Scribd
Upload
11 views

Checkout API Document2024updated

The document outlines the integration process for Nepal Payment Solution Pvt. Ltd's OnePG payment gateway, detailing authentication, signature generation, and API endpoints for various payment operations. It includes examples of signature generation in multiple programming languages and describes the steps necessary for merchants to successfully implement the payment gateway, including obtaining payment instrument details, service charges, and process IDs. Additionally, it explains how to redirect to the OnePG gateway and set up a notification listener for transaction updates.

Uploaded by

Biraj Regmi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

Checkout API Document2024updated

The document outlines the integration process for Nepal Payment Solution Pvt. Ltd's OnePG payment gateway, detailing authentication, signature generation, and API endpoints for various payment operations. It includes examples of signature generation in multiple programming languages and describes the steps necessary for merchants to successfully implement the payment gateway, including obtaining payment instrument details, service charges, and process IDs. Additionally, it explains how to redirect to the OnePG gateway and set up a notification listener for transaction updates.

Uploaded by

Biraj Regmi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Table of Contents

1.1 INTRODUCTION ................................................................................................. 1

1.2 AUTHENTICATION HEADER ............................................................................... 1

1.3 Signature Generation ........................................................................................ 2

1.4 Example after Signature Generation ................................................................. 3

Signature Generation in C# ............................................................................... 3

Signature Generation in Python ........................................................................ 4

Signature Generation in JavaScript ................................................................... 4

Signature Generation in PHP ............................................................................. 4

1.5 Steps to Successfully Integrate Gateway .......................................................... 4

1.5.1 Get Payment Instrument Details ................................................................. 5

1.5.2 Get Service Charge ....................................................................................... 7

1.5.3 Get Process Id ............................................................................................ 10

1.5.4 Redirect to OnePG Gateway ...................................................................... 12

1.5.5 Check Transaction Status .......................................................................... 16


1.1 INTRODUCTION
Nepal Payment Solution Pvt. Ltd, a pioneering Company, is promoted by a group of innovative
and industrious personalities. It is incorporated in Company Registrar Office of Nepal under the
prevailing Company Act, 2063 (with amendments) and licensed by Nepal Rastra Bank for
conducting as a Payment System Operator (PSO) in Nepal. Founded by a team with experience
and knowledge of the fintech industry, we aim to revolutionize online payments by providing clean,
developer-friendly APIs and hassle- free integration. We offer a fast, affordable and secure way to
accept payments online for all stakeholders of the ever-growing payment ecosystem.
With the aim of Providing high-end infrastructure and innovative payment solutions in Nepal, Nepal
Payment has developed Payment Switch which saves merchants from the connectivity and
security issues. This solution dynamically routes payment transactions between the acquirer and
payment service provider revamping the transaction success rate.

1.2 AUTHENTICATION HEADER


OnePG uses Basic Authentication as authentication header, which is a simple authentication scheme
built into the HTTP protocol. The client sends HTTP requests with the Authorization header that
contains the word Basic word followed by a space and a base64-encoded string username: password.
For example, to authorize as demo / p@55w0rd the client would send.
Example.
Note: This is passed in header value.
Authorization: Basic Base64Encoded(Username+”:”+Password)
WITH DEMO VALUE:
Authorization: Basic dGVzdGFwaTp0ZXN0IzIyMTE=

1|Pa ge
1.3 Signature Generation
OnePG uses HMACSHA512 algorithm which computes a Hash-based Messages
Authentication Code. HMACSHA512 is a type of keyed hash algorithm that is constructed
from the SHA-512 hash function and used as a Hash-based Message Authentication Code
(HMAC). The HMAC process mixes a secret key with the message data and hashes the result.
The hash value is mixed with the secret key again, and then hashed a second time. The output
hash is 512 bits in length. An HMAC can be used to determine whether a message sent over a
nonsecure channel has been tampered with, provided that the sender and receiver share a secret
key. The sender computes the hash value for the original data and sends both the original data
and hash value as a single message. The receiver recalculates the hash value on the received
message and checks that the computed HMAC matches the transmitted HMAC.
If the original and computed hash values match, the message is authenticated. If they do not
match, either the data or the hash value has been changed. HMACs provide security against
tampering because knowledge of the secret key is required to change the message and reproduce
the correct hash value.
All the API request payload contains signature field which must have hashed message
authentication code HMAC(SHA512) of concatenated values of the payload fields in
alphabetical order by the secret key provided. The output hash byte array should be converted
to lower case hex string.

2|Pa ge
Example:

{
"MerchantId": "9",
"MerchantName": "TestMerchant",
}

By ordering the example Json provided with key name and concatenating the values of
respective keys,

Value = MerchantId + MerchantName; //9TestMerchant

Note: Signature generation should be done according to the request payload. It varies based on the request payload.

The value generated is then hashed with example key “SecretKey” and the output
array is then converted to hexadecimal format.

1.4 Example after Signature Generation


Signature Generation in C#

string signature = HMACSHA512(Value, SecretKey);


// HMACSHA512(“231.009TestMerchant0014490123”,”SecretKey”)
3817ec0ca32ce100d29e1895363350695ffaaf1cd8845ac1a203adc45dd0263b09022
639dea89250886d52121255a6e9eaa912c38daab99fafa7c903d0ccb90e C# code:

internal static string HMACSHA512(string text, string secretKey)


{
var hash = new StringBuilder();
byte[] secretkeyBytes = Encoding.UTF8.GetBytes(secretKey);
byte[] inputBytes = Encoding.UTF8.GetBytes(text);
using (var hmac = new HMACSHA512(secretkeyBytes))
{
byte[] hashValue = hmac.ComputeHash(inputBytes);
foreach (var theByte in hashValue)
hash.Append(theByte.ToString("x2"));
}
return hash.ToString();
}

3|Pa ge
Signature Generation in Python
import hmac
import hashlib
def generateHMACSHA512(value, secretkey):
hash_object = hmac.new(secretKey.encode(), value.encode(), hashlib.sha512)
return hash_object.hexdigest()

Signature Generation in JavaScript


const generateHMACSHA512 = (value, secretKey => {
const hmac = crypto.createHmac("sha512", secretKey);
hmac.update(value, "utf8");
return hmac.digest("hex");
};

Signature Generation in PHP


function generateHMACSHA512($plainText, $secretKey)
{
$hash = hash_hmac('sha512', $plainText, $secretKey, true);
return strtolower(bin2hex($hash));
}

1.5 Steps to Successfully Integrate Gateway


1.5.1 Get Payment Instrument Details
1.5.2 Get Service Charge
1.5.3 Get Process Id
1.5.4 Redirect to OnePG Gateway
1.5.5 Check Transaction Status

4|Page
1.5.1 Get Payment Instrument Details
This API returns the available payment instruments with their respective category, image icon
URL, Instrument name, Institution Name etc. Returned response object data payload contains key
“Instrument Code” which can be used in Form Submit method when redirecting to OnePG
Gateway.

URL: https://apisandbox.nepalpayment.com/GetPaymentInstrumentDetails

Method: POST

Content Type: application/Json

Headers: follow Authentication Headers


Request:
Field Name Required Description

MerchantId Y Provided in Email

MerchantName Y Provided in Email

{
"MerchantId": "5269",
"MerchantName": "saroj01",
"Signature": "99e6cb9cb0513ee2d478e37280a191e412c328ede565906e52129e883ffd31ea6b7c3e2f713d7662b074380696dccf
69b9fb0b2b84c7bfe177e9a231402fdc45"
}

5|Page
Response:

Field Name Description

Code Returns either “0” or “1”


Message Returns Success or Error

Errors Returns List of error object in case of code 1

Data Returns List of objects in case of code 0. Please see below table

Institution Name Name of Institution

Instrument Name Name of Instrument

Instrument Code Unique Instrument Code (Can be used in Redirect To OnePG)

Bank Type Instrument Category


Logo URL Logo image URL

6|Page
{
"code": "0",
"message": "Success",
"errors": [],
"data": [
{
"InstitutionName": "Card Checkout NIC Asia",
"InstrumentName": "Card Checkout NIC Asia",
"InstrumentCode": "NICCARD",
"InstrumentValue": null,
"LogoUrl": "https://apisandbox.nepalpayment.com/UploadedImages/PaymentInstitution/LogoUrl-
202204081553S15.PNG",
"BankUrl": "checkoutcard",
"BankType": "checkoutcard"
},
{
"InstitutionName": "Test Bank",
"InstrumentName": "Test Bank",
"InstrumentCode": "TEBANK",
"InstrumentValue": null,
"LogoUrl": "https://apisandbox.nepalpayment.com/UploadedImages/PaymentInstitution/LogoUrl-202007292355S3.png",
"BankUrl": "EBanking",
"BankType": "EBanking"
}

1.5.2 Get Service Charge


This API helps in get the service charge assigned according to slab

URL:https://apisandbox.nepalpayment.com/GetServiceCharge
Method: POST
Content Type: application/Json
Headers: Follow Authentication Headers

7|Page
Request

Field Name Required Description


Merchant ID Y Provide in email
Merchant name Y Provided in Email
Amount Y String decimal amount value
Instrument Code Y Generated in get payment instruments details
Signature Y Follow signature generation guidelines

Request

"MerchantId": "5269",
"MerchantName": "saroj01",
"Amount": "100",
"InstrumentCode": "TMBANK",
"Signature": "149ef38527d19cca47987dfb917821f039caf0b5f2497a124121c7dbd0826a54bdb137f055574af8965044cee7eaa42
bcda1d716fb25eac34b6a0dc29ae0df49"

Response:

Field Name Description


Code Returns either “0” or “1”
message Returns Success or Error
Errors Returns List of error object in case of code 1
Data Returns an object containing Amount, CommissionType, ChargeValue and
TotalChargeAmount in case of code 0 see below table

8|Page
Success

{
"code": "0",
"message": "Success",
"errors": [],
"data": {
"Amount": "100",
"CommissionType": "f",
"ChargeValue": "5",
"TotalChargeAmount": 5.0
}
}

9|Page
1.5.3 Get Process Id
This API generates a new process id (unique token) for each merchant transaction request.

URL: https://apisandbox.nepalpayment.com/GetProcessId
Method: POST
Content Type: application/Json
Headers: Follow Authentication Headers
Request:

Field Name Required Description


MerchantId Y Provided in Email
MerchantName Y Provided in Email
Amount Y String decimal amount value
MerchantTxnId Y Unique Merchant Transaction Id Identifier

Request:
{
"MerchantId": "5269",
"MerchantName": "saroj01",
"Amount": "100.00",
"MerchantTxnId": "Trnx UAT1234",
"Signature":
"eaf9773b97cd56b444ed63e0e03e65a6cc3cea94e47099d36ec07be22797d6fdba645378de87423b0f5f2214570f20273998c631d8e
d7ca23be70faac03f0a20"
}

10 | P a g e
Response:

Field Name Description

Code Returns either “0” or “1”


message Returns Success or Error

Errors Returns List of error object in case of code 1

Data Returns an object containing ProcessId in case of code 0. Please see below
table
Process Id Unique Gateway Process Id (Token) identifier

Success:

"code": "0",

"message": "Process Id generated successfully",

"errors": [],

"data": {

"ProcessId": "CD7E0463_D63D_4122_B974_EDC4A2A38708"

Error:
{
"code": "1",

"message": "Error","errors":
[
{
"error_code": "1",

"error_message": "Duplicate Record"

],

11 | P a g e
1.5.4 Redirect to OnePG Gateway
This redirection method validates the process id with merchant detail and unique merchant
transaction id identifier first then creates a new transaction in in the gateway system.
If the Instrument Code value is provided, then customer will be directly redirected to the provided
bank(instrument) page else customer will be able to select payment instrument in the gateway system.
Signature Generation and Authentication Headers are not required. Merchant should provide
{RequestURL} and {Notification URL} to OnePG support team prior to redirection integration for
setup.
Form Submit
Action:
URL: https://gatewaysandbox.nepalpayment.com/Payment/Index
Method: POST
Content-Type: multipart/form-data.

Request:

Field Name Required Description

MerchantId Y Provided in Email


MerchantName Y Provided in Email

Amount Y String decimal amount value

MerchantTxnId Y Unique Merchant Transaction Id Identifier (Sameas


for GetProcessId)
TransactionRemarks N Transaction Remarks.
If provided, then can be viewed in customer
statement.
InstrumentCode Y If provided, then customer will be directly redirected to
instrument panel else instrument can be selected in
gateway landing page

ProcessId Y Unique Gateway Process Id (Token) identifier

Signature Y Follow Signature Generation Guidelines

12 | P a g e
Kindly refer to the sample below for the redirection process.
<html>
<head>
<title> Gateway TEST</title>
</head>
<body onload="document.getElementById('form').submit()">
<form method="post"action="https://gatewaysandbox.nepalpayment.com/Payment/Index" id="form">
<input id="MerchantId" type="hidden" name="MerchantId" value="5269" />
<input id="MerchantName" type="hidden" name="MerchantName" value="saroj01" />
<input id="MerchantTxnId" type="hidden" name="MerchantTxnId"value="Trnx UAT1235" />
<input id="Amount" type="hidden" name="Amount" value="100" />
<input id="ProcessId" type="hidden" name="ProcessId"value="0E92183C_015D_4D1A_8467_8F11DFB136E0" />
<input id="InstrumentCode" type="hidden" name="InstrumentCode" value=""/>
<input id="TransactionRemarks" type="hidden" name="TransactionRemarks"value="test checkout gateway" />
<input id="ResponseUrl" type="hidden" name="ResponseUrl" value="https://www.google.com" />
</form>
</body>
</html>

Note: The Response URL in the above form is optional. If you provide a Response URL in the form, the system will
redirect to that specified URL. If Response URL is not provided in above form, the system will redirect to the default
URL configured in the NPS system.
Please make sure that the same merchant transaction ID, amount, and process ID also passed in the above form which
was used for generating process ID.

13 | P a g e
Notification URL-Listener
Merchants should create a Notification URL listener page on their website and then provide
the URL of the listener page to ONEPG gateway system. ONEPG will then send notification of
successful transaction to that URL. When customers pay for goods or services using ONEPG
gateway service, ONEPG sends a secure FORM GET containing MerchantTxnId (Passed
Transaction Id by Merchant) and GatewayTxnId (Unique Identification Number Generated by
OnePayment Gateway) to the URL. The Notification listener detects and processes the past
parameters using the merchant backend processes. The Notification listener page contains a
custom scripter program that waits for the messages, validates them with ONEPG system
using CheckTransactionStatus API, and update their transaction accordingly by preventing
multiple notification hit. Merchant should return plain/text with message “received” for first time
when the notification URL is hit or “already received” for multiple notifications.
Example:

14 | P a g e
OR

Example url:

Method Get:
{MerchantNotificationURL}?MerchantTxnId=100900&GatewayTxnId=100000004593

Response URL
Merchants should create a Response URL page on their website and then provide the URL of the page
to ONEPG gateway system. This URL can be used by merchant to show the customer their receipt
afterthe transaction is completed. ONEPG sends a secure FORM GET containing MerchantTxnId
(PassedTransaction Id by Merchant) and GatewayTxnId (Unique Identification Number Generated
by OnePayment Gateway) to the URL. Merchant can use Response URL to display the transaction
receipt as well.
Example

15 | P a g e
1.5.5 Check Transaction Status
Check the status of the transaction. If the transaction is found in the gateway system, current
transaction status is returned in the data payload of response object with key name “Status” and
possible values “Success”, Fail” or “Pending”

URL: https://apisandbox.nepalpayment.com/CheckTransactionStatus
Method: POST
Content Type: application/Json
Headers: follow Authentication Headers
Request:

Field Name Required Description

MerchantId Y Provided in Email

MerchantName Y Provided in Email

MerchantTxnId Y Merchant Transaction Id Identifier (same as


previous value or the MerchantTxnId
received in Notification
URL)

Signature Y Follow Signature Generation Guidelines

{
"MerchantId": "5269",
"MerchantName": "saroj01",
"MerchantTxnId": "Trnx UAT1235",
"Signature":
"80bceff8faf142677fc8c112b20f2cccae15cd6b140535d383c5aae76213b56f8a12f9905692030b999c0
7b7327c6b8195245e77db3aaffa44809f76ece36adc"
}

16 | P a g e
Response:

Field Name Description

Code Returns “0”, “1” and “2”

Message Returns Success or Error

Errors Returns List of error object in case of code 1

Data Returns an object containing Transaction detail case of code 0.


Please seebelow table
ServiceCharge Returns the service charge value of the transaction. If a service
charge is less than 0 then will return the service charge value as “.
{decimal places}”, integer if no decimal places, and returns the
decimal value for decimal places.
TransactionRemarks Remarks of the transaction
TransactionRemarks2 Remarks of the transaction
TransactionRemarks3 Remarks of the transaction
ProcessId Unique Gateway Process Id (Token) identifier
TransactionDate Date of transaction.
Format yyyy-MM-dd HH:mm:ss
MerchantTxnId Merchant Transaction Id Identifier
CbsMessage
Status CBS Transaction status. May return value either of below.
• Success
• Fail
• Pending
Institution Name of Institution
Instrument Name of Instrument
PaymentCurrency
ExchangeRate

Success

{
"code": "0", "message":
"Success","errors": [],
"data": {

17 | P a g e
"GatewayReferenceNo": "100000035434",
"Amount": "100",
"ServiceCharge": "5",
"TransactionRemarks": "test checkout gateway",
"TransactionRemarks2": "",
"TransactionRemarks3": "",
"ProcessId": "0E92183C_015D_4D1A_8467_8F11DFB136E0",
"TransactionDate": "2023-08-08 14:01:56",
"MerchantTxnId": "Trnx UAT1235",
"CbsMessage": "",
"Status": "Success",
"Institution": "Test Bank",
"Instrument": "Test MBanking",
"PaymentCurrency": "NPR",
"ExchangeRate": "1"
}
}

Pending:
"code": "0",
"message": "Success",
"errors": [],
"data": {
"GatewayReferenceNo": "100000029114",
"Amount": "100",

"ServiceCharge": "3",
"TransactionRemarks": "test",
"TransactionRemarks2": "",
"TransactionRemarks3": "",
"ProcessId": "810363A7_7CF1_459D_B341_1F19F4741083",
"TransactionDate": "2023-02-06 11:52:55",
"MerchantTxnId": "GTxnid20230206115159196",
"CbsMessage": "",
"Status": "Pending",
"Institution": "Test Bank",
"Instrument": "Test MBanking"

18 | P a g e
Fail:

"code": "0",
"message": "Success",
"errors": [],
"data": {
"GatewayReferenceNo": "100000028742",
"Amount": "1050",

"ServiceCharge": "1",
"TransactionRemarks": "test",
"ProcessId": "F3B8D1DD_F295_47FB_96E9_B3585EC9CF2C",

"TransactionDate": "2023-01-30 14:54:32",


"MerchantTxnId": "GTXN-UAT-130235",
"CbsMessage": "Unable to connect to the remote server","Status":
"Fail",
"Institution": "Khalti",
"Instrument": "KHALTI" } }

19 | P a g e

You might also like