1.4.2 Credit Card Transact Call and Responses

For Card the url Endpoint is:

The following parameters are required for this POST.
ParameterData type (length)Description
vidalphanumeric (12) The iPay Merchant vendor id
curralphanumeric (3) currency in KES, USD
cvvnumeric string (5) The unique 3-4 digit Card Verification Number provided at the back of the card
cardnonumeric string(16) The 16 digit Card Number,
monthnumeric string(2)Expiry Month
yearnumeric string(2)Expiry Year
cust_addressalphanumeric(25)Customer's Card Billing Address
cust_postcodealphanumeric(10)Customer's Card Billing Postal Code
cust_cityalphanumeric(15)Customer's City where Card was issued
cust_stateprovalphanumeric(15)Customer's State / Province where Card was issued
cust_countryalphanumeric(12)Customer's State / Province where Card was issued
sidalphanumeric (64) The sid from the initiator request responses
fnamealphanumeric (12)Card Holder's Firstname
lnamealphanumeric (12)Card Holder's Last Name
hashalphanumeric (64)The hash string used to validate the data, please note below the datastring required
tokenizenumeric (1)When this parameter is passed, indicates that iPay should tokenize the card.
recurringnumeric (1)When this parameter is passed, it checks if the tokenized parameter was set. If correctly passed, iPay will return the card token on callback.

Generating the Hash String

The hash string is used for signing the data, it uses the same shared secret key between the Merchant and iPay. The hash is generated as follows:

//check hash
$key "SECretKey";//use "demo" for testing where vid also is set to "demo"
$datastring $sid.$vid.$cardno.$cvv.$month.$year.$cust_address.$cust_city.$cust_Country.$postcode.$stateprov.$fname.$lname;

$generated_hash hash_hmac('sha256',$datastring $key);

Expected Response on Successfull card transaction

"p1":"","p2":"","p3":"","p4":"","msisdn_id":"John Doe","msisdn_idnum":"123456",