RDP Direct APIs

Payment Process

Service End Points

The URL service end points for the direct payment API are as follow:

Transaction Request

The transaction request from merchant system should be formatted in JSON, and send through the BODY of the HTTP Request to RDP service end-point.

Transaction Request Mode

There are three types of transaction request mode within RDP Direct API as follow:

  1. Card Mode
    This is where merchant used cardholder’s card detail such as card number (card_no), card’s expiry date (exp_date), and cardholder’s name (payer_name) as the main fields of the request.
    Required conditional fields: card_no, exp_date, payer_name
  2. Wallet Mode
    This is where merchant used Payer’s wallet details as the main fields for request. For example in DBS PayLah! It means to send the Payer’s Mobile Number.
    Required conditional field : wallet_id
  3. Tokenization Mode
    This is where merchant is using token generated from RDP payment gateway system (such as through or from ‘Connect API’ and ‘Tokenization API’) as a replacement of the cardholder’s card detail or data in previous ‘Card-Mode’ section.
    Required conditional field: token_id OR payer_id

Transaction Request Parameters


Transaction Request Signature

Below are those steps for creating or generating the transaction signature inside the request message:

  1. Create a base-string from the concatenation of the following fields:
    mid, order_id, payment_type, amount, ccy
  2. Concatenate the string from step (1) with :
    • For Card-mode
      • card_no
        Concatenation of the first-6-digits and last-4-digits of the card_no. Example: 4026000002 (from 4026000000000002)
      • exp_date (in ‘MMYYYY’ format)
      • cvv2
        The last digit of cvv2.
        Example: 3 (from 123)
    • For Wallet-Mode
      • wallet_id
    • For Tokenization-mode
      • token_id
        The first-6 and last-4 of the token_id.
        Example: 4026120002 (from 4026123456780002)OR payer_id The whole string of the payer_id.
        Example: 4026123456780002
      • cvv2
        The last digit of cvv2.
        Example: 3 (from 123)
  3. Now please concatenate the string from step (2) with the secret-key given by RDP.
  4. Finally, the signature is the Hash the string from step (3) using SHA-512 algorithm (the signature is to be sent in lowercase form).

Transaction Response JSON Sample

For Card-Mode

For secret-key:

D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C

Concatenated string for signature:

1000089029TST101S1.02SGD41111111111120173D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C

Example:

{
 "merchant_reference": "testing",
 "payer_name": "abc",
 "card_no": "4111111111111111",
 "exp_date": "112017",
 "cvv2": "123",
 "mid": "1000089029",
 "order_id": "TST101",
 "amount": "1.02",
 "ccy": "SGD",
 "api_mode": "direct_n3d",
 "payment_type": "S",
 "payer_email": "merchant@merchant.com",
 "signature": "ec67c7ed4cf9e2acfca7d0e53750f1a1696a10636fbb9d5781d6fa5e8fae53a5e476c4cb3a5268aa5a0398f118f763e7f0eb77b8fed742f5c0dc192593cb1cf5"
}

For Tokenization-Mode

For secret-key :

D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C

Concatenated string for signature:

1000089227TST101A1.02SGD1981401925D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C

Example:

{
 "payer_name": "abc",
 "payer_id": "1981401247381925",
 "mid": "1000089227",
 "order_id": "TST101",
 "amount": "1.02",
 "ccy": "SGD",
 "api_mode": "direct_n3d",
 "payment_type": "A",
 "payer_email": "merchant@merchant.com",
"signature":"09b942bf5778e160d3d83653127466a59e6073dfe85e81ec5c368089d91ff564c4c556e37bc6fd84bc82601819762a843158e8dfc0e8f17bc6afb565ae7b9959"
}





Transaction Response





Transaction Response Parameters





                

                
                            
                            
                            
                            
                    
            

    
    
    







Transaction response result example:





{"mid":"1000089029","transaction_id":"pruefer_9is_9901523031657784985","order_id":"pruefer_9is","acquirer_transaction_id":"311815","request_amount":"0.01","request_ccy":"SGD","authorized_amount":"0.01","authorized_ccy":"SGD","acquirer_authorized_amount":"0.01","acquirer_authorized_ccy":"SGD","response_code":"0","response_msg":"successful","acquirer_response_code":"0","acquirer_response_msg":"APPROVED OR COMPLETED","acquirer_authorization_code":"657300","created_timestamp":"2017-05-05 09:49:24","acquirer_created_timestamp":"2017-05-05 09:49:15","first_6":"411111","last_4":"1111","request_timestamp":"2017-05-05 09:49:08","request_mid":"1000089029","transaction_type":"S","payment_mode":"1","signature":"cf966933ef6b23ab45b95e9a0d8d4d51bd024f9ed3aaa0b0ff66132e317f8b0fa077dcd5b50dd2dcc6808d8b00b90b4cc53a9cfa04278118f8a848f86782eb2a"}






Transaction Response Signature





The following is a step by step procedure to calculate the signature response. This is required in order to verify that the response is coming from RDP system.





  1. Extract out the signature field of the response (in terms of implementation it might be more practical to decode the JSON into your native language more process able format.)
  2. Sort the response field – value maps by its fields alphabetically.
  3. Generate a string which is a concatenation of the value of each map in the sorted order from step 2.
  4. Concatenate the string from step 3 with the secret-key given by RDP (secret-key is a special identifier that is meant to be known only by merchant and RDP).
  5. Calculate the signature by doing SHA-512 hashing method on the string from step 4.
  6. Compare the calculated signature from step 5 with the one received in the original response from RDP.





Note:
Please take note that the ‘signature’ field will not always be available or exist inside RDP response message; and might only be available or exist for these following response codes:





                

                
                            
                            
                    
            

    
    
    







Transaction Response JSON Sample





{
 "mid": "1000089227",
 "transaction_id": "TST101_1497589026754509762",
 "order_id": "TST101",
 "acquirer_transaction_id": "1450067604",
 "request_amount": "1.02",
 "request_ccy": "SGD",
 "authorized_amount": "1.02",
 "authorized_ccy": "SGD",
 "response_code": "-1",
 "response_msg": "bank reject",
 "acquirer_response_code": "9967",
 "acquirer_response_msg": "issuer bank reject",
 "acquirer_authorization_code": "1450067604",
 "created_timestamp": "2015-12-14 12:33:24",
 "acquirer_created_timestamp": "2015-12-14 12:33:24",
 "first_6": "520000",
 "last_4": "7102",
 "payer_name": "abc",
 "exp_date": "112017",
 "request_timestamp": "2015-12-14 12:33:21",
 "merchant_reference": "",
 "transaction_type": "A",
 "signature": "28b2a637e0ce35949b6120d9ad4ef577a93c4e86c788e4575e430b4136bb8b0a3dd3f2490e76a0885918b40ae73a580bc08faeb0a048ecac9691bc4e9e780b30"
}