`s Google account. These cards available on any device of the customer.
    The token contains the number and expiration date of the physical card. That is why 3-D Secure authentication is required for these cards. Read more in the Google Pay 3DS Processing section.
  2. CRYPTOGRAM_3DS (tokenized) - cards that are stored tokenized on the customer’s device. Tokenized cards are only available on the device where the card was added to the Google Pay™ app.
    The token contains the number and expiration date of the virtual card as well as the 3-D Secure cryptogram. Customer 3-D Secure verification for tokenized cards is not required.

2.2.5. Google Pay™ Allowed Networks

Payment Gateway supports all networks specified in the allowedCardNetworks Google request parameter, such as: VISA, MASTERCARD, MIR, etc. For the complete list of allowed networks refer to gateway support.

2.2.6. Required Google Pay™ Parameters

  1. Firstly you must register with Google, accept Google Terms of Service, and receive a Google merchant ID after your website passes a Google review. This process is described in the next section.

  2. Request googleMerchantGatewayID from gateway support, which looks like: eXXX.mXXX.gate.apropay.com, where:

    eXXX - endpointID
    mXXX - merhcantID
    An example of googleMerchantGatewayID: e123.m567.gate.apropay.com
  3. Set gatewayID=google.gatewayid

2.2.7. Google Pay™ Account Setup

  1. Merchant must register in Google Console. Instead of gmail, you can use a corporate email address.
../_images/gpay-1.png ../_images/gpay-2.png
  1. Then, from the account screen in the console, save the Merchant ID and proceed to the registration of the website in the Google Pay API section.
../_images/gpay-3.png
  1. Add a website using the “Add website” button.
../_images/gpay-4.png
  1. Specify screenshots of the checkout and payment form in the website settings, as well as integration type = Gateway and the address of the merchant’s website from where the purchase starts.
../_images/gpay-5.png
  1. Send the website address and Merchant ID to Apropay support managers.

2.2.8. Google Pay™ Integration in a Merchant Website

Integration Required Parameters

For integration to a merchant website, one needs the following parameters:

  1. Required Google Pay™ Parameters
  2. ENDPOINTID or ENDPOINTGROUPID received from gateway support
  3. Control-key and merchant login received from gateway support

Implement Purchase Payment Request

To make a purchase request one have to send an HTTPS POST request to the URLs and the parameters specified below.

API URLs

  Integration Production
sale
https://sandbox.apropay.com/paynet/api/v2/sale-form/ENDPOINTID

https://sandbox.apropay.com/paynet/api/v2/sale-form/group/ENDPOINTGROUPID
https://gate.apropay.com/paynet/api/v2/sale-form/ENDPOINTID

https://gate.apropay.com/paynet/api/v2/sale-form/group/ENDPOINTGROUPID
preauth
https://sandbox.apropay.com/paynet/api/v2/preauth-form/ENDPOINTID

https://sandbox.apropay.com/paynet/api/v2/preauth-form/group/ENDPOINTGROUPID
https://gate.apropay.com/paynet/api/v2/preauth-form/ENDPOINTID

https://gate.apropay.com/paynet/api/v2/preauth-form/group/ENDPOINTGROUPID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded.
Acquirer can redefine the necessity of some fields so they become mandatory instead of optional.
Leading and trailing whitespace in input parameters will be omitted.
Request parameter name Length/Type Comment Necessity*
client_orderid 128/String Merchant order identifier. Mandatory
order_desc 64k/String Brief order description Mandatory
first_name 50/String Customer’s first name Mandatory
last_name 50/String Customer’s last name Mandatory
ssn 4/Numeric Last four digits of the customer’s social security number. Optional
birthday 8/Numeric Customer’s date of birth, in the format YYYYMMDD. Optional
address1 50/String Customer’s address line 1. Mandatory
city 50/String Customer’s city. Mandatory
state 2/String Customer’s state (two-letter state code). Please see Country Codes for a list of valid state codes. Mandatory for USA, Canada and Australia Conditional
zip_code 10/String Customer’s ZIP code Mandatory
country 2/String Customer’s country(two-letter country code). Please see Country Codes for a list of valid country codes. Mandatory
phone 15/String Customer’s full international phone number, including country code. Mandatory
cell_phone 15/String Customer’s full international cell phone number, including country code. Optional
email 50/String Customer’s email address. Mandatory
purpose 128/String Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; gamer0001@ereality.com etc. This value will be used by fraud monitoring system. Optional
amount 10/Numeric Amount to be charged. The amount has to be specified in the highest units with . delimiter. 10.5 for USD means 10 US Dollars and 50 Cents Mandatory
currency 3/String Currency the transaction is charged in (three-letter currency code). Sample values are: USD for US Dollar EUR for European Euro Mandatory
ipaddress 45/String Customer’s IP address, included for fraud screening purposes. Mandatory
site_url 128/String URL the original sale is made from. Optional
control 40/String Checksum generated by SHA-1. See Request authorization through control parameter for more details. Mandatory
redirect_url 1024/String URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected in any case, no matter whether the transaction is approved or declined. You should not use this parameter to retrieve results from payment gateway gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to your backend use server_callback_url instead. Mandatory if both redirect_success_url and redirect_fail_url are missing
redirect_success_url 1024/String URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is approved. You should not use this parameter to retrieve results from payment gateway gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to your backend use server_callback_url instead. Pass http://google.com if you use non-3DS schema for transactions processing and you have no need to return customer anywhere. Mandatory if redirect_url parameter is missing
redirect_fail_url 1024/String URL the cardholder will be redirected to upon completion of the transaction. Please note that the cardholder will be redirected only in case if the transaction is declined or filtered. You should not use this parameter to retrieve results from payment gateway gateway, because all parameters go through client’s browser and can be lost during transmission. To deliver the correct payment result to your backend use server_callback_url instead. Pass http://google.com if you use non-3DS schema for transactions processing and you have no need to return customer anywhere. Mandatory if redirect_url parameter is missing
server_callback_url 1024/String URL the transaction result will be sent to. Merchant may use this URL for custom processing of the transaction completion, e.g. to collect sales data in Merchant’s database. See more details at Merchant Callbacks Optional
preferred_language 2/String Customer’s two-letter language code for multi-language payment forms Optional
merchant_form_data 128/String Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example: testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters[a-zA-Z0-9], parameter value characters[a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark. Optional

Request Authorization Through Control Parameter

The checksum is used to ensure that it is a particular Merchant (and not a fraudster) that initiates the transaction. This SHA-1 checksum, the parameter control, is created by concatenation of the parameters values in the following order:

  • ENDPOINTID/ENDPOINTGROUPID
  • client_orderid
  • minimal monetary units amount (i.e. cent, penny etc. For amount 0.94 USD value in signing string will be 94, for 10.15 USD value in signing string will be 1015)
  • email
  • merchant_control

Request Example

curl --data "client_orderid=inv7509506r
&order_desc=Test Order Description
&first_name=John
&last_name=Smith
&ssn=1267
&birthday=19820115
&address1=100 Main st
&city=Seattle
&state=WA
&zip_code=98102
&country=US
&phone=+12063582043
&cell_phone=+19023384543
&amount=78
&email=john.smith@gmail.com
&currency=USD
&ipaddress=65.153.12.232
&site_url=www.google.com
&purpose=user_account1
&redirect_url=https://uat.pne.io/paynet/finish.html
&server_callback_url=https://httpstat.us/200
&merchant_data=VIP customer
&merchant_form_data=testparam%3Dtest1%26mynewparam%3Dtest2
&control=9884afa4a72101046fa7050270f38f819f9d7532"
https://gate.apropay.com/paynet/api/v2/sale-form/27764

A complete control may look as follows:

27764id570231214200example@example.com3E8E45B5-2-42D8-6ECC-FBF6B11B1, where:

ENDPOINTID/ENDPOINTGROUPID = 27764
client_orderid = id5702312
amount = 142
merchant_control = 3E8E45B5-2-42D8-6ECC-FBF6B11B1

Encrypt the control string using SHA-1 algorithm. The resultant string yields the control parameter which is required for request authorization. For the above-mentioned example the control will take the following value:

9aedb776763d569cbbacd2ecef8621b8c0c759bf

Response Parameters

Note

Response has Content-Type: text/html;charset=utf-8 header. All parameters in response are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value
Response parameter name Description
type The type of response. May be async-form-response, validation-error, error. If type equals validation-error or error, error-message and error-code parameters contain error details.
paynet-order-id Order id assigned to the order by payment gateway
merchant-order-id Merchant order id
serial-number Unique number assigned by payment gateway server to particular request from the Merchant.
error-message If status is declined or error this parameter contains the reason for decline or error details
error-code The error code in case of declined or error status
redirect-url The URL to the page where the Merchant should redirect the client’s browser. Merchant should send HTTP 302 redirect, see Google Pay™ Purchase Flow and Integration Steps

Response Example

type=async-response
&serial-number=00000000-0000-0000-0000-0000000624e8
&merchant-order-id=59e1e3ca-5d44-11e1-b3d6-002522b853b4
&paynet-order-id=94935&end-point-id=223

Request Builder

This request builder is used to form a google pay request

endpointid or groupid input your ENDPOINTID or ENDPOINTGROUPID
client_orderid make it or use your internal invoice ID
order_desc
first_name
last_name
ssn
birthday
address1
city
state
zip_code
country
phone
cell_phone
amount
email
currency
ipaddress
site_url
purpose
merchant_control input your Control Key
redirect_url
redirect_success_url
redirect_fail_url
server_callback_url
merchant_data
cardrefid
maximum-transaction-amount
minimum-transaction-amount
merchant_form_data

String to sign
Signature
				  
				
			
		
			
		
			
		

Implement Final Redirect of Customer

Upon completion of Google Pay™ Purchase Flow and Integration Steps by the Customer he/she is automatically redirected to redirect_url provided by Merchant in the purchase request. The redirection is performed as an HTTPS POST request with the parameters specified in the following table.

Redirect parameter name Description
status See Status List for details.
orderid Order id assigned to the order by payment gateway
merchant_order Merchant order id
client_orderid Merchant order id
error_message If status is declined or error this parameter contains the reason for decline or error details
control Checksum used to ensure that it is payment gateway (and not a fraudster) that initiates the request. This is SHA-1 checksum of the concatenation status + orderid + client_orderid + merchant-control.
descriptor Gate descriptor

If Merchant has passed server_callback_url in original Payment Form request payment gateway will call this URL. Merchant may use it for custom processing of the transaction completion, e.g. to collect sales data in Merchant’s database. The parameters sent to this URL are specified in Callback Parameters.

Implement Order Status Request

Merchant must use Order status API call to get the customer’s order transaction status. After any type of transaction is sent to payment gateway server and order id is returned, Merchant should poll for transaction status. When transaction is processed on payment gateway server side it returns it’s status back to Merchant and at this moment the Merchant is ready to show the customer transaction result, whether it’s approved or declined.

API URLs

  Integration Production
status
https://sandbox.apropay.com/paynet/api/v2/status/ENDPOINTID

https://sandbox.apropay.com/paynet/api/v2/status/group/ENDPOINTGROUPID
https://gate.apropay.com/paynet/api/v2/status/ENDPOINTID

https://gate.apropay.com/paynet/api/v2/status/group/ENDPOINTGROUPID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded.
Status Call Parameter Description Necessity
login Merchant login name Mandatory
client_orderid Merchant order identifier of the transaction for which the status is requested Mandatory
orderid Order id assigned to the order by payment gateway Conditional
control Checksum generated by SHA-1. See Request authorization through control parameter<requestcontrolstatus> for more details. Mandatory
by-request-sn Serial number assigned to the specific request by payment gateway. If this field exist in status request, status response return for this specific request. Include this parameter to get the status response with the particular transaction stage (can be used in specific cases). To get the latest transaction status, don’t include this parameter in status request. Optional
In most common cases, the best option is to include both client_orderid and orderid parameters to status request. Order status can be requested with only client_orderid if it’s unique to merchant and orderid is not received. If orderid is not received in response, but this response contains an error, see the received error message to get the information why transaction was not created in the system.

Request Authorization Through Control Parameter

The checksum is used to ensure that it is Merchant (and not a fraudster) that sends the request to payment gateway. This SHA-1 checksum, the parameter control, is created by concatenating of the values of the parameters in the following order:

  • login
  • client_orderid
  • orderid
  • merchant_control

Request Example

curl --data "login=logic
    &client_orderid=id5702312
    &orderid=6823997
    &by-request-sn=00000000-0000-0000-0000-000002dba5fe
    &control=ea8c6116ebb183e446bbdca3ad86f13c3e34ae5f"
    https://gate.apropay.com/paynet/api/v2/status/27764

A complete control may look as follows:

logicid570231268239973E8E45B5-2-42D8-6ECC-FBF6B11B1, where:

login = logic
client_orderid = id5702312
orderid = 6823997
merchant_control = 3E8E45B5-2-42D8-6ECC-FBF6B11B1

Encrypt the control string using SHA-1 algorithm. The resultant string yields the control parameter which is required for request authorization. For the above-mentioned example the control will take the following value:

ea8c6116ebb183e446bbdca3ad86f13c3e34ae5f

Response Parameters

Note

Response has Content-Type: text/html;charset=utf-8 header. All parameters in response are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value
Status Response Parameter Description
type The type of response. May be status-response
status See Status List for details.
amount Actual transaction amount. This value can be changed during the purchase flow.
currency Currency of the initial transaction.
paynet-order-id Order id assigned to the order by payment gateway
merchant-order-id Merchant order id
phone Customer phone.
serial-number Unique number assigned by payment gateway server to particular request from the Merchant.
last-four-digits Last four digits of customer credit card number.
bin Bank BIN of customer credit card number.
card-type Type of customer credit card (VISA, MASTERCARD, etc).
gate-partial-reversal Processing gate support partial reversal (enabled or disabled).
gate-partial-capture Processing gate support partial capture (enabled or disabled).
transaction-type Transaction type (sale, reversal, capture, preauth).
processor-rrn Bank Receiver Registration Number.
processor-tx-id Acquirer transaction identifier.
receipt-id Electronic link to receipt https://gate.apropay.com/paynet/view-receipt/ENDPOINTID/receipt-id/
cardholder-name Cardholder name.
card-exp-month Card expiration month.
card-exp-year Card expiration year.
card-hash-id Unique card identifier to use for loyalty programs or fraud checks.
card-country-alpha-three-code Three letter country code of source card issuer. See Country Codes for details
email Customer e-mail.
purpose Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; gamer0001@ereality.com etc. This value will be used by fraud monitoring system.
bank-name Bank name by customer card BIN.
terminal-id Acquirer terminal identifier to show in receipt.
paynet-processing-date Acquirer transaction processing date.
approval-code Bank approval code.
order-stage The current stage of the transaction processing. See Order Stage for details.
loyalty-balance The current bonuses balance of the loyalty program for current operation. if available
loyalty-message The message from the loyalty program. if available
loyalty-bonus The bonus value of the loyalty program for current operation. if available
loyalty-program The name of the loyalty program for current operation. if available
descriptor Bank identifier of the payment recipient.
original-gate-descriptor Descriptor, which is set on gate level in the system.
error-message If status in declined, error, filtered this parameter contains the reason for decline
error-code The error code is case status in declined, error, filtered.
by-request-sn Serial number assigned to the specific request by payment gateway. If this field exist in status request, status response return for this specific request.
verified-3d-status See 3-D Secure Status List for details
eci Electronic Commerce Indicator (Visa).
ips-src-payment-product-code Code for card set by multinational financial service. (Visa/Mastercard).
ips-src-payment-product-name Decrypted code for card set by multinational financial service. (Visa/Mastercard).
ips-src-payment-type-code Type of card code set by multinational financial service. (Visa/Mastercard).
ips-src-payment-type-name Decrypted code for type of card set by multinational financial service. (Visa/Mastercard)
initial-amount Amount, set in initiating transaction, without any fees or commissions. This value can’t change during the purchase flow.
seller-commission Total commission for processed transaction. This is optional parameter. Please contact your manager in payment gateway, if you would like to receive it.
acquirer-commission Acquirer commission for processed transaction. This is optional parameter. Please contact your manager in payment gateway, if you would like to receive it.

Response Example

type=status-response
&serial-number=00000000-0000-0000-0000-0000005b5eec
&merchant-order-id=6132tc
&processor-tx-id=9568-47ed-912d-3a1067ae1d22
&paynet-order-id=161944
&status=approved
&amount=7.56
&descriptor=no
&original-gate-descriptor=test 12345678 3Ds Bank
&gate-partial-reversal=enabled
&gate-partial-capture=enabled
&transaction-type=cancel
&receipt-id=2050-3c93-a061-8a19b6c0068f
&name=FirstName
&cardholder-name=FirstName
&card-exp-month=3
&card-exp-year=2028
&email=no
&processor-rrn=510458047886
&approval-code=380424
&order-stage=cancel_approved
&last-four-digits=1111
&bin=444455
&card-type=VISA
&phone=%2B79685787194
&bank-name=UNKNOWN
&paynet-processing-date=2015-04-14+10%3A23%3A34+MSK
&by-request-sn=00000000-0000-0000-0000-0000005b5ece
&card-hash-id=1569311
&card-country-alpha-three-code=RUS
&verified-3d-status=AUTHENTICATED
&eci=02
&ips-src-payment-product-code=SAP
&ips-src-payment-product-name=SAP—Platinum Mastercard® Salary– Immediate Debit
&ips-src-payment-type-code=Debit
&ips-src-payment-type-name=MASTERCARD Debit
&initial-amount=7.56

Request Builder

This request builder is used to form an order status request

endpointid or groupid input your ENDPOINTID or ENDPOINTGROUPID
login
client_orderid input your Invoice Number
orderid
merchant_control input your Control Key
by-request-sn

String to sign
Signature
				  
				
			 
		
			
		
			
		

Configurable Web Form Templates

Web forms intends for configuration merchant’s web payment pages. To add new web form merchant need to contact with gateway support. Web form template samples and macros specified in the following tables.

Payment Form Template Sample

<html>
<head>
<script type="text/javascript">
  function isCCValid(r){var n=r.length;if(n>19||13>n)return!1;
    for(i=0,s=0,m=1,l=n;i<l;i++)d=parseInt(r.substring(l-i-1,l-i),10)*m,s+=d>=10?d%10+1:d,1==m?m++:m--;
    return s%10==0?!0:!1}
</script>
</head>
<body>
<h3>Order #$!MERCHANT_ORDER_ID - $!ORDERDESCRIPTION</h3>
<h3>Total amount: $!AMOUNT $!CURRENCY to $!MERCHANT</h3>

<form action="${ACTION}" method="post">
  <div>Cardholder name: <input name="${CARDHOLDER}" type="text" maxlength="64"/></div>
  <div><label for="cc-number">Credit Card Number</label> <input id="cc-number" name="${CARDNO}" type="text" maxlength="19" autocomplete="cc-number"/></div>
  <div>Card verification value: <input name="${CVV2}" type="text" maxlength="4" autocomplete="off"/></div>
  <div>
    Expiration date:
    <select class="expiry-month" name="${EXPMONTH}" size="1" autocomplete="cc-exp-month" >
      <option value="01">January</option><option value="02">February</option><option value="03">March</option>
      <option value="04">April</option><option value="05">May</option><option value="06">June</option>
      <option value="07">July</option><option value="08">August</option><option value="09">September</option>
      <option value="10">October</option><option value="11">November</option><option value="12">December</option>
    </select>
      <select class="expiry-year" id="cc-exp-year" name="${EXPYEAR}" size="1" autocomplete="cc-exp-year">
      ${EXPIRE_YEARS}
    </select>
  </div>
  <div>${GOOGLE_PAY}</div>
  $!{INTERNAL_SECTION}
  #if($!card_error)
  <div style="color: red;">$!card_error</div>
  #end
  <input name="submit" onclick="return isCCValid(document.getElementById('cardnumber').value);" type="submit" value="Pay"/>
</form>
</body>
</html>

Payment Form Macros

Field Name Macro Description
${GOOGLE_PAY} Google Pay™ buy button will be available if this macros is used.
${MERCHANT} End point display name
${SKIN_VERSION} CSS skin version
${ORDERDESCRIPTION} Order description
${CUSTOMER_FIRST_NAME} Customer first name sent by merchant via input parameters
${CUSTOMER_LAST_NAME} Customer last name sent by merchant via input parameters
${CUSTOMER_EMAIL} Customer E-mail address sent by merchant via input parameters
${AMOUNT} Amount
${CURRENCY} Currency
${PAYNET_ORDER_ID} payment gateway order id
${MERCHANT_ORDER_ID} Merchant order id
${refresh_interval} Refresh interval recommended by system
${uuid} Internal
${INTERNAL_SECTION} Internal for iFrame integration
${CUSTOMER_IP_COUNTRY_ISO_CODE} Customer country defined by IP Address
${PREFERRED_LANGUAGE} Customer language sent by merchant via input parameters
${MERCHANT_FORM_DATA} Parameters sent in merchant_form_data API parameter are parsed into macros with the same name, the parameter is url-encoded, example: testparam%3Dtest1%26mynewparam%3Dtest2 and is parsed into $MFD_testparam = test1 and $MFD_mynewparam = test2 macros in the form. Parameter name characters[a-zA-Z0-9], parameter value characters[a-zA-Z0-9], control characters [=&], 2MB max size. For example, this parameter can be used to display payment form in light/dark mode depending on the value passed by Connecting Party (e.g. pass merchant_form_data=theme%3Ddark in request and $MFD_theme macro placeholder on payment form will be changed to dark.
${CUSTOMER_ZIP_CODE} Generates a ZIP code to send to the processor if it was not received from the client

Wait Form Template Sample

<html>
<head>
<script type="text/javascript">
  function fc(t) {
    document.getElementById("seconds-remaining").innerHTML = t;
    (t > 0) ? setTimeout(function(){fc(--t);}, 1000) : document.checkform.submit();}
</script>
</head>
<body onload="fc($!refresh_interval)">
<h3>Order #$!MERCHANT_ORDER_ID - $!ORDERDESCRIPTION</h3>
<h3>Total amount: $!AMOUNT $!CURRENCY to $!MERCHANT</h3>
Please wait, your payment is being processed, remaining <span id="seconds-remaining">&nbsp;</span> seconds.
<form name="checkform" method="post">
  <input type="hidden" name="tmp" value="$!uuid"/>
      $!{INTERNAL_SECTION}
  <input type="submit" value="Check" />
</form>
</body>
</html>

Wait Form Macros

Field Name Macro Description
${MERCHANT} End point display name
${SKIN_VERSION} CSS skin version
${ORDERDESCRIPTION} Order description
${AMOUNT} Amount
${CURRENCY} Currency
${PAYNET_ORDER_ID} payment gateway order id
${MERCHANT_ORDER_ID} Merchant order id
${refresh_interval} Refresh interval recommended by system
${uuid} Internal
${INTERNAL_SECTION} Internal for iFrame integration
${CUSTOMER_IP_COUNTRY_ISO_CODE} Customer country defined by IP Address
${PREFERRED_LANGUAGE} Customer language send by merchant via input parameters
${BROWSER_LANGUAGE} Customer language defined by browser settings
${CUSTOMER_LANGUAGE} Customer language send by merchant via input parameters or defined by browser settings if first is not set

Finish Form Template Sample

<!DOCTYPE html>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <title>Processing done</title>
  <link rel="stylesheet" type="text/css" href="/paynet-ui-skin/${SKIN_VERSION}/main/css/bootstrap.css">
  <link rel="stylesheet" type="text/css" href="/paynet-ui-skin/${SKIN_VERSION}/d/css/processing-form.css"/>
</head>

<body>
  <div class="header">
    ${STATUS}
  </div>
</body></html>

Finish Form Macros

Field Name Macro Description
${STATUS} Order status
${PAYNET_ORDER_ID} System order id
${MERCHANT_ORDER_ID} Merchant order id
${ERROR_MESSAGE} Contains the reason for decline or error details
${SKIN_VERSION} CSS skin version
${CUSTOMER_IP_COUNTRY_ISO_CODE} Customer country defined by IP Address
${PREFERRED_LANGUAGE} Customer language send by merchant via input parameters
${BROWSER_LANGUAGE} Customer language defined by browser settings
${CUSTOMER_LANGUAGE} Customer language send by merchant via input parameters or defined by browser settings if first is not set
${AMOUNT} Amount
${CURRENCY} Currency
${DESCRIPTION} Transaction description
${DATE} Transaction date
${PAYNET_PROCESSING_DATE} Paynet processing date
${RRN} Reference Retrieval Number
${AUTH_CODE} Authorization Code

2.2.9. Google Pay™ Integration in an Android App

Google Pay™ integration in an Android app supports only CRYPTOGRAM_3DS (tokenized) authentication type. All requests using PAN_ONLY (non-tokenized) authentication type will be automatically declined.

Integration Required Parameters

For integration to a merchant website, one needs the following parameters:

  1. Required Google Pay™ Parameters
  2. ENDPOINTID or ENDPOINTGROUPID received from gateway support
  3. Control-key and merchant login received from gateway support

Retrieve Google Pay token data

Please follow official tutorial from Google in order to implement retrieving of Google Pay token data within mobile application: https://developers.google.com/pay/api/android/guides/tutorial

Implement Purchase Payment Request

To make a purchase request one have to send an HTTPS POST request to the URLs and the parameters specified below.

API URLs

  Integration Production
sale https://sandbox.apropay.com/paynet/mapi/v1/sale/ENDPOINTID https://gate.apropay.com/paynet/mapi/v1/sale/ENDPOINTID

Request Parameters

Note

Request must have content-type=application/x-www-form-urlencoded.
Leading and trailing whitespace in input parameters will be omitted.
Request Parameter Length/Type Comment Necessity*
client_orderid 128/String Merchant order identifier. Mandatory
order_desc 64k/String Brief order description Mandatory
first_name 50/String Customer’s first name Optional
last_name 50/String Customer’s last name Optional
ssn 32/Numeric Last four digits of the customer’s social security number. Optional
birthday 8/Numeric Customer’s date of birth, in the format MMDDYY. Optional
address1 50/String Customer’s address line 1. Mandatory
city 50/String Customer’s city. Mandatory
state 2-3/String Customer’s state . Please see Reference for a list of valid state codes. Mandatory for USA, Canada and Australia. Optional
zip_code 10/String Customer’s ZIP code Mandatory
country 2/String Customer’s country(two-letter country code). Please see Reference for a list of valid country codes. Mandatory
phone 15/String Customer’s full international phone number, including country code. Optional
cell_phone 15/String Customer’s full international cell phone number, including country code. Optional
email 50/String Customer’s email address. Mandatory
amount 10/Numeric Amount to be charged. The amount has to be specified in the highest units with . delimiter. For instance, 10.5 for USD means 10 US Dollars and 50 Cents Mandatory
currency 3/String Currency the transaction is charged in (three-letter currency code). Sample values are: USD for US Dollar EUR for European Euro Mandatory
cvv2 3-4/Numeric Customer’s CVV2 code. CVV2 (Card Verification Value) is a three- or four-digit number AFTER the credit card number in the signature area of the card. It used if acquirer provides only E-Commerce connection. Optional
ipaddress 45/String Customer’s IP address, included for fraud screening purposes. Mandatory
purpose 128/String Destination to where the payment goes. It is useful for the merchants who let their clients to transfer money from a credit card to some type of client’s account, e.g. game or mobile phone account. Sample values are: +7123456789; gamer0001@ereality.com etc. This value will be used by fraud monitoring system. Optional
server_callback_url 1024/String URL the transaction result will be sent to. Merchant may use this URL for custom processing of the transaction completion, e.g. to collect sales data in Merchant’s database. See more details at Merchant Callbacks Optional
encrypted-type 32/String Type of the encryption. Must be googlepay. Mandatory
encrypted-data String Card tracks data encrypted using encrypted-type encryption and encoded using HEX encoding. In the context of working with Google Pay encrypted-data is Google Pay token. For more info contact support. Mandatory

Please note the following characters must be escaped in the parameter values: &, + or \.

Request Authorization Through OAuth Signature

To make sure that it’s the Merchant (and not somebody else) is who really authors requests, requests must be signed. OAuth 1.0a signature is used as a well-established and supported in the client libraries for this purpose on MAPI requests.
Please note that the only part of OAuth that we use in our API is signatures. Our API does not actually support a full-blown OAuth. Both RSA-SHA1 and HMAC-SHA1 methods may be used to generate signatures.

Request Signing with RSA-SHA1 Signature Method

This signature method doesn’t require shared secret. Merchant just uses his private key to sign requests. Here is an example of how to make a signed request in Java with help of scribe library:

import com.payneteasy.tlv.HexUtil;
import org.scribe.builder.api.DefaultApi10a;
import org.scribe.model.*;
import org.scribe.oauth.OAuth10aServiceImpl;
import org.scribe.oauth.OAuthService;
import org.scribe.services.HMACSha1SignatureService;
import org.scribe.services.SignatureService;

import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;

public class App
{
    public String doPost(String url, Map<String, String> parameters) throws ConnectionIOException, ConnectionTimeoutException
    {
        OAuthConfig config = new OAuthConfig(apiToken, merchantControlKey, OAuthConstants.OUT_OF_BAND, SignatureType.Header, null,null);
        OAuthService service = new OAuth10aServiceImpl(new HmacSha1Mapi(), config);
        OAuthRequest request = new OAuthRequest(Verb.POST, url);
        for (Map.Entry<String, String> entry : parameters.entrySet()) {
            request.addBodyParameter(entry.getKey(), entry.getValue());
        }
        // empty token for 'two-legged'
        Token token = new Token("", "");
        service.signRequest(token, request);
        Response response = request.send();
        return response.getBody();
    }

    private static class HmacSha1Mapi extends DefaultApi10a {
        @Override
        public String getRequestTokenEndpoint() {
            return null; // not used
        }

        @Override
        public String getAccessTokenEndpoint() {
            return null; //not used
        }

        @Override
        public String getAuthorizationUrl(Token requestToken) {
            return null; // not used
        }

        @Override
        public SignatureService getSignatureService() {
            return new HMACSha1SignatureService();
        }
    }
}

Request Signing with HMAC-SHA1 Signature Method

This signature method is always available even without a public key. Merchant control key is used as a secret key. Here is an example of how to make a signed request in Java with help of scribe library:

import org.scribe.builder.api.DefaultApi10a;
import org.scribe.model.*;
import org.scribe.oauth.OAuth10aServiceImpl;
import org.scribe.oauth.OAuthService;
import org.scribe.services.HMACSha1SignatureService;
import org.scribe.services.SignatureService;
import java.util.Map;

public class App {
    public String doPost(String url, Map<String, String>parameters) {
        OAuthConfig config = new OAuthConfig(apiToken, merchantControlKey, OAuthConstants.OUT_OF_BAND,
                SignatureType.Header, null,null);
        OAuthService service = new OAuth10aServiceImpl(new HmacSha1Mapi(), config);
        OAuthRequest request = new OAuthRequest(Verb.POST,url);
        for (Map.Entry < String,String > entry :parameters.entrySet()){
            request.addBodyParameter(entry.getKey(), entry.getValue());
        } // empty token for 'two-legged'
        Token token = new Token("", "");
        service.signRequest(token, request);
        Response response = request.send();
        return response.getBody();
    }

    private static class HmacSha1Mapi extends DefaultApi10a {
        @Override
        public String getRequestTokenEndpoint() {
            return null; // not used
        }

        @Override
        public String getAccessTokenEndpoint() {
            return null; //not used
        }

        @Override
        public String getAuthorizationUrl(Token requestToken) {
            return null; // not used
        }

        @Override
        public SignatureService getSignatureService() {
            return new HMACSha1SignatureService();
        }
    }
}

Request Example

Ones you retrieve a Google Pay token, it may look like follows:

{
  "signature": "MEUCIQCOH1uW2LaQheaE4bg074mqd3QpFIx/BJxG/OGMEhhDqwIgPb6XzlwDwBM+SLzk2HYnAy0h/Pkps8l8Bn13AVc9hQQ\u003d",
  "intermediateSigningKey": {
    "signedKey": "{"keyValue":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiZi3I+5g0xH3kOXMxiNyoOMMRwU7sD+/qks15AdgSU5+xH2PTFwe9yCQLzn4DSdjo3QKIyc+c5fUG1dkasBvKw\\u003d\\u003d","keyExpiration":"1649766119579"}",
    "signatures": [
      "MEYCIQDLUKwcyf9AAqyJ6WSLrT5jG+Hd4iKvoXxaayvFUerX8wIhAMzHqN1xyAIRhznjLkkUAOQgbg7cUltK0FH1hvRL7CAN"
    ]
  },
  "protocolVersion": "ECv2",
  "signedMessage": "{"encryptedMessage":"EOpG0NNX9OpyYzlR5FEe6CMNf4pkeJvEhOOOG94cBD+y1x22LdGE55Le2gBRI3mFRCusQDaQtyCS5PvoLp0/urpWNr8xTxW/EwxjnqkYgUBRFGOmbJQAceA/7MAlPu9w4gs0COY2akgurdCbLQkLasTSc5e/
                                            i6GWmdiXqWAWM8JrNBVklpYnFek3FCeK3W23mYHntedCLyTTPVmbUeMQ4n8rhgzo+8fiWNjKywLjVZlJ2o+oCNxhMVfhG74GdWvob2TfE1uoeXOCXOH02u8towOOvR2fqnAkIBDUfpiUSjpW7MmDTJyYIewc
                                            W4EoWGTE6A+pEyI8jTbA4Y0box39exJbNthQsThqXg5OKJOEDcMNYBPg/lbyNQfY8NjvBMA7fB//QiZqIu8WgZFfSiMJ+j4uXHdCDfLT9biw4pde7bkRuH/Uofd1CabifhQSu64SeEEkj0r87wEY55sNr8Kz
                                            SCAwwOgQP0XYlt/t0A5KT9k172I84WtiWQYr/UNuIVURiH8x08e8Ihx9Nvkgx+Gz/ZyUVQH9RXjEXDRNvm63sSiUMB1TlY9PiMKO0451Uw2yw30c/8SzyKByPYtNdHwmd6iAhfoQSpJAKMTwhYMmKFZC+b8K
                                            HKbx8Ge+NVKv2GpCLwy0WL4wvqWNPk21Jzc0bFcnzztafdTPbbEB1pfY","ephemeralPublicKey":"BGVn0SZ1J5pDZlInHve5nj1Ybj+C0olFcTygynSqU8YqKaZs8ZdHQjVlISrRI10PmskgZSMH
                                            YXdkM0k+/D8/o0o\\u003d","tag":"II0dhcOZtYl26Yln3GNSXTK4yalRylKsKj71RyjZfFM\\u003d"}"
}

Make HEX from the token:

7B0A2020227369676E6174757265223A20224D4555434951434F48317557324C6151686561453462673037346D71643351704649782F424A78472F4F474D4568684471774967506236587A6C774477424D2B534C7A6B3248596E417930682F506B707338
6C38426E3133415663396851515C7530303364222C0A202022696E7465726D6564696174655369676E696E674B6579223A207B0A20202020227369676E65644B6579223A20227B5C226B657956616C75655C223A5C224D466B77457759484B6F5A497A6A
3043415159494B6F5A497A6A30444151634451674145695A6933492B3567307848336B4F584D78694E796F4F4D4D5277553773442B2F716B7331354164675355352B7848325054467765397943514C7A6E344453646A6F33514B4979632B633566554731
646B617342764B775C5C75303033645C5C75303033645C222C5C226B657945787069726174696F6E5C223A5C22313634393736363131393537395C227D222C0A20202020227369676E617475726573223A205B0A202020202020224D4559434951444C55
4B7763796639414171794A3657534C7254356A472B486434694B766F587861617976465565725838774968414D7A48714E317879414952687A6E6A4C6B6B55414F516762673763556C744B304648316876524C3743414E220A202020205D0A20207D2C0A
20202270726F746F636F6C56657273696F6E223A202245437632222C0A2020227369676E65644D657373616765223A20227B5C22656E637279707465644D6573736167655C223A5C22454F7047304E4E58394F7079597A6C523546456536434D4E663470
6B654A7645684F4F4F4739346342442B79317832324C64474535354C653267425249336D465243757351446151747943533550766F4C70302F757270574E7238785478572F4577786A6E716B596755425246474F6D624A51416365412F374D416C507539
7734677330434F5932616B6775726443624C516B4C617354536335652F693647576D646958715741574D384A724E42566B6C70596E46656B334643654B335732336D59486E746564434C79545450566D6255654D51346E387268677A6F2B386669574E6A
4B79774C6A565A6C4A326F2B6F434E78684D566668473734476457766F623254664531756F65584F43584F4830327538746F774F4F76523266716E416B4942445566706955536A7057374D6D44544A7959496577635734456F5747544536412B70457949
386A546241345930626F78333965784A624E746851735468715867354F4B4A4F4544634D4E594250672F6C62794E516659384E6A76424D413766422F2F51695A7149753857675A466653694D4A2B6A34755848644344664C54396269773470646537626B
5275482F556F6664314361626966685153753634536545456B6A307238377745593535734E72384B7A53434177774F6751503058596C742F743041354B54396B313732493834577469575159722F554E75495655526948387830386538496878394E766B
67782B477A2F5A79555651483952586A455844524E766D3633735369554D4231546C593950694D4B4F3034353155773279773330632F38537A794B42795059744E6448776D6436694168666F5153704A414B4D547768594D6D4B465A432B62384B484B62
783847652B4E564B76324770434C777930574C34777671574E506B32314A7A63306246636E7A7A74616664545062624542317066595C222C5C22657068656D6572616C5075626C69634B65795C223A5C224247566E30535A314A3570445A6C496E487665
356E6A3159626A2B43306F6C4663547967796E5371553859714B615A73385A6448516A566C49537252493130506D736B675A534D485958646B4D306B2B2F44382F6F306F5C5C75303033645C222C5C227461675C223A5C224949306468634F5A74596C32
36596C6E33474E5358544B3479616C52796C4B734B6A373152796A5A66464D5C5C75303033645C227D220A7D

Form a request setting encrypted-data equals token HEX and encrypted-type=googlepay:

curl --data "client_orderid=123098
&cvv2=XXX
&amount=114.94
&ipaddress=115.135.52.242
&state=
&currency=USD
&phone=+6072344354
&zip_code=81200
&order_desc=Super product 1
&email=francislusaikun@yahoo.com
&country=MY
&city=Johor Bahru
&address1=11Jalan Lurah 6 Kg. Kempas Baru
&redirect_url=http://MERCHANT_SITE/payment_update/123098/
&encrypted-type=googlepay
&encrypted-data=7B0A2020227369676E6174757265223A20224D4555434951434F48317557324C6151686561453462673037346D71643351704649782F424A78472F4F474D4568684471774967506236587A6C774477424D2B534C7A6B3248596E4179
30682F506B7073386C38426E3133415663396851515C7530303364222C0A202022696E7465726D6564696174655369676E696E674B6579223A207B0A20202020227369676E65644B6579223A20227B5C226B657956616C75655C223A5C224D466B774577
59484B6F5A497A6A3043415159494B6F5A497A6A30444151634451674145695A6933492B3567307848336B4F584D78694E796F4F4D4D5277553773442B2F716B7331354164675355352B7848325054467765397943514C7A6E344453646A6F33514B4979
632B633566554731646B617342764B775C5C75303033645C5C75303033645C222C5C226B657945787069726174696F6E5C223A5C22313634393736363131393537395C227D222C0A20202020227369676E617475726573223A205B0A202020202020224D
4559434951444C554B7763796639414171794A3657534C7254356A472B486434694B766F587861617976465565725838774968414D7A48714E317879414952687A6E6A4C6B6B55414F516762673763556C744B304648316876524C3743414E220A202020
205D0A20207D2C0A20202270726F746F636F6C56657273696F6E223A202245437632222C0A2020227369676E65644D657373616765223A20227B5C22656E637279707465644D6573736167655C223A5C22454F7047304E4E58394F7079597A6C52354645
6536434D4E6634706B654A7645684F4F4F4739346342442B79317832324C64474535354C653267425249336D465243757351446151747943533550766F4C70302F757270574E7238785478572F4577786A6E716B596755425246474F6D624A5141636541
2F374D416C5075397734677330434F5932616B6775726443624C516B4C617354536335652F693647576D646958715741574D384A724E42566B6C70596E46656B334643654B335732336D59486E746564434C79545450566D6255654D51346E387268677A
6F2B386669574E6A4B79774C6A565A6C4A326F2B6F434E78684D566668473734476457766F623254664531756F65584F43584F4830327538746F774F4F76523266716E416B4942445566706955536A7057374D6D44544A7959496577635734456F574754
4536412B70457949386A546241345930626F78333965784A624E746851735468715867354F4B4A4F4544634D4E594250672F6C62794E516659384E6A76424D413766422F2F51695A7149753857675A466653694D4A2B6A34755848644344664C54396269
773470646537626B5275482F556F6664314361626966685153753634536545456B6A307238377745593535734E72384B7A53434177774F6751503058596C742F743041354B54396B313732493834577469575159722F554E754956555269483878303865
38496878394E766B67782B477A2F5A79555651483952586A455844524E766D3633735369554D4231546C593950694D4B4F3034353155773279773330632F38537A794B42795059744E6448776D6436694168666F5153704A414B4D547768594D6D4B465A
432B62384B484B62783847652B4E564B76324770434C777930574C34777671574E506B32314A7A63306246636E7A7A74616664545062624542317066595C222C5C22657068656D6572616C5075626C69634B65795C223A5C224247566E30535A314A3570
445A6C496E487665356E6A3159626A2B43306F6C4663547967796E5371553859714B615A73385A6448516A566C49537252493130506D736B675A534D485958646B4D306B2B2F44382F6F306F5C5C75303033645C222C5C227461675C223A5C2249493064
68634F5A74596C3236596C6E33474E5358544B3479616C52796C4B734B6A373152796A5A66464D5C5C75303033645C227D220A7D"
https://gate.apropay.com/paynet/mapi/v1/sale/27764

Response Parameters

Note

Response has Content-Type: text/html;charset=utf-8 header. All parameters in response are x-www-form-urlencoded, with (0xA) character at the end of each parameter’s value
Sale Response Parameter Description
type The type of response. May be async-response, validation-error, error. If type equals validation-error or error, error-message and error-code parameters contain error details
status See Status List for details
paynet-order-id Order id assigned to the order by payment gateway
merchant-order-id Merchant order id
serial-number Unique number assigned by payment gateway server to particular request from the Merchant
error-message If status is error this parameter contains the reason for decline or error details
error-code The error code is case of error status

Response Example

type=async-response
&serial-number=00000000-0000-0000-0000-0000000624e8
&merchant-order-id=59e1e3ca-5d44-11e1-b3d6-002522b853b4
&paynet-order-id=94935