The Pay10 Payment Gateway is a secured payment aggregator, where you redirect customers from your Website/Ecommerce/M-commerce platform to make a payment using Credit Card/Debit Card and Pay10 Wallet payment options. The gateway collects customer payment details in a secured manner using standard HTML forms and processes the payment transaction.

After the payment is complete, the customer is returned to merchant website and merchant application receives a real-time notification of the payment, which include details of the transaction.

Pre-requisite

It is expected that the users may go through the entire guide to understand the Integration Requirements though it is easy for people with technical understanding.

It is assumed that the Merchant website/application is PCI-DSS certified (Regulatory requirements from Banks and Card associations) as it is mandatory for capturing Customer's Credit/Debit card information on Merchant websites.

All Card/Net banking information is transferred seamlessly to Pay10 payment Gateway Page in a secured manner and transaction response is returned back to the Merchant real time, post processing of the transaction.

Connecting and Redirecting Customers to the Pay10 Gateway

When a customer is on the online checkout/payment page on your website, they first have to enter the card details or select Pay10 wallet.

How to redirect the customer

The HTML form should contain the required input fields listed in Table-2 below.

You should use a secure method of obtaining a session ID before redirecting customers to Pay10.

The payment request should be encrypted before posting to Pay10 servers.

Tips for improving the customer experience

To maximize conversion, Pay10 recommends that you redirect customers to the Pay10 Payment Gateway in the same browser.

Integration with Pay10 Payment Gateway

Request Format

Please review the table below for details of the required and optional parameters that need to be included in your form. An example of a simple HTML form is provided.

Request URLs:

UAT: <https://uatpg.pay10.ae/pgui/jsp/merchantPaymentInit>

Prod: <https://pg.pay10.ae/pgui/jsp/merchantPaymentInit>

Table 2: Pay10 Gateway Parameters

Field Name	Description	Required	Type	Min	Max	Example
PAY_ID	Pay ID is a unique merchant identifier provided by Pay10	YES	NU	16	16	160234578452178
ORDER_ID	Merchant reference number	YES	AN	1	50	ORDER1234
RETURN_URL	URL of merchant website to get the response after transaction is processed	YES	CH	5	1024	`<http://www.merchant.com/pgRespoonse>`
HASH	Unique value generated by SHA 256 hashing algorithm	YES	AN	64	64	7995156CE4C40C44C41BECA3B9CE09B9
CUST_NAME	Customer name	NO	CH	1	150	John Paul
CUST_FIRST_NAME	Customer first name	NO	CH	2	150	John
CUST_LAST_NAME	Customer last name	NO	CH	2	150	Paul
CUST_STREET_ADDRESS1	Customer address	NO	CH	2	250	House no-101
CUST_CITY	Customer city	NO	CH	2	50	Business Bay
CUST_STATE	Customer state	NO	CH	2	100	Dubai
CUST_COUNTRY	Customer country	NO	CH	2	100	UAE
CUST_ZIP	Customer zip	NO	AN	6	9	TWQ 123
CUST_PHONE	Customer phone	YES	NU	8	15	07417456565
CUST_EMAIL	Customer email	YES	CH	6	120	john@test.com
CUST_SHIP_LAST_NAME	Customer Shipping last name	NO	CH	2	150	Paul
CUST_SHIP_FIRST_NAME	Customer shipping first name	NO	CH	2	150	John
NO	Customer shipping name	NO	CH	2	150	John Paul
CUST_SHIP_STREET_ADD RESS1	Customer shipping address	NO	CH	2	250	House no-101
CUST_SHIP_STREET_ADD RESS2	Customer shipping address	NO	CH	2	250	Block A
CUST_SHIP_CITY	Customer shipping city	NO	CH	2	50	Business Bay
CUST_SHIP_STATE	Customer shipping state	NO	CH	2	100	Dubai
CUST_SHIP_COUNTRY	Customer shipping country	NO	CH	2	100	UAE
CUST_SHIP_ZIP	Customer shipping Zip	NO	AN	6	9	122001
CUST_SHIP_PHONE	Customer shipping phone	NO	NU	8	15	073821929812
AMOUNT	Total Sale Amount	YES	NU	3	12	100
CURRENCY_CODE	3-digit code of the currency	YES	NU	3	3	826 (ISO 4217 numeric code)
PRODUCT_DESC	Description of product	NO	CH	1	1024	xyz

📘
Abbreviation:
NU - Numeric, CH – Character, AN – Alphanumeric, A: Alphabetic
** - Refer Amount format for Amount
*** - Only mandatory in case of UPI payments

Email and phone number is mandatory for all requests

Additional parameters to be sent based on payment modes:

For Card:

Field Name	Description	Required	Type	Min	Max	Example
CARD_NUMBER	Card number of customer	YES	NU	15	19	4012001037141112
CARD_EXP_DT	Expiry month and year of card	YES	NU	6	6	122023 (With format MMYYYY)
CVV	Security code on card	YES	NU	3	4	354
CARD_HOLDER_NAME	Name of card holder as written on card	YES	A	1	100	John Paul
PAYMENT_TYPE	Type of payment method	YES	A	2	10
MOP_TYPE	Type of card for eg. VISAVI (For more details check the last section where response codes are mentioned)	YES	AN	2	10	V

For Pay10

Field Name	Description	Required	Type	Min	Max	Example
MOP_TYPE	for Pay10 Wallet	YES	A	2	2	PT
PAYMENT_TYPE	Type of payment method	YES	A	2	10	P

Amount format

The amount of the transaction expressed in the smallest currency unit. The amount must not contain any decimal points, thousands of separators, or currency symbols. This value cannot be negative or zero.

For example, AED 12.50 is expressed as 1250.
AED 1 is expressed as 100.

Note: The currency should be converted into fils.

Response Parameters

After completion of the transaction, the customer is redirected back to the merchant at the return URL provided. In case the merchant does not receive the transaction response a status enquiry request can be initiated.

**Table 3: Response Parameters **(shows the parameters sent to merchant response url)

Field Name	Description	Example Value
CUST_NAME	Customer name	John Paul
TXNTYPE	Type of transaction processed	SALE/AUTH
AMOUNT	Total Sale Amount	100
CURRENCY_CODE	3-digit code of the currency	826
ORDER_ID	Merchant reference number	ESN78452
PAY_ID	Pay ID given by Pay10	160234578452178
TXN_ID	Transaction Id generated by Pay10 to identify the current step	150611417421130
PAYMENT_TYPE	Type of payment mode used by customer	CARD/NB/WL/UP
MOP_TYPE	Method of payment	VI/MC/PPWL/1005/UP
CARD_MASK	Masked card number for card txns	401200******1234
PG_REF_NUM	Id generated by Pay10. Use for further communication with Pay10 for tracking the full order	150611417421129
RESPONSE_CODE	Code for transaction status	000
RESPONSE_MESSAGE	Response message for transaction status	SUCCESS
HASH	Unique value generated by SHA 256 hashing algorithm	7995156CE4C40C44C41BECA3
AUTH_CODE	Authorization code	123456
RRN	Bank reference number	789456132
AVR	Address verification flag	Y/N
ACQ_ID	Bank reference number	KJDNI4UT873
STATUS	Transaction status	Approved/Captured/Declined
CUST_EMAIL	Echo back field	john@gmail.com
CUST_ID	Echo back field
CUST_PHONE	Echo back field
PG_TXN_MESSAGE	Detailed message for transaction
RETURN_URL	Merchant return URL in request	www.merchantsite.com/paymentresponse
RESPONSE_DATE	Date of response	12102019
RESPONSE_TIME	Time of response	10:35:10
PRODUCT_DESC	Description of product	xyz
CARD_ISSUER_BANK	Card issuing bank	ENBD
CARD_ISSUER_COUNTRY	Issuing country of the customer card	UAE
TOTAL_AMOUNT	Total amount debited to customer in case of surcharge model	10134
IS_MERCHANT_HOSTED	Hosted transaction flag	Y

Validating the Response

The merchant application must validate the transaction response in the status response. This can be done as follows:

First, the request is decrypted and parameter map is prepared.

Match the response hash that is present in the response against the merchant application calculated hash value using the response params. In case the merchant hash does not match that transaction must not be considered a successful transaction. For a successful transaction, RESPONSE_CODE is 000 and STATUS is “Captured”.

Call the status API and verify the same result as received in real-time response. The merchant technical team can implement the ignore case snippet in their system to avoid disconnect.

Once you have validated the transaction data you can process the transaction, for example, by dispatching the goods ordered.

📘
Please Note:
The above implementations are a mandate for all the merchants and in case of any discrepancy at the merchant’s end the merchant will be liable for any losses. To confirm the same Pay10 team shall review the merchant system before go-live.

Generating a Secure Hash

SHA-256 Signature

The merchant code creates the Secure Hash value on the Transaction Request data. The Payment Server creates another Secure Hash value and sends it back to the merchant in the Transaction Response.

Method of generating hash

To generate a hash you need to make a request string of all the required parameters.

For example, if you want to pass the following name value pairs in your request:

📘
AMOUNT=100, CARD_EXP_DT=022026, CARD_HOLDER_NAME=Rohit Kumar Singh, CARD_NUMBER=5123456789012346, CURRENCY_CODE=356, CUST_EMAIL=[rohit@ae](mailto:rohit@pay10.com), CUST_PHONE=9999999999, CVV=212, MOP_TYPE=VI, ORDER_ID=PAY10_05042211225561, PAYMENT_TYPE=CARD, PAY_ID=1301611028120924, RETURN_URL=<http://uatpg.pay10.ae/response>

Then you need to sort all the parameters in ascending order and add “Tilde” (~) symbol as a separator to prepare the request string.

The output will be as follows:

📘
AMOUNT=100~CARD_EXP_DT=022026~CARD_HOLDER_NAME=Rohit Kumar Singh~CARD_NUMBER=5123456789012346~CURRENCY_CODE=356~CUST_EMAIL=[rohit@pay10.ae](mailto:rohit@pay10.com)~CUST_PHONE=9999999999~CVV=212~MOP_TYPE=VI~ORDER_ID=PAY10_05042211225561~PAYMENT_TYPE=CARD~PAY_ID=1301611028120924~RETURN_URL=<http://uatpg.pay10.ae/response>

Next step is to append the Secret Key at the end of the parameter string given by Pay10 Payment Gateway to you. After adding you will get the following output:

📘
AMOUNT=100~CARD_EXP_DT=022026~CARD_HOLDER_NAME=Rohit Kumar Singh~CARD_NUMBER=5123456789012346~CURRENCY_CODE=356~CUST_EMAIL=[rohit@pay10.ae](mailto:rohit@pay10.com)~CUST_PHONE=9999999999~CVV=212~MOP_TYPE=VI~ORDER_ID=PAY10_05042211225561~PAYMENT_TYPE=CARD~PAY_ID=1301611028120924~RETURN_URL=<http://uatpg.pay10.ae/responsecb9110b15767494f>

After completing the above-mentioned process, you will have to call SHA 256 algorithm and pass the parameter string to the same and the SHA will return you the desired result as below (Contact merchant support team to get SHA256 library for your platform):

📘
Hash value= 0d804907563e7eb93f45471baa2a55d44a89606408dd5c33dbe24837eb9b4ab7

Now you must convert the generated value to the Upper Case, and you will get the final result as hash value:

📘
Hash value = 0D804907563E7EB93F45471BAA2A55D44A89606408DD5C33DBE24837EB9B4AB7

The purpose of the SHA256 signature field is to ensure the integrity of the data posted back to your server. You should always compare the SHA256 signature field's value posted by Pay10’s servers with the one you calculated.

To calculate the SHA256, you need to take the values of the fields listed above exactly as they were posted back to you, concatenate them and perform a SHA256 calculation on this string.

Secret Key

The secret key is a very essential element in generating hash. You have to append the secret key with all the other required parameters to generate hash through SHA2 algorithm.

Secret key will be provided to you once your onboarding documents are submitted and onboarding is done

Encrypting the Request

Encryption Key

The encryption key will be sent over email to the registered email id when the merchant is proceeding to live mode.

Encryption Mechanism

After the plain text request is prepared, the hash is also appended to the request string:

📘
AMOUNT=100~CARD_EXP_DT=022026~CARD_HOLDER_NAME=Rohit Kumar Singh~CARD_NUMBER=5123456789012346~CURRENCY_CODE=356~CUST_EMAIL=[rohit@pay10.ae](mailto:rohit@pay10.com)~CUST_PHONE=9999999999~CVV=212~MOP_TYPE=VI~ORDER_ID=PAY10_05042211225561~PAYMENT_TYPE=CARD~PAY_ID=1301611028120924~RETURN_URL=<http://uatpg.pay10.ae/response~HASH=0D804907563E7EB93F45471BAA2A55D44A89606408DD5C33DBE24837EB9B4AB7>

After the hash is appended the request string is encrypted using AES algorithm with “/CBC/PKCS5PADDING” and then posted over to the Pay10 PG with parameter name ENCDATA:

📘
ENCDATA=”4EJkUAVHdXUStw/F35bDsM1k8PIKtcjUeGuE3M5CrZTmKcTe5i+IUHNcsBrhfT6ym6+hsHbaxj8W1I5HELlzKnJeJ029DyALgkJ0mrpAkg+SOnS64w78R3ZTq1IYW0xMu3S78+UKBDaDY93tvNCDjKUkR0caMSJkRIWBKeeoWE/lD7LExxk2MeaaHNSAaFNI5a65IPvgTuLl4o72ngjNz6zJaLsCYgwhNAT2d/ZLpLbhX8NdKav6ijCEMVa2/Su6yCbSWaWsG0UJCECQyzHwgCH5PcdU7Eg6wWuiYguBx1Qgs+vG95eJKqC3xW0kVmqavp71ThDacsj1MEJMTI2MRHNFdiJtenzLxzCsdmVMKWpa8NSemYNdc5NY+ipsg14SHF51x+Dn5ycDSHaAUrInvaIVg56x/y56MEiXVZXa1N4LlSgyf+BH7wHw562VubOxetXIaFQYW8Y3km+xeq+1jXtzfVPB19ie00jX7QzYwlk=”

Note: Please do not append the salt key with the request string before encryption.

Sending Request and Getting Response

Request

After the hashing and encryption is done, the encrypted request is posted to Pay10 PG securely and the user is redirected to the bank for authentication by Pay10.

<form id="payForm" 
action="https://uatpg.pay10.ae/pgui/jsp/merchantPaymentInit" method="post"> 
<input type="hidden" name="PAY_ID" value="1301611028120924"> 
<input type="hidden" name="ENCDATA" 
value="4EJkUAVHdXUStw/F35bDsM1k8PIKtcjUeGuE3M5CrZTmKcTe5i+IUHNcsBrhfT6ym6+hsHbaxj8W1 
I5HELlzKnJeJ029DyALgkJ0mrpAkg+SOnS64w78R3ZTq1IYW0xMu3S78+UKBDaDY93tvNCDjKUkR0caMSJkR 
IWBKeeoWE/lD7LExxk2MeaaHNSAaFNI5a65IPvgTuLl4o72ngjNz6zJaLsCYgwhNAT2d/ZLpLbhX8NdKav6i 
jCEMVa2/Su6yCbSWaWsG0UJCECQyzHwgCH5PcdU7Eg6wWuiYguBx1Qgs+vG95eJKqC3xW0kVmqavp71ThDac 
sj1MEJMTI2MRHNFdiJtenzLxzCsdmVMKWpa8NSemYNdc5NY+ipsg14SHF51x+Dn5ycDSHaAUrInvaIVg56x/ 
y56MEiXVZXa1N4LlSgyf+BH7wHw562VubOxetXIaFQYW8Y3km+xeq+1jXtzfVPB19ie00jX7QzYwlk="><in 
put type=”submit” value=”Click to Pay”/> 
</form>

Response

The response is redirected to the merchant in the same format with ENCDATA and PAY_ID as the parameters. ENCDATA is decrypted using the same encryption key and hash is validated. For example:

Encrypted data received-

<form id="payForm" action="<https://uatpg.pay10.ae/pgui/jsp/merchantPaymentInit>" method="post">
  <input type="hidden" name="PAY_ID" value="1301611028120924">
  <input type="hidden" name="ENCDATA" value="4EJkUAVHdXUStw/F35bDsM1k8PIKtcjUeGuE3M5CrZTmKcTe5i+IUHNcsBrhfT6ym6+hsHbaxj8W1I5HELlzKnJeJ029DyALgkJ0mrpAkg+SOnS64w78R3ZTq1IYW0xMu3S78+UKBDaDY93tvNCDjKUkR0caMSJkRIWBKeeoWE/lD7LExxk2MeaaHNSAaFNI5a65IPvgTuLl4o72ngjNz6zJaLsCYgwhNAT2d/ZLpLbhX8NdKav6ijCEMVa2/Su6yCbSWaWsG0UJCECQyzHwgCH5PcdU7Eg6wWuiYguBx1Qgs+vG95eJKqC3xW0kVmqavp71ThDacsj1MEJMTI2MRHNFdiJtenzLxzCsdmVMKWpa8NSemYNdc5NY+ipsg14SHF51x+Dn5ycDSHaAUrInvaIVg56x/y56MEiXVZXa1N4LlSgyf+BH7wHw562VubOxetXIaFQYW8Y3km+xeq+1jXtzfVPB19ie00jX7QzYwlk=">
  <input type="submit" value="Click to Pay">
</form>

Decrypted Data:

RESPONSE_DATE_TIME=2022-04-05 
15:45:49~RESPONSE_CODE=000~AUTH_CODE=866325619~IS_MERCHANT_HOSTED=Y~CUST_PHONE=9999999999~M 
OP_TYPE=VI~CARD_MASK=470011******3837~CURRENCY_CODE=356~RRN=866325619~CARD_HOLDER_NAME=Rohit 
KumarSingh~PG_TXN_MESSAGE=Successful 
Payment~STATUS=Captured~PG_REF_NUM=3739120405154514~AMOUNT=100~RESPONSE_MESSAGE=Successful 
ANK=AXIS BANK, 
Payment~CUST_EMAIL=rohit@pay10.ae~CARD_ISSUER_COUNTRY=IN~TXN_ID=3759120405154549~CARD_ISSUER_B 
LTD.~ACQ_ID=866325619~TXNTYPE=SALE~SURCHARGE_FLAG=N~HASH=B0D70CC32E98AD47677279F092B001064BDF 
C4FCDBA2809A7B81BD10335859E6~PAYMENT_TYPE=CC~RETURN_URL=http://uatpg.pay10.ae/response.php~PAY_ID= 
1301611028120924~ORDER_ID=PAY10_05042212135080~TOTAL_AMOUNT=100

The hash value is extracted and Hash is calculated in the same way as request HASH but using the response params. After a successful HASH validation, the merchant system has to call the Status check API Status Enquiry.

Gateway Options and Response

Response Codes

Code	Message	Status
000	SUCCESS	Captured
000	Request Accepted	Sent to Bank
003	Timeout	Failed
007	Rejected by acquirer	Failed
009	Response signature did not match	Pending
004	Declined	Failed
010	Cancelled by user	Failed
012	Denied due to fraud detection	Failed
018	Duplicate order Id	Invalid
022	Failed at acquirer	Failed
026	Request Accepted	Sent to Bank
026	Pending	Pending
100	User not found	Failed
101	Password incorrect	Failed
102	User inactive	Failed
103	Validation failed	Failed
104	User not approved from any acquirer	Failed
105	Account not present for this acquirer	Failed
108	Merchant detail not present for this acquirer	Failed
110	Merchant not mapped for this currency	Failed
113	Payment option not supported	Failed
114	GST Details Not Set	Failed
129	TDR request is already pending for this merchant	Failed
130	Currency not supported	Failed
131	Unsupported card number	Failed
132	Account Lock	Failed
134	TDR Setting is pending for this merchant	Failed
300	Invalid Request	Invalid
302	No Such Transaction Found	Invalid
323	Invalid Hash	Invalid
366	Invalid VPA address (Time of VPA Validation)	Invalid
400	Permission Denied	Failed
777	Acquirer Down	Failed
900	Operation could not be completed, please try again later	Invalid
902	Operation could not be completed, please try again later	Failed
999	Unknown Error	Failed

Payment Method Codes

Table 6: Supported Payment Methods

Payment Method	Value
Credit Card	CC
Debit Card	DC
PAY10	PT

Net Banking Options

Note: The list of payment modes to be activated in live may vary depending upon approval from respective banks.

Supported Currency and Currency Code

Table 7: Supported Currency with Codes

Name	Abbreviation	Code
AED	AED	784