RDP Redirect API

Redirection Result

Redirection Description

This is another method for RDP System to tell the merchant’s system about the payment or transaction result. Redirection method will bring the payment process to merchant’s system or web page or website where at the same time it will also pass the ‘transaction_id‘ field to the merchant system.

RDP will redirect the customer or cardholder toward to the merchant’s URL that’s sent in the request as ‘redirect_url‘ parameter. The fact that we are bringing the customer or cardholder back to the merchant site is the reason why it has this name.

Later on, by using the ‘transaction_id‘ inside the GET parameters of the redirection, merchant system can use it to further request a query to retrieve a more complete explanation about the transaction status itself. This is done through query-redirection-result.

Redirection Result – Service End Points

The URL service end points for the merchant API are as follow:

Redirection Result – Process Flow

The redirection initiated by RDP (Red Dot Payment) system give Merchant’s system transaction_id which is to be used as a main component to send a query for a more detailed payment information. This section explains about the steps of procedure that a Merchant’s system has to do when RDP’s system redirect the Card Holder back to Merchant’s redirect_url (sent in the First Phase step section.)

The following is the step by step procedure:

  1. RDP’s redirect Card Holder to the Merchant’s redirect_url (sent with the First Phase Request see previous section) and attaches transaction_id at the GET parameters of the request.
    Example:
    Given the First Phase request has redirect_url :
    http://merchant.com/redirect_url
    The URL where cardholder will see is:
    http://merchant.com/redirect_url?transaction_id=1234567891

2. Merchant shall retrieve the transaction_id from GET parameters.

if ( isset($_GET['transaction_id']) ) {
    $transaction_id = $_GET['transaction_id'];
} else {
    // it's not from RDP system
}

3. Merchant system packs the needed parameters to query the complete transaction details. It just needs another component which is mid, the merchant ID given by RDP to Merchant when we are setting up their account.

$rp = array(
   'request_mid' => '1000089029'
   'transaction_id' => $transaction_id
);

4. Merchant system shall sign the request using the Generic Signature algorithm (see Generic Signature section, especially for the sign_generic() function definition)

$secret_key = "D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C"; 
$rp['signature'] = sign_generic($secret_key, $rp);

5. Encode the request parameters into JSON format

$json_rp = json_encode($rp);

6. Post the request to Query-Redirection Service End Point (see previous section for URL, choose between development/live server). This is a direct server-to-server communication between RDP and Merchant System through HTTP protocol.

// target RDP development server
$url = https://secure-dev.reddotpayment.com/service/Merchant_processor/query_redirection;
$curl = curl_init($url);
curl_setopt_array($curl, array(
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_POST => 1, // using POST method
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,

    // JSON Request Parameters is put in the BODY of request
    CURLOPT_POSTFIELDS => $json_rp,
    CURLOPT_HTTPHEADER => array('Content-Type: application/json')
)); 

//This is the JSON response containing transaction information // 
$json_response = curl_exec($curl);
$curl_errno = curl_errno($curl);
$curl_err = curl_error($curl);
curl_close($curl);

7. Decode the JSON response into your workable Object type.

$response_array = json_decode($json_response, true);

8. When the query is a success (response_code field of the response has the value of 0 – zero) authenticate the signature of the response to make sure that it really is from RDP (Red Dot Payment).

// (See Generic Signature section,
// Especially for the sign_generic() function definition)
if ( isset($resp_array['signature']) ) {
   $secret_key = "D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C"; 
   $calculated_signature = sign_generic($secret_key, $resp_array);
   if ($calculated_signature != $resp_array['signature']) {
       throw new Exception('signature wrong! invalid response!');
   }

   echo "signature is fine, continue processing the request";
} else {
   // zero response_code means a successful transaction, and definitely has signature
   if ($resp_array['response_code'] == 0)
      throw new Exception('signature not found! invalid response!');
   // error / reject transactions might not have any signature in it
   echo "signature not found! Must be an error/invalid request";
}

9. Now Merchant can be sure to safely store the complete payment result details.

Redirection Result – Query Request Parameters

Example of query request for redirection result in JSON format:

{"request_mid":"1000089029","transaction_id":"TST102_17532783321610430349","signature":"6b8c652f4da86955b6d65487ca63232d49acd1ffd7a4adc36c356286aee89182421c814bb3ebc083e0d70772dcd9080a771349c10eef09f5265ea45f13a1ab9a"}

Redirection Result – Query Response Parameters

Example of query request for redirection result in JSON format:

{"mid":"1000089029","transaction_id":"pruefer_9is_9901523031657784985","order_id":"pruefer_9is","acquirer_transaction_id":"311815","request_amount":"0.01","request_ccy":"SGD","authorized_amount":"0.01","authorized_ccy":SGD","acquirer_authorized_amount":"0.01","acquirer_authorized_ccy":"SGD","response_code":"0","response_msg":"successful","acquirer_response_code":"0","acquirer_response_msg":"APPROVED OR COMPLETED","acquirer_authorization_code":"657300","created_timestamp":"2017-05-05 09:49:24","acquirer_created_timestamp":"2017-05-05 09:49:15","first_6":"411111","last_4":"1111","request_timestamp":"2017-05-05 09:49:08","request_mid":"1000089029","transaction_type":"S","payment_mode":"1","signature":"cf966933ef6b23ab45b95e9a0d8d4d51bd024f9ed3aaa0b0ff66132e317f8b0fa077dcd5b50dd2dcc6808d8b00b90b4cc53a9cfa04278118f8a848f86782eb2a"}