4. Confirm the payment

Users of your website will likely have poor connectivity so to avoid any lost payments you must confirm all payments using an HTTP POST request sent from your server. This also provides added security because your private AUTH_TOKEN provided by Paycorp is never exposed in a public web page.

ඔබගේ Web Site එක හරහා ගණුදෙණු කරන පරිශීලකයින්ගේ ජාල සම්බන්දතා ගැටලු හේතුවෙන් ඔබේ ගණුදෙණු සාර්තක නොවිය හැක.මේ නිසා මෙය වලක්වා ගැනීමට සියලුම ගණුදෙණු තහවුරු කිරීමට HTTP POST Request එකක් භාවිතා කල යුතුය. මෙහිදී Paycorp මගින් සපයන ඔබේ පෞද්ගලික AUTH_TOKEN එක බාහිර පාර්ශවයන්ට නිරාවරණය නොවීම නිසා අතිරේක වශයෙන් ආරක්ෂාවක් සැලසේ.

NOTE the post request used to confirm the payment has an empty body and contains 2 url parameters:

• The request ID or CSRF token extracted from the GET request.

• The merchants AUTH-TOKEN that will be supplied by Paycorp

අවධානයට : Payment එක තහවුරු කිරීම සඳහා භාවිතා කරන POST request එක URL parameter 2 කින් සහ හිස් Body එකකින් සමන්විත වේ. Request ID හෝ CSRF token එක GET request එකෙන් උපුටා ගනු ලැබේ.පරිශීලකයාගේ AUTH-TOKEN එක Paycorp විසින් සපයනු ලැබේ.

KEEP YOUR AUTH-TOKEN SECURE and NEVER include your AUTH-TOKEN in any HTML page or clear text config file. ඔබේ AUTHTOKEN සුරැකි තබන්න. කිසිම පිටුවක හෝ සැකසුම් ගොනුවක් තුළ ඔබේ AUTH-TOKEN ඇතුළත් කරන්න එපා

Node.js

function processResponse(req, res, next) {

  // This will vary depending on your bank
  // and may also change so please check any emails you
  // receive from Paycorp that contain setup instructions
  const BASE_URL = 'https://sampath.paycorp.lk/webinterface/qw/confirm';

  // This is the your private auth token. It must
  // never be used in the browser, only on your secure server
  const AUTH_TOKEN = '7c0c1c98-0f1e-4da9-9e93-1d4939d9282f'; 

  // First submit the payment complete request, NOTE: empty body, 
  // only needs URL params
  axios.post(`${BASE_URL}?csrfToken=${reqId}&authToken=${AUTH_TOKEN}`, {})
    .then(function (response) {

      // The response data will be in x-www-form-urlencode format
      // Convert x-www-form-urlencode to simple object
      const respData = querystring.parse(response.data);
      
      // and add req ID if you wish
      respData.reqid = req.query.reqid;

      // Show the user a receipt page
      res.render('payment-response', {
        title:  'Payment Response',
        data: respData 
      });

      // FURTHER PROCESSING OF THE PAYMENT.........
      
    })
    .catch(function (error) {
      console.log('ERROR:', error);
      next(createError(error.response.status, error.response.statusText));
    });  
}

PHP

// PRIVATE Merchant Authtoken
$base_url = "https://sampath.paycorp.lk/webinterface/qw/confirm";
$auth_Token = "7c0c1c98-0f1e-4da9-9e93-1d4939d9282f";

// Construct the payment confirmation request
// Set CURLOPT_RETURNTRANSFER so that the content is returned as a variable.
// Set CURLOPT_FOLLOWLOCATION to true to follow redirects.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $base_url.'?csrfToken='.$csrfToken.'&authToken='.$auth_Token);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

//Execute the request, Get the Errors & close the cURL handle
$response = curl_exec($ch);
$errors = curl_error($ch);
curl_close($ch);

// The response data will be in x-www-form-urlencode format
// Explode String data using "&" and "=". 
$params = explode('&', $response);
$results = [];

foreach ($params as $element) {
  list($key, $value) = explode('=', $element);
  $results[$key] = $value;
}

// Display payment response
echo "<center>&#9886;<b>------Payment Complete Response------</b>&#9887;</br></br>";
echo "&#9755;&ensp;"."Request ID : ".$csrfToken."</br></br>";
echo "&#9755;&ensp;"."Client Ref : ".$results['clientRef']."</br></br>";
echo "&#9755;&ensp;"."Comment : ".$results['comment']."</br></br></center>";
echo "&#9755;&ensp;"."Card Type : ".$results['cardType']."</br></br>";
echo "&#9755;&ensp;"."Card Holder Name : ".$results['cardHolderName']."</br></br>";
echo "&#9755;&ensp;"."Card Number : ".$results['cardNumber']."</br></br>";
echo "&#9755;&ensp;"."Card Expiry : ".$results['cardExpiry']."</br></br>";
echo "&#9755;&ensp;"."Payment Amount : ".$results['paymentAmount']."</br></br>";
echo "&#9755;&ensp;"."Currency : ".$results['currency']."</br></br>";
echo "&#9755;&ensp;"."Transaction ref number : ".$results['txnReference']."</br></br>";
echo "&#9755;&ensp;"."Response Code : ".$results['responseCode']."</br></br>";
echo "&#9755;&ensp;"."Response Text : ".$results['responseText']."</br></br>";

// FURTHER PROCESSING OF THE PAYMENT.......

Java

String authToken = "7c0c1c98-0f1e-4da9-9e93-1d4939d9282f";
String baseUrl = "https://sampath.paycorp.lk/webinterface/qw/confirm";
String confirmUrl = baseUrl + "?csrfToken=" + reqId + "&authToken=" + authToken;
// Construct payment confirmation request
URL url = new URL(confirmUrl);
HttpURLConnection httpCon = (HttpURLConnection) url.openConnection();
httpCon.setDoOutput(true);
httpCon.setRequestMethod("POST");

// Post the request and read the response
BufferedReader in = new BufferedReader(new InputStreamReader(httpCon.getInputStream()));
String inputLine = in.readLine();
in.close();

// The response data will be in x-www-form-urlencode format
String[] responseArray = inputLine.split("&");
Map<String, String> respMap = new HashMap<>();
for (String keyValuePair: responseArray) { 
    String[] split = keyValuePair.split("=");
    respMap.put(split[0], split[1]);
}

request.setAttribute("reqid", reqId);
request.setAttribute("clientRef", respMap.get("clientRef"));
request.setAttribute("comment", respMap.get("comment"));
request.setAttribute("cardType"	, respMap.get("cardType"));
request.setAttribute("cardHolderName", respMap.get("cardHolderName"));
request.setAttribute("cardNumber", respMap.get("cardNumber"));
request.setAttribute("cardExpiry", respMap.get("cardExpiry"));
request.setAttribute("paymentAmount", respMap.get("paymentAmount"));
request.setAttribute("currency"	, respMap.get("currency"));
request.setAttribute("txnReference"	, respMap.get("txnReference"));
request.setAttribute("responseCode", respMap.get("responseCode"));
request.setAttribute("responseText"	, respMap.get("responseText"));

// FURTHER PROCESSING OF THE PAYMENT......

RequestDispatcher rd = request.getRequestDispatcher("/PaymentResponse.jsp");
rd.forward(request, response);

.Net

var base_url = "https://sampath.paycorp.lk/webinterface/qw/confirm";
var auth_Token = "7c0c1c98-0f1e-4da9-9e93-1d4939d9282f";
var myrequest = (HttpWebRequest)WebRequest.Create(base_url + "?csrfToken=" + csrfToken + "&authToken=" + auth_Token);
myrequest.Method = "POST";
myrequest.ContentType = "application/x-www-form-urlencoded";
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
var myresponse = (HttpWebResponse)myrequest.GetResponse();

// Get the stream associated with the response.
Stream receiveStream = myresponse.GetResponseStream();

// Pipes the stream to a higher level stream reader with the required encoding format.
StreamReader readStream = new StreamReader(receiveStream, Encoding.UTF8);
string readContents = readStream.ReadToEnd();
string[] lines = readContents.Split('&');

IDictionary<string, string> respMap = new Dictionary<string, string>();
foreach (string keyValuePair in lines) {
    string[] split = keyValuePair.Split('=');
    respMap.Add(split[0], split[1]);
}

clientref = respMap["clientRef"];
response_code = respMap["responseCode"];
amount = respMap["paymentAmount"];
card_expiry = respMap["cardExpiry"];
cardholdername = respMap["cardHolderName"];
txnreference = respMap["txnReference"];
response_text = respMap["responseText"];
comment = respMap["comment"];
card_Type = respMap["cardType"];
currency = respMap["currency"];
card_num = respMap["cardNumber"];
token = respMap["token"];
token_res_txt = respMap["tokenResponseText"];