Known setup
$secret_key = "D716A4188569B68AB1B6DFAC178E570114CDF0EA3A1CC0E31486C3E41241BC6A76424E8C37AB26F096FC85EF9886C8CB634187F4FDDFF645FB099F1FF54C6B8C";Prepare the basic information to request a transaction
$request_transaction = array(
"merchant_reference" => "testing",
"payer_name" => "andreas",
"card_no" => "4111111111111111",
"exp_date" => "112017",
"cvv2" => "123",
"mid" => "1000089029",
"order_id" => "TST101",
"amount" => "1.02",
"ccy" => "SGD",
"api_mode" => "direct_n3d",
"payment_type" => "S",
"payer_email" => "andreas@example.com"
);Calculate the required signature
$signature =
$this->sign_payment_request($secret_key, $request_transaction);
function sign_payment_request($secret_key, &$params) {
$fields_for_sign = array('mid', 'order_id', 'payment_type',
'amount', 'ccy');
if (isset($params['payer_id'])) {
$fields_for_sign[] = 'payer_id';
}
$aggregated_field_str = "";
foreach ($fields_for_sign as $f) {
$aggregated_field_str .= trim($params[$f]);
}
if ($params['api_mode'] == 'direct_n3d'
|| $params['api_mode'] == 'redirection_n3d') {
$pan = '';
if (isset($params['card_no'])) {
$pan = trim($params['card_no']);
}
else if (isset($params['token_id'])) {
$pan = trim($params['token_id']);
}
$first_6 = substr($pan, 0, 6);
$last_4 = substr($pan, -4);
$aggregated_field_str .= $first_6 . $last_4;
if (isset($params['exp_date'])) {
$aggregated_field_str .=
trim($params['exp_date']);
}
if (isset($params['cvv2'])) {
$cvv2 = trim($params['cvv2']);
$last_digit_cvv2 = substr($cvv2, -1);
$aggregated_field_str .= $last_digit_cvv2;
}
}
$aggregated_field_str .= $secret_key;
$signature = hash('sha512', $aggregated_field_str);
return $signature;
}Add the signature into the request-array
$request_transaction['signature'] = $signature;Generate the JSON version of the array
$json_request = json_encode($request_transaction);Send the JSON in the body of HTTP Request towards the RDP service-end-point
$response = $this->post($json_request);
public function post($json_request) {
$url = "https://secure
dev.reddotpayment.com/service/payment_api";
$curl = curl_init($url);
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_POST => 1,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_POSTFIELDS => $json_request,
CURLOPT_HTTPHEADER =>
array('Content-Type: application/json')
));
$response = curl_exec($curl);
$curl_errno = curl_errno($curl);
$curl_err = curl_error($curl);
curl_close($curl);
return $response;
}Decoding the response to the native language process-able format
$response_array = json_decode($response, true);Self-Calculate the signature for response. This has the purpose of checking the signature of response to validate and authenticate that the information is really coming from RDP system.
$calculated_signature =
$this-> sign_payment_response($secret_key,$response_array);
// noticed that we are using pass by value for the function
function sign_payment_response($secret_key, $params) {
unset($params['signature']);
ksort($params);
$data_to_sign = "";
foreach ($params as $v) {
$data_to_sign .= $v;
}
$data_to_sign .= $secret_key;
return hash('sha512', $data_to_sign);
}
Compare the calculated signature with the original signature from response
$is_valid_response = ($calculated_signature == $response_array[‘signature’]);Do the next business process after the result is validated to be originated from RDP
if ($is_valid_response) {
// proceed business flow
if ($response_array[‘response_code’] == ‘0’) {
//proceed to success transaction case
}
else {
//proceed to reject transaction case
}
}
else {
// proceed to invalid handling
}