Merchant Hosted Checkout
Merchant Hosted Checkout (API)
You should only implement this method if your server is PCI DSS compliant. The use of this method will expose your server to sensitive card data and if compromised can expose your customers to fraud!
This option can be used to make secure payments without having to use the iFrame.
This is self signed 3DS card payment option where the client integrates using the Interswitch Payment Gateway APIs.
When using this option on a merchant’s website the merchant will be responsible for the collection of card details and sending the encrypted payload to our 3DS integration script that will handle the payment communication. The process below outlines what the merchant needs to do to secure the collected data pass it to us, and then handle the callback at the end of the 3DS process.
Step 1: Collect the payment data from the customer
Step 2: AES encrypt the collected data using a random key
Step 3: Sign the AES encrypted data with your private key
Step 4: Call the 3dinit function with a JSON object parameter containing encrypted data, its signature, and the random AES key that was used to encrypt the data.
The payload should be constructed as follows:
{
amount: $('#amount').val() * 100,//To get value in minor denomination
currency: $('#currency').val(),
customer: {
customerId: $('#customer_id').val(),
firstName: $('#first_name').val(),
secondName: $('#second_name').val(),
email: $('#email').val(),
mobile: $('#mobile').val(),
city: $('#city').val(),
country: $('#country').val(),
postalCode: "",
street: "",
state: ""
},
cvv2: $('#cvv').val(),
domain: $('#domain').val(),
expiryDate: $('#expiry_date').val(),
merchantId: $('#merchant_id').val(),
narration: $('#narration').val(),
orderId: $('#order_id').val(),
pan: $('#pan').val(),
transactionRef: $('#transaction_ref').val()
}
Click on the link below for a working sample test page
Updated over 4 years ago