Developer Documentation | Instant EFT Payment Gateway South Africa

Documentation

Quickly integrate SmartPayLive into your platform.

Custom API Integration

Integrate and receive payments securely from our payment platform.

Introduction
Common request structure
Common response structure
Authentication
Request payment
Check payment status
Cancel payment
Webhook
Conduct security checks
Class libraries

Introduction

The SmartPayLive API is organized around REST and all API calls are POST requests. The POST body contains credentials as well as the request parameters, formatted in JSON. The response is a JSON-formatted string containing status codes as well as the response data.

Base URL

https://api.smartpaylive.com/api/V1/

Sandbox URL

http://devapi.smartpaylive.com/api/V1/

Common request structure

The common request structure is laid out as follows:

Credentials Object Required

This field is used for authentication.

OriginatingIpAddress String Optional

If the caller is forwarding a request from an external client (e.g., the API caller is a web application, receiving instructions from a user in a browser), then the caller should populate this field with the IP address of the logged in user.

ClientVersion String Optional

This field should be set to the version of the software that is calling the backend API.

Request Object Required

The request body.

Common request structure

{
  "Credentials": {
    "ChannelName": "<Channel-Name>",
    "ChannelHash": "<Channel-Hash>",
    "Timestamp": "<Current-Timestamp>",
    "RequestReference": "<Request-Reference>"
  },
  "OriginatingIpAddress": "<Client-IP>",
  "ClientVersion": "<Client-Version>",
  "Request": {}
}

Common response structure

The common response structure is laid out as follows:

Succeeded Boolean

This field indicates whether the request was successful or not.

ErrorCode Integer

This field indicates the reason of the failure.

ErrorMessage String

This field indicates the reason of the failure.

RequestId String

The request identifier. If you need to contact us about a specific request, providing the request identifier will ensure the fastest possible resolution.

ProcessingTimeMS Integer

This field contains the time spent within the backend API while servicing the request.

Response Object

The response body.

Common response structure

{
  "Response": {},
  "Succeeded": true,
  "ErrorCode": null,
  "ErrorMessage": null,
  "RequestId": "3dde5697-c576-42fb-af4f-9c5cbe26bb32",
  "ProcessingTimeMS": 62
}

Authentication

Authentication is done by providing credentials object with each API request. The credentials object consists of following fields:

ChannelName String Required

The channel name as provided by SmartPayLive system.

ChannelPassword

The channel password as provided by SmartPayLive system.

Timestamp String Required

The current timestamp (YYYY-MM-DD HH:MM:SS.FFF).

RequestReference String Required

Unique value for every request. A GUID is suitable here.

ChannelHash String Required

This field is used to validate the channel credentials. The algorithm for generating ChannelHash is:

UpperCaseString(SHA256(AES192CBC(ChannelName + Timestamp + ChannelPassword + RequestReference, ChannelPassword)))

Generate channel hash

PHP

function generateChannelHash($channelName, $channelPassword, $timestamp, $requestReference) {
  $data = $channelName . $timestamp . $channelPassword . $requestReference;
  
  $encryptionMethod = "aes-192-cbc";
  $iv = str_repeat(chr(0x0), 16);
  $encryptedData = openssl_encrypt($data, $encryptionMethod, $channelPassword, OPENSSL_RAW_DATA, $iv);
  
  return strtoupper(hash("sha256", $encryptedData));
}

Request payment

This API provides Merchants with the ability to receive money from their customers.

Request parameters

IntegratorTransactionReference String Required

The transaction reference number for this transaction on the Merchant’s system.

IntegratorCustomerId String Required

The customer identifier from the Merchant’s system.

Amount Float Required

The amount to be requested from the customer.

IntegratorRedirectUrl String Required

The URL that the customer will be redirected to once the transaction has completed.

CustomerEmailAddress String Optional

Email address of the customer. Required if the payment is a recurring payment.

CancelRedirectUrl String Required

The URL that the customer will be redirected to, if the payment is cancelled or failed.

Response

PaymentRequestId String

The transaction reference for this payment request on the payment gateway.

PaymentUrl String

The URL that the customer must be redirected to, in order to begin the payment process.

PaymentReference String

The payment reference number for this transaction. Appears on payment processing page.

POST /RequestPayment

Sample payment request body

{
  "Credentials": {
    "ChannelName": "<Channel-Name>",
    "ChannelHash": "<Channel-Hash>",
    "Timestamp": "<Current-Timestamp>",
    "RequestReference": "<Request-Reference>"
  },
  "OriginatingIpAddress": "<Client-IP>",
  "ClientVersion": "<Client-Version>",
  "Request": {
    "IntegratorTransactionReference": "1122334455",
    "IntegratorCustomerId": "321321",
    "Amount": "100",
    "IntegratorRedirectUrl": "http://example.com/complete",
    "CustomerEmailAddress": "customer-name@example.com",
    "CancelRedirectUrl": "http://example.com/cancel"
  }
}

POST /RequestPayment

Sample response

{
  "Response": {
    "PaymentRequestId": "0cc9ad66-9758-4279-a022-9b26f720ba7c",
    "PaymentUrl": "http://devweb.smartpaylive.com/payment/0cc9ad66-9758-4279-a022-9b26f720ba7c",
    "PaymentReference": "OP007H9W"
  },
  "Succeeded": true,
  "ErrorCode": null,
  "ErrorMessage": null,
  "RequestId": "d9796ff5-b6ee-46a3-9fa1-b85c9fe5d2cd",
  "ProcessingTimeMS": 106
}

Check payment status

This API helps Merchants check the payment status.

Request parameters

PaymentRequestId String Required

The payment gateway generated transaction reference that is being queried.

Response

Status Integer

Represents the current state of the transaction. Following is the list of possible payment statuses:

1: Requested
2: In Progress
3: Completed Successfully
4: Canceled
5: Failed

AmountRequested Float

The amount requested to be paid.

RequestedByIntegratorName String

The name of the Merchant who requested the payment.

IntegratorTransactionReference String

The reference number supplied by the merchant for the payment.

IntegratorLogoUrl String

Merchant’s logo URL.

RedirectUrl String

The redirect URL generated when the payment was initially requested. It is included to allow the transaction to be resumed if necessary.

PaymentReference String

The payment reference number for the transaction.

PaymentUrl String

The URL that the customer must be redirected to, in order to begin the payment process.

CancelRedirectUrl String

The URL will-be/was used to redirect the customer, if the payment is cancelled or failed.

RecurringPaymentsRequested Integer

If the payment is recurring, the number of requested payments.

RecurringPaymentsCompleted Integer

If the payment is recurring, the number of successful payments that has been completed.

RecurringPaymentsRemaining Integer

If the payment is recurring, the number of remaining payments.

POST /QueryStatus

Sample request body

{
  "Credentials": {
    "ChannelName": "<Channel-Name>",
    "ChannelHash": "<Channel-Hash>",
    "Timestamp": "<Current-Timestamp>",
    "RequestReference": "<Request-Reference>"
  },
  "OriginatingIpAddress": "<Client-IP>",
  "ClientVersion": "<Client-Version>",
  "Request": {
    "PaymentRequestId": "f04e76c3-2290-4a1e-8195-d9727678c2a8"
  }
}

POST /QueryStatus

Sample response

{
  "Response": {
    "Status": 3,
    "AmountRequested": 100.00,
    "RequestedByIntegratorName": "<Channel-Name>",
    "IntegratorTransactionReference": "1122334455",
    "IntegratorLogoUrl": "http://devapi.smartpaylive.com/media/defaultmerchant.png",
    "RedirectUrl": "http://example.com/complete",
    "PaymentReference": "OP007H9W",
    "PaymentUrl": "http://devweb.smartpaylive.com/payment/0cc9ad66-9758-4279-a022-9b26f720ba7c",
    "CancelRedirectUrl": "http://example.com/cancel",
    "RecurringPaymentsRequested": 0,
    "RecurringPaymentsCompleted": 0,
    "RecurringPaymentsRemaining": 0
  },
  "Succeeded": true,
  "ErrorCode": null,
  "ErrorMessage": null,
  "RequestId": "0f677604-e38d-4840-a466-5f246488bb33",
  "ProcessingTimeMS": 16
}

Cancel payment

This API provides Merchants with the ability to cancel the payment. If the payment still has a number of recurring requests remaining, these will no longer be requested.

Request parameters

PaymentRequestId String Required

The payment gateway generated transaction reference that is being cancelled.

CancellationReason String Optional

The reason for cancelling the payment.

POST /CancelPayment

Sample request body

{
  "Credentials": {
    "ChannelName": "<Channel-Name>",
    "ChannelHash": "<Channel-Hash>",
    "Timestamp": "<Current-Timestamp>",
    "RequestReference": "<Request-Reference>"
  },
  "OriginatingIpAddress": "<Client-IP>",
  "ClientVersion": "<Client-Version>",
  "Request": {
    "PaymentRequestId": "2dcd39c4-c18e-45f9-b459-60ea57fc6e4f",
    "CancellationReason": "Your reason for cancellation"
  }
}

POST /CancelPayment

Sample response

{
  "Response": {},
  "Succeeded": true,
  "ErrorCode": null,
  "ErrorMessage": null,
  "RequestId": "3dde5697-c576-42fb-af4f-9c5cbe26bb32",
  "ProcessingTimeMS": 62
}

Webhook

When a payment is successfully completed, the payment gateway will notify the Merchant by performing an HTTP POST to an endpoint in the Merchant’s environment. This allows the Merchant to be notified of payments without having to query the status of each pending payment. The information posted to the webhook endpoint is as follows:

Arguments

PaymentRequestId String

The payment gateway generated transaction reference.

IntegratorTransactionReference String

The reference number supplied by the merchant for the payment.

PaymentStatus Integer

Represents the current state of the transaction. Following is the list of possible payment statuses:

1: Requested
2: In Progress
3: Completed Successfully
4: Canceled
5: Failed

AmountRequested Float

The amount requested to be paid.

Fee Float

The payment processing fee.

NetAmount Float

The amount that will be credited to Merchant’s account.

DateCompletedUTC String

The payment completion date.

PaymentMethod Integer

The payment method.

NumRecurringPaymentsRemaining Integer

The number of recurring payments that are remaining.

Webhook payload

{
  "PaymentRequestId": "0cc9ad66-9758-4279-a022-9b26f720ba7c",
  "IntegratorTransactionReference": "1122334455",
  "PaymentStatus": 3,
  "AmountRequested": 100.00,
  "Fee": 2.3,
  "NetAmount": 97.7,
  "DateCompletedUTC": "2021-04-20T12:14:01.7878431Z",
  "PaymentMethod": 2,
  "NumRecurringPaymentsRemaining": 0
}

Conduct security checks

Conduct following four security checks to ensure that the data you are receiving in webhook is correct, from the correct source and has not been altered; you should not continue the process if a test fails!

Check if payment was requested by your (Merchant’s) system

Validate request identifier

PHP

function validateRequestId($paymentRequestId, $orderPaymentRequestId) {
  return $paymentRequestId === $orderPaymentRequestId;
}

Compare payment amount

Validate payment amount

PHP

function validatePaymentAmount($amountRequested, $orderTotal) {
  return (float)$amountRequested == (float)$orderTotal;
}

Check that the notification has come from a valid SmartPayLive domain

Validate IP

PHP

function validateIP() {
  $validSmartPayIPs = [
    '41.185.80.146',
    '41.185.18.98',
    '41.185.18.99'
  ];

  $referrerIP = $_SERVER['REMOTE_ADDR'];

  return in_array($referrerIP, $validSmartPayIPs, true);
}

Perform server request to /QueryStatus API to confirm the details

Validate payment status

PHP

function validatePaymentStatus($channelName, $channelPassword, $paymentRequestId, $paymentStatus) {
  // SmartPay class is available in our PHP class library, you can download it from https://smartpaylive.com/downloads/SmartPay.zip
  $smartPay = new SmartPay($channelName, $channelPassword);
  $status = $smartPay->queryStatus($paymentRequestId);
  if (!is_null($status) && $status->Succeeded == true) {
    if ($status->Response->Status == $paymentStatus && $paymentStatus == 3) {
      return true;
    }
  }
  return false;
}

Bringing all the checks together

PHP

$requestIdCheck = validateRequestId($webhookPayload->PaymentRequestId, $orderDetails->PaymentRequestId);
$paymentAmountCheck = validatePaymentAmount($webhookPayload->AmountRequested, $orderDetails->OrderTotal);
$validIpCheck = validateIP();
$validPaymentStatusCheck = validatePaymentStatus($channelName, $channelPassword, $webhookPayload->PaymentRequestId, $webhookPayload->PaymentStatus);

if ($requestIdCheck && $paymentAmountCheck && $validIpCheck && $validPaymentStatusCheck) {
  // All checks have passed
} else {
  // Some checks have failed, check payment manually and log for investigation
}

Class libraries

Download PHP class library