This page will help you get started with Merchant Hosted Integration.
The Pay10 Payment Gateway is a secured payment aggregator, where you redirect customers from your Website/Ecommerce/M-commerce platform to make a payment using Credit Card/Debit Card and Pay10 Wallet payment options. The gateway collects customer payment details in a secured manner using standard HTML forms and processes the payment transaction.
After the payment is complete, the customer is returned to merchant website and merchant application receives a real-time notification of the payment, which include details of the transaction.
Pre-requisite
It is expected that the users may go through the entire guide to understand the Integration Requirements though it is easy for people with technical understanding.
It is assumed that the Merchant website/application is PCI-DSS certified (Regulatory requirements from Banks and Card associations) as it is mandatory for capturing Customer's Credit/Debit card information on Merchant websites.
All Card/Net banking information is transferred seamlessly to Pay10 payment Gateway Page in a secured manner and transaction response is returned back to the Merchant real time, post processing of the transaction.
Connecting and Redirecting Customers to the Pay10 Gateway
When a customer is on the online checkout/payment page on your website, they first have to enter the card details or select Pay10 wallet.
How to redirect the customer
The HTML form should contain the required input fields listed in Table-2 below.
You should use a secure method of obtaining a session ID before redirecting customers to Pay10.
The payment request should be encrypted before posting to Pay10 servers.
Tips for improving the customer experience
To maximize conversion, Pay10 recommends that you redirect customers to the Pay10 Payment Gateway in the same browser.
Integration with Pay10 Payment Gateway
Request Format
Please review the table below for details of the required and optional parameters that need to be included in your form. An example of a simple HTML form is provided.
Request URLs:
UAT: <https://uatpg.pay10.ae/pgui/jsp/merchantPaymentInit>
Prod: <https://pg.pay10.ae/pgui/jsp/merchantPaymentInit>
Table 2: Pay10 Gateway Parameters
| Field Name | Description | Required | Type | Min | Max | Example |
|---|---|---|---|---|---|---|
| PAY_ID | Pay ID is a unique merchant identifier provided by Pay10 | YES | NU | 16 | 16 | 160234578452178 |
| ORDER_ID | Merchant reference number | YES | AN | 1 | 50 | ORDER1234 |
| RETURN_URL | URL of merchant website to get the response after transaction is processed | YES | CH | 5 | 1024 | <http://www.merchant.com/pgRespoonse> |
| HASH | Unique value generated by SHA 256 hashing algorithm | YES | AN | 64 | 64 | 7995156CE4C40C44C41BECA3B9CE09B9 |
| CUST_NAME | Customer name | NO | CH | 1 | 150 | John Paul |
| CUST_FIRST_NAME | Customer first name | NO | CH | 2 | 150 | John |
| CUST_LAST_NAME | Customer last name | NO | CH | 2 | 150 | Paul |
| CUST_STREET_ADDRESS1 | Customer address | NO | CH | 2 | 250 | House no-101 |
| CUST_CITY | Customer city | NO | CH | 2 | 50 | Business Bay |
| CUST_STATE | Customer state | NO | CH | 2 | 100 | Dubai |
| CUST_COUNTRY | Customer country | NO | CH | 2 | 100 | UAE |
| CUST_ZIP | Customer zip | NO | AN | 6 | 9 | TWQ 123 |
| CUST_PHONE | Customer phone | YES | NU | 8 | 15 | 07417456565 |
| CUST_EMAIL | Customer email | YES | CH | 6 | 120 | [email protected] |
| CUST_SHIP_LAST_NAME | Customer Shipping last name | NO | CH | 2 | 150 | Paul |
| CUST_SHIP_FIRST_NAME | Customer shipping first name | NO | CH | 2 | 150 | John |
| NO | Customer shipping name | NO | CH | 2 | 150 | John Paul |
| CUST_SHIP_STREET_ADD RESS1 | Customer shipping address | NO | CH | 2 | 250 | House no-101 |
| CUST_SHIP_STREET_ADD RESS2 | Customer shipping address | NO | CH | 2 | 250 | Block A |
| CUST_SHIP_CITY | Customer shipping city | NO | CH | 2 | 50 | Business Bay |
| CUST_SHIP_STATE | Customer shipping state | NO | CH | 2 | 100 | Dubai |
| CUST_SHIP_COUNTRY | Customer shipping country | NO | CH | 2 | 100 | UAE |
| CUST_SHIP_ZIP | Customer shipping Zip | NO | AN | 6 | 9 | 122001 |
| CUST_SHIP_PHONE | Customer shipping phone | NO | NU | 8 | 15 | 073821929812 |
| AMOUNT | Total Sale Amount | YES | NU | 3 | 12 | 100 |
| CURRENCY_CODE | 3-digit code of the currency | YES | NU | 3 | 3 | 826 (ISO 4217 numeric code) |
| PRODUCT_DESC | Description of product | NO | CH | 1 | 1024 | xyz |
Abbreviation:
NU - Numeric, CH – Character, AN – Alphanumeric, A: Alphabetic
** - Refer Amount format for Amount
*** - Only mandatory in case of UPI payments
- Email and phone number is mandatory for all requests
Additional parameters to be sent based on payment modes:
For Card:
| Field Name | Description | Required | Type | Min | Max | Example |
|---|---|---|---|---|---|---|
| CARD_NUMBER | Card number of customer | YES | NU | 15 | 19 | 4012001037141112 |
| CARD_EXP_DT | Expiry month and year of card | YES | NU | 6 | 6 | 122023 (With format MMYYYY) |
| CVV | Security code on card | YES | NU | 3 | 4 | 354 |
| CARD_HOLDER_NAME | Name of card holder as written on card | YES | A | 1 | 100 | John Paul |
| PAYMENT_TYPE | Type of payment method | YES | A | 2 | 10 | |
| MOP_TYPE | Type of card for eg. VISAVI (For more details check the last section where response codes are mentioned) | YES | AN | 2 | 10 | V |
For Pay10
| Field Name | Description | Required | Type | Min | Max | Example |
|---|---|---|---|---|---|---|
| MOP_TYPE | for Pay10 Wallet | YES | A | 2 | 2 | PT |
| PAYMENT_TYPE | Type of payment method | YES | A | 2 | 10 | P |
Amount format
The amount of the transaction expressed in the smallest currency unit. The amount must not contain any decimal points, thousands of separators, or currency symbols. This value cannot be negative or zero.
For example, AED 12.50 is expressed as 1250.
AED 1 is expressed as 100.
Note: The currency should be converted into fils.
Response Parameters
After completion of the transaction, the customer is redirected back to the merchant at the return URL provided. In case the merchant does not receive the transaction response a status enquiry request can be initiated.
**Table 3: Response Parameters **(shows the parameters sent to merchant response url)
| Field Name | Description | Example Value |
|---|---|---|
| CUST_NAME | Customer name | John Paul |
| TXNTYPE | Type of transaction processed | SALE/AUTH |
| AMOUNT | Total Sale Amount | 100 |
| CURRENCY_CODE | 3-digit code of the currency | 826 |
| ORDER_ID | Merchant reference number | ESN78452 |
| PAY_ID | Pay ID given by Pay10 | 160234578452178 |
| TXN_ID | Transaction Id generated by Pay10 to identify the current step | 150611417421130 |
| PAYMENT_TYPE | Type of payment mode used by customer | CARD/NB/WL/UP |
| MOP_TYPE | Method of payment | VI/MC/PPWL/1005/UP |
| CARD_MASK | Masked card number for card txns | 401200******1234 |
| PG_REF_NUM | Id generated by Pay10. Use for further communication with Pay10 for tracking the full order | 150611417421129 |
| RESPONSE_CODE | Code for transaction status | 000 |
| RESPONSE_MESSAGE | Response message for transaction status | SUCCESS |
| HASH | Unique value generated by SHA 256 hashing algorithm | 7995156CE4C40C44C41BECA3 |
| AUTH_CODE | Authorization code | 123456 |
| RRN | Bank reference number | 789456132 |
| AVR | Address verification flag | Y/N |
| ACQ_ID | Bank reference number | KJDNI4UT873 |
| STATUS | Transaction status | Approved/Captured/Declined |
| CUST_EMAIL | Echo back field | [email protected] |
| CUST_ID | Echo back field | |
| CUST_PHONE | Echo back field | |
| PG_TXN_MESSAGE | Detailed message for transaction | |
| RETURN_URL | Merchant return URL in request | www.merchantsite.com/paymentresponse |
| RESPONSE_DATE | Date of response | 12102019 |
| RESPONSE_TIME | Time of response | 10:35:10 |
| PRODUCT_DESC | Description of product | xyz |
| CARD_ISSUER_BANK | Card issuing bank | ENBD |
| CARD_ISSUER_COUNTRY | Issuing country of the customer card | UAE |
| TOTAL_AMOUNT | Total amount debited to customer in case of surcharge model | 10134 |
| IS_MERCHANT_HOSTED | Hosted transaction flag | Y |
Validating the Response
The merchant application must validate the transaction response in the status response. This can be done as follows:
First, the request is decrypted and parameter map is prepared.
Match the response hash that is present in the response against the merchant application calculated hash value using the response params. In case the merchant hash does not match that transaction must not be considered a successful transaction. For a successful transaction, RESPONSE_CODE is 000 and STATUS is “Captured”.
Call the status API and verify the same result as received in real-time response. The merchant technical team can implement the ignore case snippet in their system to avoid disconnect.
Once you have validated the transaction data you can process the transaction, for example, by dispatching the goods ordered.
Please Note:
The above implementations are a mandate for all the merchants and in case of any discrepancy at the merchant’s end the merchant will be liable for any losses. To confirm the same Pay10 team shall review the merchant system before go-live.
Generating a Secure Hash
SHA-256 Signature
The merchant code creates the Secure Hash value on the Transaction Request data. The Payment Server creates another Secure Hash value and sends it back to the merchant in the Transaction Response.
Method of generating hash
- To generate a hash you need to make a request string of all the required parameters.
For example, if you want to pass the following name value pairs in your request:
AMOUNT=100, CARD_EXP_DT=022026, CARD_HOLDER_NAME=Rohit Kumar Singh, CARD_NUMBER=5123456789012346, CURRENCY_CODE=356, CUST_EMAIL=[rohit@ae](mailto:[email protected]), CUST_PHONE=9999999999, CVV=212, MOP_TYPE=VI, ORDER_ID=PAY10_05042211225561, PAYMENT_TYPE=CARD, PAY_ID=1301611028120924, RETURN_URL=<http://uatpg.pay10.ae/response>
- Then you need to sort all the parameters in ascending order and add “Tilde” (~) symbol as a separator to prepare the request string.
The output will be as follows:
AMOUNT=100~CARD_EXP_DT=022026~CARD_HOLDER_NAME=Rohit Kumar Singh~CARD_NUMBER=5123456789012346~CURRENCY_CODE=356~CUST_EMAIL=[[email protected]](mailto:[email protected])~CUST_PHONE=9999999999~CVV=212~MOP_TYPE=VI~ORDER_ID=PAY10_05042211225561~PAYMENT_TYPE=CARD~PAY_ID=1301611028120924~RETURN_URL=<http://uatpg.pay10.ae/response>
- Next step is to append the Secret Key at the end of the parameter string given by Pay10 Payment Gateway to you. After adding you will get the following output:
AMOUNT=100~CARD_EXP_DT=022026~CARD_HOLDER_NAME=Rohit Kumar Singh~CARD_NUMBER=5123456789012346~CURRENCY_CODE=356~CUST_EMAIL=[[email protected]](mailto:[email protected])~CUST_PHONE=9999999999~CVV=212~MOP_TYPE=VI~ORDER_ID=PAY10_05042211225561~PAYMENT_TYPE=CARD~PAY_ID=1301611028120924~RETURN_URL=<http://uatpg.pay10.ae/responsecb9110b15767494f>
- After completing the above-mentioned process, you will have to call SHA 256 algorithm and pass the parameter string to the same and the SHA will return you the desired result as below (Contact merchant support team to get SHA256 library for your platform):
Hash value= 0d804907563e7eb93f45471baa2a55d44a89606408dd5c33dbe24837eb9b4ab7
- Now you must convert the generated value to the Upper Case, and you will get the final result as hash value:
Hash value = 0D804907563E7EB93F45471BAA2A55D44A89606408DD5C33DBE24837EB9B4AB7
The purpose of the SHA256 signature field is to ensure the integrity of the data posted back to your server. You should always compare the SHA256 signature field's value posted by Pay10’s servers with the one you calculated.
To calculate the SHA256, you need to take the values of the fields listed above exactly as they were posted back to you, concatenate them and perform a SHA256 calculation on this string.
Secret Key
The secret key is a very essential element in generating hash. You have to append the secret key with all the other required parameters to generate hash through SHA2 algorithm.
Secret key will be provided to you once your onboarding documents are submitted and onboarding is done
Encrypting the Request
Encryption Key
The encryption key will be sent over email to the registered email id when the merchant is proceeding to live mode.
Encryption Mechanism
After the plain text request is prepared, the hash is also appended to the request string:
AMOUNT=100~CARD_EXP_DT=022026~CARD_HOLDER_NAME=Rohit Kumar Singh~CARD_NUMBER=5123456789012346~CURRENCY_CODE=356~CUST_EMAIL=[[email protected]](mailto:[email protected])~CUST_PHONE=9999999999~CVV=212~MOP_TYPE=VI~ORDER_ID=PAY10_05042211225561~PAYMENT_TYPE=CARD~PAY_ID=1301611028120924~RETURN_URL=<http://uatpg.pay10.ae/response~HASH=0D804907563E7EB93F45471BAA2A55D44A89606408DD5C33DBE24837EB9B4AB7>
After the hash is appended the request string is encrypted using AES algorithm with “/CBC/PKCS5PADDING” and then posted over to the Pay10 PG with parameter name ENCDATA:
ENCDATA=”4EJkUAVHdXUStw/F35bDsM1k8PIKtcjUeGuE3M5CrZTmKcTe5i+IUHNcsBrhfT6ym6+hsHbaxj8W1I5HELlzKnJeJ029DyALgkJ0mrpAkg+SOnS64w78R3ZTq1IYW0xMu3S78+UKBDaDY93tvNCDjKUkR0caMSJkRIWBKeeoWE/lD7LExxk2MeaaHNSAaFNI5a65IPvgTuLl4o72ngjNz6zJaLsCYgwhNAT2d/ZLpLbhX8NdKav6ijCEMVa2/Su6yCbSWaWsG0UJCECQyzHwgCH5PcdU7Eg6wWuiYguBx1Qgs+vG95eJKqC3xW0kVmqavp71ThDacsj1MEJMTI2MRHNFdiJtenzLxzCsdmVMKWpa8NSemYNdc5NY+ipsg14SHF51x+Dn5ycDSHaAUrInvaIVg56x/y56MEiXVZXa1N4LlSgyf+BH7wHw562VubOxetXIaFQYW8Y3km+xeq+1jXtzfVPB19ie00jX7QzYwlk=”
Note: Please do not append the salt key with the request string before encryption.
Sending Request and Getting Response
Request
After the hashing and encryption is done, the encrypted request is posted to Pay10 PG securely and the user is redirected to the bank for authentication by Pay10.
<form id="payForm"
action="https://uatpg.pay10.ae/pgui/jsp/merchantPaymentInit" method="post">
<input type="hidden" name="PAY_ID" value="1301611028120924">
<input type="hidden" name="ENCDATA"
value="4EJkUAVHdXUStw/F35bDsM1k8PIKtcjUeGuE3M5CrZTmKcTe5i+IUHNcsBrhfT6ym6+hsHbaxj8W1
I5HELlzKnJeJ029DyALgkJ0mrpAkg+SOnS64w78R3ZTq1IYW0xMu3S78+UKBDaDY93tvNCDjKUkR0caMSJkR
IWBKeeoWE/lD7LExxk2MeaaHNSAaFNI5a65IPvgTuLl4o72ngjNz6zJaLsCYgwhNAT2d/ZLpLbhX8NdKav6i
jCEMVa2/Su6yCbSWaWsG0UJCECQyzHwgCH5PcdU7Eg6wWuiYguBx1Qgs+vG95eJKqC3xW0kVmqavp71ThDac
sj1MEJMTI2MRHNFdiJtenzLxzCsdmVMKWpa8NSemYNdc5NY+ipsg14SHF51x+Dn5ycDSHaAUrInvaIVg56x/
y56MEiXVZXa1N4LlSgyf+BH7wHw562VubOxetXIaFQYW8Y3km+xeq+1jXtzfVPB19ie00jX7QzYwlk="><in
put type=”submit” value=”Click to Pay”/>
</form> Response
The response is redirected to the merchant in the same format with ENCDATA and PAY_ID as the parameters. ENCDATA is decrypted using the same encryption key and hash is validated. For example:
Encrypted data received-
<form id="payForm" action="<https://uatpg.pay10.ae/pgui/jsp/merchantPaymentInit>" method="post">
<input type="hidden" name="PAY_ID" value="1301611028120924">
<input type="hidden" name="ENCDATA" value="4EJkUAVHdXUStw/F35bDsM1k8PIKtcjUeGuE3M5CrZTmKcTe5i+IUHNcsBrhfT6ym6+hsHbaxj8W1I5HELlzKnJeJ029DyALgkJ0mrpAkg+SOnS64w78R3ZTq1IYW0xMu3S78+UKBDaDY93tvNCDjKUkR0caMSJkRIWBKeeoWE/lD7LExxk2MeaaHNSAaFNI5a65IPvgTuLl4o72ngjNz6zJaLsCYgwhNAT2d/ZLpLbhX8NdKav6ijCEMVa2/Su6yCbSWaWsG0UJCECQyzHwgCH5PcdU7Eg6wWuiYguBx1Qgs+vG95eJKqC3xW0kVmqavp71ThDacsj1MEJMTI2MRHNFdiJtenzLxzCsdmVMKWpa8NSemYNdc5NY+ipsg14SHF51x+Dn5ycDSHaAUrInvaIVg56x/y56MEiXVZXa1N4LlSgyf+BH7wHw562VubOxetXIaFQYW8Y3km+xeq+1jXtzfVPB19ie00jX7QzYwlk=">
<input type="submit" value="Click to Pay">
</form>Decrypted Data:
RESPONSE_DATE_TIME=2022-04-05
15:45:49~RESPONSE_CODE=000~AUTH_CODE=866325619~IS_MERCHANT_HOSTED=Y~CUST_PHONE=9999999999~M
OP_TYPE=VI~CARD_MASK=470011******3837~CURRENCY_CODE=356~RRN=866325619~CARD_HOLDER_NAME=Rohit
KumarSingh~PG_TXN_MESSAGE=Successful
Payment~STATUS=Captured~PG_REF_NUM=3739120405154514~AMOUNT=100~RESPONSE_MESSAGE=Successful
ANK=AXIS BANK,
[email protected]~CARD_ISSUER_COUNTRY=IN~TXN_ID=3759120405154549~CARD_ISSUER_B
LTD.~ACQ_ID=866325619~TXNTYPE=SALE~SURCHARGE_FLAG=N~HASH=B0D70CC32E98AD47677279F092B001064BDF
C4FCDBA2809A7B81BD10335859E6~PAYMENT_TYPE=CC~RETURN_URL=http://uatpg.pay10.ae/response.php~PAY_ID=
1301611028120924~ORDER_ID=PAY10_05042212135080~TOTAL_AMOUNT=100 The hash value is extracted and Hash is calculated in the same way as request HASH but using the response params. After a successful HASH validation, the merchant system has to call the Status check API Status Enquiry.
Gateway Options and Response
Response Codes
| Code | Message | Status |
|---|---|---|
| 000 | SUCCESS | Captured |
| 000 | Request Accepted | Sent to Bank |
| 003 | Timeout | Failed |
| 007 | Rejected by acquirer | Failed |
| 009 | Response signature did not match | Pending |
| 004 | Declined | Failed |
| 010 | Cancelled by user | Failed |
| 012 | Denied due to fraud detection | Failed |
| 018 | Duplicate order Id | Invalid |
| 022 | Failed at acquirer | Failed |
| 026 | Request Accepted | Sent to Bank |
| 026 | Pending | Pending |
| 100 | User not found | Failed |
| 101 | Password incorrect | Failed |
| 102 | User inactive | Failed |
| 103 | Validation failed | Failed |
| 104 | User not approved from any acquirer | Failed |
| 105 | Account not present for this acquirer | Failed |
| 108 | Merchant detail not present for this acquirer | Failed |
| 110 | Merchant not mapped for this currency | Failed |
| 113 | Payment option not supported | Failed |
| 114 | GST Details Not Set | Failed |
| 129 | TDR request is already pending for this merchant | Failed |
| 130 | Currency not supported | Failed |
| 131 | Unsupported card number | Failed |
| 132 | Account Lock | Failed |
| 134 | TDR Setting is pending for this merchant | Failed |
| 300 | Invalid Request | Invalid |
| 302 | No Such Transaction Found | Invalid |
| 323 | Invalid Hash | Invalid |
| 366 | Invalid VPA address (Time of VPA Validation) | Invalid |
| 400 | Permission Denied | Failed |
| 777 | Acquirer Down | Failed |
| 900 | Operation could not be completed, please try again later | Invalid |
| 902 | Operation could not be completed, please try again later | Failed |
| 999 | Unknown Error | Failed |
Payment Method Codes
Table 6: Supported Payment Methods
| Payment Method | Value |
|---|---|
| Credit Card | CC |
| Debit Card | DC |
| PAY10 | PT |
Net Banking Options
Note: The list of payment modes to be activated in live may vary depending upon approval from respective banks.
Supported Currency and Currency Code
Table 7: Supported Currency with Codes
| Name | Abbreviation | Code |
|---|---|---|
| AED | AED | 784 |