This is the C2B API
The iPay Integration is simple and seamless. There are two types of intergrations:-
Integration | Process Flow(English) | API Calls(Geeklish) |
---|---|---|
1.1 Web Based Integrations |
|
|
1.2 REST API Calls |
If you intend to use the iPay REST API to process card transactions, then you will have to certify that your system is PCI-DSS compliant. If you are not PCI-DSS compliant and still intend to process card transactions, then we would encourage you to use our Web-based API.
|
|
(for each field, there are some characters not accepted by iPay. See Bottom of page)
Y = Yes N = No O = OptionalParameter Name | Data Type(Data Length) | Description | Channel | ||
---|---|---|---|---|---|
Mobile | Credit Card | ||||
live | numeric(1) | LIVE or DEMO mode (1 or 0). “1” By Default (live) | Y | Y | |
mpesa | numeric(1) | Display Mpesa Mobile Money Channel (on or off). “on” by Default (i.e. mpesa=1) | O | O | |
bonga | numeric(1) | Display Safaricom's Bonga Points Channel (on or off). “off” by Default (i.e. bonga=0) | O | O | |
airtel | numeric(1) | Display Airtel Mobile Money Channel (on or off). “on” by Default (i.e. airtel=1) | O | O | |
equity | numeric(1) | Display the Equity EazzyPay Channel (on or off). “on” by Default (i.e. equity=1) | O | O | |
mobilebanking | numeric(1) | Display the Mobile Banking Channel (on or off). “off” by Default (i.e. mobilebanking=0) | O | O | |
creditcard | numeric(1) | Display the Cards (both Debit and Credit cards) Channel (on or off). “off” by Default (i.e. creditcard=1) | O | O | |
unionpay | numeric(1) | Display the Unionpay Card Channel (on or off). “on” by Default (i.e. unionpay=1) | O | O | |
mvisa | numeric(1) | Display the mvisa Channel (on or off). “on” by Default (i.e. mvisa=1) | O | O | vooma | numeric(1) | Display the Vooma Channel (on or off). “off” by Default (i.e. vooma=0) | O | O | pesalink | numeric(1) | Display the Pesalink Channel (on or off). “off” by Default (i.e. pesalink=0) | O | O |
autopay | numeric(1) | Push Data (on or off). “off” by Default (i.e. autopay=0) Set this parameter to 1 if you want iPay to silently trigger the callback. The CONFIRM button on the checkout page will not be present for mobile money and mobile banking NOTE Valid Callback Parameter must be provided. when this parameter is set iPay will send data to your server using GET request and the IPN should be run to verify this data. For successful autopay integrations add your web URL on the lbk parameter | O | O | |
oid | alphanumeric (26) | Order ID character mask[A-Z][a-z][0-9] | Y | Y | |
inv | alphanumeric (15) | Invoice Number (Set to Order ID value above if NULL) | Y | Y | |
ttl | numeric (15) | Total amount (DO NOT PASS any commas as a thousands separator). e.g. ttl=1234.00 and NOT ttl=1,234.00 | Y | Y | |
tel | alphanumeric (15) | Customer Telephone number | Y | Y | |
eml | alphanumeric (30) | Customer Email Address | Y | Y | |
vid | alphanumeric (12) | Vendor ID assigned by iPay. SET IN LOWER CASE | Y | Y | |
curr | alphanumeric (3) | Currency Type (USD or KES) * KES By Default | N | Y | |
p1 | alphanumeric (15) | Optional field. allows sending & receiving your custom parameters | O | O | |
p2 | alphanumeric (15) | Optional field. allows sending & receiving your custom parameters | O | O | |
p3 | alphanumeric (15) | Optional field. allows sending & receiving your custom | O | O | |
p4 | alphanumeric (15) | Optional field. allows sending & receiving your custom parameters | O | O | |
cbk | alphanumeric (100) | This parameter holds the value of the URL on your server to which iPay
will send back payment processing data to.
Please note that the call back URL parameter is ONLY required if the cURL parameter (crl) is set to zero (0), meaning that you want a browser redirect back to your website.
| Y | Y | |
lbk | alphanumeric (200) | In the event that the client cannot check out successfully, iPay will return the customer to our gateway. This parameter holds the value of the URL on your server to which the customer will be able to voluntarily use to link back to your website. If there is no value provided, then by default, (if this link is clicked) the customer will be redirected back to the previous page on your website. | O | O | |
cst | numeric (1) | The customer email notification flag of value 1 or 0. (Set to “1” By Default to allow customer to receive txn notifications from iPay for online txns) | Y | Y | |
crl | numeric (1) | Name of the cURL flag input field (1 character).
|
O | O | |
hsh | alphanumeric (64) | The computed iPay Hash Code | Y | Y |
The following characters are NOT ALLOWED as part of your incoming parameters:
The variables p1, p2, p3 and p4 are used by you if you want to pass certain variables into the iPay system and receive them back intact on your end for your own personal reasons. They are not processed in any way. The mc variable is used to notify you of the actual mobile money transferred by the user.
https://payments.ipayafrica.com/v3/ke
We need to generate the hash signature id that is to be sent to the iPay system for authentication against the transaction values that are also to be received on the same URL call.
We are using the hash_hmac function in PHP to digitally sign the transaction data.
Depending on the programming language of your choice, please feel free to use it or the equivalent HMAC function in your programming language.
Here is a PHP example below: There are two important parameters that are required by this function.
Note:- The fields are sent as params in the request
<?php
$datastring = $live.$order_id.$invoice.$total.$phone.$email.$vid.$curr.$p1.$p2.$p3.$p4.$cbk.$cst.$crl;
/**********************************************************************************************************/
$hashkey = "yoursecuritykey"; //Automatically generated within the iPay system and can be regenerated from the iPay Backoffice after logging in;
$datastring; //This is a string generated from the data to be posted (see above)
$hashid = hash_hmac("sha1", $datastring, $hashkey); //Set hashing algorithm to SHA1;
/**********************************************************************************************************/
?>
<?php
/*
This is a sample PHP script of how you would ideally integrate with iPay Payments Gateway and also handling the
callback from iPay and doing the IPN check
----------------------------------------------------------------------------------------------------
************(A.) INTEGRATING WITH iPAY ***********************************************
----------------------------------------------------------------------------------------------------
*/
//Data needed by iPay a fair share of it obtained from the user from a form e.g email, number etc...
$fields = array("live"=> "0",
"oid"=> "112",
"inv"=> "112020102292999",
"ttl"=> "900",
"tel"=> "256712375678",
"eml"=> "[email protected]",
"vid"=> "demo",
"curr"=> "KES",
"p1"=> "airtel",
"p2"=> "020102292999",
"p3"=> "",
"p4"=> "900",
"cbk"=> $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"],
"cst"=> "1",
"crl"=> "2"
);
/*
----------------------------------------------------------------------------------------------------
************(b.) GENERATING THE HASH PARAMETER FROM THE DATASTRING *********************************
----------------------------------------------------------------------------------------------------
The datastring IS concatenated from the data above
*/
$datastring = $fields['live'].$fields['oid'].$fields['inv'].$fields['ttl'].$fields['tel'].$fields['eml'].$fields['vid'].$fields['curr'].$fields['p1'].$fields['p2'].$fields['p3'].$fields['p4'].$fields['cbk'].$fields['cst'].$fields['crl'];
$hashkey ="demoCHANGED";//use "demoCHANGED" for testing where vid is set to "demo"
/********************************************************************************************************
* Generating the HashString sample
*/
$generated_hash = hash_hmac('sha1',$datastring , $hashkey);
?>
/* Generate the form BELOW */
<FORM action="https://payments.ipayafrica.com/v3/ke">
<?php
foreach ($fields as $key => $value) {
echo $key;
echo ':<input name="'.$key.'" type="text" value="'.$value.'"></br>';
}
?>
<INPUT name="hsh" type="text" value="<?php echo $generated_hash ?>">
<button type="submit"> Lipa </button>
</FORM>
https://apis.ipayafrica.com/payments/v2/transact
The Request is an initiator for a yet to be paid transaction i.e. it registers the transaction on IPay which requires payment. It Returns a few parameters which will be used for the transact calls which process the payment once the user has paid.
There are two transact calls after the initiator request call they are for the two channels Mobile Money and Credit Card
The parameters needed for this are as follows:
Parameter Name | Data Type(Data Length) | Description | Channel | |
---|---|---|---|---|
Mobile | Credit Card | |||
live | numeric(1) | LIVE or DEMO mode (1 or 0). “1” By Default (live) | Y | Y |
oid | alphanumeric (26) | Order ID | Y | Y |
inv | alphanumeric (15) | Invoice Number (Set to Order ID value above if NULL) | Y | Y |
amount | numeric (15) | Total amount (DO NOT PASS any commas as a thousands separator). e.g. ttl=1234.00 and NOT ttl=1,234.00 | Y | Y |
tel | alphanumeric (15) | Customer Telephone number. if no phone number is used.PAD a default number | Y | Y |
eml | alphanumeric (30) | Customer Email Address | Y | Y |
vid | alphanumeric (12) | Vendor ID assigned by iPay. SET IN LOWER CASE | Y | Y |
curr | alphanumeric (3) | Currency Type (USD or KES) * KES By Default | Y | Y |
p1 | alphanumeric (15) | allows sending & receiving your custom parameters | Y | Y |
p2 | alphanumeric (15) | allows sending & receiving your custom parameters | Y | Y |
p3 | alphanumeric (15) | allows sending & receiving your custom | Y | Y |
p4 | alphanumeric (15) | allows sending & receiving your custom parameters | Y | Y |
cbk | alphanumeric (100) | This parameter holds the value of the URL on your server to which iPay will send back payment processing data to. | Y | Y |
cst | numeric (1) | The customer email notification flag of value 1 or 0. (Set to “1” By Default to allow customer to receive txn notifications from iPay for online txns) | Y | Y |
crl | numeric (1) | Name of the cURL flag input field (1 character).
|
Y | Y |
hash | alphanumeric (64) | The computed iPay Hash Code | Y | Y |
autopay | numeric(1) | Push Data (on or off). “off” by Default (i.e. autopay=0) Set this parameter to 1 if you want iPay to silently trigger the callback. The CONFIRM button on the checkout page will not be present for mobile money and mobile banking NOTE Valid Callback Parameter must be provided. when this parameter is set iPay will send data to your server using GET request and the IPN should be run to verify this data. | O | O |
Note:- The fields are sent as body in the request where the Content Type is x-www-form-urlencoded
The REST API has atleast 2 calls the first inorder to get the sid on the response as shown in Section 1.2.2 then Depending on what you are transacting (Card | Mobile Money) you will make a second call.
For information on Mobile Money secondary Calls Go to : 1.2.3 Mobile Money Transact Call and Responses
For information on Card secondary Calls Go to Section 1.2
Inorder to post to iPay for Payment processing, We need to sign the Data with a hash signature this is to be sent as the data in the hash parameter indicated in the table above. We are using the hash_hmac function found in PHP in this example to digitally sign the transaction data.
please feel free to use it or the equivalent HMAC function in your programming language.
Here is a PHP example below: There are two important parameters.
<?php
//check hash
$key = "SECretKey";//use "demoCHANGED" for testing where vid is set to "demo"
$datastring = $live.$oid.$inv.$amount.$tel.$eml.$vid.$curr.$p1.$p2.$p3.$p4.$cst.$cbk;
/*********************************************************************************************************/
$generated_hash = hash_hmac('sha256',$datastring , $key);
/**********************************************************************************************************/
?>
{
"header_status": 200,
"status": 1,
"data": {
"sid": "87491e89-a997-401f-8816-3422fa0219b9",
"oid":"001",
"amount":"200",
"account":"GA257298",
"payment_channels": [
{
"name": "MPESA",
"paybill": "510800"
},
{
"name": "AIRTEL",
"paybill": "510800"
}
]
},
"hash":"75bc1fa140b731be4829b887d2b8d62f038c741b9672c743eba226a9e2f2858a"
}
<?php
$sign_datastring = $account.$amount.$oid.$sid.$mpesa.$paybill.$airtel.$airtel_paybill;
with the above example the string will be
//This datastring is signed with the same algorithm and the same security key used in the create api ie
hash_hmac("sha256", $sign_datastring, "key");
/**********************************************************************************************************/
?>
For the REST API POST to this URL:
https://apis.ipayafrica.com/payments/v2/transact/mobilemoney
The Parameters to post are:
vid | alphanumeric (12) | The iPay Merchant vendor id |
sid | alphanumeric (64) | The sid from the initiator request responses |
hash | alphanumeric (64) | Generated signature of the data based on a secret key shared between iPay and you(our Merchant) |
The hash is generated by the concatenation of the sid and the vid(it is used to sign data in such a way that we can verifiy you are indeed one of the authorized partners)
<php echo highlight_string('<php
$key = 'demoCHANGED';
$datastring = $sid.$vid;
$generated_hash = hash_hmac('sha256',$datastring , $key); ?>', TRUE);?>
Sample Json response for pending state (MPESA)
{
"txncd": "",
"qwh": "1641833083",
"afd": "402504828",
"poi": "834563642",
"uyt": "807375577",
"ifd": "312031355",
"agt": "",
"id": "RESTOID",
"status": "bdi6p2yy76etrs",
"ivm": "RESTOID",
"mc": "",
"p1": "",
"p2": "",
"p3": "",
"p4": "",
"msisdn_id": "",
"msisdn_idnum": "254710000000",
"channel": "Mobile Money",
"reasonCode": "TRANSACTION_TIMED_OUT",
"message": "The transaction has timed out"
}
Sample Json response for success state (MPESA)
{
"txncd": "",
"qwh": "1641833083",
"afd": "402504828",
"poi": "834563642",
"uyt": "807375577",
"ifd": "312031355",
"agt": "",
"id": "RESTOID",
"status": "aei7p7yrx4ae34",
"ivm": "RESTOID",
"mc": "",
"p1": "",
"p2": "",
"p3": "",
"p4": "",
"msisdn_id": "",
"msisdn_idnum": "254710000000",
"channel": "Mobile Money",
"reasonCode": "SUCCESS",
"message": "Transaction has been processed successfully"
}
Channel | Status | Reason code | message |
MPESA | aei7p7yrx4ae34 | SUCCESS | Transaction has been processed successfully |
AIRTEL | aei7p7yrx4ae34 | SUCCESS | Transaction has been processed successfully |
Channel | Status | Reason Code | Message |
MPESA | bdi6p2yy76etrs | TRANSACTION_TIMED_OUT | The transaction has timed out |
MPESA | bdi6p2yy76etrs | ERROR_OCCURRED | An error occurred while sending a push request |
MPESA | bdi6p2yy76etrs | NO_PIN_PASSED | The request was cancelled by the user |
MPESA | bdi6p2yy76etrs | INSUFFICIENT_BALANCE | The User Wallet balance is insufficient for the transaction. |
MPESA | bdi6p2yy76etrs | INCORRECT_PIN | Incorrect pin has been entered. |
MPESA | bdi6p2yy76etrs | TRANSACTION_EXPIRED | Transaction has expired |
MPESA | bdi6p2yy76etrs | PREVIOUS_TRANSACTION_IN_PROGRESS | A previous transaction is already in progress for the user |
MPESA | bdi6p2yy76etrs | PAYMENT_NOT_RECEIVED | Payment not received |
Incase you want to search and verify that indeed a transaction has been paid for the following endpoint can be used to search for the transaction on IPay
https://apis.ipayafrica.com/payments/v2/transaction/search
The parameters to post are:
vid | alphanumeric (12) | The iPay Merchant vendor id |
hash | alphanumeric (64) | Generated signature of the data based on a secret key shared between iPay and you(our Merchant) |
oid | alphanumeric (64) | Order Id |
The hash is generated by the concatenation of the oid and the vid(it is used to sign data in such a way that we can verifiy you are indeed one of the authorized partners)
<?php
$key = 'SECretKey';
$datastring = $oid.$vid;
$generated_hash = hash_hmac('sha256',$datastring , $key); ?>
The following parameters are returned as a JSON on successful POST.
{ "header_status": 200,
"status": 1,
"text": "payment record found",
"data": {
"vid": "demo",
"session_id": "852a63b08ac98b1750498rfd7c547c8d",
"oid": "34b674",
"transaction_amount": "200.00",
"transaction_code": "TXNCODE",
"telephone": "2547XXXXXXXX",
"firstname": "JOHN",
"lastname": "DOE",
"paid_at": "2016-05-14 16:13:50",
"payment_mode": "MPESA"
},
"hash": "d29ac43a8b89673cc85ce206351832d3a0c4a462dd0fde56c17445e94f6ad958",
"reasonCode": "SUCCESS",
"message": "Transaction has been processed successfully"
}
The meanings of these parameters have been explained in Section 2.3
Success Status:Channel | Status | Reason code | message |
MPESA | 1 | SUCCESS | Transaction has been processed successfully |
AIRTEL | 1 | SUCCESS | Transaction has been processed successfully |
On unsuccessful POST possibly due to wrong session_id post an error in the manner below is returned
{
"header_status": 404,
"status": 0,
"text": "no record found"
"reasonCode": "TRANSACTION_TIMED_OUT",
"message": "The transaction has timed out"
}
Mpesa Error Codes:
Channel | Status | Reason Code | Message |
MPESA | 0 | TRANSACTION_TIMED_OUT | The transaction has timed out |
MPESA | 0 | ERROR_OCCURRED | An error occurred while sending a push request |
MPESA | 0 | NO_PIN_PASSED | The request was cancelled by the user |
MPESA | 0 | INSUFFICIENT_BALANCE | The User Wallet balance is insufficient for the transaction. |
MPESA | 0 | INCORRECT_PIN | Incorrect pin has been entered. |
MPESA | 0 | TRANSACTION_EXPIRED | Transaction has expired |
MPESA | 0 | PREVIOUS_TRANSACTION_IN_PROGRESS | A previous transaction is already in progress for the user |
MPESA | 0 | PAYMENT_NOT_RECEIVED | Payment not received |
To validate the hash string
<?php
$sign_datastring = $oid.$vid.$transaction_code.$firstname.$lastname.$paid_at.$payment_mode.$sid;
//The above string is a concatenation of the order, transaction_code, telephone, frstname, lastname,paid_at, payment_mode and SID
//This datastring is signed with the same algorithm and the same security key used in the create api ie
hash_hmac("sha256", $sign_datastring, "key");?>
https://apis.ipayafrica.com/payments/v2/transact/push/mpesa
The parameters needed for this are as follows:
Parameter Name | Data Type(Data Length) | Description | Channel(MPESA) |
---|---|---|---|
phone | numeric string (15) | The Phone Number of the registered mobile wallet User | Y |
sid | alphanumeric (64) | The sid from the initiator request responses | Y |
vid | alphanumeric(12) | The iPay Merchant vendor id | Y |
hash | alphanumeric(64) | A digital signature hash of the data for verification. | Y |
The hash is generated from a datastring which is a concatenation of the parameters: phone,sid and vid it is a HMAC with the sha256 hashing algorithm. Sample PHP script of the same is show below:
<?php
//your SECRET KEY
$key = "SECretKey";//use "demoCHANGED" for testing where vid is set to "demo"
$datastring = $phone.$vid.$sid;
/*********************************************************************************************************/
$generated_hash = hash_hmac('sha256',$datastring , $key);
/**********************************************************************************************************/
?>
The following is a sample response on Triggering this route.
{
"header_status":"200",
"status":1,
"text":"A Payment request has been sent to the MPESA number 2547XXXXXXXX"
}
https://apis.ipayafrica.com/payments/v2/transact/push/airtel
The parameters needed for this are as follows:
Parameter Name | Data Type(Data Length) | Description | Channel(MPESA) |
---|---|---|---|
phone | numeric string (15) | The Phone Number of the registered mobile wallet User | Y |
sid | alphanumeric (64) | The sid from the initiator request responses | Y |
vid | alphanumeric(12) | The iPay Merchant vendor id | Y |
hash | alphanumeric(64) | A digital signature hash of the data for verification. | Y |
The hash is generated from a datastring which is a concatenation of the parameters: phone,sid and vid it is a HMAC with the sha256 hashing algorithm. Sample PHP script of the same is show below:
<?php
//your SECRET KEY
$key = "SECretKey";//use "demoCHANGED" for testing where vid is set to "demo"
$datastring = $phone.$vid.$sid;
/*********************************************************************************************************/
$generated_hash = hash_hmac('sha256',$datastring , $key);
/**********************************************************************************************************/
?>
The following is a sample response on Triggering this route.
{
"header_status":"200",
"status":1,
"text":"A Payment request has been sent to the AIRTEL number 2547XXXXXXXX"
}
https://apis.ipayafrica.com/payments/v2/transact/cc/recurring
The parameters needed for this are as follows:
Parameter Name | Data Type(Data Length) | Description | Channel(MPESA) |
---|---|---|---|
sid | alphanumeric (64) | The sid from the initiator request responses | Y |
vid | alphanumeric(12) | The iPay Merchant vendor id | Y |
alphanumeric(30) | Customer Email Address | Y | |
cardid | alphanumeric(64) | The tokenized card id that is sent on email | Y |
phone | alphanumeric(15) | Customer Telephone number. if no phone number is used.PAD a default number | Y |
hash | alphanumeric(64) | A digital signature hash of the data for verification. | Y |
The hash is generated from a datastring which is a concatenation of the parameters: sid, vid, email, cardid and phone it is a HMAC with the sha256 hashing algorithm. Sample PHP script of the same is show below:
<?php
//your SECRET KEY
$key = "SECretKey";
$datastring = $sid.$vid.$cardid.$phone.$email;
/*********************************************************************************************************/
$generated_hash = hash_hmac('sha256',$datastring , $key);
/**********************************************************************************************************/
?>
Expected Response on Successfull card transaction.
{
"txncd":"1111111122",
"qwh":"1000988633",
"afd":"827071654",
"poi":"1211883119",
"uyt":"1431931896",
"ifd":"548464895",
"agt":"",
"id":"oid",
"status":"bdi6p2yy76etrs",
"ivm":"",
"oid":"",
"mc":"100",
"p1":"",
"p2":"",
"p3":"",
"p4":"",
"msisdn_id":"John Doe",
"msisdn_idnum":"123456",
"msisdn_custnum":"123456",
"channel":"Credit_Card"
}
https://apis.ipayafrica.com/payments/v2/transaction/refund
The parameters needed for this are as follows:
Parameter Name | Data Type(Data Length) | Description | Required |
---|---|---|---|
code | alphanumeric (64) | The transaction code to be refunded | Y |
vid | alphanumeric(12) | The iPay Merchant vendor id | Y |
hash | alphanumeric(64) | A digital signature hash of the data for verification. | Y |
amount | float | this amount should be equal to or less that the transaction amount in order to do a partial refund ( this is only available for card transactions ) | O |
The hash is generated from a datastring which is a http string key value pair of the parameters: code, vid in alphabetical order it is a HMAC with the sha256 hashing algorithm. Sample PHP script of the same is show below:
<?php
//your SECRET KEY
$key = "SECretKey";
$datastring = "code=code&vid=vid";
/*********************************************************************************************************/
$generated_hash = hash_hmac('sha256',$datastring , $key);
/**********************************************************************************************************/
?>
Expected Response on Successfull card transaction.
status 200 is success any other should be treated as a failure
{
"status": 200,
"c2bfunds": "1100.00",
"b2cfunds": "8164.00",
"amount": "50.00",
"code": "1539630706A",
"text": "Refund done",
"email_response": "Mail sent succesfully"
}
M-Pesa URL
https://apis.ipayafrica.com/payments/v2/transact/manualpush/mpesa
Equitel URL
https://apis.ipayafrica.com/payments/v2/transact/manualpush/equitel
The Request is an initiator for an STK push yet to be paid transaction i.e. it Triggers the wallet user's SIM ToolKit for authorization of payment on their handset.
The parameters needed for this are as follows:
Parameter Name | Data Type(Data Length) | Description | Channel(MPESA) |
---|---|---|---|
phone | numeric string (15) | The Phone Number of the registered mobile wallet User | Y |
vid | alphanumeric(12) | The iPay Merchant vendor id | Y |
amount | numeric (15) | The amount to be paid by the client. | Y |
account | alphanumeric(12) | Sub-account provided by iPay. | Y |
The hash is generated from a datastring which is a concatenation of the parameters: phone,vid,amount and account. It is a HMAC with the sha256 hashing algorithm. Sample PHP script of the same is show below:
<?php
//your SECRET KEY
$key = "SECretKey";
$datastring = $phone.$vid.$amount.$account;
/*********************************************************************************************************/
$generated_hash = hash_hmac('sha256',$datastring , $key);
/**********************************************************************************************************/
?>
The following is a sample response on Triggering this route.
{
"header_status":"200",
"status":1,
"text":"A Payment request has been sent to the MPESA number 2547XXXXXXXX"
}
We will push data to a HTTP(S) URL that you designate to us.
Please provide the following:
We will post the following data to you in JSON format:
Fields | Parameter Name | Data Format / Type | Data State |
---|---|---|---|
Transaction Amount | amount | String | Dynamic |
Mobile Money Provider | channel | String | Dynamic |
Hash Signature | hash | String | Dynamic |
Customer Telephone Number | msisdn | String | Dynamic |
Customer Names | names | String | Dynamic |
Transaction Time Stamp | tstamp | yyyy-mm-dd hh:mm:ss | Dynamic |
Transaction Code | txnid | String | Dynamic |
Account Details | vendorid | String | Static |
We will then hash the parameters with your iPay Security key using SHA256 algorithm. Please note that the data string to be hashed will be set up as an ASCII string. The parameters names and their values should be set in alphabetical order when hashing.
amount=234.00&channel=MPESA&msisdn=254700000000&names=Peter
Kamau&tstamp=2012-12-31 23:59:59&txnid=DX12RT123&vendorid=TESTDATA
We are using the hash_hmac function to digitally sign the transaction. Please use the equivalent HMAC function in your programming language. Here is a PHP example below:
$hashkey = "youripaysecuritykey"; //Please supply us with this parameter
$datastring ="amount=234.00&channel=MPESA&msisdn=254712345678&names=Peter
Kamau&tstamp=2012-12-31 23:59:59&txnid=DX12RT123&vendorid=TESTDATA";
We will then send this hash together with the transaction parameters for you to replicate the hash test (via the HMAC function and the SAME KEY). Based on the result, you can then either accept the data or reject it.
We will send the data in JSON format via HTTP POST as follows:
{
"amount":"234.00",
"channel":"MPESA",
"msisdn":"254712345678",
"names":"Peter Kamau",
"tstamp":"2012-12-31 23:59:59",
"txnid":"DX12RT123",
"vendorid":"TESTDATA",
"hash":"y9857b460p5b133a32f36309665b8f2e6fad221d"
}
We expect your server to respond with the following JSON responses for iPay to know that the data was correctly received and validated by your system.
For Successful receipts:
{
"status":"1",
"id":"DX12RT123",
"message":"Success"
}
For Failed receipts:
{
"status":"0",
"id":"DX12RT123",
"message":"Failed"
}
For Duplicate receipts:
{
"status":"2",
"id":"DX12RT123",
"message":"Duplicate"
}
Step 1. Add JitPack repository to your build file
In your root build.gradle at the end of repositories add jitpack as shown bellow:
allprojects {
repositories {
...
maven { url 'https://jitpack.io' }
}
}
Step 2. Add the dependency and sync your project
dependencies {
...
implementation ' com.github.iPaykenya:iPay-easy-way-interface-v2:1.0.2'
}
Step 1. Add JitPack repository to your build file
<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>
Step 2. Add the dependency and sync your project
<dependency>
<groupId>com.github.iPaykenya</groupId>
<artifactId>iPay-easy-way-interface-v2</artifactId>
<version>1.0.2</version>
</dependency>
String live = "0";
String vid = "demo";
String cbk = "http://example.com/cbk.php";
String security_key = "demoCHANGED";
String amount = "10";
String p1 = "value1";
String p2 = "value2";
String p3 = "value3";
String p4 = "value4";
String curr = "KES"; //or USD
String phone_number = "0700000000";
String email = "[email protected]";
Instantiate a Channels fragment and use it to pass the above parameters to your library in order to load the iPay Payment Interface.
FragmentManager fragmentManager = getSupportFragmentManager();
FragmentTransaction fragmentTransaction = fragmentManager.beginTransaction();
Channel fragment1 = new Channel();
Bundle data = new Bundle();
data.putString("live", live);
data.putString("vid", vid);
data.putString("cbk", cbk);
data.putString("key", security_key);
data.putString("amount", amount);
data.putString("p1", p1);
data.putString("p2", p2);
data.putString("p3", p3);
data.putString("p4", p4);
data.putString("currency", curr);
data.putString("phone", phone_number);
data.putString("email", email);
fragment1.setArguments(data);
fragmentTransaction.add(R.id.layouta, fragment1, "fragment");
fragmentTransaction.commit();
import com.ipay.iPaycheckout.PaymentActivity;
The android interface will resemble the image shown below:
To do this set the crl parameter in your iPay gateway call to 0 (crl = 0)
We at iPay would need you to provide the Call Back or Return URL. This is the URL/page to which iPay will send the
parameters mentioned in Section 1.1.1. Refer to the “cbk” parameter on Section 1.1.1
These variables will be sent back to your website via your return URL, using the GET method.
An example of your website URL would be www.mystore.co.ke.
Thus, you may have set your Call Back or Return URL as www.mystore.co.ke/ipay.php.
Therefore the iPay return URL from a transaction then would look like this:
www.mystore.co.ke/returnpage.php?
id=23&txncd=we243ty234&status=aei7p7yrx4ae34&ivm=23234&qwh=34565&afd=23545&poi=345654&uyt=4567
8&ifd=123456&agt=324566&mc=350&p1=customevalue1&p2= customevalue1 &p3= customevalue1 &p4= custome
value1 &msisdn_id=firstname+lastname&msisdn_idnum=254710000000
We would recommend that you set up this call back URL in such a way that once iPay calls back to your website, this Call back URL page then redirects to another page, as a security measure, once it has finished processing based on the return URL parameters mentioned in Section 1.1.1 of this manual.
You can verify the payment status of each transaction on callback. This code (or similar) Demonstrates how.
<?php
$val = ""; //assigned iPay Vendor ID... hard code it here.
/*
these values below are picked from the incoming URL and assigned to variables that we
will use in our security check URL
*/
$val1 = $_GET["id"];
$val2 = $_GET["ivm"];
$val3 = $_GET["qwh"];
$val4 = $_GET["afd"];
$val5 = $_GET["poi"];
$val6 = $_GET["uyt"];
$val7 = $_GET["ifd"];
$ipnurl = "https://www.ipayafrica.com/ipn/?vendor=".$val."&id=".$val1."&ivm=".
$val2."&qwh=".$val3."&afd=".$val4."&poi=".$val5."&uyt=".$val6."&ifd=".$val7;
$fp = fopen($ipnurl, "rb");
$status = stream_get_contents($fp, -1, -1);
fclose($fp);
//the value of the parameter “vendor”, in the url being opened above, is your iPay assigned
Vendor ID.
//this is the correct iPay status code corresponding to this transaction.
//Use it to validate your incoming transaction(not the one supplied in the incoming url)
//continue your shopping cart update routine code here below....
//then redirect to to the customer notification page here...
?>
This IPN solution can be implemented in other web application development languages as well
The variables described above are returned by IPay on callback to the Callback url(cbk) supplied,
they are described in Section 2.3 below
(a) The status variable has the following possible values:-
fe2707etr5s4wq = Failed transaction. Not all parameters fulfilled. A notification of this transaction sent to the merchant.
aei7p7yrx4ae34 = Success: The transaction is valid. Therefore you can update this transaction.
bdi6p2yy76etrs = Pending: Incoming Mobile Money Transaction Not found. Please try again in 5 minutes.
cr5i3pgy9867e1 = Used: This code has been used already. A notification of this transaction sent to the merchant.
dtfi4p7yty45wq = Less: The amount that you have sent via mobile money is LESS than what was required to validate
this transaction.
eq3i7p5yt7645e = More: The amount that you have sent via mobile money is MORE than what was required to validate this transaction. (Up to the merchant to decide what to do with this transaction; whether to pass it or not)
(b) id for you to authenticate the order id again and map it to the order transaction again.
(c) ivm the invoice number is returned as an MD5 hash for you to process if you need to.
(d) qwh, afd, poi, uyt, ifd, agt special, unique browser-specific identifier variables returned from the iPay system.
(e) mc this is the amount of money that was sent via the mobile money transfer by the user. This comes as an integer and without the thousands (,) separator. You can use to authenticate against the amount that the user has checked out.
(f) p1, p2, p3, p4: these are four CUSTOM parameters that allow you to simply pass your own parameters into our system and catch them once again on your end. They are (alphanumeric) in nature; thus you can pass text, numbers or a combination of these.
(g) txncd: This refers to the transaction code that the user entered (in the case of mobile money), or that was system generated (in the case of VISA/Mastercard transactions).
(h) msisdn_id: This refers to the names of the payer as registered by their mobile money / banking system.
(i) msisdn_idnum: This refers to the telephone number of the payer as registered by their mobile money / banking system. They are returned for your convenience.
(j) card_mask: It will return the card mask of the client e.g "card_mask":"444444xxxxxx4444".
(k) msisdn_custnum: This refers to the client telephone number you posted into our system together with the order details in page 3 above. They are returned for your convenience. ** Please note that the most important variables are (a) – (c), (e) and (g)
(l) vat: this is the vat applied for the transaction
(m) commission: this is the commission charged for the transaction
When the iPay interface loads correctly, the following dummy codes below can be used on the different channels: The dummy data below will work ONLY IF you have set the live parameter to “0”.see Section 1.1.1
Once your testing is complete, then set the the live parameter to “1” and you are ready to go.
MPESA, Airtelmoney |
---|
There are no Test Values for this just ensure that the Live parameter is "0" for Demo as indicated above |
Credit Card Number | iPay API Status | Card Details, Cash Value and Expiry Date |
---|---|---|
4444444444444444 | successful | determined by you |
3333333333333333 | failed | determined by you |
Once successfully intergrated to the iPay Gateway you should see an interface like so :
The Above example represents when a user has clicked on the Mpesa tab
We expect you to develop a website for your merchant with a shopping cart that allows the merchant to quickly get real time reports on sales and orders that have occurred on their website once iPay communicates back to your website.
However, we have also developed an easy-to-use administrative interface that allows the merchant to quickly track their own transactions for purposes of reconciliation.
This interface is available from the following URL: https://dashboard.ipayafrica.com/ You can do the following: