Online Payment Platform

Appearance

PAYFORM™ PLUS INTEGRATION GUIDE

The purpose of this document is to specify how to integrate with Moamalat Gateway - PayForm™ Plus to extend payment options to e-commerce customers in few simple steps.

To use this PayForm™, you need a Merchant id ,Terminal id and Secure key.

GETTING STARTED

**You can use test data to try making a transaction with the PayForm™ Plus:

WHAT IS LIGHTBOX

Lightbox is a simple HTML & JavaScript plugin to integrate within merchant’s website to seamlessly enable payments with minimal technical development in order to process payments on Moamalat Gateway.

Alt text

PREREQUISITES

In order to start integration with Moamalat Gateway you need to obtain the following from your partner bank:

  1. Merchant ID: Merchant unique identifier.
  2. Terminal ID: ID of the acceptance interface with different acceptance channels enabled/disabled (Card, Digital QR)

GLOSSARY

CVV (Card Verification Value) – Is the three digits’ number on the back of a credit card, the cardholder is required to enter the CVV number at transaction time to verify that the card is on hand.

HMAC- Hash-based Message Authentication Code - AKA keyed-hash message authentication code, is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. It may be used to simultaneously verify both the data integrity and the authentication of a message, as with any MAC.

Host ID - is a specific piece of information which uniquely identifies the host used for transaction authorization.

PAN: Primary Account Number

STAN: System Trace Audit Number - A number assigned by the originator of a transaction to uniquely identify a transaction throughout its life.

CHECKLIST

In order to enable Moamalat Gateway - PayForm on the merchant’s website, the following needs to be applied:

  • Merchant must subscribe in Moamalat Gateway and enable selected acceptance networks to the merchant like Card, Wallet.
  • Merchant must have a “web terminal” to allow different payment channels.

CONFIGURATION STEPS

  1. Reference the Lightbox.js file: Can be found on:

Test: https://tnpg.moamalat.net:6006/js/lightbox.js

Production: https://npg.moamalat.net:6006/js/lightbox.js

js
<script src="https://tnpg.moamalat.net:6006/js/lightbox.js"> </script>

  1. Setup LightBox configuration using “Lightbox.Checkout.configure”, request parameters details at parameters section.

  2. Setup callbacks functions:

  • completeCallback: triggered when payment completed successfully, result data object details at parameters section.
  • errorCallback: triggered when payment has an error, error object details at parameters section
  • cancelCallback: triggered when user closes lightbox.
js
Lightbox.Checkout.configure = {
  MID: mID,
  TID: tID,
  AmountTrxn: amount,
  MerchantReference: "merchantReference",
  TrxDateTime: "202009171418",
  SecureHash:
    "EAD7AB68E23BFF2E5B03F4A0CD41581722FD14C349C6743CD91B577341465A61",
  completeCallback: function (data) {
    //your code here
  },
  errorCallback: function (error) {
    //your code here
  },
  cancelCallback: function () {
    //your code here
  },
};
  1. Start the payment process by calling Lightbox.Checkout.showLightbox();
  2. You can close LightBox by calling Lightbox.Checkout.closeLightbox();

PARAMETERS

REQUEST PARAMETERS

ItemData TypeLeanghtOptional/ MandatoryComments
MIDString11-18MThe configured Moamalat Gateway Merchant ID
TIDString6-8MMoamalat Gateway configured Terminal ID for the merchant
AmountTrxnInteger1-15MThe payment amount in smallest currency unit, i.e., 1 Libyan dinar should be 1000
MerchantReferenceString1-50OMerchant reference for the transaction.
TrxDateTimeString12ORequest datetime in format “yyyyMMddHHmm” and it will be required when sending secure hash at request.
SecureHashString64OUsed for request integrity between client call and server.

COMPLETE CALLBACK PARAMETERS

ItemData TypeLeanghtOptional/ MandatoryComments
TxnDateString12MTransaction execution date and time, format yyyyMMddHHmm.
SystemReferenceString2-20MMoamalat Gateway transaction reference.
NetworkReferenceString10-15MGateway reference number in case of card transactions.
MerchantReferenceString1-50OMerchant reference for the transaction.
AmountString1-15MThe payment amount in smallest currency unit, i.e., 1 Libyan dinar should be 1000.
CurrencyString3MTransaction currency ISO code, LYD represented by 434.
PaidThroughString4-10MTransaction payment method (Card, Tahweel, mVisa).
PayerAccountString14-36MMasked card number in case of (card) transaction or (mobile number) in case of Wallet transaction.
PayerNameString0-50OPayer name associated to the payer account.
ProviderSchemeNameString5-20OPayer wallet provider name.
SecureHashString64MUsed for response callback integrity between client call and server.
ts
    {
        Amount: "100",
        Currency: "818",
        MerchantReference: "Txn-1234",
        NetworkReference: "10005908321",
        PaidThrough: "Card",
        PayerAccount: "400000XXXXXX0002",
        PayerName: "123",
        ProviderSchemeName: "",
        SecureHash: "7E78BC68D15B717317ED7BBDC99A4AF7C50491D0D1E99155FD103B851428D2CD",
        SystemReference: "78554"
        TxnDate: "200917135922",
    }

ERROR CALLBACK PARAMETERS

ItemData TypeLeanghtOptional/ MandatoryComments
errorString11-18MError message and may contain error codes.
DateTimeLocalTrxnString12MError datetime
MerchantReferenceInteger1-50OMerchant reference for the transaction
AmountString12Otransaction amount
SecureHashString64MUsed for request integrity between client call and server.
ts
{
     Amount: "1",
     DateTimeLocalTrxn: "200917142042",
     MerchantReferenece: "Txn-1234",
     SecureHash: "6226DEDA2D88E356BF3552F089EBC228242AC5B2ACD72C7A8B9749E048C65C0C",
     error: "Host Error"
}

SECURE HASH GENERATION

Secure hash used to verify client request and to ensure request data integrity, and its used at:

  1. LightBox request verification.
  2. LightBox complete callback verification.
  3. LightBox error callback verification.
  4. Data service API request verification.

Pre-requisite:

Merchant Secret Key: to generate a valid secure hash is to have merchant secret key provided by MOAMALAT

The SHA-256 HMAC is calculated as follows:

  1. The SHA-256 HMAC calculation includes these fields:
  • Amount
  • DateTimeLocalTrxn
  • MerchantId
  • MerchantReference
  • TerminalId
  1. The field names are sorted in ascending of parameter name as listed above.
  2. Construct a string by concatenating the string form of the sorted field name-value pairs. The string form of a name-value pair is the name followed by the value.
  • The field name and the value in each field name-value pair are joined using "=" as the separator.
  • The resulting joined field name-value pairs are themselves joined using "&" as the separator.
  1. Create a SHA-256 HMAC of the resultant string using the hex decoded value of merchant secret key given by MOAMALATintegration consultant as the key.
  2. Encode the HMAC in hexadecimal convert it to uppercase and populate it in the request as the value for the SecureHash field that will be added to the request.

Example:

Using the following merchant secret key: 35333335653063302D663464372D343237652D623739362D643234666661386432323065

Using the following parameters: Amount=100&DateTimeLocalTrxn=202009171418&MerchantId=43233&MerchantReference=Txn-1234&TerminalId=53532091

The resulting secure hash will be: EAD7AB68E23BFF2E5B03F4A0CD41581722FD14C349C6743CD91B577341465A61

The SHA-256 HMAC is calculated as follows:

  1. All response query strings parameters except “SecureHash” should be included at hashing.
  2. The field names are sorted in ascending of parameter name as listed above.
  3. Construct a string by concatenating the string form of the sorted field name-value pairs. The string form of a name-value pair is the name followed by the value.
  • The field name and the value in each field name-value pair are joined using "=" as the separator.
  • The resulting joined field name-value pairs are themselves joined using "&" as the separator.
  1. Create a SHA-256 HMAC of the resultant string using the hex decoded value of merchant secret key given by MOAMALATintegration consultant as the key.
  2. Encode the HMAC in hexadecimal convert it to uppercase andcompare it to callback SecureHash value

Example:

Using the following merchant secret key: 62656164643366382D626466612D343461392D383630332D346135613363376666356264

Using the following parameters: Amount=55&Currency=818&MerchantId=14554075972&MerchantReference=1234&PaidThrough=Card&TerminalId=93171742&TxnDate=20190826111304

The resulting secure hash will be: AFE674E81B1933DAFBCB5BB4A7A78C5F644AF104CA340AEBD5379FEE86FF1EEE

The SHA-256 HMAC is calculated as follows:

  1. The SHA-256 HMAC calculation includes these fields:
  • Amount
  • DateTimeLocalTrxn
  • ErrorMessage
  • MerchantId
  • MerchantReference
  • TerminalId
  1. The field names are sorted in ascending of parameter name as listed above.
  2. Construct a string by concatenating the string form of the sorted field name-value pairs. The string form of a name-value pair is the name followed by the value.
  • The field name and the value in each field name-value pair are joined using "=" as the separator.
  • The resulting joined field name-value pairs are themselves joined using "&" as the separator.
  1. Create a SHA-256 HMAC of the resultant string using the hex decoded value of merchant secret key given by MOAMALATintegration consultant as the key.
  2. Encode the HMAC in hexadecimal convert it to uppercase andcompare it to callback SecureHash value

Example:

Using the following merchant secret key: 62656164643366382D626466612D343461392D383630332D346135613363376666356264

Using the following parameters: Amount=55&DateTimeLocalTrxn=20190826111304&ErrorMessage=CubeEX:132123&MerchantId=14554075972&MerchantReference=1234&TerminalId=93171742

The resulting secure hash will be: 92DCAEF9F9F3FB0280F29892A1E88DBBF562F34005024CCBA21DC7D83B046C8C

Use the following LINK with correct parameters are set:

Alt text

RESPONSE CODES

**For more details

DEMO PAY

Copyright © Moamalat