Paymentgatewayintegration.github.io
Sample Android App with Documentation showcasing the webview integration with Payment Gateway.
Install / Use
/learn @paymentgatewayintegration/Paymentgatewayintegration.github.ioREADME
Overview
This section will guide you in creating a framework for integrating the Payment Gateway with your android app.
Sample App
To understand the Payment Gateway payment flow, you can download our sample app here.
Prerequisites
- You should be a registered and approved merchant with Payment Gateway.
- You should have received the SALT and API key from Payment Gateway.
- You should have received the HOSTNAME for the Payment Gateway request URL.
Server Side Setup
a. To prevent the data tampering(and ensure data integrity) between the your app and Payment Gateway, you will need to setup up an API in your server to calculate an encrypted value or checksum known as hash from the payment request parameters and SALT key before sending it to the Payment Gateway server.
Payment Gateway uses **SHA512** cryptographic hash function to prevent data tampering. To calculate the
hash, a secure private key known as **SALT key** will be provided by Payment Gateway that needs to be
stored **very securely in your server**. Any compromise of the salt may lead to data tampering.
# The hash generation code has 3 components:
1. **Concatenate** the request parameters(after **trimming** the blank spaces) separated by
**pipeline** in the order given below:
`hash_data="SALT|address_line_1|address_line_2|amount|api_key|city|country|currency|description
|email|hash|mode|name|order_id|phone|return_url|state|udf1|udf2|udf3|udf4|udf5|zip_code"`
2. Calculate the **hash** of the string value obtained in step 1 using **sha512** algorithm(all
major languages would have an in-house function to calculate the hash using SHA-512).
3. Change the hash value obtained in step 2 to **UPPERCASE** and response the hash value to the
android app.
# Payment Gateway Recommendation:
You must securly store the SALT key in your server. Compromise of the same would lead to attacks.
Sample Hash Generation of Payment Request for different languages has been given below:
**Java Servlet Sample Code**
public class PaymentRequest extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// TODO Auto-generated method stub
String salt = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
String [] hash_columns = {"address_line_1", "address_line_2", "amount", "api_key",
"city", "country", "currency","description", "email", "mode", "name", "order_id",
"phone", "return_url", "state", "udf1", "udf2", "udf3", "udf4","udf5", "zip_code"};
String hash_data = salt;
for( int i = 0; i < hash_columns.length; i++)
{
if(request.getParameter(hash_columns[i]).length() > 0 ){
hash_data += '|' + request.getParameter(hash_columns[i]).trim();
}
}
String hash = "";
try {
hash = getHashCodeFromString(hash_data);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
JsonObject jsonResponse = new JsonObject();
jsonResponse.addProperty("hash", hash);
jsonResponse.addProperty("status", "Kargopolov");
jsonResponse.addProperty("responseCode", "Kargopolov");
response.setContentType("application/json");
PrintWriter writer = response.getWriter();
writer.print(jsonResponse);
writer.flush();
}
private static String getHashCodeFromString(String str) throws NoSuchAlgorithmException,
UnsupportedEncodingException {
MessageDigest md = MessageDigest.getInstance("SHA-512");
md.update(str.getBytes("UTF-8"));
byte byteData[] = md.digest();
//convert the byte to hex format method 1
StringBuffer hashCodeBuffer = new StringBuffer();
for (int i = 0; i < byteData.length; i++) {
hashCodeBuffer.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16)
.substring(1));
}
return hashCodeBuffer.toString().toUpperCase();
}
}
**PHP Sample Code**
try {
$salt="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
$params["api_key"]=trim($_POST["api_key"]);
$params["amount"]=trim($_POST["amount"]);
$params["email"]=trim($_POST["email"]);
$params["name"]=trim($_POST["name"]);
$params["phone"]=trim($_POST["phone"]);
$params["order_id"]=trim($_POST["order_id"]);
$params["currency"]=trim($_POST["currency"]);
$params["description"]=trim($_POST["description"]);
$params["city"]=trim($_POST["city"]);
$params["state"]=trim($_POST["state"]);
$params["address_line_1"]=trim($_POST["address_line_1"]);
$params["address_line_2"]=trim($_POST["address_line_2"]);
$params["zip_code"]=trim($_POST["zip_code"]);
$params["country"]=trim($_POST["country"]);
$params["return_url"]=trim($_POST["return_url"];)
$params["mode"]=trim($_POST["mode"]);
if(!empty($_POST["udf1"])) $params["udf1"]=trim($_POST["udf1"]);
if(!empty($_POST["udf2"])) $params["udf2"]=trim($_POST["udf2"]);
if(!empty($_POST["udf3"])) $params["udf3"]=trim($_POST["udf3"]);
if(!empty($_POST["udf4"])) $params["udf4"]=trim($_POST["udf4"]);
if(!empty($_POST["udf5"])) $params["udf5"]=trim($_POST["udf5"]);
$hash_columns = [
'name',
'phone',
'email',
'description',
'amount',
'api_key',
'order_id',
'currency',
'city',
'state',
'address_line_1',
'address_line_2',
'country',
'zip_code',
'return_url',
'hash',
'mode',
'udf1',
'udf2',
'udf3',
'udf4',
'udf5'
];
sort($hash_columns);
$hash_data = $salt;
foreach ($hash_columns as $column) {
if (isset($params[$column])) {
if (strlen($params[$column]) > 0) {
$hash_data .= '|' . $params[$column];
}
}
}
$hash = null;
if (strlen($hash_data) > 0) {
$hash = strtoupper(hash("sha512", $hash_data));
}
$output['hash'] = $hash;
$output['status']=0;
$output['responseCode']="Hash Created Successfully";
}catch(Exception $e) {
$output['hash'] = "INVALID";
$output['status']=1;
$output['responseCode']=$e->getMessage();
}
echo json_encode($output);
**ASP.NET Sample Code**
public partial class PaymentRequest : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string jsonResponse = "";
try
{
string hash_string = string.Empty;
string hashValue = string.Empty;
string SALT = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
hash_string = SALT;
hash_string += '|' + Request.Form["address_line_1"].Trim();
hash_string += '|' + Request.Form["address_line_2"].Trim();
hash_string += '|' + Request.Form["amount"].Trim();
hash_string += '|' + Request.Form["api_key"].Trim();
hash_string += '|' + Request.Form["city"].Trim();
hash_string += '|' + Request.Form["country"].Trim();
hash_string += '|' + Request.Form["currency"].Trim();
hash_string += '|' + Request.Form["description"].Trim();
hash_string += '|' + Request.Form["email"].Trim();
hash_string += '|' + Request.Form["mode"].Trim();
hash_string += '|' + Request.Form["name"].Trim();
hash_string += '|' + Request.Form["order_id"].Trim();
hash_string += '|' + Request.Form["phone"].Trim();
hash_string += '|' + Request.Form["return_url"].Trim();
hash_string += '|' + Request.Form["state"].Trim();
if (!string.IsNullOrEmpty(Request.Form["udf1"].Trim()))
{
hash_string += '|' + Request.Form["udf1"].Trim();
}
if (!string.IsNullOrEmpty(Request.Form["udf2"].Trim()))
{
hash_string += '|' + Request.Form["udf2"].Trim();
}
if (!string.IsNullOrEmpty(Request.Form["udf3"].Trim()))
{
hash_string += '|' + Request.Form["udf3"].Trim();
}
if (!string.IsNullOrEmpty(Request.Form["udf4"].Trim()))
{
hash_string += '|' + Request.Form["udf4"].Trim();
}
if (!string.IsNullOrEmpty(Request.Form["udf5"].Trim()))
{
hash_string += '|' + Request.Form["udf5"].Trim();
}
hash_string += '|' + Request.Form["zip_code"].Trim();
hash_string = hash_string.Substring(0, hash_string.Length);
hashValue = Generatehash512(hash_string).ToUpper();
var columns = new Dictionary<string, string>
{
{ "hash", hashValue},
{ "status", 0},
{ "responseCode", "Hash Created Successfully"},
};
var jsSerializer = new JavaScriptSerializer();
var jsonString = jsSerializer.Serialize(columns);
return jsonString;
}catch (Exception ex){
var columns = new Dictionary<string, string>
{
{ "hash", "INVALID"},
{ "status", 1},
{ "responseCode", ex.Message},
};
var jsSerializer = new JavaScriptSerializer();
var jsonString = jsSerializer.Serialize(columns);
return json
View on GitHub55/100
GitHub Stars5
CategoryDevelopment
Updated3y ago
Forks2
Languages
Java
Security Score
Audited on Feb 19, 2023
No findings