Payment preparation
Eximbay validates parameters to prevent unauthorized modification and falsification.
The fgkey will be utilized twice during the payment processing, as outlined below.
- 1. Before invoking the payment page via SDK: Generate the fgkey using the payment preparation API, which is required to call back the payment page.
- 2. After receiving the response through the status_url: Send the parameters received in the payment verification API response to perform the validation process.
Preparation for SDK call back
Before utilizing the SDK to invoke the payment page, call the payment preparation API to generate the fgkey in order to prevent unauthorized modifications and falsification of the payment request.
Request
curl --request POST 'https://api-test.eximbay.com/v1/payments/ready' \
--header 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=' \
--header 'Content-Type: application/json' \
--data '{
"payment" : {
"transaction_type" : "PAYMENT",
"order_id" : "20220819105102",
"currency" : "USD",
"amount" : "1",
"lang" : "EN"
},
"merchant" : {
"mid" : "1849705C64"
},
"buyer" : {
"name" : "eximbay",
"email" : "test@eximbay.com"
},
"url" : {
"return_url" : "eximbay.com",
"status_url" : "eximbay.com"
}
}'
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/json");
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=");
URI url = URI.create("https://api-test.eximbay.com/v1/payments/ready");
String body = "{\n" +
"\"payment\" : {\n" +
"\"transaction_type\" : \"PAYMENT\",\n" +
"\"order_id\" : \"20220819105102\",\n" +
"\"currency\" : \"USD\",\n" +
"\"amount\" : \"1\",\n" +
"\"lang\" : \"EN\"\n" +
"},\n" +
"\"merchant\" : {\n" +
"\"mid\" : \"1849705C64\"\n" +
"},\n" +
"\"buyer\" : {\n" +
"\"name\" : \"eximbay\",\n" +
"\"email\" : \"test@eximbay.com\"\n" +
"},\n" +
"\"url\" : {\n" +
"\"return_url\" : \"eximbay.com\",\n" +
"\"status_url\" : \"eximbay.com\"\n" +
" }\n" +
"}";
HttpEntity<String> entity = new HttpEntity<>(body, headers);
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
System.out.println(response.getBody());
<?php
$url = 'https://api-test.eximbay.com/v1/payments/ready';
$data = '{
"payment": {
"transaction_type": "PAYMENT",
"order_id": "20220819105102",
"currency": "USD",
"amount": "1",
"lang": "EN"
},
"merchant": {
"mid": "1849705C64"
},
"buyer": {
"name": "eximbay",
"email": "test@eximbay.com"
},
"url": {
"return_url": "eximbay.com",
"status_url": "eximbay.com"
}
}';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo='));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
echo $response;
curl_close($ch);
?>
import requests
import json
url = "https://api-test.eximbay.com/v1/payments/ready"
headers = {
"Authorization": "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=",
"Content-Type": "application/json"
}
request = {
"payment": {
"transaction_type": "PAYMENT",
"order_id": "20220819105102",
"currnecy": "USD",
"amount": "1",
"lang": "EN"
},
"merchant": {
"mid": "1849705C64",
},
"buyer": {
"name": "eximbay",
"email": "test@eximbay.com"
},
"url": {
"return_url": "eximbay.com",
"status_url": "eximbay.com"
}
}
response = requests.post(url, headers=headers, data=json.dumps(request))
print(response.text)
var request = require('request');
var options = {
'method': 'POST',
'url': 'https://api-test.eximbay.com/v1/payments/ready',
'headers': {
'Authorization': 'Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=',
'Content-Type': 'application/json'
},
body: JSON.stringify({
"payment": {
"transaction_type": "PAYMENT",
"order_id": "20220819105102",
"currency": "USD",
"amount": "1",
"lang": "EN"
},
"merchant": {
"mid": "1849705C64"
},
"buyer": {
"name": "eximbay",
"email": "test@eximbay.com"
},
"url": {
"return_url": "eximbay.com",
"status_url": "eximbay.com"
}
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});
string uri = "https://api-test.eximbay.com/v1/payments/ready";
string body = "{\n" +
"\"payment\" : {\n" +
"\"transaction_type\" : \"PAYMENT\",\n" +
"\"order_id\" : \"20220819105102\",\n" +
"\"currency\" : \"USD\",\n" +
"\"amount\" : \"1\",\n" +
"\"lang\" : \"EN\"\n" +
"},\n" +
"\"merchant\" : {\n" +
"\"mid\" : \"1849705C64\"\n" +
"},\n" +
"\"buyer\" : {\n" +
"\"name\" : \"eximbay\",\n" +
"\"email\" : \"test@eximbay.com\"\n" +
"},\n" +
"\"url\" : {\n" +
"\"return_url\" : \"eximbay.com\",\n" +
"\"status_url\" : \"eximbay.com\"\n" +
" }\n" +
"}";
WebClient webClient = new WebClient();
webClient.Headers[HttpRequestHeader.ContentType] = "application/json";
webClient.Headers[HttpRequestHeader.Authorization] = "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=";
webClient.Encoding = UTF8Encoding.UTF8;
string responseJSON = webClient.UploadString(uri, body);
Console.Write(responseJSON);
val restTemplate = RestTemplate()
val headers = HttpHeaders()
headers.add("Content-Type", "application/json")
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=")
var url = URI.create("https://api-test.eximbay.com/v1/payments/ready")
val body = "{\n" +
"\"payment\" : {\n" +
"\"transaction_type\" : \"PAYMENT\",\n" +
"\"order_id\" : \"20220819105102\",\n" +
"\"currency\" : \"USD\",\n" +
"\"amount\" : \"1\",\n" +
"\"lang\" : \"EN\"\n" +
"},\n" +
"\"merchant\" : {\n" +
"\"mid\" : \"1849705C64\"\n" +
"},\n" +
"\"buyer\" : {\n" +
"\"name\" : \"eximbay\",\n" +
"\"email\" : \"test@eximbay.com\"\n" +
"},\n" +
"\"url\" : {\n" +
"\"return_url\" : \"eximbay.com\",\n" +
"\"status_url\" : \"eximbay.com\"\n" +
" }\n" +
"}"
var entity = HttpEntity<String>(body, headers)
var response = restTemplate.exchange(url, HttpMethod.POST, entity, String::class.java)
println(response.body)
Response
The generated fgkey can be verified from the response. This fgkey will be used when calling back the payment page.
Response
{
"rescode": "0000",
"resmsg": "Success",
"fgkey": "0E9BE04BA239A519E68171F26B68604ADA0A85C8350DBF5C8C0FCCF98461DB09"
}
Preparation steps following the SDK response
Processing of payment authorization results
After the customer makes a payment on the payment page using the selected payment method, the authorization result will be sent to the status_url server used during the payment request stage. The payment authorization result data will be provided in query string format, not in JSON format.
After receiving the status URL and completing the transaction, please display the response code (rescode) and response message (resmsg) on the final page as follows.
• Success: rescode=0000&resmsg=Success
• Failure: rescode=[Error code]&resmsg=[Error message]
The authorization result data will be sent from Eximbay's notification server. Therefore, the merchant's firewall policy should be configured to allow access to Eximbay's notification server IP in order to receive the authorization result.
Payment validation
To confirm whether the payment result received through the merchant's status_url server from Eximbay, in query string format, has undergone unauthorized modification or falsification.
Example of payment authorization result data
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
If the fgkey included in the payment authorization result sent through the status_url does not match the fgkey generated by the payment preparation API, this is a new fgkey generated based on the payment authorization result data.
The status URL output may be duplicated. Please ensure that transactions are not processed multiple times. Duplicate transactions can be identified using the transaction ID.
The Payment Validation API is used to validate the data. It verifies the payment result in query string format sent to the merchant's status_url server by checking the field values in the body.
Request
curl --request POST 'https://api-test.eximbay.com/v1/payments/verify \
--header 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=' \
--header 'Content-Type: application/json' \
--data '{
"data" : "currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM"
}'
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/json");
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=");
URI url = URI.create("https://api-test.eximbay.com/v1/payments/verify");
String body = "{\n" +
"data" : "currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM"
"}";
HttpEntity<String> entity = new HttpEntity<>(body, headers);
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
System.out.println(response.getBody());
<?php
$url = 'https://api-test.eximbay.com/v1/payments/verify';
$data = '{
"data" : "currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM"
}';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo='));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
echo $response;
curl_close($ch);
?>
import requests
import json
url = "https://api-test.eximbay.com/v1/payments/verify"
headers = {
"Authorization": "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=",
"Content-Type": "application/json"
}
request = {
"data" : "currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM"
}
response = requests.post(url, headers=headers, data=json.dumps(request))
print(response.text)
var request = require('request');
var options = {
'method': 'POST',
'url': 'https://api-test.eximbay.com/v1/payments/verify',
'headers': {
'Authorization': 'Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=',
'Content-Type': 'application/json'
},
body: JSON.stringify({
"data" : "currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM"
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});
string uri = "https://api-test.eximbay.com/v1/payments/verify";
string body = "{\n" +
"data" : "currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM"
"}";
WebClient webClient = new WebClient();
webClient.Headers[HttpRequestHeader.ContentType] = "application/json";
webClient.Headers[HttpRequestHeader.Authorization] = "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=";
webClient.Encoding = UTF8Encoding.UTF8;
string responseJSON = webClient.UploadString(uri, body);
Console.Write(responseJSON);
val restTemplate = RestTemplate()
val headers = HttpHeaders()
headers.add("Content-Type", "application/json")
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=")
var url = URI.create("https://api-test.eximbay.com/v1/payments/verify")
val body = "{\n" +
"data" : "currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM"
"}"
var entity = HttpEntity<String>(body, headers)
var response = restTemplate.exchange(url, HttpMethod.POST, entity, String::class.java)
println(response.body)
Response
The response code indicating a successful payment is 0000.
{
"rescode": "0000",
"resmsg": "Success",
}