INTRODUCTION #
PURPOSE OF DOCUMENT #
The purpose of this document is to specify how to integrate with PaySky OMNI Gateway – PayForm™ Plus to enable payment options on any website in few simple steps.
Supported Payment channels by PaySky OMNI Gateway:
- Digital Payment Schemes – Tahweel and mVISA.
- National Payment Scheme (Egypt) – Meeza cards.
- International Card Schemes – Visa and Mastercard.
- Pay on Delivery (Payment on POS with delivery)
PREREQUISITES #
In order to start integration with PaySky OMNI Gateway you need to obtain the following from your partner bank:
- Merchant ID: Merchant unique identifier.
- Terminal ID: ID of the acceptance interface with different acceptance channels enabled/disabled (Card, Digital QR, & Pay on Delivery)
GLOSSARY #
CVV (Card Verification Value) – Is the three digits’ number on the back of a credit card, the cardholder is required to enter the CVV number at transaction time to verify that the card is on hand.
HMAC: Hash-based Message Authentication Code – AKA keyed-hash message authentication code, is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. It may be used to simultaneously verify both the data integrity and the authentication of a message, as with any MAC.
Host ID – is a specific piece of information which uniquely identifies the host used for transaction authorization.
PAN: Primary Account Number
STAN: System Trace Audit Number – A number assigned by the originator of a transaction to uniquely identify a transaction throughout its life.
PAYSKY OMNI GATEWAY – LIGHTBOX #
WHAT IS LIGHTBOX #
Lightbox is a simple HTML & JavaScript plugin to integrate within merchant’s website to seamlessly enable payments with minimal technical development in order to process payments on PaySky OMNI Gateway.
CHECKLIST #
In order to enable PaySky OMNI Gateway – PayForm on the merchant’s website, the following needs to be applied:
- Merchant must subscribe in PaySky OMNI Gateway and enable selected acceptance networks to the merchant like Tahweel, mVISA, Card and Pay on Delivery.
- Merchant must have a “web terminal” to allow different payment channels.
CONFIGURATION STEPS #
- Reference the Lightbox.js file:
Can be found on:
Test: https://grey.paysky.io:9006/invchost/JS/LightBox.js
Production: https://cube.paysky.io:6006/js/LightBox.js
<script src=”https://grey.paysky.io:9006/invchost/JS/LightBox.js”></script>
2. Setup LightBox configuration using “Lightbox.Checkout.configure”, request parameters details at parameters section
3. Setup callbacks functions:
- completeCallback: triggered when payment completed successfully, result data object details at parameters section
- errorCallback: triggered when payment has an error, error object details at parameters section
- cancelCallback: triggered when user closes lightbox
4. Start the payment process by calling Lightbox.Checkout.showLightbox();
5. You can close LightBox by calling Lightbox.Checkout.closeLightbox();
PARAMETERS #
REQUEST PARAMETERS #
| Item | Data Type | Min-Max Length | Optional/ Mandatory | Comments |
| MID | String | 11-18 | M | The configured PaySky
OMNI Gateway Merchant ID |
| TID
|
string | 6-8 | M | PaySky OMNI Gateway configured Terminal ID for the merchant |
| AmountTrxn | Integer | 1-15 | M | The payment amount in smallest currency unit, i.e. 1 Egyptian pound should
be 100 piasters |
| MerchantReference | String | 1-50 | O | Merchant reference for the transaction |
| TrxDateTime | String | 12 | O | Request datetime in format
“yyyyMMddHHmm” and it will be required when sending secure hash at request |
| SecureHash | String | 64 | O | Used for request integrity between client call and server. For more details please see appendix B,
section 5.1 |
COMPLETE CALLBACK PARAMETERS #
| Item | Data Type | Min-Max Length | Optional/ Mandatory | Comments |
| TxnDate | String | 12 | M | transaction execution date and time, format
yyyyMMddHHmm |
| SystemReference | String | 2-20 | M | PaySky OMNI Gateway transaction reference |
| NetworkReference | String | 10-15 | M | Tahweel reference number in case of a Tahweel transaction, mVisa reference in case of mVisa Transaction and payment gateway reference number in case of card transactions |
| MerchantReference | String | 1-50 | O | Merchant reference for the transaction |
| Amount | String | 1-15 | M | The payment amount in smallest currency unit, i.e. 1 Egyptian pound should be 100 piasters |
| Currency | String | 3 | M | transaction currency ISO code, EGP represented by 818 |
| PaidThrough | String | 4-10 | M | transaction payment method (Card, Tahweel, mVisa) |
| PayerAccount | String | 14-36 | M | Masked card number in case of (card, mVisa) transaction or (mobile number, Tahweel merchant ID) in case of Tahweel transaction |
| PayerName | String | 0-50 | O | Payer name associated to the payer account |
| ProviderSchemeName | String | 5-20 | O | Payer wallet provider name |
| SecureHash | String | 64 | M | Used for response callback integrity between client call and server. For more details please see appendix B, section 5.2 |
ERROR CALLBACK PARAMETERS #
| Item | Data Type | Min-Max Length | Optional/ Mandatory | Comments |
| error | String | 11-18 | M | Error message and may contain error codes |
| DateTimeLocalTrxn | String | 12 | M | Error datetime |
| MerchantReference | String | 1-50 | O | Merchant reference for the transaction |
| Amount | String | 12 | O | transaction amount |
| SecureHash | String | 64 | M | Used for response callback integrity between client call and server. For more details please see appendix B, section 5.3 |
Wallet “TAHWEEL” Payment channel #
This Option allows payers to pay using their mobile Wallet applications (e.g. Tahweel compliant Wallets in Egypt) by simply scanning the QR code on the PayForm plugin, the plugin will detect payment when completed and move to transaction completion page.
MVISA Payment channel #
This Option allows payers to pay using their mVisa (Visa Scan to Pay) by simply scanning the QR code on the PayForm plugin, the plugin will detect payment when completed and move to transaction completion page.
Pay on delivery Payment channel #
This option allows the payer to request a POS/MiniPOS terminal to be used to collect payment during delivery.
Pay on delivery overview #
- Pay on delivery, is a service provided by PaySky to allow the purchaser to pay at the time of delivery rather than in advance/at the time of purchase.
- There are two allowed payment options: Cash & Card.
- System will send notification to the customer informing him with order id and amount through inquiry services.
- you will have to enter Order ID or mobile number, customer can check his order details amount, customer name, order ID
-
- If user choose to pay by card then CUBE service for paying order by card will called
- If user choose to pay by cash then CUBE service for paying order by cash will called.
-
- After payment, system will send order payment notification to customer (order payment notification)
Pay on delivery – MPOS Side #
- After request is created, Payer will receive SMS as following:
- inquire for this payment order through mPOS
- After, you choose the payment method and go through successful payment method steps, you will receive a notification message on mobile:
- For card Payment option choice, you will receive extra SMS:
Pay on delivery – Requests – Portal Side #
Merchant will have access to PaySky OMNI Gateway portal and can check the list of all related POD requests.
PAYSKY OMNI GATEWAY – DATA SERVICE #
This section details how to integrate with PAYSKY via API interface to retrieve transaction data Message Definition
The web service takes a JSON request to search on transaction log.
API URL:
- Test: https://grey.paysky.io/cube/paylink.svc/api/FilterTransactions
- Production: https://cube.paysky.io/cube/paylink.svc/api/FilterTransactions
Request Message Format
| Message Item | Data Type | Min-Max Length | Presence | Comments |
| MerchantReference | String | 10-36 | O | Merchant Reference for the transaction |
| NetworkReference | String | 10-36 | O | Tahweel reference number in case of a Tahweel transaction. mVisa reference in case of mVisa Transaction. And payment gateway reference number in case of card transactions |
| TerminalId | String | 6-8 | M | The PAYSKY terminal ID |
| MerchantId | String | 11-18 | M | PAYSKY Merchant Id applied the transaction |
| DisplayLength | String | 1-5 | M | Number of Transactions required to be returned for the request |
| DisplayStart | String | 1-5 | M | The index to start fetch data from |
| Message Item | Data Type | Min-Max Length | Presence | Comments |
| DateTimeLocalTrxn | String | 12-12 | M | The request execution date and time with format
“YYMMDDHHMMSS” and it should be unique per terminal requests |
| DateFrom | String | 12-12 | O | The transaction execution date and time with format
“yyyyMMdd” to start search from |
| DateTo | String | 12-12 | O | The transaction execution date and time with format
“yyyyMMdd” to end search to |
| SortCol | String | 1-25 | O | The column name you want to sort data with |
| SortDir | String | 1-5 | O | The Sort direction either “asc” or “desc” |
| SecureHash | String | 20-250 | M
|
A keyed hash message authorization code (HMAC) is a specific type of message authorization code (MAC) involving a cryptographic hash function and a secret cryptographic key. It is used to verify both the data integrity and the authorization of a message. For more information on how to generate secure hash read appendix B, section 5.4 |
Request Example
Response Message Formats
| Message Item | Data Type | Min-Max Length | Comments |
| Message | String | 0-250 | The message describes the transaction execution status |
| Success | Boolean | 4-5 | Describe transaction execution status. |
| Transactions | The array of transactions returned from applying search parameters | ||
| CardNo | String | 10-16 | The card number executed the transaction |
| MobileNumber | String | 12-14 | The mobile number in case this is a Tahweel transaction |
| Amnt | Integer | 1-15 | The transaction amount in piasters |
| Status | String | 1-25 | “Approved” if the transaction executed successfully |
| Currency | String | 3-3
|
The Transaction Currency shall conform to [ISO 4217] and shall contain the 3-digit numeric representation of the currency. For example, EGP is represented by the value “818” |
| Message Item | Data Type | Min-Max Length | Comments |
| TransType | String | 1-25 | The transaction type |
| CardType | String | 1-25 | The card type |
| STAN | String | 1-14 | The system trace number, returned from CTMS |
| RRN | String | 12-36 | Retrieval reference number returned by the payment gateway |
| MerchantReference | String | 0-300 | Merchant Reference for this transaction |
| ReceiptNo | String | 12-14 | The receipt number returned by the payment gateway |
| TotalCountAllTransaction | Integer | 1-10 | The total count of returned transactions from search result |
Response Example
ANNEX A: TEST DATA #
- International Card Test data:
- National Card Test data:
- Terminal ID: Please refer to your integration consultant
- Merchant ID: Please refer to your integration consultant
- Sample Test Page:(you can view below page source and copy JS sample)
ANNEX B: SECURE HASH GENERATION #
Secure hash used to verify client request and to ensure request data integrity, and its used at:
- LightBox request verification
- LightBox complete callback verification
- LightBox error callback verification
- Data service API request verification
Pre-requisite:
Merchant Secret Key: to generate a valid secure hash is to have merchant secret key provided by PaySky
LIGHTBOX REQUEST SECURE HASH #
The SHA-256 HMAC is calculated as follows:
- The SHA-256 HMAC calculation includes these fields:
- Amount
- DateTimeLocalTrxn
- MerchantId
- MerchantReference
- TerminalId
- The field names are sorted in ascending of parameter name as listed above.
- Construct a string by concatenating the string form of the sorted field name-value pairs. The string form of a name-value pair is the name followed by the value.
- The field name and the value in each field name-value pair are joined using “=” as the separator.
- The resulting joined field name-value pairs are themselves joined using “&” as the separator.
- Create a SHA-256 HMAC of the resultant string using the hex decoded value of merchant secret key given by PAYSKY integration consultant as the key.
- Encode the HMAC in hexadecimal convert it to uppercase and populate it in the request as the value for the SecureHash field that will be added to the request.
Example:
Using the following merchant secret key:
35333335653063302D663464372D343237652D623739362D643234666661386432323065
Using the following parameters:
Amount=100&DateTimeLocalTrxn=202009171418&MerchantId=43233&MerchantReference=Txn 1234&TerminalId=53532091
The resulting secure hash will be:
EAD7AB68E23BFF2E5B03F4A0CD41581722FD14C349C6743CD91B577341465A61
LIGHTBOX COMPLETE CALLBACK SECURE HASH #
The SHA-256 HMAC is calculated as follows:
- All response query strings parameters except “SecureHash” should be included at hashing.
- The field names are sorted in ascending of parameter name as listed above.
- Construct a string by concatenating the string form of the sorted field name-value pairs. The string form of a name-value pair is the name followed by the value.
- The field name and the value in each field name-value pair are joined using “=” as the separator.
- The resulting joined field name-value pairs are themselves joined using “&” as the separator.
- Create a SHA-256 HMAC of the resultant string using the hex decoded value of merchant secret key given by PAYSKY integration consultant as the key.
- Encode the HMAC in hexadecimal convert it to uppercase and compare it to callback SecureHash value
Example:
Using the following merchant secret key:
62656164643366382D626466612D343461392D383630332D346135613363376666356264
Using the following parameters:
Amount=55&Currency=818&MerchantId=14554075972&MerchantReference=1234&PaidThrough=Card&Te rminalId=93171742&TxnDate=20190826111304
The resulting secure hash will be:
AFE674E81B1933DAFBCB5BB4A7A78C5F644AF104CA340AEBD5379FEE86FF1EEE
LIGHTBOX ERROR CALLBACK SECURE HASH #
The SHA-256 HMAC is calculated as follows:
- The SHA-256 HMAC calculation includes these fields:
- Amount
- DateTimeLocalTrxn
- ErrorMessage
- MerchantId
- MerchantReference
- TerminalId
- The field names are sorted in ascending of parameter name as listed above.
- Construct a string by concatenating the string form of the sorted field name-value pairs. The string form of a name-value pair is the name followed by the value.
- The field name and the value in each field name-value pair are joined using “=” as the separator.
- The resulting joined field name-value pairs are themselves joined using “&” as the separator.
- Create a SHA-256 HMAC of the resultant string using the hex decoded value of merchant secret key given by PAYSKY integration consultant as the key.
- Encode the HMAC in hexadecimal convert it to uppercase and compare it to callback SecureHash value
Example:
Using the following merchant secret key:
62656164643366382D626466612D343461392D383630332D346135613363376666356264
Using the following parameters:
Amount=55&DateTimeLocalTrxn=20190826111304&ErrorMessage=CubeEX:132123&MerchantId=14554075 972&MerchantReference=1234&TerminalId=93171742
The resulting secure hash will be:
92DCAEF9F9F3FB0280F29892A1E88DBBF562F34005024CCBA21DC7D83B046C8C
DATA SERVICE API SECURE HASH #
The SHA-256 HMAC is calculated as follows:
- The SHA-256 HMAC calculation includes these fields:
- DateTimeLocalTrxn
- MerchantId
- TerminalId
- The field names are sorted in ascending of parameter name as listed above.
- Construct a string by concatenating the string form of the sorted field name-value pairs. The string form of a name-value pair is the name followed by the value.
- The field name and the value in each field name-value pair are joined using “=” as the separator.
- The resulting joined field name-value pairs are themselves joined using “&” as the separator.
- Create a SHA-256 HMAC of the resultant string using the hex decoded value of merchant secret key given by PAYSKY integration consultant as the key.
- Encode the HMAC in hexadecimal convert it to uppercase and populate it in the request as the value for the SecureHash field that will be added to the request.
Example:
Using the following merchant secret key:
34376635346431302D353564662D346334652D623965302D656239653030306637323161
Using the following parameters:
DateTimeLocalTrxn=1811101423&MerchantId=45374&TerminalId=84949616
The resulting secure hash will be:
CF0B9237DCC8D31F985B6203BDBA634019717D746BAA1B8C7F198BA3DA0B6A96
Use the following URL: https://www.liavaag.org/English/SHA-Generator/HMAC/ with correct parameters are set:
ANNEX C: RESPONSE CODES #
| Code | Meaning |
| 00 | Successful approval/completion or that VIP PIN verification is valid |
| 01 | Refer to card issuer |
| 02 | Refer to card issuer, special condition |
| 03 | Invalid merchant or service provider |
| 04 | Pickup |
| 05 | Do not honor |
| 06 | General error |
| 07 | Pick up card, special condition (other than lost/stolen card) |
| 08 | Honor with identification |
| 09 | Request in progress |
| 10 | Partial approval |
| 11 | VIP approval |
| 12 | Invalid transaction |
| 13 | Invalid amount (currency conversion field overflow) or amount exceeds maximum for card program |
| 14 | Invalid account number (no such number) |
| 15 | No such issuer |
| 16 | Insufficient funds |
| 17 | Customer cancellation |
| 19 | Re-enter transaction |
| 20 | Invalid response |
| 21 | No action taken (unable to back out prior transaction) |
| 22 | Suspected Malfunction |
| 25 | Unable to locate record in file, or account number is missing from the inquiry |
| 28 | File is temporarily unavailable |
| 30 | at error |
| 41 | Merchant should retain card (card reported lost) |
| 43 | Merchant should retain card (card reported stolen) |
| 51 | Insufficient funds |
| 52 | No checking account |
| 53 | No savings account |
| 54 | Expired card |
| 55 | Incorrect PIN |
| 57 | Transaction not permitted to cardholder |
| 58 | Transaction not allowed at terminal |
| 59 | Suspected fraud |
| 61 | Activity amount limit exceeded |
| 62 | Restricted card (for example, in country exclusion table) |
| 63 | Security violation |
| 65 | Activity count limit exceeded |
| 68 | Response received too late |
| 75 | Allowable number of PIN-entry tries exceeded |
| 76 | Unable to locate previous message (no match on retrieval reference number) |
| 77 | Previous message located for a repeat or reversal, but repeat or reversal data are inconsistent with original message |
| 78 | ’Blocked, first used’—The transaction is from a new cardholder, and the card has not been properly unblocked. |
| 80 | Visa transactions: credit issuer unavailable. Private label and check acceptance: Invalid date |
| 81 | PIN cryptographic error found (error found by VIC security module during PIN decryption) |
| 82 | Negative CAM, dCVV, iCVV, or CVV results |
| 83 | Unable to verify PIN |
| 85 | No reason to decline a request for account number verification, address verification, CVV2 verification; or a credit voucher or merchandise return |
| 91 | Issuer unavailable or switch inoperative (STIP not applicable or available for this transaction) |
| 92 | Destination cannot be found for routing |
| 93 | Transaction cannot be completed, violation of law |
| 94 | Duplicate transmission |
| 95 | Reconcile error |
| 96 | System malfunction, System malfunction or certain field error conditions |
| B1 | Surcharge amount not permitted on Visa cards (U.S. acquirers only) |
| N0 | Force STIP |
| N3 | Cash service not available |
| N4 | Cashback request exceeds issuer limit |
| N7 | Decline for CVV2 failure |
| P2 | Invalid biller ination |
| P5 | PIN change/unblock request declined |
| P6 | Unsafe PIN |
| Q1 | Card authentication failed |
| R0 | Stop payment order |
| R1 | Revocation of authorization order |
| R3 | Revocation of all authorizations order |
| XA | Forward to issuer |
| XD | Forward to issuer |
| Z3 | Unable to go online |
