3. Initiate Pay
Once the merchant request has been verified, this API is used to safely handle payment requests by encrypting card data using AES and RSA encryption.
API Endpoints
https://kwpaypg.casheer.com/COFWAY/InitiatePay
Sample Request & Response
The following fields ought to be included in the request body:
"Initiate pay request{
"ReferenceId" : "xxxxxxxxx",//The validate request response contained a 15-digit reference ID.
"MerchantId": xxxxxx, //merchant code
"ECardData" = "encryptedCard", //card data should be encrypted using
32BIT AES Encryption
"ECardKey" = "encryptedKey", // Encrypt the 32 digit AES key using the RSA public key
"ACS_CallbackURL"= "call back url for 3DS"+ReferenceId //optional
}
};
ReferenceId
String
15-digit reference id received in the validate requet response
MerchantId
String
Merchant code
ECardData
String
The encrypted card data encrypted using AES encryption with a 32-bit key. Explained below
Explanation of the ECardData
Encryption Object
ECardData
Encryption ObjectThe ECardData
field in the request is an encrypted representation of the sensitive card details. The following explains the object that is encrypted using AES encryption before being included in the API request:
{
"CardNumber": "xxxxxxxxxxxxxxxx",//16-digit card number
"CardName": "John Doe", //Name mentioned on card
"CardExpiry": "mm/yy", //month/year format
"CardCVV": "xxx" //3 decimal number
"CardBrand" :"VISA"
}
Sample code to encrypt ECardData
string aesKeyText = "jcIkNa3ybrNVWxe1GSxycA1ru4GoEETO"; // Generate a 32bit random alphanumeric Key
byte[] aesKey = Encoding.UTF8.GetBytes(aesKeyText);
byte[] IV = new byte[16]; // 16-byte IV initialized to zeros
var cardData = new
{
CardNumber = "XXXXXXXXXXXXXXXXX",
CardName = "John Doe",
CardExpiry = "MM/YY",
CardCVV = "XXX"
};
string serializedCardData = JsonConvert.SerializeObject(cardData);
string encryptedData = EncryptStringToBytes_Aes(serializedCardData, aesKey, IV);
public static string EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
aesAlg.Mode = CipherMode.CBC;
aesAlg.Padding = PaddingMode.PKCS7;
using (var encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV))
using (var msEncrypt = new MemoryStream())
{
using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
using (var swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(plainText);
}
return Convert.ToBase64String(msEncrypt.ToArray());
}
}
}
ACS_CallbackURL
The provider will handle the 3D Secure callback if it is empty, and the user will be sent to the callback URL that was supplied in step 1. For more info about redirection refer here.
If provided, the 3D Secure callback will be sent to the merchant's specified URL, and the merchant must call the API at here for further processing.
Response Explaination
Upon receiving the response from the InitiatePay API, the merchant must verify the errorCode to determine the next steps. If the errorCode is 0, indicating a successful initiation, the merchant should parse the result object and render the HTML content provided in result.redirect.html to proceed with the 3DS authentication process.
Last updated