The PAY10 Payment Gateway is a secure website, where you redirect customers from your Website/Ecommerce/Mobile platform to make a payment using Credit Card/Debit Card/Pay10 Wallet other payment options. The gateway collects customer payment details in a secure manner using standard HTML forms and processes the payment transaction. After the payment is complete, the customer is returned to your website and you receive a real-time notification of the payment, which includes details of the transaction.
Pre-requisites
It is expected that the users may go through the entire guide to understand the Integration Requirements though it is easy for people with technical understanding. It is assumed that the Merchant doesn't have any specific business need for capturing the Customer's Card Information on their website as additional regulatory requirements of having PCI DSS certification is mandatory for capturing Customer's Credit/Debit/Pay10 Wallet information on Merchant websites. All Card/Pay10 Wallet information is captured seamlessly on PAY10 Payment Gateway Page in a secured manner and transaction response is returned to the Merchant real-time post processing of the transaction.
Integration Overview
Merchants can enjoy the benefit of enabling a vast collection of payment partners with one simple integration. PAY10 has done the heavy lifting of supporting payments, payouts, and settlements in fiat or crypto currencies so merchants can focus on building wonderful user experiences for their customers.
Key Functionalities
Accepting Payments
Merchants have the flexibility to choose to accept payments from a wide range of fiat and crypto currencies. Simply make a payment request to PAY10 and a payment HTML file will be returned. Display the rendered HTML file to the customer and merchants can start accepting payments.
- When the user wishes to purchase good/services from your company, the merchant would need to send a payment request to PAY10’s server.
- PAY10 will process the payment request and immediately return a response containing a payment page’s HTML.
- Merchant presents the payment page to the user.
- The user will enter and submit the payment details within this website.
- Once the transaction has been completed, the transaction details, including the status, will be sent to the return_url that was provided initially in the payment request.
Payment Request
This endpoint initiates the payment request from the merchant.
| HTTP Method | POST | Note |
|---|---|---|
| URL (UAT) | <https://uatpg.pay10.ae/pgui/jsp/paymentrequest> | Note: The payment request only accepts data via a query string. It currently does not support requests with data in JSON format. |
| URL (Production) | <https://pg.pay10.ae/pgui/jsp/paymentrequest> | Note: The payment request only accepts data via a query string. It currently does not support requests with data in JSON format. |
Request Parameters
*Abbreviations: NU - Numeric, CH – Character, AN – Alphanumeric
| Field Name | Description | Required | Type | Min | Max | Example |
|---|---|---|---|---|---|---|
PAY_ID |
Pay ID is provided by PAY10 |
YES |
NU |
16 |
16 |
160234578452178 |
ORDER_ID |
Merchant reference number |
YES |
AN |
1 |
15 |
PAY10_823647263 |
TXNTYPE |
Type of transaction |
YES |
CH |
4 |
4 |
SALE |
RETURN_URL |
URL of merchant website to get the response |
YES |
CH |
5 |
1024 |
|
HASH |
Unique value generated by SHA 256 hashing |
YES |
AN |
64 |
64 |
7995156CE4C40C44C41BECA3B9CE09B9 |
CUST_NAME |
Customer name |
NO |
CH |
1 |
150 |
John Paul |
CUST_FIRST_NAME |
Customer firstname |
NO |
CH |
2 |
150 |
John |
CUST_LAST_NAME |
Customer lastname |
NO |
CH |
2 |
150 |
Paul |
CUST_STREET_ADDRESS1 |
Customer address |
NO |
CH |
2 |
250 |
U Bora Business Tower |
CUST_CITY |
Customer city |
NO |
CH |
2 |
50 |
Business Bay |
CUST_STATE |
Customer state |
NO |
CH |
2 |
100 |
Dubai |
CUST_COUNTRY |
Customer country |
NO |
CH |
2 |
100 |
UAE |
CUST_ZIP |
Customer zip |
NO |
AN |
6 |
9 |
110075 |
CUST_PHONE |
Customer phone |
NO |
NU |
8 |
15 |
09999999999 |
CUST_EMAIL |
Customer email |
NO |
CH |
6 |
120 |
|
AMOUNT |
Total Sale Amount |
YES |
NU |
3 |
12 |
100 |
CURRENCY_CODE |
3-digit code of the currency |
YES |
NU |
3 |
3 |
784 |
PRODUCT_DESC |
Description of product |
NO |
CH |
1 |
1024 |
mobile |
udf14 |
For enforcing a particular payment type in Pay10 PG, please use this udf14 field. If the merchant wants to show only a particular payment method on the pay10 pg then they can pass the value detailed out under the example column of this entry and whatever value is passed only that pay mode will be made visible. If not passed, then all the payment mode applicable for the merchant will be visible |
Depends on merchant requirement Not mandatory |
CH |
1 |
Expected values: CC or DC or PT CC= we will show only credit card pay mode DC = we will show only Debit card pay mode PT = Will show only Pay10 pay mode |
Amount Forma
Rules for handling the decimal point for the amount value is expressed below:
| Currency | Handling | Example |
|---|---|---|
AED |
Expressed in Fils |
AED 1250 to represent AED 12.50 AED 100 to represent AED 1.00 |
Generating the Hash Value
SHA-256
PAY10 requires a SHA-256 HMAC digital signature be included in each payment request to ensure the data integrity and authenticity of the request. The instructions below demonstrate how PAY10 expects the data to be encrypted:
- Rank order of the payload’s key-value pairs in ascending alphabetical order of the keys.
- Concatenate the key-value pairs into a single-line string and, instead of using an ampersand (&), delimit the key-value pairs with a tilde (~).
- Append the secret key at the end of the string.
- Wrap the entire string with a pair of curly brackets .
- Generate a hash value of the string using the PAY10 secret and SHA-256 algorithm.
- Convert all characters of the hash value into uppercase.
This is an example string of a payment request before it is hashed:
AMOUNT=100~CURRENCY_CODE=784~CUST_CITY=NewDelhi~CUST_COUNTRY=UAE~CUST_EMAIL=[[email protected]](mailto:[email protected])~CUST_NAME=JohnPaul~CUST_PHONE=09999999999~CUST_SHIP_CITY=NewDelhi~CUST_SHIP_COUNTRY=UAE~CUST_SHIP_EMAIL=[[email protected]](mailto:[email protected])~CUST_SHIP_NAME=JohnPaul~CUST_SHIP_PHONE=0123456789~CUST_SHIP_STATE=Delhi~CUST_SHIP_STREET_ADDRESS1=House01~CUST_SHIP_STREET_ADDRESS2=Newlane~CUST_SHIP_ZIP=110075~CUST_STATE=Delhi~CUST_STREET_ADDRESS1=Newlane~CUST_STREET_ADDRESS2=Sector44~CUST_ZIP=110075~ORDER_ID=PAYORD220920151610~PAY_ID=160234578452178~PRODUCT_DESC=Mobile~RETURN_URL=<https://www.example.com/return_url~TXNTYPE=SALEb6200e78557e4e55>
This is the expected result of the hash value:
Hash value = 6797F1842DEB4F3EBAEAD53E1BAFD5A535D322B9FA3893F201FDB03933EEAE09
The purpose of the SHA256 signature field is to ensure the integrity of the data posted back to your server. You should always compare the SHA256 signature field's value posted by PAY10 with the one you calculated.
AES-256
PAY10 requires AES-256 CBC to decrypt the received response. Pass ENCDATA to AES-256 for decryption.
This is an example string of a payment response before it is decrypted:
{"PAY_ID":"1009120125180122","ENCDATA":"N2N0ktvZ07xVU1YgMdIRpiGChgc3u9sZhCra9twHXiLZveG2y9pAub/ijAnELRc4mJjFqcJtmCWaV3wDTTwAqEVE54mSUHoMGySSd/CaDudHu4ciBlhlRigGyr7Vqev692bN412msQMatZBmfE2F28onz9h2L2gsnF1+rNBcsct+sxK9IhoOmq/TltadYUrYRnu3sxkzzjy/ByeHDivy7IbzL26p3q8oW6YVRhtmmDUsfLcLYyr5t9KLGSMb34958r8jinqQqIpxQqqw5wc6iCNJ0geIOgFFp6miYzCTC9WyafAxSyEZA3VREaWYi83/1ZfF+NolG5JZg3d9Fpu9DwsXlNvAWp296Avp65Ero+Rn0XhDZG8Uey6NXIgo+fWqLegxaxjKs7dkM1eEnppNeep1KupPlxYX9EaKQoqwPMq0kcZMW/2c06/goFx6rmDGguLoxDvs7QljouYhPK+7+EdLts9GbzAYzzI8p1kTP0L8RhDjC+be3jjHG1oEF1j0jUmbpE67dGdGFG68W2c71iaFAjVyy8pOs6bgoiKi9dg1i6PmukaYZE0fahSWhiqjHPx4uh6XMR7d1+Mkkc84QW6fT1RSFrzpAixoV4Nj9XOPBarrz6jLIgnswE21/amufH3bd/4+TxS1ykI0XqpqVJEO+L7aR2gcWc1GekrbhtiH06x56b7rueunIg2iJ0R6NIVoRVoauLZaOpsJTL9tpuHkUlAuucIHeHwmh4FzOAfUghohnDpkgFxfKg7LeyyG2q+gcOKKOAfjQMctbjExmb6idxCW9Nqdv65NnPf+9cQYYZTvk5Fbyg5DvZtoaIxlQagIkq4mcMyzfQdSJrIBN958vTE419ZZ3kxJPhUELAwb4dl89u8mG PmGgXgrtyvL}
After Decryption you will get the similar string:
{RESPONSE_DATE_TIME=2024-02-25 18:08:51~RESPONSE_CODE=000~TXN_ID=1669120314180851~CUST_PHONE=9999999999~TXNTYPE=SALE~CURRENCY_CODE=784~SURCHARGE_FLAG=N~HASH=611C4492531EFDF77BF8DC90E6A810CC9F5D4D9934602F15632BE306F421978F~RETURN_URL=http\://localhost/uat/response.php~STATUS=Captured~PAY_ID=1049120302195014~PG_REF_NUM=1669120314180851~ORDER_ID=PAY10_681895713~AMOUNT=100~RESPONSE_MESSAGE=SuccessfulPayment~CUST_EMAIL=[[email protected]](mailto:[email protected])~CUST_NAME=Test }
Sending Request and Getting Response
Request
This is an example string of a payment request before it is hashed:
AMOUNT=100~CURRENCY_CODE=784~CUST_CITY=Demo City~CUST_COUNTRY=DemoCountry~CUST_EMAIL=[[email protected]](mailto:[email protected])~CUST_NAME=Demo Merchant~CUST_PHONE=1234567890~CUST_SHIP_CITY=Demo Ship City~CUST_SHIP_COUNTRY=Demo Ship Country~CUST_SHIP_EMAIL=[[email protected]](mailto:[email protected])~CUST_SHIP_NAME=Demo Ship Customer~CUST_SHIP_PHONE=0123456789~CUST_SHIP_STATE=Demo Ship State~CUST_SHIP_STREET_ADDRESS1=Demo Ship Address1~CUST_SHIP_STREET_ADDRESS2=Demo Ship Address2~CUST_SHIP_ZIP=Demo Ship Zip Code~CUST_STATE=Demo State~CUST_STREET_ADDRESS1=Demo Address1~CUST_STREET_ADDRESS2=Demo Address2~CUST_ZIP=DemoZipCode~ORDER_ID=PAYORD220920151610~PAY_ID=160234578452178~PRODUCT_DESC=DemoProduct~RETURN_URL=http\://localhost:8080/MerchantSimulator/response.jsp~TXNTYPE=SALEb6200e78557e4e55
Now use SHA256 Encryption to encrypt the above string. This is the expected result of the hash value:
Hash value= 6797f1842deb4f3ebaead53e1bafd5a535d322b9fa3893f201fdb03933eeae09
Now change the above string to Uppercase.
Hash value= 6797F1842DEB4F3EBAEAD53E1BAFD5A535D322B9FA3893F201FDB03933EEAE09
Final Request String:
<form action="https://uatpg.pay10.ae/pgui/jsp/paymentrequest” method="post" >
<input type="text" name="PAY_ID" value="1507231702331001"/>
<input type="text" name="MERCHANTNAME" value="Demo Merchant"/>
<input type="text" name="ORDER_ID" value="ORDID2234"/>
<input type="text" name="AMOUNT" value="100"/>
<input type="text" name="TXNTYPE" value="SALE"/>
<input type="text" name="CUST_NAME" value="Demo"/>
<input type="text" name="CUST_STREET_ADDRESS1" value="Gurgaon"/>
<input type="text" name="CUST_ZIP" value="123456"/>
<input type="text" name="CUST_PHONE" value="9999999999"/>
<input type="text" name="CUST_EMAIL" value="[email protected]"/>
<input type="text" name="PRODUCT_DESC" value="CD Player"/>
<input type="text" name="CURRENCY_CODE" value="784"/>
<input type="text" name="RETURN_URL" value="http://www.yourwebsite.com/response.php"/>
<input type="text" name="HASH" value="6797F1842DEB4F3EBAEAD53E1BAFD5A535D322B9FA3893F201FDB03933EEAE09"/>
<input type="text" name="PAY_ID" value="1507231702331001"/>
<input type="submit" value="Click to Pay" name="submit"/>
</form>Response Parameters
After completion of the transaction, the customer is redirected back to the merchant at the return URL provided. In case the merchant does not receive the transaction response, a status enquiry request can be initiated.
Response Received:
{"PAY_ID":"1009120125180122","ENCDATA":"N2N0ktvZ07xVU1YgMdIRpiGChgc3u9sZhCra9twHXiLZveG2y9pAub/ijAnELRc4mJjFqcJtmCWaV3wDTTwAqEVE54mSUHoMGySSd/CaDudHu4ciBlhlRigGyr7Vqev692bN412msQMatZBmfE2F28onz9h2L2gsnF1+rNBcsct+sxK9IhoOmq/TltadYUrYRnu3sxkzzjy/ByeHDivy7IbzL26p3q8oW6YVRhtmmDUsfLcLYyr5t9KLGSMb34958r8jinqQqIpxQqqw5wc6iCNJ0geIOgFFp6miYzCTC9WyafAxSyEZA3VREaWYi83/1ZfF+NolG5JZg3d9Fpu9DwsXlNvAWp296Avp65Ero+Rn0XhDZG8Uey6NXIgo+fWqLe gxaxjKs7dkM1eEnppNeep1KupPlxYX9EaKQoqwPMq0kcZMW/2c06/goFx6rmDGguLoxDvs7QljouYhPK+7+EdLts9GbzAYzzI8p1kTP0L8RhDjC+be3jjHG1oEF1j0jUmbpE67dGdGFG68W2c71iaFAjVyy8pOs6bgoiKi9dg1i6PmukaYZE0fahSWhiqjHPx4uh6XMR7d1+Mkkc84QW6fT1RSFrzpAixoV4Nj9XOPBarrz6jLIgnswE21/amufH3bd/4+TxS1ykI0XqpqVJEO+L7aR2gcWc1GekrbhtiH0 6x56b7rueunIg2iJ0R6NIVoRVoauLZaOpsJTL9tpuHkUlAuucIHeHwmh4FzOAfUghohnDpkgFxfKg7LeyyG2q+gcOKKOAfjQMctbjExmb6idxCW9Nqdv65NnPf+9cQYYZTvk5Fbyg5DvZtoaIxlQagIkq4mcMyzfQdSJrIBN958vTE419ZZ3kxJPhUELAwb4dl89u8mG PmGgXgrtyvL}
Now Again AES256 will be used to decrypt the response -
This is an example string of a payment response after it is decrypted:
{ RESPONSE_DATE_TIME=2024-02-25 18:08:51~RESPONSE_CODE=000~TXN_ID=1669120314180851~CUST_PHONE=9999999999~TXNTYPE=SALE~CURRENCY_CODE=784~SURCHARGE_FLAG=N~HASH=611C4492531EFDF77BF8DC90E6A810CC9F5D4D9934602F15632BE306F421978F~RETURN_URL=http\://localhost/uat/response.php~STATUS=Captured~PAY_ID=1049120302195014~PG_REF_NUM=1669120314180851~ORDER_ID=PAY10_681895713~AMOUNT=100~RESPONSE_MESSAGE=SuccessfulPayment~CUST_EMAIL=[[email protected]](mailto:[email protected])~CUST_NAME=Test }
The below Table shows the response parameters sent to merchant:
| Field Name | Description | Example Value |
|---|---|---|
| PAY_ID | Pay ID given by Pay10 | 160234578452178 |
| ACQ_ID | Bank reference number | KJDNI4UT873 |
| PG_REF_NUM | Id generated by Pay10. Use for further communication with Pay10 for tracking the full order | 150611417421129 |
| RRN | Bank reference number | 789456132 |
| TXN_ID | Transaction Id generated by Pay10 to identify the current step | 150611417421130 |
| AUTH_CODE | Authorization code | 123456 |
| AVR | Address verification flag | Y/N |
| ORDER_ID | Merchant reference number | ESN78452 |
| RETURN_URL | URL of merchant website to get the response back after transaction is done | www.merchantsite.com/paymentresponse |
| HASH | Unique value generated by SHA 256 hashing algorithm | 7995156CE4C40C44C41BECA3 |
| CUST_NAME | Customer Name | John Paul |
| CUST_ID | Echo back field | |
| CUST_PHONE | Customer Phone | 99999999999 |
| CUST_EMAIL | Customer Email | [email protected] |
| AMOUNT | Total Sale Amount | 100 |
| CURRENCY_CODE | 3-digit code of the currency | 826 |
| MOP_TYPE | Method of payment | VI/MC/PPWL/1005/UP |
| PAYMENT_TYPE | Type of payment mode used by customer | CARD/NB/WL/UP |
| PG_TXN_MESSAGE | Detailed message for transaction | SUCCESS |
| RESPONSE_CODE | Code for transaction status | 000 |
| RESPONSE_DATE | Date of response | 12102019 |
| RESPONSE_MESSAGE | Response message for transaction status | SUCCESS |
| RESPONSE_TIME | Time of response | 10:35:10 |
| STATUS | Transaction status | Approved/Captured/Declined |
| TOTAL_AMOUNT | Total amount debited to customer in case of surcharge model | 10134 |
| TXNTYPE | Type of transaction processed | SALE/AUTH |
| PRODUCT_DESC | Description of product | xyz |
| PAYER_ADDRESS | Virtual Payment Address of end user | Pay10 wallet registered number. |
| CARD_ISSUER_BANK | Card issuing bank | ENBD |
| CARD_ISSUER_BANK | Card issuing bank | ENBD |
| CARD_ISSUER_COUNTRY | Issuing country of the customer card | UAE |
| CARD_MASK | Masked card number for card txns | 401200******1234 |
For status enquiry, you can refer to the status enquiry doc - Status Enquiry
And for refund, please refer to the refund doc from the API doc hub - Refund Transaction
Response Codes
Please refer to the below table which contains the details of the response code and the associated message:
| Code | Message | Status |
|---|---|---|
| 000 | SUCCESS | Captured |
| 000 | Request Accepted | Sent to Bank |
| 003 | Timeout | Failed |
| 007 | Rejected by acquirer | Failed |
| 009 | Response signature did not match | Pending |
| 004 | Declined | Failed |
| 010 | Cancelled by user | Failed |
| 012 | Denied due to fraud detection | Failed |
| 018 | Duplicate order Id | Invalid |
| 022 | Failed at acquirer | Failed |
| 026 | Request Accepted | Sent to Bank |
| 026 | Pending | Pending |
| 100 | User not found | Failed |
| 101 | Password incorrect | Failed |
| 102 | User inactive | Failed |
| 103 | Validation failed | Failed |
| 104 | User not approved from any acquirer | Failed |
| 105 | Account not present for this acquirer | Failed |
| 108 | Merchant detail not present for this acquirer | Failed |
| 110 | Merchant not mapped for this currency | Failed |
| 113 | Payment option not supported | Failed |
| 114 | GST Details Not Set | Failed |
| 129 | TDR request is already pending for this merchant | Failed |
| 130 | Currency not supported | Failed |
| 131 | Unsupported card number | Failed |
| 132 | Account Lock | Failed |
| 134 | TDR Setting is pending for this merchant | Failed |
| 300 | Invalid Request | Invalid |
| 302 | No Such Transaction Found | Invalid |
| 323 | Invalid Hash | Invalid |
| 366 | Invalid VPA address (Time of VPA Validation) | Invalid |
| 400 | Permission Denied | Failed |
| 777 | Acquirer Down | Failed |
| 900 | Operation could not be completed, please try again later | Invalid |
| 902 | Operation could not be completed, please try again later | Failed |
| 999 | Unknown Error | Failed |
| 400 | INVALID | Invalid |
| 401 | Customer phone required | Invalid |
| 402 | Order id required | Invalid |
| 403 | Customer email required | Invalid |
| 404 | Currency code required | Invalid |
| 405 | Amount required | Invalid |
| 406 | Mop type is required | Invalid |
| 407 | Payment type is required | Invalid |
| 408 | Payer address is required | Invalid |
| 409 | Card number is required | Invalid |
| 410 | invalid Payment type | Invalid |
| 411 | invalid Mop type | Invalid |
| 412 | Customer name required | Invalid |
| 413 | TxnType is required | Invalid |
| 414 | PayId is required | Invalid |
| 416 | Invalid payid | Invalid |
| 415 | Encdata is required | Invalid |
| 420 | Hash is required | Invalid |
| 500 | Card expiry date time is required | Invalid |
| 501 | Card holder name is required | Invalid |
| 502 | CVV is required | Invalid |
| 1013 | S2S flag is not enabled | Invalid |