Specification
Status notifications are sent to your website as GET or POST HTTP-requests. Adjust your Listener to process those requests properly.
EveryWallet Shopping Cart API will post these variables in callback request:
| Param | Value |
|---|---|
| AMOUNT | Invoice amount in currency of the merchant store. |
| SIGN | Control signature. MD5 hash from the string «MERCHANT_ID:AMOUNT:MERCHANT_ORDER_ID:secret_word», where secret_word is a value of Secret key 2, specified in Merchant Processing settings. |
| MERCHANT_ID | Merchant-ID in EveryWallet. Displayed in Merchant Processing settings. |
| MERCHANT_ORDER_ID | Number of order in your store, as passed in SCI request. You have to ensure the uniqueness of this parameter. |
| Buyer’s e-mail. | |
| CUR_ID | E-currency code the buyer paid by. |
Code samples
Here are the examples of test listener, implemented in popular languages.
PHP:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
<!--?php define('SECRET_KEY', 'Use this you Secret key 2 as on page http://everywallet.com:8090/my/#merchant/settings'); define('PAYMENT_GATEWAY_IP', 'Our payment gateway ip'); define('REQUEST_METHOD', 'Request method selected in Status URL on page http://everywallet.com:8090/my/#merchant/settings'); class PaymentStatus { private $errors = array(); public function validateIp($remoteIp = false) { if (!$remoteIp) { $remoteIp = PAYMENT_GATEWAY_IP; } if ($_SERVER['REMOTE_ADDR'] != $remoteIp) { $this--->errors['validateIp'] = 'Invalid payment gate ip: ' . $_SERVER['REMOTE_ADDR']; } } public function checkMethod($method = false) { if (!$method) { $method = REQUEST_METHOD; } if ($_SERVER['REQUEST_METHOD'] != $method) { $this->errors['method'] = 'Invalid payment method: ' . $_SERVER['REQUEST_METHOD']; } } public function checkPayment() { // SIGN Control signature. MD5-sum hash from the line «MERCHANT_ID:AMOUNT:MERCHANT_ORDER_ID:secret_word», // where secret_word is a value of Secret key 2, specified in Merchant Processing integration settings. $signature = md5($_REQUEST['MERCHANT_ID'].':'.$_REQUEST['AMOUNT'].':'.$_REQUEST['MERCHANT_ORDER_ID'].':'.SECRET_KEY); if ($_REQUEST['SIGN'] != $signature) { $this->errors['checkPayment'] = 'Payment not verified: ' . $_SERVER['REQUEST_METHOD']; } if (!$this->errors) { return 'VERIFIED'; } else { return $this->errors; } } } $paymentStatus = new PaymentStatus(); $paymentStatus->validateIp(); // Check remote ip $paymentStatus->checkMethod(); // Check request method $status = $paymentStatus->checkPayment(); // Check payment invoice if ($status == 'VERIFIED') { // Here function accept payment, in $_REQUEST you have next parametrs // AMOUNT - Invoice amount in currency of merchant store. // MERCHANT_ID - Merchant-ID in EveryWallet. Displayed in Merchant Processing integration settings. // MERCHANT_ORDER_ID - Number of an order in your store. You need to ensure the uniqueness of this parameter. // EMAIL - Buyer’s e-mail. // CUR_ID - Code of e-currency buyer chose to pay with. http_response_code(); // Send status payment gate } else { // Array $status has errors use here function for log http_response_code(400); // Send status payment gate } ?-> |
Java:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
import java.io.IOException; import java.math.BigInteger; import java.net.URLDecoder; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.HashMap; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; class IPNMessage { private static final String ENCODING = "windows-1252"; private final HttpServletRequest request; private HashMap<string, string=""-> args = new HashMap<string, string=""->(); public IPNMessage(HttpServletRequest request) { this.request = request; parseArguments(request.getParameterMap()); } public HashMap<string, string=""> getIpnMap() { return args; } private void parseArguments(Map<string, string[]=""> ipnMap) { for (Map.Entry<string, string[]=""> entry : ipnMap.entrySet()) { String name = entry.getKey(); String[] value = entry.getValue(); try { this.args.put(name, URLDecoder.decode(value[0], ENCODING)); } catch (Exception e) { //LoggingManager.debug(IPNMessage.class, e.getMessage()); } } } public boolean validateSignature(String signature) { return md5(args.get("MERCHANT_ID") + ":" + args.get("AMOUNT") + ":" + args.get("MERCHANT_ORDER_ID") + ":" + signature).equals(args.get("SIGN")); } public boolean checkIp(String[] allowedIp) { return Arrays.asList(allowedIp).contains(request.getRemoteAddr()); } public boolean checkMethod(String method) { return request.getMethod().equals(method); } public static String md5(String input) { String md5 = null; if (null == input) return null; try { MessageDigest digest = MessageDigest.getInstance("MD5"); digest.update(input.getBytes(), 0, input.length()); md5 = new BigInteger(1, digest.digest()).toString(16); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } return md5; } } public class IPNListener extends HttpServlet { // Load parameters from some config // Use you Secret key 2 as on page http://everywallet.com/my/#merchant/settings static final String PRIVATE_KEY = "secret_key"; // EveryWallet gateway ip static final String[] ALLOW_IP = {"127.0.0.1"}; // Request method selected in Status URL on page http://everywallet.com/my/#merchant/settings static final String METHOD = "POST"; void processRequest(HttpServletRequest request, HttpServletResponse response) { IPNMessage message = new IPNMessage(request); // Verify request and process errors if (message.checkIp(ALLOW_IP) && message.checkMethod(METHOD) && message.validateSignature(PRIVATE_KEY)) { // Check and process payment message.getIpnMap(); // AMOUNT - Invoice amount in currency of merchant store. // MERCHANT_ID - Merchant-ID in EveryWallet. Displayed in Merchant Processing integration settings. // MERCHANT_ORDER_ID - Number of an order in your store. You need to ensure the uniqueness of this parameter. // EMAIL - Buyer’s e-mail. // CUR_ID - Code of e-currency buyer chose to pay with. } else { // Invalid payment } } @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { super.doGet(req, resp); processRequest(req, resp); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { super.doPost(req, resp); processRequest(req, resp); } } |
Perl:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
#!/usr/bin/perl use Digest::MD5 qw(md5_hex); use strict; use warnings; use FCGI; use constant SECRET_KEY => 'MySectetKey'; # Use you Secret key 2 as on page http://everywallet.com/my/#merchant/settings use constant PAYMENT_GATEWAY_IP => '127.0.0.1'; # EveryWallet gateway ip use constant REQUEST_METHOD => 'POST'; # Request method selected in Status URL on page http://everywallet.com/my/#merchant/settings #-------------------------------------------------------------------- sub checkPayment{ my $remote_ip = shift; if ( $remote_ip ne PAYMENT_GATEWAY_IP ) { return 0; }; my $method = shift; if ( $method ne REQUEST_METHOD ) { return 0; }; my $merchant_id = shift; my $amount = shift; my $signature = shift; my $merchant_order_id = shift; my $sign_md5 = md5_hex($merchant_id.':'.$amount.':'.$merchant_order_id.':'.SECRET_KEY); if ($sign_md5 eq $signature) { return 1; } else { return 0; }; }; #-------------------------------------------------------------------- my $socket = FCGI::OpenSocket(":9900", 5); my $request = FCGI::Request(\*STDIN, \*STDOUT, \*STDERR, \%ENV, $socket); my $buffer = ''; while($request->Accept() >= 0) { $ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/; if ( $ENV{'REQUEST_METHOD'} eq "GET" ) { $buffer = $ENV{'QUERY_STRING'}; }; if ( $ENV{'REQUEST_METHOD'} eq "POST" ) { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); }; if ( length($buffer) > 0 ) { my @pairs = split(/&/, $buffer); my %hash; foreach my $pair (@pairs) { my ($key, $value) = split(/=/, $pair); print $key . " --- " . $value . "\n"; %hash = (%hash, $key, $value); } my $remote_ip = $ENV{HTTP_HOST}; my $method = $ENV{REQUEST_METHOD}; my $merchant_id = $hash{MERCHANT_ID}; my $amount = $hash{AMOUNT}; my $signature = $hash{SIGN}; my $merchant_order_id = $hash{MERCHANT_ORDER_ID}; if ( checkPayment ($remote_ip, $method, $merchant_id, $amount, $signature, $merchant_order_id) ) { print( "Status: 200\r\n" ); print( "\r\n"); } else { print( "Status: 418\r\n" ); print( "\r\n"); }; }; }; FCGI::CloseSocket($socket); |