Preparing FGKey
You need the fgkey to check parameter forgery and alteration between Eximbay and Merchant. You must generate the fgkey twice.
- 1. Before open the payment window: You can create the fgkey with Payment Ready API and open the payment window.
- 2. After receiving the response with status_url: Send the parameters that have been responded to the Verification API as they are and validate them.
Before requesting SDK
Before requesting SDK, merchant need fgkey to check parameter forgery and alteration.
Request
curl --request POST 'https://api-test.eximbay.com/v1/payments/ready' \
--header 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=' \
--header 'Content-Type: application/json' \
--data '{
"payment" : {
"transaction_type" : "PAYMENT",
"order_id" : "20220819105102",
"currency" : "USD",
"amount" : "1",
"lang" : "EN"
},
"merchant" : {
"mid" : "1849705C64"
},
"buyer" : {
"name" : "eximbay",
"email" : "test@eximbay.com"
},
"url" : {
"return_url" : "eximbay.com",
"status_url" : "eximbay.com"
}
}'
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/json");
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=");
URI url = URI.create("https://api-test.eximbay.com/v1/payments/ready");
String body = "{\n" +
"\"payment\" : {\n" +
"\"transaction_type\" : \"PAYMENT\",\n" +
"\"order_id\" : \"20220819105102\",\n" +
"\"currency\" : \"USD\",\n" +
"\"amount\" : \"1\",\n" +
"\"lang\" : \"EN\"\n" +
"},\n" +
"\"merchant\" : {\n" +
"\"mid\" : \"1849705C64\"\n" +
"},\n" +
"\"buyer\" : {\n" +
"\"name\" : \"eximbay\",\n" +
"\"email\" : \"test@eximbay.com\"\n" +
"},\n" +
"\"url\" : {\n" +
"\"return_url\" : \"eximbay.com\",\n" +
"\"status_url\" : \"eximbay.com\"\n" +
" }\n" +
"}";
HttpEntity<String> entity = new HttpEntity<>(body, headers);
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
System.out.println(response.getBody());
<?php
$url = 'https://api-test.eximbay.com/v1/payments/ready';
$data = '{
"payment": {
"transaction_type": "PAYMENT",
"order_id": "20220819105102",
"currency": "USD",
"amount": "1",
"lang": "EN"
},
"merchant": {
"mid": "1849705C64"
},
"buyer": {
"name": "eximbay",
"email": "test@eximbay.com"
},
"url": {
"return_url": "eximbay.com",
"status_url": "eximbay.com"
}
}';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo='));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
echo $response;
curl_close($ch);
?>
import requests
import json
url = "https://api-test.eximbay.com/v1/payments/ready"
headers = {
"Authorization": "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=",
"Content-Type": "application/json"
}
request = {
"payment": {
"transaction_type": "PAYMENT",
"order_id": "20220819105102",
"currnecy": "USD",
"amount": "1",
"lang": "EN"
},
"merchant": {
"mid": "1849705C64",
},
"buyer": {
"name": "eximbay",
"email": "test@eximbay.com"
},
"url": {
"return_url": "eximbay.com",
"status_url": "eximbay.com"
}
}
response = requests.post(url, headers=headers, data=json.dumps(request))
print(response.text)
var request = require('request');
var options = {
'method': 'POST',
'url': 'https://api-test.eximbay.com/v1/payments/ready',
'headers': {
'Authorization': 'Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=',
'Content-Type': 'application/json'
},
body: JSON.stringify({
"payment": {
"transaction_type": "PAYMENT",
"order_id": "20220819105102",
"currency": "USD",
"amount": "1",
"lang": "EN"
},
"merchant": {
"mid": "1849705C64"
},
"buyer": {
"name": "eximbay",
"email": "test@eximbay.com"
},
"url": {
"return_url": "eximbay.com",
"status_url": "eximbay.com"
}
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});
string uri = "https://api-test.eximbay.com/v1/payments/ready";
string body = "{\n" +
"\"payment\" : {\n" +
"\"transaction_type\" : \"PAYMENT\",\n" +
"\"order_id\" : \"20220819105102\",\n" +
"\"currency\" : \"USD\",\n" +
"\"amount\" : \"1\",\n" +
"\"lang\" : \"EN\"\n" +
"},\n" +
"\"merchant\" : {\n" +
"\"mid\" : \"1849705C64\"\n" +
"},\n" +
"\"buyer\" : {\n" +
"\"name\" : \"eximbay\",\n" +
"\"email\" : \"test@eximbay.com\"\n" +
"},\n" +
"\"url\" : {\n" +
"\"return_url\" : \"eximbay.com\",\n" +
"\"status_url\" : \"eximbay.com\"\n" +
" }\n" +
"}";
WebClient webClient = new WebClient();
webClient.Headers[HttpRequestHeader.ContentType] = "application/json";
webClient.Headers[HttpRequestHeader.Authorization] = "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=";
webClient.Encoding = UTF8Encoding.UTF8;
string responseJSON = webClient.UploadString(uri, body);
Console.Write(responseJSON);
val restTemplate = RestTemplate()
val headers = HttpHeaders()
headers.add("Content-Type", "application/json")
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=")
var url = URI.create("https://api-test.eximbay.com/v1/payments/ready")
val body = "{\n" +
"\"payment\" : {\n" +
"\"transaction_type\" : \"PAYMENT\",\n" +
"\"order_id\" : \"20220819105102\",\n" +
"\"currency\" : \"USD\",\n" +
"\"amount\" : \"1\",\n" +
"\"lang\" : \"EN\"\n" +
"},\n" +
"\"merchant\" : {\n" +
"\"mid\" : \"1849705C64\"\n" +
"},\n" +
"\"buyer\" : {\n" +
"\"name\" : \"eximbay\",\n" +
"\"email\" : \"test@eximbay.com\"\n" +
"},\n" +
"\"url\" : {\n" +
"\"return_url\" : \"eximbay.com\",\n" +
"\"status_url\" : \"eximbay.com\"\n" +
" }\n" +
"}"
var entity = HttpEntity<String>(body, headers)
var response = restTemplate.exchange(url, HttpMethod.POST, entity, String::class.java)
println(response.body)
Response
You can get a fgkey in the response as shown below. The same fgkey must be sent when calling JavaScript SDK.
Response
{
"rescode": "0000",
"resmsg": "Success",
"fgkey": "0E9BE04BA239A519E68171F26B68604ADA0A85C8350DBF5C8C0FCCF98461DB09"
}
Payment Verification
After calling the payment window with SDK, validation of fgkey is also
required for the parameter that the Eximbay server responds to as
status_url.
To prevent forgery, the merchant can send the response parameters as they are to the
payment verification API to verify that they match the
fgkey sent in the response from the Eximbay server.
The parameter that the Eximbay server responds to as status_url is sent in the form of a query string as shown below.
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
Please send the parameters that were answered by the query string to the payment verification API request parameters. Once the validation is completed with the payment verification API, the payment will be completed.
Request
curl --request POST 'https://api-test.eximbay.com/v1/payments/verify \
--header 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=' \
--header 'Content-Type: application/json' \
--data '{
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
}'
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/json");
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=");
URI url = URI.create("https://api-test.eximbay.com/v1/payments/verify");
String body = "{\n" +
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
"}";
HttpEntity<String> entity = new HttpEntity<>(body, headers);
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
System.out.println(response.getBody());
<?php
$url = 'https://api-test.eximbay.com/v1/payments/verify';
$data = '{
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
}';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Authorization: Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo='));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
echo $response;
curl_close($ch);
?>
import requests
import json
url = "https://api-test.eximbay.com/v1/payments/verify"
headers = {
"Authorization": "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=",
"Content-Type": "application/json"
}
request = {
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
}
response = requests.post(url, headers=headers, data=json.dumps(request))
print(response.text)
var request = require('request');
var options = {
'method': 'POST',
'url': 'https://api-test.eximbay.com/v1/payments/verify',
'headers': {
'Authorization': 'Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=',
'Content-Type': 'application/json'
},
body: JSON.stringify({
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});
string uri = "https://api-test.eximbay.com/v1/payments/verify";
string body = "{\n" +
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
"}";
WebClient webClient = new WebClient();
webClient.Headers[HttpRequestHeader.ContentType] = "application/json";
webClient.Headers[HttpRequestHeader.Authorization] = "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=";
webClient.Encoding = UTF8Encoding.UTF8;
string responseJSON = webClient.UploadString(uri, body);
Console.Write(responseJSON);
val restTemplate = RestTemplate()
val headers = HttpHeaders()
headers.add("Content-Type", "application/json")
headers.add("Authorization", "Basic dGVzdF8xODQ5NzA1QzY0MkMyMTdFMEIyRDo=")
var url = URI.create("https://api-test.eximbay.com/v1/payments/verify")
val body = "{\n" +
currency=USD&card_number1=4111&transaction_date=20220927152250&card_number4=1111&mid=1849705C64&amount=100&access_country=KR&order_id=20220927152140&payment_method=P101&email=test@eximbay.com&ver=230&transaction_id=1849705C6420220927000016¶m3=TEST&resmsg=Success.&card_holder=TESTP&rescode=0000&auth_code=309812&fgkey=2AE38D785E05E6AF57977328908C7CD84A273B3FE6C042D537A800B0CBC783EA&transaction_type=PAYMENT&pay_to=EXIMBAY.COM
"}"
var entity = HttpEntity<String>(body, headers)
var response = restTemplate.exchange(url, HttpMethod.POST, entity, String::class.java)
println(response.body)
Response
If you receive 0000 with the rescode, the payment is successful.
Response
{
"rescode": "0000",
"resmsg": "Success.",
}
