Mandiri e-cash Online ecommerce Payment Gateway Implementation Guide Version: 1.8 1
Index of Contents General Overview... 3 MANDIRI E-CASH ECOMMERCE GATEWAY IMPLEMENTATION... 5 Prerequisites... 5 Implementation... 5 Process Flow... 8 Sandbox / development environment for Mandiri e-cash IPG... 11 2
General Overview Payment by using Mandiri e-cash online payment gateway has many similarities with other payment gateway like Paypal, in the merchant page where the costumer checks out using e-cash payment method, the first step is to generate the payment ticket, redirects the customer to e-cash payment page, and afterwards the customer completes the payment in Mandiri e-cash page, and then after payment is processed, the merchant will receive notification of the ticket that has completed by Mandiri e-cash server, after that the customer will be redirected to the merchant s return page that will be the landing page of Mandiri e-cash payment. Using the ticket received in the notification and redirection process the merchant will do verification of the payment in the validation page of mandiri e-cash. 3
4
MANDIRI E-CASH ECOMMERCE GATEWAY IMPLEMENTATION Prerequisites 1. Merchant has been registered in the Mandiri e-cash online payment System, Received the MID (Merchant ID) and also have an active Mandiri Bank Account. 2. Merchant enlisted their IP of the server or the Domain name that is used for the server. 3. Customer that will do transaction in the merchant s website is registered member in the merchant s website, so there is no anonymous customers. Implementation 1. In the website Merchant adds Mandiri e-cash as a method of payment in their web, for example : Choose your payment methodpilih jenis pembayaran : a. Bank Transfer b. Credit Card c. Mandiri e-cash 2. When the customer chooses to pay by using mandiri e-cash payment, the merchant will call the Mandiri e-cash payment gateway web service (<ecash_site>/ecommgateway/services/ecommgwws) to generate transaction ID that will be used in the Payment Page, to call this web service the website must : 1. Use HTTPS Protocol (SSL) 2. Use HTTP basic authentication containing username (MID) and password (MID s Password) 3. Sends the following parameters Parameters Format Explanations Accepted Values amount Amount that will be paid BigDecimal clientaddress Customer s IP Address String description Description of the transaction String memberaddress Merchant s IP Address String returnurl The URL that will receive completed transaction String 5
redirection and Payment notification tousername MID String trxid Transaction ID / Order ID of the transaction process String hash Hash generated From tousername+amount+clientaddress String The correct response will be : Parameters Format Explanations Values Id Id unik transaksi yang digenerate ecash. String Parameter Hash: For Hash parameter that is sent to Mandiri e-cash ecommerce gateway must be generated by SHA-1 of the parameters UPPERCASE(toUsername)+amount+clientAddress like the following example : tousername = merchant0001 Amount = 22000 clientaddress = 192.168.30.118 input = MERCHANT000122000192.168.30.118 result = fcb8d06b2d4d367e9bcc4178e8f87dd44adc1b61 Example of the webservice request: <soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.service.gateway.ecomm.ptdam.com/"> <soapenv:header/> <soapenv:body> <ws:generate> 6
<params> <amount>10000</amount> <clientaddress>182.253.203.91</clientaddress> <description>yearly Calendar Sale Model 001</description> <memberaddress>182.253.203.90</memberaddress> <returnurl>https://merchant.com/return.html</returnurl> <tousername>emerchant</tousername> <trxid>onl.130530.grmd</trxid> <hash>bdyrms7ghbgs2m7ztvqc7k49jz19l1ji</hash> </params> </ws:generate> </soapenv:body> </soapenv:envelope> Result <soap:envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:body> <ns2:generateresponse xmlns:ns2="http://ws.service.gateway.ecomm.ptdam.com/" xmlns:ns3="http://ws.service.ecomm.emoney.ptdam.com/"> <return>k7p79bihoxbccgdbrida0igxqhenwljz</return> </ns2:generateresponse> </soap:body> </soap:envelope> Other possible results in the return parameter: INVALID_DATA : Possible Parameter Fault, like the Hash, tousername & clientadress/memberaddress INVALID_RETURNURL : Invalid format in the return URL, the return URL must use HTTPS in the protocol EMPTY RETURN / NO RETURN : Invalid MID / Password 7
3. Makes an URL for receiving notification from the server and redirects form the customer. After the transaction process is completed in Mandiri e-cash, the customer will be redirected back to that URL with GET parameter the transaction ID. 4. Creates a method that will do transaction verification and update of the transaction status, that will call the following URL https://<e-cash_site>/ecommgateway/validation.html With the POST parameter id (ID number that is received in the 3 rd step) will results status SUCCESS/FAILED with the following format in the body of the result <id_e-cash>,<tracenumber_e-cash>,<nohp>,<merchant_trxid>,<status> example: c7yxnq5m10c5osrwnofw0aqlxpnvopw4,0000000000300,085624340035,onl.130530.grmd, SUCCESS Process Flow 1. The customer choose Mandiri e-cash as the method of payment 2. Merchant will process the order that is requested by the customer and then generate the ID by sending the generate parameters in the Mandiri e-cash payment gateway web service. 3. Merchant redirects the customer and also the id that was generated, for example: Generated ID : K7P79BIHOXBCCGDBRIDA0IGXQHENWLJZ e-cash Payment Gateway URL : https://<e-cash_site>/ecommgateway/payment.html So the merchant redirects the customer to the following URL: https://<ecash_site>/ecommgateway/payment.html?id=k7p79bihoxbccgdbrida0igxqhenw LJZ 4. Customer will be redirected to the Mandiri e-cash Payment page to complete the payment the following is the example of the payment page in Mandiri e-cash: 8
Explanation : Nomor Ponsel PIN This mandatory field is filled with the Customer s Phone Number that is registered in the Mandiri e-cash system. This mandatory field is filled with the Customer s valid PINField ini diisi dengan PIN customer yang valid. 5. After customer s phone number and PIN successfully verified, customer will receive SMS containing OTP that will be used as payment confirmation, the customer must enter the OTP in the following page : Explanation : OTP This mandatory field is filled with OTP (One Time Password) that customer receive, the OTP only valid on one try. 9
6. After the customer inputs the valid OTP, the transaction is commited and Mandiri e-cash server will show result page. Keterangan : Ok If the user pressed this button then Mandiri e-cash server will redirect the user to the merchant s return URL. 7. Merchant will be notified by POST method in the body, in the return URL about the transaction finished with the following format: Example: <id_e-cash>,<tracenumber_e-cash>,<nohp>,<merchant_trxid>,<status> c7yxnq5m10c5osrwnofw0aqlxpnvopw4,0000000000300,085624340035,onl.130530.grmd, SUCCESS from this notification the merchant must do validation to the validation URL (https://<ecash_server>/ecommgateway/validation.html) by posting the transaction ID received in the notification process to verify the notification is from mandiri e-cash server. 8. After the transaction is done, the customer will be redirected if they clicked OK or automatically after 5 seconds to the return URL, for example: https://<merchant_returnurl>/?id=c7yxnq5m10c5osrwnofw0aqlxpnvopw4 If the merchant didn t receive the notification ( step 7 ) the merchant then should do validation in this step instead. The validation process is the same like the 7 th process, the validation is done on validation 10
URL (https://<ecash_server>/ecommgateway/validation.html) by posting the transaction ID received in the notification process to verify the notification is from mandiri e-cash server. Sandbox / development environment for Mandiri e-cash IPG PT DAM provides development environment for Mandiri e-cash integration, to use the sandbox the following prerequisites must be met: 1. Informs the IP or the domain name of the merchant s server. 2. Register 1 or more mobile phone number as the tester costumer that will do the testing transactions. 3. Receive the MID & the password for the merchant 4. Using this URL as the ID generation webservice: https://mandiri-ecash.com/ecommgateway/services/ecommgwws?wsdl Or http://mandiri-ecash.com:19443/ecommgateway/services/ecommgwws?wsdl 5. Using this URL as the payment redirection: https://mandiri-ecash.com/ecommgateway/payment.html Or http://mandiri-ecash.com:19443/ecommgateway/payment.html 11
6. Using this URL as the validation : https://mandiri-ecash.com/ecommgateway/validation.html Or http://mandiri-ecash.com:19443/ecommgateway/validation.html 12