1.4.1 Mobile Money Transact Call and Responses

For the REST API POST to this URL:

https://apis.ipayafrica.com/payments/v2/transact/mobilemoney

The Parameters to post are:
vidalphanumeric (12) The iPay Merchant vendor id
sidalphanumeric (64) The sid from the initiator request responses
hashalphanumeric (64) Generated signature of the data based on a secret key shared between iPay and you(our MErchant)

The hash is generated by the concatenation of the sid and the vid(it is used to sign data in such a way that we can verifiy you are indeed one of the authorized partners)


<?php
$key 
'SECretKey';//your secret key shared between IPay and your application
$datastring $sid.$vid;
$generated_hash hash_hmac('sha256',$datastring $key); ?>

On successful post you should expect the following response from ipay:

{"txncd":"","qwh":"1641833083",
 "afd":"402504828",
 "poi":"834563642",
 "uyt":"807375577",
 "ifd":"312031355",
 "agt":"",
 "id":"RESTOID",
 "status":"aei7p7yrx4ae34",
 "ivm":"RESTOID",
 "mc":"",
 "p1":"","p2":"","p3":"","p4":"",
 "msisdn_id":"",
 "msisdn_idnum":"254710000000",
 "channel":"Mobile Money"}
The Following returned values explained in section 2.4 The Variables that IPay returns which you will use for validation of an order on your side(of note is the status value also explain in the aforementioned section).

Search/Query for a Transaction

Incase you want to search and verify that indeed a transaction has been paid for the following endpoit can be used to search for the transaction on IPay

https://apis.ipayafrica.com/payments/v2/transaction/search

The parameters to post are:
vidalphanumeric (12) The iPay Merchant vendor id
hashalphanumeric (64) Generated signature of the data based on a secret key shared between iPay and you(our MErchant)
oidalphanumeric (64) Order Id

The hash is generated by the concatenation of the oid and the vid(it is used to sign data in such a way that we can verifiy you are indeed one of the authorized partners)


<?php
$key 
'SECretKey';
$datastring $oid.$vid;
$generated_hash hash_hmac('sha256',$datastring $key); ?>

The following parameters are returned as a JSON on successful POST.

{    "header_status": 200,
	 "status": 1,    
     "text": "payment record found",    
     "data": {
                "vid": "demo",        
                "session_id": "852a63b08ac98b1750498rfd7c547c8d",        
                "oid": "34b674",        
                "transaction_amount": "200.00",        
                "transaction_code": "TXNCODE",        
                "telephone": "2547XXXXXXXX",        
                "firstname": "JOHN",        
                "lastname": "DOE",        
                "paid_at": "2016-05-14 16:13:50",        
                "payment_mode": "MPESA"
             },
             "hash": "d29ac43a8b89673cc85ce206351832d3a0c4a462dd0fde56c17445e94f6ad958"
}

The meanings of these parameters have been explained in Section 2.4.

On unsuccessful POST possibly due to wrong session_id post an error in the manner below is returned

{
  "header_status": 404,
  "status": 0,
  "text": "no record found"
}

To validate the hash string


<?php 
    $sign_datastring 
$oid.$vid.$transaction_code.$firstname.$lastname.$paid_at.$payment_mode.$sid;
//The above string is a concatenation of the order, transaction_code, telephone, frstname, lastname,paid_at, payment_mode and SID
//This datastring is signed with the same algorithm and the same security key used in the create api ie
    
hash_hmac("sha256"$sign_datastring"key");?>