Generate a primary transaction

post http://localhost:3000/payments/v1/payments

[IN DEVELOPMENT]
Use this to originate a financial transaction like a Sale, Refund, Void, Reversal, Preauthorization, Incremental or Completion.

Body Params

Headers

ContentType

string

required

Content type.

ClientRequestId

string

required

A client-generated ID for request tracking and signature creation, unique per request. This is also used for idempotency control. We recommend 128-bit UUID format.

Message-Authentication-Value

string

The Message Authentication Value (MAC) is optional header and it is only required for Card Present transactions or transactions originated from Terminals. The OpenAPI Header parameter format for the message authentication value of the complete payload follows the pattern ;;;[;][;<key version>].

Derivation Algo: This refers to the algorithm used for key derivation. The options are 'DUKPT2009' which represents the Derived Unique Key Per Transaction (DUKPT) algorithm, as defined by ANSI X9.24-2009 Annex A, and 'AESDUKPT128ECB', which signifies the AES DUKPT ECB algorithm with a key length of 128 bits, as defined in ANSI X9.24-3-2017 Annex.
Mac Algo: This points to the algorithm used for Message Authentication Code (MAC). There are two options: 'RetailSHA256MAC' which indicates the Retail-CBC-MAC using SHA-256 (Secure Hash standard) and an ASN.1 Object Identifier: id-retail-cbc-mac-sha-256. The other option is 'SHA256CMACwithAES128', which represents the CMAC (Cipher-based Message Authentication Code) as defined by NIST 800-38B - May 2005. This option employs the Advanced Encryption Standard block cipher with a 128-bit cryptographic key, as approved by FIPS 197 - November 6, 2001. The CMAC algorithm is computed on the SHA-256 digest of the message.
The rest of the parameters include the 'key index', 'key name' (optional), and 'key version' (optional), which are not specified here but contribute to the full formatting of the header parameter.

Api-Key

string

required

Key given to merchant after boarding associating their requests with the appropriate app in Apigee.

Timestamp

int64

required

Epoch timestamp in milliseconds in the request from a client system. Used for Message Signature generation and time limit (5 mins).

Message-Signature

string

required

Used to ensure the request has not been tampered with during transmission. The Message-Signature is the Base64 encoded HMAC hash (SHA256 algorithm with the API Secret as the key.)

Responses

400

Bad Request

401

Unauthorized

500

Internal Server Error

Language


xxxxxxxxxx
39
1
curl --request POST \
2
     --url http://localhost:3000/payments/v1/payments \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json' \
5
     --data '
6
{
7
  "isCaptureFlag": false,
8
  "paymentMethod": {
9
    "merchantVerificationValue": 0,
10
    "paymentCard": {
11
      "cardFunction": "Credit"
12
    }
13
  },
14
  "terminalRequestData": {
15
    "posEntryMode": "01"
16
  },
17
  "device": {
18
    "capabilities": {
19
      "attendance": 0,
20
      "location": 0,
21
      "cardPresent": 0,
22
      "cardCaptureCapabilities": 0,
23
      "requestStatus": 0,
24
      "activationMethod": 0,
25
      "transferingData": 0,
26
      "outputMethod": 0,
27
      "supportType": "b",
28
      "pinCapability": 0,
29
      "terminalType": 0,

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200OK