User Tools

Site Tools


securepayment

This is an old revision of the document!


Secure Payment



Definitions

  • User - the user of the merchant system
  • Merchant system – user accounting merchant system that allows to deposit funds to the account or pay for the products/services via MoneyPolo account.
  • Service - MoneyPolo service, enabling processing of merchant system requests when dealing with payment.
  • S2S message – Server to Server message without user interaction via secured channel (HTTPS POST).



Before start

To start integration Merchant need to provide 3 URLs on his website.

  • success URL - where user will be redirected after successful transaction
  • fail URL - where user will be redirected in case of any error
  • S2S URL - secure page where Service will check transactions and send notification about successful transaction.



Service address

https://secure.moneypolo.com/payment/process.php

Please note, that test and prod keys are different from each other. Working key will be issued by MoneyPolo company at the end of the testing period.



Operating algorythm

  1. The user logins to the merchant system and select MoneyPolo as payment option (User must have an account in MoneyPolo system already).
  2. The merchant system redirects the user to the pre-determined service page, which specifies all the payment options and pages with successful/error payments.
  3. Service show user transaction summary, force him to login into his profile and shows account balance in currency of transaction. User can cancel the transaction by pressing cancel button, whenever he/she decide to.
  4. After user press confirm button Service send unsigned S2S message of type „check“, that contains all transaction data. Service expects string 'OK' as response, otherwise Service consider this check as unsuccessfull, cancel transaction and redirects user back to fail page.
  5. If S2S check is successfull, user can press „pay“ button. Service process payment and after successfull transaction execution send signed S2S message of type „completed“, that contains all transaction data. Service expects string 'OK' as response to this message, otherwise message is undelivered, but transaction is finished, no matter to S2S notification.
  6. The user immediately redirected to the appropriate page of the merchant system.
  7. If transaction is in test mode (parameter TestMode = 1), everything is exactly the same, except in step 5, where transaction will not be executed at all.



Parameters description

The list of outbound request parameters that the merchant system should translate to the Service for processing.

Name Type Description
MerchantCode string Merchant code (issued by the MoneyPolo company at the beginning of integration)
Amount decimal Amount
Currency string Currency char(3) ISO code. (USD/EUR/..)
MerchantDocID string Unique ID of operation in merchant's system. Purpose is to connect transaction in merchant's system with transaction in MoneyPolo system.
Details string Details of payment
TestMode int Test mode indicator 0/1
SignaturestringRequest signature

Signature is a string received from encrypting all transaction data and the merchant secret key using SHA512 method.
Pseudo code for receiving sign:
HASH = UPPERCASE ( SHA512 ( MERCHANTCODE + AMOUNT + CURRENCY + MERCHANTDOCID + DETAILS + TESTMODE + SECRET_KEY))

Example of outbound request sign implementation in PHP language:

$Secret_Key = '0123456789876543210';
$str = 'MerchantCode';
$str .= 'Amount';
$str .= 'Currency';
$str .= 'MerchantDocID';
$str .= 'Details';
$str .= 'TestMode';
$str .= $Secret_Key;
$hash = strtoupper(hash('sha512', $str));



The list of inbound request parameters that the Service will sent to the merchant system in signed S2S message.

Name Type Description
MerchantCode string Merchant code (as in request)
Amount decimal Amount
Currency string Currency char(3) ISO code - USD/EUR
MerchantDocID string Merchant operation ID
Details string Details of payment
TestMode int Test mode indicator 0/1
StatusstringStatus of the transaction after processing
MFSIDintID of operation in MoneyPolo
MFSAccountNumberstringMoneyPolo account number
MFSAccountNamestringMoneyPolo account name
SignaturestringResponse signature

Signature is a string received from encrypting all transaction data and the merchant secret key using SHA512 method.
Pseudo code for receiving sign:
HASH = UPPERCASE ( SHA512 ( MERCHANTCODE + AMOUNT + CURRENCY + MERCHANTDOCID + DETAILS + TESTMODE + STATUS + MFSID + MFSACCOUNTNUMBER + MFSACCOUNTNAME + SECRET_KEY))

Example of outbound request sign implementation in PHP language:

$Secret_Key = '0123456789876543210';
$str = 'MerchantCode';
$str .= 'Amount';
$str .= 'Currency';
$str .= 'MerchantDocID';
$str .= 'Details';
$str .= 'TestMode';
$str .= 'Status';
$str .= 'MFSID';
$str .= 'MFSAccountNumber';
$str .= 'MFSAccountName';
$str .= $Secret_Key;
$hash = strtoupper(hash('sha512', $str));
if ($hash != strtoupper($_POST['Signature']))
{ exit('failed to check transaction data. Possible hacking attempt'); };



Integration process

  1. Get merchant code from the MoneyPolo company and test key for request signs.
  2. Implement the following pages on the merchant website:
    1. Send payment (the form preparing and sending data to the MoneyPolo service)
    2. Successful transactions page
    3. Failure and error page
    4. page for processing S2S requests (its the only page where you can believe to transaction data – no user interaction. The only place to pefrom credit/debit operations on merchant system)
  3. Test payments together with MoneyPolo support specialists.
  4. After all the successful tests, switch the system to the operation mode.



Error codes

Error code Description
101 Wrong signature
102 Incorrect data
103 Error in data
104 Merchant can not process transactions
105 Fields Login or Password are empty
106 Wrong login or password
107 Error checking transaction
108 Error processing transaction
109 Transaction cancelled by user
110 Internal error. Transaction is logged for further analysis
111 Duplicate payment
securepayment.1474897969.txt.gz · Last modified: 2016/09/26 14:52 by Anatolii Zhiliaev