Card tokenization & maintenance
Important Notice
New version of Payment Action API has been released.
We are recommending our merchants to refer new guide Payment Maintenance to implement Payment Action API.
Allows merchant to Tokenize credit card information securely, and to inquire, update or delete Tokenized card data.
Environment
Please refer Demo & Live Endpoint.
Prepare Card Token & Maintenance Request
Download Sample Code
Prerequisite
Required necessary certificate key for the Payment Action Request and Response. Please refer Certificate Generation Guide.
Set account credentials
//Merchant's account information
$merchantID = "JT01"; //Get MerchantID when opening account with 2C2P
$secretKey = "7jYcp4FxFdf0"; //Get SecretKey from 2C2P PGW Dashboard
Set Inquiry Parameter
//Request Information
$version = "2.4";
$action = "A" ;
$pan = "4111111111111111" ;
$panExpiry = "1220" ;
$panBank = "OCBC";
$panCountry = "SG" ;
$panCurrency= "702";
$cardHolderName = "CARDHOLDER" ;
$cardHolderEmail = "[email protected]" ;
$storeCardUniqueID="";
| Action | Description |
|---|---|
| A | Add new Card information to the Vault and generate Card Token. |
| I | Inquiry Card Token information |
| U | Update Card Token information |
| D | Delete Card Token |
Set payment action request information
//Construct signature string
$stringToHash = $merchantID . $storeCardUniqueID . $panBank . $panCountry . $cardHolderName . $cardHolderEmail . $panExpiry . $action . $pan . $panCurrency;
$hash = strtoupper(hash_hmac('sha256', $stringToHash ,$secretKey, false)); //Compute hash value
Construct payment action request message
//Construct request message
$xml = "<MaintenanceRequest>
<version>$version</version>
<merchantID>$merchantID</merchantID>
<action>$action</action>
<pan>$pan</pan>
<panExpiry>$panExpiry</panExpiry>
<panBank>$panBank</panBank>
<panCountry>$panCountry</panCountry>
<panCurrency>$panCurrency</panCurrency>
<cardholderName>$cardHolderName</cardholderName>
<cardholderEmail>$cardHolderEmail</cardholderEmail>
<storeCardUniqueID>$storeCardUniqueID</storeCardUniqueID>
<hashValue>$hash</hashValue>
</MaintenanceRequest>";
include_once('pkcs7.php');
$pkcs7 = new pkcs7();
$payload = $pkcs7->encrypt($xml,"./keys/demo2.crt"); //Encrypt payload
Submit payment action request message
include_once('HTTP.php');
//Send request to 2C2P PGW and get back response
$http = new HTTP();
$response = $http->post("https://demo2.2c2p.com/2C2PFrontend/PaymentActionV2/PaymentAction.aspx","paymentRequest=".$payload);
Read payment response and Validate Hash
include_once('HTTP.php');
//Send request to 2C2P PGW and get back response
$http = new HTTP();
$response = $http->post("https://demo2.2c2p.com/2C2PFrontend/PaymentActionV2/PaymentAction.aspx","paymentRequest=".$payload);
//Decrypt response message and display
$response = $pkcs7->decrypt($response,"./keys/demo2.crt","./keys/demo2.pem","2c2p");
echo "Response:<br/><textarea style='width:100%;height:80px'>". $response."</textarea>";
//Validate response Hash
$resXml=simplexml_load_string($response);
$res_version = $resXml->version;
$res_timeStamp = $resXml->timeStamp;
$res_merchantID = $resXml->merchantID;
$res_respCode = $resXml->respCode;
$res_respReason = $resXml->respReason;
$res_panBank = $resXml->panBank;
$res_storeCardUniqueID = $resXml->storeCardUniqueID;
$res_panCountry = $resXml->panCountry;
$res_cardholderName = $resXml->cardholderName;
$res_cardholderEmail = $resXml->cardholderEmail;
$res_panMasked = $resXml->panMasked;
//Compute response hash
$res_stringToHash = $res_merchantID . $res_respCode . $res_respReason . $res_storeCardUniqueID . $res_panBank . $res_panCountry . $res_cardholderName . $res_cardholderEmail . $res_panMasked;
$res_responseHash = strtoupper(hash_hmac('sha256',$res_stringToHash,$secretKey, false)); //Compute hash value
echo "<br/>hash: ".$res_responseHash."<br/>";
if(strtolower($resXml->hashValue) == strtolower($res_responseHash)){ echo "valid response"; }
else{ echo "invalid response"; }
?>
Complete Code
<?php
//Merchant's account information
$merchantID = "JT01"; //Get MerchantID when opening account with 2C2P
$secretKey = "7jYcp4FxFdf0"; //Get SecretKey from 2C2P PGW Dashboard
//Request Information
/*
Action Type:
A = Add new Card information to the Vault and generate Card Token.
I = Inquiry Card Token information
U = Update Card Token information
D = Delete Card Token
*/
$version = "2.4";
$action = "A" ;
$pan = "4111111111111111" ;
$panExpiry = "1220" ;
$panBank = "OCBC";
$panCountry = "SG" ;
$panCurrency= "702";
$cardHolderName = "CARDHOLDER" ;
$cardHolderEmail = "[email protected]" ;
$storeCardUniqueID=""; //Required when doing I / U / D
//Construct signature string
$stringToHash = $merchantID . $storeCardUniqueID . $panBank . $panCountry . $cardHolderName . $cardHolderEmail . $panExpiry . $action . $pan . $panCurrency;
$hash = strtoupper(hash_hmac('sha256', $stringToHash ,$secretKey, false)); //Compute hash value
//Construct request message
$xml = "<MaintenanceRequest>
<version>$version</version>
<merchantID>$merchantID</merchantID>
<action>$action</action>
<pan>$pan</pan>
<panExpiry>$panExpiry</panExpiry>
<panBank>$panBank</panBank>
<panCountry>$panCountry</panCountry>
<panCurrency>$panCurrency</panCurrency>
<cardholderName>$cardHolderName</cardholderName>
<cardholderEmail>$cardHolderEmail</cardholderEmail>
<storeCardUniqueID>$storeCardUniqueID</storeCardUniqueID>
<hashValue>$hash</hashValue>
</MaintenanceRequest>";
include_once('pkcs7.php');
$pkcs7 = new pkcs7();
$payload = $pkcs7->encrypt($xml,"./keys/demo2.crt"); //Encrypt payload
include_once('HTTP.php');
//Send request to 2C2P PGW and get back response
$http = new HTTP();
$response = $http->post("https://demo2.2c2p.com/2C2PFrontend/PaymentActionV2/PaymentAction.aspx","paymentRequest=".$payload);
//Decrypt response message and display
$response = $pkcs7->decrypt($response,"./keys/demo2.crt","./keys/demo2.pem","2c2p");
echo "Response:<br/><textarea style='width:100%;height:80px'>". $response."</textarea>";
//Validate response Hash
$resXml=simplexml_load_string($response);
$res_version = $resXml->version;
$res_timeStamp = $resXml->timeStamp;
$res_merchantID = $resXml->merchantID;
$res_respCode = $resXml->respCode;
$res_respReason = $resXml->respReason;
$res_panBank = $resXml->panBank;
$res_storeCardUniqueID = $resXml->storeCardUniqueID;
$res_panCountry = $resXml->panCountry;
$res_cardholderName = $resXml->cardholderName;
$res_cardholderEmail = $resXml->cardholderEmail;
$res_panMasked = $resXml->panMasked;
//Compute response hash
$res_stringToHash = $res_merchantID . $res_respCode . $res_respReason . $res_storeCardUniqueID . $res_panBank . $res_panCountry . $res_cardholderName . $res_cardholderEmail . $res_panMasked;
$res_responseHash = strtoupper(hash_hmac('sha256',$res_stringToHash,$secretKey, false)); //Compute hash value
echo "<br/>hash: ".$res_responseHash."<br/>";
if(strtolower($resXml->hashValue) == strtolower($res_responseHash)){ echo "valid response"; }
else{ echo "invalid response"; }
?>
Updated over 3 years ago