| Tip | ||
|---|---|---|
| ||
AXEPTA is a payment solution based on a HTTPS POST / GET API using parameters in the NVP (Name-Value-Pairs) method and JSON objects. HMAC authentication and the use of Blowfish encryption are used to secure data exchanges. |
| Table of Contents |
|---|
Integration and inputs for developers
The section Platform Integration for developers gathers all inputs needed to implement Axepta Online in your website
| Info | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The section Axepta data list gathers the parameters / data used on the platform : error codes, 3DS data, JSON objects
| Info | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Security
HMAC Authentication
The Axepta platform uses a Hash Message Authentication Code (HMAC) to verify the authenticity of your payments. MAC SHA-256 algorithm is used with a 32-digit (256-bit) key length.
Further details : HMAC Authentication (Request) et HMAC Authentication (Notify)
Blowfish ECB
To ease your integration, you will find below some examples of Blowfish ECB library.
| Techno | Examples |
|---|---|
| ASP | txmsCrypto.dll // txmsCrypto.BlowFish |
| ASP.NET | Computop.Core.Crypto.dll // Axepta.Core.Crypto.BlowFish |
| Java | Blowfish.java |
| PHP | function.inc.php
|
Build a payment request
Concepts
Axepta payment solution integration is based on a payment request build with :
- Parameters using the NVP (Name-Value-Pairs) method
- JSON objects
- Calculation of a HMAC
- A correct character string contains three basic parameters: MID (Merchant ID), Len (Length) and Data (Data). MID and Len parameters are not encrypted. Only the parameter Data is encrypted with the Blowfish method
Parameters
- Parameter Data (Données) contains the key data of the payment such as amount and currency
- ParameterLen (Longueur) is very important for encryption because it contains the length of the unencrypted string in the Data parameter. The total amount of encrypted data is multiplied by 8 with the Blowfish encryption, so the correct (real) length of the string of characters must be known for decryption, otherwise other characters (not initially added) will appear at the end of the string.
The parameters are transmitted via HTTPS POST or HTTPS GET.
The recommended transmit method is HTTPS POST because the parameter character string in the case of GET is attached to the URL, which is limited to 2048 bytes depending on the browser.
Create a payment request step by step
The steps are :
- Calculate HMAC to secure amount and currency - cf. HMAC Authentication (Request)
- Build and encode JSON objects in Base64 with padding - cf. Payment Features
- Assemble API parameters (key / value, JSON objects)
- Encryption of all API parameters with the Blowfish key: this will provide the Data and Len parameters
- If necessary, add simple parameters to customize the payment page hosted by (e.g. language="en" to use the English language, customFields)
- Sending the API application to the selected endpoint
Response
Axepta Online uses the POST and GET methods to redirect the buyer to the merchant's e-commerce site or send the payment notification
Payment method | Reponses |
|---|---|
Card payments | POST for l’URLFailure / URLSuccess / URLNotify GET for l’URLFailure / URLSuccess / URLNotify fallback 3DSV1 |
Alternative Other payment methods | GET for l’URLFailure / URLSuccess / URLNotify |
Example
| Tip |
|---|
The page Create a payment request step by step describes the step to create a payment with BNP_DEMO_AXEPTA. This can be the first step in your integration then you will use your own MID |