Exemplary Integration of Transferuj.pl system

Transkrypt

Krajowy Integrator Płatności Spółka Akcyjna (National Payment Integrator Joint Stock Company) based in Poznań,
Św. Marcin Street 73/6, added to National Court Register by District Court Poznan - New Town and Wilda in
Poznan, VIII Division of the National Court Register at the KRS number 0000412357, NIP number 7773061579,
REGON 300878437, initial capital 4 798 500,00 PLN (paid up in full).
1
Transfer of transaction parameters
Below we present code of the exempalry HTML website, which task is to redirect customer to the address
https://secure.transferuj.pl in order to make a payment for transaction:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body>
<form action="https://secure.transferuj.pl" method="post"
accept-charset="utf-8">
<input type="hidden" name="id" value="1111">
<input type="hidden" name="kwota" value="10.00">
<input type="hidden" name="opis" value="Transaction description">
<input type="hidden" name="crc" value="helpfull identifier">
<input type="hidden" name="wyn_url" value="URL to send notification">
<input type="hidden" name="wyn_email" value="email to send notification">
<input type="hidden" name="opis_sprzed" value="Merchant Description">
<input type="hidden" name="pow_url" value="URL to redirect customer if transaction is
positive">
<input type="hidden" name="pow_url_blad" value="URL to redirect customer if there is
an error in transaction (default as above)">
<input type="hidden" name="email" value="[email protected]">
<input type="hidden" name="nazwisko" value="Surname">
<input type="hidden" name="imie" value="Name">
<input type="hidden" name="adres" value="Street">
<input type="hidden" name="miasto" value="City">
<input type="hidden" name="kod" value="12-345">
<input type="hidden" name="kraj" value="Poland">
<input type="hidden" name="telefon" value="48123456789">
<input type="hidden" name="jezyk" value="pl, en or de">
<input type="submit" name="Proceed to payment">
</form>
</body>
</html>
It is the HTML form sending to the system transaction parameteres by POST. Those parameters should be
hidden (type hidden) in order to prevent unathorized tampering.
Compulsory are first three paramteres: id, kwota (amount) and opis (description). Other are optional.
Detailed
explanation
of
the
parameters
can
be
https://secure.transferuj.pl/partner/pliki/documentation_10_en.pdf
found
in
the
document:
There is a possibility of introduction of integrities, sent to Transferuj.pl, verification by the use of a
checksum. Such sum consists of merchant’s ID, amount, auxiliary sequence CRC and merchant’s
confirmation code. Confirmation code is set in the Merchant’s Panel, in the tab Ustawienia >
Powiadomienia section Bezpieczeństwo.
In order to introdcue this verification, you have to send together with the above form additional md5sum
parameter. The checksum is generated as follows, using the MD5 hash function:
Krajowy Integrator Płatności Spółka Akcyjna (National Payment Integrator Joint Stock Company) based in Poznań, Św. Marcin Street 73/6, added to
National Court Register by District Court Poznan - New Town and Wilda in Poznan, VIII Division of the National Court Register at the KRS number
0000412357, NIP number 7773061579, REGON 300878437, initial capital 4 798 500,00 PLN (paid up in full).
2
MD5(id + amount + crc + merchant’s confirmation code)
For example, Dla przykładu, software for calculating the sum in PHP looks as followes:
md5($id.$kwota.$crc.$kod);
To presented before form, you have to add subsequent hidden field:
<input type="hidden" name="md5sum" value="<?=md5($id.$kwota.$crc.$kod);?>">
Where PHP variables are, respectively: merchant’s ID, amount, auxiliary sequence and confirmation code.
In case of not using any of the parameters it is assumed that its value is empty.
On the next page we present reception of transactions data.
3
2
Reception of transactions data
After making a transaction to the merchant’s service, hidden data of its process are being sent. Those
data are sent, depending on settings, to the address given in the Merchant’s Panel or the wyn_url address
of the above form. Sender of that information is always IP address: 195.149.229.109, and the response
must be, always, TRUE.
<?php
// sprawdzenie adresu IP oraz występowania zmiennych POST
if($_SERVER['REMOTE_ADDR']=='195.149.229.109' && !empty($_POST)){
$id_sprzedawcy
$status_transakcji
$id_transakcji
$kwota_transakcji
$kwota_zaplacona
$blad
$data_transakcji
$opis_transakcji
$ciag_pomocniczy
$email_klienta
$suma_kontrolna
=
=
=
=
=
=
=
=
=
=
=
$_POST['id'];
$_POST['tr_status'];
$_POST['tr_id'];
$_POST['tr_amount'];
$_POST['tr_paid'];
$_POST['tr_error'];
$_POST['tr_date'];
$_POST['tr_desc'];
$_POST['tr_crc'];
$_POST['tr_email'];
$_POST['md5sum'];
// sprawdzenie stanu transakcji
if($status_transakcji=='TRUE' && $blad=='none'){
/*
Dalsze przetwarzanie, np:
- identyfikacja transakcji na podstawie ciągu pomocniczego
- weryfikacja transakcji (sprawdzenie poprawności kwoty itp.)
- realizacja zamówienia
*/
}
else
{
// transakcja wykonana niepoprawnie
}
}
echo 'TRUE'; // odpowiedź dla serwera o odebraniu danych
?>
Above we present the exemplary PHP code of the file responsible for receiving the transaction data from
the server. Script first checks if the address ID os the sender is correct and then loads to the local
variables data from the variable POST. Further processing and interpretation of the received data
depends on the implementing person.
In order to additionaly verify the received data, Transferuj.pl system always sends additional md5sum
parameter, which is a checksum created with the MD5 hash function as follows:
MD5(id + tr_id + tr_amount + tr_crc + merchant’s confirmation code)
Calculation of such sum in PHP looks as follows:
4
md5($id_sprzedawcy.$id_transakcji.$kwota_transakcji.$ciag_pomocniczy.$kod);
To the presented in that point PHP code one should add checking of the compliance of the sum with
POST variable, which stores the checksum received from the system calculated in that way. The
incompatibility of these sums is basis for the rejection of the received data.
3

Information about the confirmation code can be found in the part
transakcji.

For more details check point 3. https://secure.transferuj.pl/partner/pliki/documentation_10_en.pdf

In order to make a payment method choice on the webpage of your system, please follow the
instructions: https://secure.transferuj.pl/partner/pliki/documentation_of_channels.pdf
Przesyłanie parametrów
Contact
In case of any questions or need for detailed explanation of technical issues, please contact us via
contact form in the Merchant’s Panel or by e-mail: [email protected]
4
History of Changes
Version 1.0 (July 2012):

Adding the exemplary integration with choice of the payment method on the Payee’s side.
Version 0.2 (January 2010):



Adding descriptions of checksums service.
Adding the History of Changes.
Changing the layout of the document.
Version 0.1 (October 2009):

First version of the document.
5

Exemplary Integration of Transferuj.pl system

Transkrypt

Podobne dokumenty

Choice of the payment method in the Payee`s service Krajowy

Exemplary Implementation of Transferuj.pl

media pass request

INTERNATIONAL ORGANISATION FOR STANDARDISATION

doktorant 2016-07-04 00:00:00 - Ministerstwo Nauki i Szkolnictwa

graduates 2008 - Poznan University of Medical Science

PhD position at Faculty of Physics, Adam Mickiewicz University in