0% found this document useful (0 votes)

136 views

Awepay Integration Document

Uploaded by

marketing.oneroyal4

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

136 views

Awepay Integration Document

Uploaded by

marketing.oneroyal4

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 65

10/16/2020 Awepay

Awepay Payment System

Integration Guide
Confident - for professional use only
15 October 2020

https://admin.awepay.com/documentation.php 1/65
10/16/2020 Awepay

Table of Contents
1. System Overview
1.1. Security Requirements
2. Integration
2.1. SOAP, Parameter Definitions
2.2. SOAP, Credit Card
2.2.1.General information
2.2.2.Verification
2.2.3.Secure3D Integration
2.2.4.Pre-Authentications (PreAuths)
2.2.5.Settlements (Capture)
2.2.6.Single transactions (Sale)
2.2.7.Responses
2.3. SOAP, Payout
2.3.1.China Union Pay Payout
2.3.2.Flow diagram
2.4. SOAP, ACH
2.4.1.General Information
2.4.2.Single Transactions
2.4.3.ACH Account Types
2.4.4.ACH Classes
2.4.5.Responses
2.5. SOAP, Card Load
2.5.1.General Information
2.5.2.Load Transactions
2.5.3.Responses
2.5.4.Process Flow
2.6. SOAP, Refunds
2.6.1.General Information
2.6.2.Refunding Transactions
2.6.3.Responses
2.7. TxHandler
2.7.1.General Information
2.7.2.Single Transactions
2.7.3.Single Transactions - CUP/WeChat/AliPay/P2P
2.7.4.Flow diagram
2.7.5.Parameter Definitions
2.7.6.Responses
2.8. Secure Hosted Payment
2.8.1.General Information
2.8.2.Single Transactions
2.8.3.Single Transactions - CUP/WeChat/AliPay/P2P
2.8.4.Parameter Definitions
2.8.5.Responses
2.9. Postbacks
2.9.1.General
2.9.2.Usage
2.9.3.Parameters
2.9.4.Signature
2.10. Admin Interfaces
2.10.1.General Information
2.10.2.Get Transactions By TID
2.10.3.Get Transactions By RID
2.10.4.Get Transactions By SID
2.10.5.Get Transaction Details
2.10.6.Parameter Definitions
2.10.7.Responses
3. Code Examples
3.1. SOAP Credit Card
3.1.1.Single Transaction [Non-Secure3D OR Secure3D] (php + nusoap)
3.1.2.Single Transaction [Non-Secure3D OR Secure3D] (PHP soap)
3.2. SOAP ACH
3.2.1.Single Transaction (php + nusoap)
3.3. SOAP Card Load
3.3.1.Single Card Load (php + nusoap)
3.4. SOAP Refunds
3.4.1.Refund (php)
3.5. Secure Hosted Payment
3.5.1.Single Transaction (HTML)
3.6. TxHandler
3.6.1.Single Transaction (HTML)

https://admin.awepay.com/documentation.php 2/65
10/16/2020 Awepay
3.7. Postbacks
3.7.1.PAYMENT
3.7.2.REFUND
3.7.3.CHARGEBACK
3.7.4.LOAD
4. Appendix
4.1. Awepay Generic Error Types
4.2. Transaction Action Types
4.3. Transaction Status Types
4.4. Transaction Specific Error Codes
4.5. Bank Codes
4.6. CVV(2) Response Codes
4.7. AVS Response Codes (Visa)
4.8. AVS Response Codes (Mastercard)
4.9. Country ISO Codes
4.10. State ISO Codes
4.11. Industry Standard Credit Card Response Codes
4.12. Payout Bank Codes
5. Disclaimer

https://admin.awepay.com/documentation.php 3/65
10/16/2020 Awepay

1. System Overview
Awepay is a payment system that allows you to do quick, efficient and secure online transaction processing through a number of third party and bank
payments processing systems. Awepay uses real time processing with customer specified payment gateways to verify credit card details. Awepay stores the
purchase and verification details in an internal database.

With the Awepay Administration interface you are able to overview user transactions and marketing figures. It also allows you to cancel existing accounts and
to view and analyse declined payments.

1.1. Security Requirements

Important: To comply with the PCI Security Standards Council policy, PCI-DSS, all integrations are required to be TLS 1.2 or higher.

SSL and TLS 1.1 has been removed as an example of strong cryptography in the PCI DSS, and can no longer be used as a security control.

https://admin.awepay.com/documentation.php 4/65
10/16/2020 Awepay

2. Integration

2.1. SOAP, Parameter Definitions

Important: All parameters must be sent with the SOAP request, but only required parameters must have a value. All other values can be sent as an empty
String.

https://admin.awepay.com/documentation.php 5/65
10/16/2020 Awepay
Data
Name Required Description
Type

sid Integer Site id (unique identifier for the web site)

rcode String Retailer authentication code

amount Decimal Transaction amount

card_types String CSV of card types

description String What a recurring billing is for. e.g. "Monthly Subscription"

filter_search String Filtration value for the filtration type

filter_type String Filtration type for the filtration value

from_timestamp Integer Timestamp as search from date

limit Integer Maximum number of results to return

parent_txid String Registration TXID for a particular transaction

postbackurl String Postback URL

reason String Reason for refund, etc...

responses String Responses

sendNotification String Whether to send an email notification of transaction

to_timestamp Integer Timestamp as search to date

tx_actions String List of tx_actions

txid String A txid

udetails Array Contains user details

username String Legacy field - not used

password String Legacy field - not used

firstname String First name of the customer

lastname String Last name of the customer

email String Customer email address

phone String Customer phone number

mobile String Customer mobile number

address String Customer address

suburb_city String Customer suburb or city

state String Customer state, 2 or 3 letter code for US/Canada/Australia Appendix - State ISO Codes

postcode String Customer postcode/zipcode

country String Customer country, ISO 3166 2 letter code Appendix - Country ISO Codes

ship_firstname String Shipping first name

ship_lastname String Shipping last name

ship_address String Shipping address

ship_suburb_city String Shipping suburb or city

ship_state String Shipping state, 2 or 3 letter code for US/Canada/Australia Appendix - State ISO Codes

ship_postcode String Shipping postcode/zipcode

ship_country String Shipping country, ISO 3166 2 letter code Appendix - Country ISO Codes

ship_address String Shipping address

bank_name String Card issuer name

bank_phone String Card issuer phone number

ssn String Social security number

dl String Drivers license number

dob String Date of birth - Format: YYYY-MM-DD, *(required on some integrations)

IP address of the purchasing person. If taking phone orders please set uip to 127.0.0.1. This is only valid for
uip String
phone orders.

paydetails Array Contains payment details

payby String Card Type (eg. visa, mastercard, ach, etc...). You will be notified if you have a special requirement here.

card_name String Card holder name

String
card_no No spaces or dashes allowed
(16)

String
card_ccv Card security code (CVV2) 3 or 4 digits
(3)

String
card_exp_month Card expiry month - 2 digits
(2)

String
card_exp_year Card expiry year - 4 digits
(4)

https://admin.awepay.com/documentation.php 6/65
10/16/2020 Awepay
md String Session ID - Required when performing Secure3D transactions

redirecturl String Where to redirect users after Secure3D password entry - Required when performing Secure3D transactions

useragent String Browser user agent string - Required when performing Secure3D transactions

browseragent String Browser agent string - Required when performing Secure3D transactions

routing_no String ACH routing number. Only required for ACH/Check21 transactions.

account_no String ACH account number. Only required for ACH/Check21 transactions.

type String ACH account type. Valid values are ( 1 = Checking / 2: Savings ). Only required for ACH/Check21 transactions.

regulation_e String ACH regulation e acceptance. Only required for ACH/Check21 transactions. - Set to 1 if unsure.

ACH origination. Please set to "WEB" if online payment, or "TEL" if order taken by phone. Only required for
class String
ACH/Check21 transactions.

receive_name String ACH receivers name. Only required for ACH/Check21 transactions.

schedule_id String Recurring billing schedule identifier.

payoutdetails Array Contains recipient details for payout

payby String p2punion_pay

amount String Payout amount

currency String Currency code - used for validation only

card_name String Card holder name *union_pay only

card_no String No spaces or dashes allowed *union_pay only

account_name String Customer's bank account name *p2p only

account_number String Customer's bank account number *p2p only

bank_province String The province of account opening branch *p2p only

bank_city String The city of account opening branch *p2p only

bank_branch String Address of the account opening branch *p2p only

bank_code String Bank code. Appendix - Payout Bank Codes *p2p only

cart Array Information about the purchase items

summary Array Contains a summary of cart contents

quantity Integer Total quantity of cart items

amount_purchase String Total purchase amount (without commas and only 2 decimals places)

amount_shipping String Total shipping amount (without commas and only 2 decimals places)

currency_code String 3 digit currency code (Only "USD" supported at this time)

items Array Contains the cart items

(numerical index) Array Contains information about one item in the cart (Repeat until all cart items are listed)

name String Category, can be used freely

quantity Integer Quantity of the item

amount_unit String Unit price amount (without commas and only 2 decimals places)

item_no String Article number

item_desc String Item description (NOT TO USE GENERIC ITEM DESCRIPTION)

txparams Array Additional parameters

wid String Webmaster ID

tid String Tracking ID

ref1 String Used for your own reference

ref2 String Used for your own reference

ref3 String Used for your own reference

ref4 String Used for your own reference

addinfo String Additional information, in most cases blank

cmd String Reserved

postbackurl String This is where our system will send a server-server postback notification.

successurl String Used in secure payments as a redirection URL for successful payments

failureurl String Used in secure payments as a redirection URL for failed payments

2.2. SOAP, Credit Card

2.2.1.General information

2.2.1.0. Interface location

https://admin.awepay.com/documentation.php 7/65
10/16/2020 Awepay
The Awepay payment system uses SOAP to communicate with customer sales systems. It is important that the required parameters passed to the server are
formatted with the correct data type, (see Error! Reference source not found.) otherwise the transaction will not be accepted.

The SOAP service is located at: https://admin.awepay.com/soap/tx3.php?wsdl

2.2.1.1. Testing

To test your integration, please contact support and you will be provided with a testing SID. Any transaction processed on the testing SID will only be
checked syntactically and semantically by Awepay. This way you can test if you have sent sufficient and correct data.

When performing testing with your testing SID, the following card details can be used.

Field Value
Card Number 4111111111111111 or 5555555555554444

Card Type visa or mastercard

CCV 123

Expiry Date Any future month/year

Card name Tester

The following CVV value can be used to test different transaction results with your testing SID.

CVV Description
222 Decline

333 Gateway Error

411 Secure3D Approved Result (Secure3D tests only)

422 Secure3D Declined Result (Secure3D tests only)

All other values Approved transaction

You will be able to view the results of your testing transactions in Awepay by searching for them on the Browse Transactions page with your testing SID as a
search item.

2.2.2.Verification

2.2.2.0. What is Verification?

Verification allows you to verify customer submitted details, like email or mobile phone, by asking the user to submit extra confirmation details that may be
sent to them.

Verification integration will be required only for sites that have verification options enabled in the fraud check settings.

2.2.2.1. How is Verification required?

A transaction that requires verification will return a VER response. If this repose is recieved you will also get the extra question required for verification as
encoded html. Here some example code:

PHP

<?php
if($response["status"]=="VER"){
echo '<form action="yoursubmitpage.php" method="POST">';
echo urldecode($response["required"]["embedhtml"]);
echo '<br/>';
echo '<input type="submit"/> </form>';
}
?>

Once the details are submitted to your verification submit page you must take these variables and sen them to the verification soap request. This will
continue the billing process as expected.

processPreAuth (
array ( integer sid,
string rcode,
string txid,
array verifyresponse
)

The verifyresponse array is an array of items that each have a "name" and "value" tag. These should be the post name and values.

2.2.3.Secure3D Integration

2.2.3.0. What is Secure3D?

Secure3D is a third party fraud prevention protocol. The premise of this protocol in theory is easily explained; registered Secure3D cards have an additional
password, which helps prevent unauthorised use, which must be authorised and approved on a 3rd party secure website.

Secure3D integration will be required only for sites that have Secure3D enabled, and the steps for Secure3D will only be required to be followed if a payees'
card is registered with Visa for "vbv" or Mastercard for "securecode".

https://admin.awepay.com/documentation.php 8/65
10/16/2020 Awepay
2.2.3.1. Can I continue to process payments using SOAP if my website is Secure3D enabled?

Yes you can. However there have been fundamental changes to the processing steps of a SOAP payment and preauth to support Secure3D.

Create a payment array and initiate a soap response as per a normal transaction. The only changes that will need to be made, is to fill in the "vbv" array in
the "txparams" array of your payment/preauth request. The specifics are outlined in the payment / preauth array section.

https://admin.awepay.com/documentation.php 9/65
10/16/2020 Awepay

A response will be returned in the same format as a normal payment with additional array variables. Here are examples of the following scenarios:

a) Your transaction has failed due to a payment/preauth array error:

You will receive a standard status->EXC array, with referenced TXID & error results.

b) Your transaction has been approved and the card is not registered for Secure3D:
You will receive a standard status->OK array, with referenced TXID.

c) Your transaction has been halted, due to the card requiring additional Secure3D information for processing:
You will receive a new result, status->REQ array, with reference TXID & the "required" result array.

If you have received a status->REQ, your response array will be similar to the following:

Name Data Type Description

status String Has the value "REQ"

txid String The transaction ID

required Array

enrolled String Has the value "Y" indicating the card is enrolled with Secure3D

ACSUrl String Form "action" address

TermUrl String Hidden form value

payload String Hidden form value

MD String Submitted user session ID

embedhtml String (URL encoded) Pre-drawn HTML code to embed in your site (Alternatives available below)

error Array

type String Type of error

msg String Textual description of the error

sys String Where the error occurred. Used when talking to support to isolate errors

info String Additional error information, sometimes another description of the error.

code String The error code

At this point, you have a number of options on how you would like to continue to process the Secure3D transaction. Assume your response data is inside the
array "$response".

a) You may choose to directly imbed the "embedhtml" code into your website, and auto-redirect. Here is how to embed the code:

PHP

<?php
if($response["status"]=="REQ"){
echo urldecode($response["required"]["embedhtml"]);
echo "<script>document.secure_form.onsubmit();
document.secure_form.submit();</script>";
}
?>

b) You may choose to directly imbed the "embedhtml" code into your website, and auto-redirect. Here is how to embed the code:

PHP

<?php
if($response["status"]=="REQ"){
echo urldecode($response["required"]["embedhtml"]);
echo "<script>
document.getElementById("secure_submit").style.display="block";
</script>";
}
?>

c) You may choose to directly embed the "embedhtml" code into your website, and auto-redirect. Here is how to embed the code:

HTML & PHP

<FORM name="secure_form" method="POST" action="<?php echo $response["required"]["ASCUrl"]?>" target="secure_iframe">

Note: Each element in the embedded html code has an id & name, and elements such as styles and innerHtml can be modified easily with simple javascript
commands. Please ensure the iframe in your website is no less than 400px in width and height.

At this stage, when the form is submitted into the iframe, the client is redirected to a Secure3D hosted page. The Payee will fill in the required confirmation
data, such as card password, and submit their application.

https://admin.awepay.com/documentation.php 10/65
10/16/2020 Awepay
When the payee has completed their application successfully, the iframe will redirect itself back to your original specified "redirecturl" defined in the "vbv"
array inside "txparams".

The transaction has now been completed, and will return a response in the format of a payment/preauth soap response, status->OK or status->EXC etc,
which will be located inside the $_POST variable sent to your redirecturl. You may then use this data as per a normal soap response.

Please contact our support team for a full PHP working example version, to assist with your integration.

Important notice: The exact data format of the fields in these examples may differ from gateway to gateway. Please ask us for special data formats used by
your gateway!

2.2.4.Pre-Authentications (PreAuths)
The following SOAP API function is used to authorise a payment without settling it (Preauth).

Function Name
processPreAuthCC

Parameters
transactionData, an array of transaction details.

Example

processPreAuth (
array ( integer sid,
string rcode,
array udetails,
array paydetails,
array cart,
array txparams)
)

2.2.5.Settlements (Capture)
The following SOAP API function is used to settle a Preauth.

Function Name
processSettlementCC

Parameters
transactionData, an array of transaction details.

Example

processSettlement (
array ( integer sid,
string rcode,
string txid)
)

https://admin.awepay.com/documentation.php 11/65
10/16/2020 Awepay

2.2.6.Single transactions (Sale)

The following SOAP API function is used to process single payments. In most cases this will be a purchase in a web shop.

Function Name
processPayment

Parameters
transactionData, an array of transaction details.

Example

processPayment (
array ( integer sid,
string rcode,
array udetails,
array paydetails,
array cart,
array txparams)
)

https://admin.awepay.com/documentation.php 12/65
10/16/2020 Awepay

2.2.7.Responses

2.2.7.0. Single Transactions

The response from the server is an array. If the status has the value "OK" the transaction has been successfully processed. The response array has the
following structure:

Name Data Type Description

status String Has the value "OK" for a successful transaction, or "EXC" for a failed transaction

txid String The transaction ID

required Array This array will contain values in the event of Secure3D. The status will equal "REQ" if Secure3D is required.

enrolled String Has the value "Y" indicating the card is enrolled with Secure3D

ACSUrl String Form "action" address

TermUrl String Hidden form value

payload String Hidden form value

MD String Submitted user session ID

embedhtml String (URL encoded) Pre-drawn HTML code to embed in your site (Alternatives available below)

error Array If an error has occured, then the status value will equal "EXC" and this array with contain further information

type String The error type

sys String The system that caused the error (client or server)

msg String The error message

info String Error information that contains the bank message and bank code

code String Awepay error code

descriptor string The billing descriptor that will show on the customer's statement

https://admin.awepay.com/documentation.php 13/65
10/16/2020 Awepay

2.3. SOAP, Payout

2.3.1.China Union Pay Payout

The following SOAP API function is used to process single payouts.

Function Name
processPayout

Parameters
transactionData, an array of transaction details.

Example

processPayout (
array ( integer sid,
string rcode,
array udetails,
array payoutdetails,
array txparams)
)

2.3.2.Flow diagram

https://admin.awepay.com/documentation.php 14/65
10/16/2020 Awepay

2.4. SOAP, ACH

2.4.1.General Information
ACH processing with the Awepay system has three possible stages that begin with the customer submitting their payment. The system will first return that a
payment is pending, it is very important to understand that ACH is not processed in real time and may take between 24 hours and 7 days before a
transaction is approved or declined. The second stage after a pending response will be either approved or declined depending on the response from the
customer's bank, the third and final stage of the transaction is settlement where the funds are cleared into the merchants account.

As a transaction will always return a pending response after the customer process's their order you should make sure that an appropriate response for the
customer is displayed letting them know that the transaction has been processed but it is pending approval before you can ship the merchandise. A postback
can be sent to an email address or to a url from the Awepay system once the transaction leaves a pending state, you will need to provide this information as
part of the integration process. Note that this postback is for the integration and is not sent to the customer, the integration will need to be able to notify the
customer of the transaction update.

2.4.1.0. Interface Location

The Awepay payment system uses SOAP to communicate with customer sales systems. It is important that the required parameters passed to the server are
formatted with the correct data type, (see Error! Reference source not found.) otherwise the transaction will not be accepted.

The SOAP service is located at: https://admin.awepay.com/soap/tx3.php?wsdl

2.4.1.1. Testing

https://admin.awepay.com/documentation.php 15/65
10/16/2020 Awepay

2.4.2.Single Transactions
The following SOAP API function is used to process single payments.

Function Name
processPayment

processPayment (
array ( integer sid,
string rcode,
array udetails,
array paydetails,
array cart,
array txparams)
)

2.4.3.ACH Account Types

ACH Account Type Description
1 Checking account.

2 Savings account.

2.4.4.ACH Classes
ACH
Conditions
Class
Accounts Receivable Entry - Used in debit applications when a consumer check is received via mail or at a drop-box location for payment of goods or
ARC
services. The check is used to collect the amount as well as the consumer's routing, account, and check serial number.

Customer Initiated Entry - Used in credit applications where tde consumer initiates tde transfer of funds to a company for payment of funds owed to tde
CIE
company, typically tdrough some type of home banking product or bill payment service provider.

Pre-arranged Payment and Deposit Entry - For direct deposit, this is used in credit application that transfers funds into a consumer's account at the
PPD Receiving Depository Financial Institution. For a pre-authorized payment, this is used in a debit application that the company, with customer's consent, will
initiate periodic charges to the customer's account as bills become due.

Re-presented Check Entry - Used in debit applications that will re-present a check that has been processed through the check collection system and
RCK
returned due to insufficient or un-collected funds.

Telephone Initiated Entry - Used in applications that will debit a consumer's account pursuant to an oral authorization obtained from the consumer via the
TEL
telephone.

Internet Initiated Entry - Used in signal entry or recurring debit of a consumer's account pursuant to an autdorization that is obtained form the Receiver via
WEB
tde Internet.

Cash Concentration or Disbursement - Used in either credit or debit application where funds are either distributed or consolidated between corporate
CCD
entities.

Corporate Trade Exchange - Used in an application that supports the transfer of funds (debit or credit) witdin a trading partner relationship in which full
CTX ANSI ASC X12 message or payment related UN/EDIFACT information is sent witd the funds transfer. this information is placed in multiple addenda
records.

Death Notification Entry - Used in applications that are utilized by a Federal Government Agency such as Social Security Administration to notify a
DNE
depository financial institution that the recipient of a government benefit payment has died.

2.4.5.Responses
The response from the server is an array. If the status has the value "OK" the transaction has been successfully processed. The response array has the
following structure:

Name Data Type Description

status String Has the value "OK" for a successful transaction, or "EXC" for a failed transaction

txid String The transaction ID

error String If an error has occured, then the status value will equal "EXC" and this array with contain further information

type String The error type

sys String The system that caused the error (client or server)

msg String The error message

info String Error information that contains the bank message and bank code

code String Awepay error code

2.5. SOAP, Card Load

2.5.1.General Information
Awepay is able to process loads onto approved card types. Loads, often referred to as bookback, are when instead of money being debited from an account,
money is transferred onto the balance of an approved debit card or credit card; much like a credit.

2.5.1.0. Interface Location

The SOAP service is located at: https://admin.awepay.com/soap/tx3.php?wsdl

2.5.2.Load Transactions

https://admin.awepay.com/documentation.php 16/65
10/16/2020 Awepay
The following SOAP API function is used to load a card.

Function Name
processLoad

Parameters
transactionData, an array of transaction details.

Example

processLoad (
array ( integer sid,
string rcode,
array udetails,
array paydetails,
array cart,
array txparams)
)

2.5.3.Responses
The response from the server is an array. If the status has the value "OK" the transaction has been successfully processed. The response array has the
following structure:

Name Data Type Description

status String Has the value "OK" for a successful transaction, or "EXC" for a failed transaction

txid String The transaction ID

required Array This array will contain values in the event of Secure3D. The status will equal "REQ" if Secure3D is required.

enrolled String Has the value "Y" indicating the card is enrolled with Secure3D

ACSUrl String Form "action" address

TermUrl String Hidden form value

payload String Hidden form value

MD String Submitted user session ID

embedhtml String (URL encoded) Pre-drawn HTML code to embed in your site (Alternatives available below)

error String If an error has occured, then the status value will equal "EXC" and this array with contain further information

type String The error type

sys String The system that caused the error (client or server)

msg String The error message

info String Error information that contains the bank message and bank code

code String Awepay error code

2.5.4.Process Flow
After a processLoad API Call is made, the response can be one of two: "PENDING", or "DECLINED".

If the API responds with "PENDING", this means the transaction has been successfully lodged and will be processed within the next 2-3 business days.

Once the funds have cleared and are onroute to the credit card, the system will update the status of transaction to "APPROVED", and trigger a postback to
the url supplied in the originating api request parameter ' txparams->postbackurl '. Please refer to section 3.7. Code Examples -> Postbacks for examples
of postback data.

If either the processLoad API call or the postback return a status of "DECLINED", this means the funds transfer has been unsuccessful. Please refer to
individual decline reasons.

2.6. SOAP, Refunds

2.6.1.General Information

2.6.1.0. Interface Location

The SOAP service is located at: https://admin.awepay.com/soap/tx3.php?wsdl

2.6.1.1. Void or Refund

Awepay is able to process both voids and refunds. There is no need in the client request to determine which action should be performed by Awepay.

a) If the transaction occurred within the last 48 hours and the full transaction amount has been passed to the refund API Awepay will try to do a void first. If
the void fails, Awepay will do a refund.

b) If the transaction has been processed more than 48 hours ago Awepay will perform a refund transaction.

c) Partial transaction amounts can only be refunded not voided. If you try to perform a partial refund within the first 48 hours of the transaction occurrence be
prepared to get an error message such as "invalid order reference number".

https://admin.awepay.com/documentation.php 17/65
10/16/2020 Awepay
2.6.1.2. Pending Status

Awepay will process refunds even if a site has refunds disabled. An error is the normal response, (See Example) these refunds will be placed in a pending
queue for the Awepay administration team to action. If a refund has "PEND" status returned it is possible to have a postback url in the request array so the
customer sales system can update in real time once the refund in the pending queue has been actioned.

2.6.2.Refunding Transactions
The following SOAP API function is used to refund a transaction.

Function Name
processRefund

Parameters
transactionData, an array of transaction details.

Example

processRefund (
array ( integer sid,
string rcode,
string txid,
string reason,
string amount,
string postbackurl,
string sendNotification)
)

2.6.3.Responses
The response from the server is an array. If the status has the value "OK" the transaction has been successfully processed. The response array has the
following structure:

Name Data Type Description

status String Has the value "OK" for a successful transaction, "EXC" for a failed transaction or "PEND" for pending.

txid String The transaction ID

required Array This array will contain values in the event of Secure3D. The status will equal "REQ" if Secure3D is required.

enrolled String Has the value "Y" indicating the card is enrolled with Secure3D

ACSUrl String Form "action" address

TermUrl String Hidden form value

payload String Hidden form value

MD String Submitted user session ID

embedhtml String (URL encoded) Pre-drawn HTML code to embed in your site (Alternatives available below)

error String If an error has occured, then the status value will equal "EXC" and this array with contain further information

type String The error type

sys String The system that caused the error (client or server)

msg String The error message

info String Error information that contains the bank message and bank code

code String Awepay error code

2.7. TxHandler

2.7.1.General Information

2.7.1.0. Interface Location

The TxHandler is located at: https://secure.awepay.com/txHandler.php

It will only be accessible from your domain when data has been sent via HTTP POST towards it.

2.7.1.1. Will I need to make changes to my integration if I am using Secure3D with TxHandler?

No. All the changes are handled internally by TxHandler.

2.7.2.Single Transactions
To process a transaction, post a form via HTTP POST to the TxHandler containing all variables in the table in Parameter Definitions 2.5.3.

2.7.3.Single Transactions - CUP/WeChat/AliPay/P2P

These situations require interaction by the customer through their browser. This API interface is purely to initiate a transaction and have a TXID and a HTML
form returned to embed into your website. This will allow you to trace the state of the transaction using the TXID in conjunction with the API function
"getTransactionDetails", and also allow you some control over the bank selection content.

Typical payment method codes are as follows:

https://admin.awepay.com/documentation.php 18/65
10/16/2020 Awepay
p2p - no upfront cardholder information is required at API stage, collection occurs on the remote page.

wechat - no upfront cardholder information is required at API stage, collection occurs via qr code.

alipay - no upfront cardholder information is required at API stage, collection occurs via qr code.

pg_ebank - account information is required at API stage, remote page is only for security screening.

There are 2 differing payment methods for CUP transactions dependant on your merchant account.

union_pay - no upfront cardholder information is required at API stage, collection occurs on the remote page.

union_pay_direct - cardholder information is required at API stage, remote page is only for security screening.

These transactions require an asynchronous state, because they may remain pending indefinately if a customer for instance closes their browser or leaves
the page during the remote screening.

You will be required to supply a Success, Failure and Postback URL, through each individual request, or alternatively you can submit these to support and
they can be permanently assigned to your SID - please refer to section 2.7.6.Responses for more information.

When a customer is returned from the secure hosted payment page after completing a payment, please assume all transactions are in a pending state until
confirmed via the information sent in the Postback call. Alternatively, you may choose to poll the transaction via the "getTransactionDetails" API call to
confirm its validity. Once a transaction is either Approved or Declined, it has completed its life cycle.

Please note that the following parameters are returned in a response regarding a redirected API transaction, and that all other standard API factors are
required such as validation.

Value Data Type Description

status String Will have the value of "REDIRECT" instead of "OK"

redirect Array The result array

html String The HTML to display for the customer to initate the browser transaction.

2.7.4.Flow diagram

https://admin.awepay.com/documentation.php 19/65
10/16/2020 Awepay

2.7.5.Parameter Definitions
Name Required Description

sid Site id (unique identifier for the web site)

wid Webmaster ID

tid Tracking ID

card_name Card holder name

card_no No spaces or dashes allowed

card_type visa, mastercard etc

card_ccv

card_exp_month 2 digits

card_exp_year 4 digits

bank_name Card issuer name

bank_phone Card issuer phone number

firstname First name of the customer

lastname Last name of the customer

email Customer email address

phone Customer phone number

mobile Customer mobile number

address Customer address

suburb_city Customer suburb or city

state Customer state, 2 digit code for US/Canada

postcode Customer postcode/zipcode

country Customer country, ISO 3166 2 digit code

item_quantity[] An array with the quantity of each cart item

item_name[] An array of article names for each cart item

item_no[] An array of article numbers for each cart item

item_desc[] An array with descriptions for each cart item

item_amount_unit[] An array that defines the price per unit for each cart item

ref1 Used for your own reference

ref2 Used for your own reference

ref3 Used for your own reference

ref4 Used for your own reference

addinfo Additional information, in most cases blank

postback_url The URL of the page used to recieve the TxHandler postback

2.7.6.Responses
Once the transaction has been processed, txHandler will return an encrypted string to the postback url you provided using a get variable.

The GET variable "Status" will be sent to the provided postback URL and once decrypted, contains the transaction status and txid.

The following code demonstrates how to decrypt the postback string using your rcode as the key, which will be returned as an array.

2.7.6.0. Decryption

PHP

https://admin.awepay.com/documentation.php 20/65
10/16/2020 Awepay

<?php
function decrypt($string, $key) {
$result = "";
$string = base64_decode($string);

for($i=0; $i<strlen($string); $i++) {

$char = substr($string, $i, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)-ord($keychar));
$result.=$char;
}

parse_str($result,$result);

return $result;
}

$result=decrypt($_GET["status"] , RCODE);
?>

https://admin.awepay.com/documentation.php 21/65
10/16/2020 Awepay

VB.NET (dummy console application code)

Imports System

Public Class Test

Public Shared Sub Main()

Dim encstring as string = "x5rZk6eb06nVonKGqIi6d3aGqIyniWN1soKMo6mT16rZbYR9ianemZlvlGqWZWdmk2yeZWVonGqZZ1uX1afVolpnpafLo6Wh0ajLVWp2oFvLoqeh1VqbcqKlylqbd
'Dim encstring=Request.Form("status")

Dim OnastaRCode as String = "5f052c"

Dim encbytes AS byte() = Convert.frombase64string(encstring)

Dim outputString as string

For i as int32 = 1 to encbytes.length Step 1

Dim x as int32 = (i - 1) mod Len(OnastaRCode)-1
If x < 0 Then x = Len(OnastaRCode) + x
x = x + 1
Dim keychar as String = Mid(OnastaRCode, x, 1)
Dim charac as string = Chr(encbytes(i - 1) - Asc(keychar))
outputString=outputString & charac
Next

' outputString=Unescape(outputString)
Console.WriteLine(outputString)

End Sub
End Class

Java (sample package)

https://admin.awepay.com/documentation.php 22/65
10/16/2020 Awepay

package javaapplication1;

import sun.security.util.Debug;

public class JavaApplication1 {

public static void main(String[] args) {

String str = "pdbFpq2rb7GvWJ2qpNHWV216n9XLV218b8TQk6Bel9TWoapdZ6THoZydV5eob6Fqa4jYqqGcb5OWZWxtY5SXZg%3D%3D"; /* Replace with your encrypted stri
System.out.println(str);
try {
str = java.net.URLDecoder.decode(str, "UTF-8");
} catch (Exception e) {

}
String dec = decrypt(str, "bd2882"); /* Replace with your RCode */
System.out.println(dec);
System.out.println(getQueryParams(dec));
}

public static String decrypt(String str, String key) {

StringBuilder result = new StringBuilder();
byte[] bytes = java.util.Base64.getDecoder().decode(str);
for (int i = 0; i < bytes.length; i++) {
int chr = java.lang.Byte.toUnsignedInt(bytes[i]);
int posi = (i % key.length()) - 1;
if (posi < 0) {
posi = key.length() + posi;
}
char keychar = key.charAt(posi);

result.append((char)(chr - (int)keychar));
}
return result.toString();
}

public static java.util.Map> getQueryParams(String query) {

try {
java.util.Map> params = new java.util.HashMap>();
for (String param : query.split("&")) {
String[] pair = param.split("=");
String key = java.net.URLDecoder.decode(pair[0], "UTF-8");
String value = "";
if (pair.length > 1) {
value = java.net.URLDecoder.decode(pair[1], "UTF-8");
}

java.util.List values = params.get(key);

if (values == null) {
values = new java.util.ArrayList();
params.put(key, values);
}
values.add(value);
}
return params;
} catch (java.io.UnsupportedEncodingException ex) {
throw new AssertionError(ex);
}
}

The following table contains the array definition after decryption.

Value Data Type Description

result Array The result array

status String Has the value "OK" for a successful transaction or "EXC" for a failed transaction

txid String The transaction ID

error Array

msg String The error message

required Array

original_txid String The original transaction ID

https://admin.awepay.com/documentation.php 23/65
10/16/2020 Awepay

2.8. Secure Hosted Payment

2.8.1.General Information

2.8.1.0. Interface Location

The Secure Hosted Payment page is located at: https://secure.awepay.com/

It will only be accessible from your domain when data has been sent via HTTP POST towards it.

2.8.1.1. Testing

To test your integration, please contact support and you will be provided with a testing SID.

2.8.1.2. Will I need to make changes to my integration if I am using Secure Hosted Payment?

If you are currently using the SOAP interface, yes, you will need to swap to our POST interface. If you are currently using our POST interface (txhandler), no,
all the changes are handled internally on the Secure Hosted Payment interface.

2.8.2.Single Transactions
To process a transaction, post a form via HTTP POST to the Secure Hosted Payment page containing all required variables in the table in Parameter
Definitions 2.6.3.

2.8.3.Single Transactions - CUP/WeChat/AliPay/P2P

Typical payment method codes are as follows:

p2p - no upfront cardholder information is required at API stage, collection occurs on the remote page.