RDP Direct API

APPENDIX A – Sample Code (in PHP Language)

Known setup

$secret_key = "D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C";

Prepare the basic information to request a transaction

$request_transaction = array(
      "merchant_reference" => "testing",
      "payer_name" => "andreas",
      "card_no" => "4111111111111111",
      "exp_date" => "112017",
      "cvv2" => "123",
      "mid" => "1000089029",
      "order_id" => "TST101",
      "amount" => "1.02",
      "ccy" => "SGD",
      "api_mode" => "direct_n3d",
      "payment_type" => "S",
      "payer_email" => "andreas@example.com"
);

Calculate the required signature

$signature = 
$this->sign_payment_request($secret_key, $request_transaction);

function sign_payment_request($secret_key, &$params) {
      $fields_for_sign = array('mid', 'order_id', 'payment_type',
                               'amount', 'ccy');

      if (isset($params['payer_id'])) {
            $fields_for_sign[] = 'payer_id';
	    }

      $aggregated_field_str = "";
      foreach ($fields_for_sign as $f) {
            $aggregated_field_str .= trim($params[$f]);
      }

      if ($params['api_mode'] == 'direct_n3d'
            || $params['api_mode'] == 'redirection_n3d') {
            $pan = '';
            if (isset($params['card_no'])) {
                  $pan = trim($params['card_no']);
            }
            else if (isset($params['token_id'])) {
                  $pan = trim($params['token_id']);
            }
            $first_6 = substr($pan, 0, 6);
            $last_4 = substr($pan, -4);
            $aggregated_field_str .= $first_6 . $last_4;
            if (isset($params['exp_date'])) {
                  $aggregated_field_str .=
                         trim($params['exp_date']);
            }

            if (isset($params['cvv2'])) {
                  $cvv2 = trim($params['cvv2']);
                  $last_digit_cvv2 = substr($cvv2, -1);
                  $aggregated_field_str .= $last_digit_cvv2;     
            }
      }
      $aggregated_field_str .= $secret_key;
      $signature = hash('sha512', $aggregated_field_str);
      return $signature;
}

Add the signature into the request-array

$request_transaction['signature'] = $signature;

Generate the JSON version of the array

$json_request = json_encode($request_transaction);

Send the JSON in the body of HTTP Request towards the RDP service-end-point

$response = $this->post($json_request);
public function post($json_request) {
       $url = "https://secure
               dev.reddotpayment.com/service/payment_api";
       $curl = curl_init($url);
       curl_setopt_array($curl, array(
            CURLOPT_RETURNTRANSFER => 1,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_POST => 1,
            CURLOPT_SSL_VERIFYPEER => false,
            CURLOPT_SSL_VERIFYHOST => false,
            CURLOPT_POSTFIELDS => $json_request,
            CURLOPT_HTTPHEADER =>
                  array('Content-Type: application/json')
      ));
      $response = curl_exec($curl);
      $curl_errno = curl_errno($curl);
      $curl_err = curl_error($curl);
      curl_close($curl);

      return $response;
}

Decoding the response to the native language process-able format

$response_array = json_decode($response, true);

Self-Calculate the signature for response. This has the purpose of checking the signature of response to validate and authenticate that the information is really coming from RDP system.

$calculated_signature =
    $this-> sign_payment_response($secret_key,$response_array);

// noticed that we are using pass by value for the function
function sign_payment_response($secret_key, $params) {
      unset($params['signature']);
      ksort($params);
      $data_to_sign = "";
      foreach ($params as $v) {
            $data_to_sign .= $v;
      }

      $data_to_sign .= $secret_key;
      return hash('sha512', $data_to_sign);
}

Compare the calculated signature with the original signature from response

$is_valid_response = ($calculated_signature == $response_array[‘signature’]);

Do the next business process after the result is validated to be originated from RDP

if ($is_valid_response) {
       // proceed business flow
       if ($response_array[‘response_code’] == ‘0’) {
             //proceed to success transaction case
      }
     else {
             //proceed to reject transaction case
      }
}
else {
    // proceed to invalid handling
}