OVERVIEW
(Citcon Hosted Online Payment)
The Citcon Hosted Online Payment (CHOP) provides a secure and easy way for shoppers to purchase goods and services from your website:
- Shoppers go to your site, where they select and add the desired items to their shopping cart.
- When they are ready to checkout to pay and finalize their order, they are redirected to the Citcon hosted payment page, where they enter the necessary details to complete the payment.
- After submitting the payment information, they are redirected back to your web site, where they can land on a summary information page displaying the result of the payment.
Our forms are optimized for mobile browsers and designed to reduce friction in your customer experience. You can use CHOP’s payment form template technology to create a brand-consistent, seamless checkout experience for your shoppers.
Why Use CHOP
Citcon’s hosted online payment helps you reduce the PCI compliance burden by removing the need to capture any sensitive payment information within the merchant network. This allows merchants to spend more time providing a better e-commerce experience without the worry of taking payment information within the merchant architecture. CHOP also provides a single unified API interface for various global payment methods that Citcon supports. This means that, even though payment methods are from different countries, and have vastly different processes, CHOP helps you simplify the customer experience and integration. Because CHOP hosts your payment forms, handles your payment data transmission, and processes your payments, it reduces PCI Compliance burden for merchants down to SAQ A-EP.
A Word On PCI Compliance
Does PCI Compliance Apply to me?
If you currently or in the future will accept credit cards from your customers then the answer would be yes. However, The major benefit of CHOP is the fact that it removes the complexity of PCI compliance from the merchant. Allow CHOP to work for you and reduce the anxiety that comes with PCI Compliance for a merchant.
Which level of PCI Compliance Applies to me?
PCI certification takes two forms: Self-assessment (i.e. do-it-yourself) or hiring a third party QSA (Qualified Security Assessor). Though there are obvious advantages to self-assessing, including effort and cost, your ability to self-asses is dependent on your annual transaction volume and is reflected in the resulting level of PCI certification (1-4) you attain. The following table describes the relationship between your transaction volume, required assessment approach, and level of certification:
If you have | then you can | to achieve | |
---|---|---|---|
less than 20,000 online transactions per year | self-assess | PCI Level 4 certification | |
between 20,000 and 1 million online transactions per year | self-assess | PCI Level 3 certification | |
between 1 million and 6 million online transactions per year | self-assess | PCI Level 2 certification | |
over 6 million online transactions per year | hire an independent assessor (QSA) | PCI Level 1 certification |
What kind of Self-Assess
If your systems | to then use | ||
---|---|---|---|
do not touch, process or store cardholder data, and do not serve any card collection forms SAQ A-EP | SAQ A-EP | ||
do touch, process or store cardholder data | SAQ D |
End Point
Integration Architecture
- After the customer selects which payment method, the merchant’s checkout page posts data to Citcon’s dynamic hosted payment form. The hosted payment form displays UI based on the selected payment method, such as QR code form, a wallet user log-in form or credit card entry form.
- When a customer completes entries on a hosted payment form, Citcon processes payments in the backend.
- Upon successful payments, the customer is redirected to a merchant-hosted confirmation page, together with data related to the payment. If a merchant’s confirmation page is capable of handling dynamic input data, it can display personalized confirmation using the merchant’s own data as well as the data sent by Citcon.
- Asynchronously, Citcon notifies the merchant’s backend of successful payments.
Chop for alipay and wechatpay
CHOP for Credit Cards
CHOP for China UnionPay
Charge
CHOP requires only the minimum necessary parameters to be passed at the entry point for most payment methods. This is because consumers will enter all other payment data on the hosted payment form.
The parameters are:
Attributes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Please only use amount when the payment method is alipay, wechatpay, cc, or upop. Please only use trans_amount when the payment method is jkopay, alipay_hk, kakaopay, gcash, dana, klarna, payco, naverpay, linepay, rakutenpay
Please only use currency when the payment method is alipay, wechatpay, cc, or upop. Please only use trans_currency when the payment method is jkopay, alipay_hk, kakaopay, gcash, dana, klarna, payco, naverpay, linepay, rakutenpay
● ISO 3166-2
● ISO 639
Currently the following payments support this parameter
. ● klarna
● card (KCP)
● banktransfer (KCP)
End Point
Request
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=wechatpay' \
--data-urlencode 'amount=1' \
--data-urlencode 'currency=USD' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=upop' \
--data-urlencode 'amount=1' \
--data-urlencode 'currency=USD' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=paypal' \
--data-urlencode 'reference=reference_test_0012' \
--data-urlencode 'amount=1000' \
--data-urlencode 'currency=USD' \
--data-urlencode 'auto_capture=true' \
--data-urlencode 'country=US' \
--data-urlencode 'ipn_url=https://webhook.site/6eacc06b-61ff-468a-b530-fcb18a1827f4' \
--data-urlencode 'callback_url_success=https://www.baidu.com' \
--data-urlencode 'callback_url_cancel=https://www.youtube.com' \
--data-urlencode 'callback_url_fail=https://www.google.com' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/success' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'timeout=300'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=venmo' \
--data-urlencode 'reference=reference_test_0012' \
--data-urlencode 'amount=1000' \
--data-urlencode 'currency=USD' \
--data-urlencode 'auto_capture=true' \
--data-urlencode 'country=US' \
--data-urlencode 'ipn_url=https://webhook.site/6eacc06b-61ff-468a-b530-fcb18a1827f4' \
--data-urlencode 'callback_url_success=https://www.baidu.com' \
--data-urlencode 'callback_url_cancel=https://www.youtube.com' \
--data-urlencode 'callback_url_fail=https://www.google.com' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/success' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'timeout=300'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=cc' \
--data-urlencode 'amount=1' \
--data-urlencode 'currency=USD' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=alipay_hk' \
--data-urlencode 'trans_amount=1' \
--data-urlencode 'trans_currency=HKD' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=alipay' \
--data-urlencode 'amount=1' \
--data-urlencode 'currency=USD' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=kakaopay' \
--data-urlencode 'trans_amount=50' \
--data-urlencode 'trans_currency=KRW' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=dana' \
--data-urlencode 'trans_amount=30000' \
--data-urlencode 'trans_currency=IDR' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=gcash' \
--data-urlencode 'trans_amount=100' \
--data-urlencode 'trans_currency=PHP' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'payment_method=jkopay' \
--data-urlencode 'trans_amount=10' \
--data-urlencode 'trans_currency=TWD' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'allow_duplicates=yes' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'mobile_result_url=https://www.merchant.com/mobile' \
--data-urlencode 'timeout=600'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'reference=test_citcon_001' \
--data-urlencode 'payment_method=klarna' \
--data-urlencode 'amount=4000' \
--data-urlencode 'currency=USD' \
--data-urlencode 'auto_capture=false' \
--data-urlencode 'country=US' \
--data-urlencode 'note=note' \
--data-urlencode 'goods={"data":[{"name":"Battery Power Pack","sku":"sku","url":"http://xxxx","quantity":4,"total_amount":4000,"unit_amount":1000,"total_tax_rate":0,"total_tax_amount":0,"total_discount_amount":0}],"shipping":{"first_name":"John","last_name":"Doe","phone":"4872345678","email":"test.sam1@test.com","street":"2425 Example Rd","street2":"","city":"Columbus","state":"OH","zip":"43221","country":"US"}}' \
--data-urlencode 'callback_url_success=https://jd.com' \
--data-urlencode 'callback_url_cancel=https://jd.com' \
--data-urlencode 'ipn_url=https://ipn-receive.qa01.citconpay.com/notify' \
--data-urlencode 'locale=en-us' \
--data-urlencode 'callback_url_fail=https://qq.com'
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer {access-token}' \
--data-urlencode 'reference=test_citcon _001' \
--data-urlencode 'payment_method=card' \
--data-urlencode 'amount=10000' \
--data-urlencode 'currency=KRW' \
--data-urlencode 'auto_capture=false' \
--data-urlencode 'country=KR' \
--data-urlencode 'consumer[first_name]=Liu' \
--data-urlencode 'consumer[last_name]=Diao' \
--data-urlencode 'consumer[phone]=18899000091' \
--data-urlencode 'consumer[email]=test@citcon.cn' \
--data-urlencode 'goods={\"data\":[{\"name\":\"Battery Power Pack\",\"taxable_amount\":0,\"tax_exempt_amount\":0,\"total_tax_amount\":0}]}' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_cancel=https://www.merchant.com/cancel' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'allow_duplicates=yes'
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer {access-token}' \
--data-urlencode 'reference=test_citcon _001' \
--data-urlencode 'payment_method=payco' \
--data-urlencode 'amount=10000' \
--data-urlencode 'currency=KRW' \
--data-urlencode 'auto_capture=false' \
--data-urlencode 'country=KR' \
--data-urlencode 'consumer[first_name]=Liu' \
--data-urlencode 'consumer[last_name]=Diao' \
--data-urlencode 'consumer[phone]=18899000091' \
--data-urlencode 'consumer[email]=test@citcon.cn' \
--data-urlencode 'goods={\"data\":[{\"name\":\"Battery Power Pack\",\"taxable_amount\":0,\"tax_exempt_amount\":0,\"total_tax_amount\":0}]}' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_cancel=https://www.merchant.com/cancel' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'allow_duplicates=yes'
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer {access-token}' \
--data-urlencode 'reference=test_citcon _001' \
--data-urlencode 'payment_method=naverpay' \
--data-urlencode 'amount=10000' \
--data-urlencode 'currency=KRW' \
--data-urlencode 'auto_capture=false' \
--data-urlencode 'country=KR' \
--data-urlencode 'consumer[first_name]=Liu' \
--data-urlencode 'consumer[last_name]=Diao' \
--data-urlencode 'consumer[phone]=18899000091' \
--data-urlencode 'consumer[email]=test@citcon.cn' \
--data-urlencode 'goods={\"data\":[{\"name\":\"Battery Power Pack\",\"taxable_amount\":0,\"tax_exempt_amount\":0,\"total_tax_amount\":0}]}' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_cancel=https://www.merchant.com/cancel' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'allow_duplicates=yes'
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer {access-token}' \
--data-urlencode 'reference=test_citcon _001' \
--data-urlencode 'payment_method=kakaopay' \
--data-urlencode 'amount=10000' \
--data-urlencode 'currency=KRW' \
--data-urlencode 'auto_capture=false' \
--data-urlencode 'country=KR' \
--data-urlencode 'consumer[first_name]=Liu' \
--data-urlencode 'consumer[last_name]=Diao' \
--data-urlencode 'consumer[phone]=18899000091' \
--data-urlencode 'consumer[email]=test@citcon.cn' \
--data-urlencode 'goods={\"data\":[{\"name\":\"Battery Power Pack\",\"taxable_amount\":0,\"tax_exempt_amount\":0,\"total_tax_amount\":0}]}' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_cancel=https://www.merchant.com/cancel' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'allow_duplicates=yes'
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer {access-token}' \
--data-urlencode 'reference=test_citcon _001' \
--data-urlencode 'payment_method=banktransfer' \
--data-urlencode 'amount=10000' \
--data-urlencode 'currency=KRW' \
--data-urlencode 'auto_capture=false' \
--data-urlencode 'country=KR' \
--data-urlencode 'consumer[first_name]=Liu' \
--data-urlencode 'consumer[last_name]=Diao' \
--data-urlencode 'consumer[phone]=18899000091' \
--data-urlencode 'consumer[email]=test@citcon.cn' \
--data-urlencode 'goods={\"data\":[{\"name\":\"Battery Power Pack\",\"taxable_amount\":0,\"tax_exempt_amount\":0,\"total_tax_amount\":0}]}' \
--data-urlencode 'callback_url_success=https://www.merchant.com/success' \
--data-urlencode 'callback_url_cancel=https://www.merchant.com/cancel' \
--data-urlencode 'ipn_url=https://webhook.site/' \
--data-urlencode 'callback_url_fail=https://www.merchant.com/fail' \
--data-urlencode 'allow_duplicates=yes'
Response
Inquire
This API allows merchants to inquire about the status of a particular payment and/or order.
The parameters are:
Attributes
End Point
Request
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'inquire_method=real' \
--data-urlencode 'transaction_id={{transaction_id}}'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'q=5cfecfebd0d7c117d1326622d' \
--data-urlencode 'inquire_method=real'
Response
CAPTURE
This API allows merchants to capture a charge that has been authorized. Only certain payment methods support the capture function.
Attributes
This field is only supported with certain payment methods listed below.
- klarna
This field is only supported with certain payment methods listed below.
- Klarna
End Point
Request
-H 'Authorization: Bearer {access-token}' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'transaction_id={transaction_id}' \
--data-urlencode 'amount=4000'
-H 'Authorization: Bearer {access-token}' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'reference={reference}' \
--data-urlencode 'amount=4000'
Response
Refund
This API allows our merchants to make full or partial refunds on successfully paid transactions in the same currency as the original transaction. Merchants may make multiple partial refunds on an original transaction. However, the total refund(s) amount cannot exceed the amount of the original transaction. Refunds are available anytime but there are considerations.
- Merchants must have funds in open balance in order to process a refund
- Refunds attempted without enough funds in open balance will result in a failure
- Open Balance are reset at the beginning of the day
Your Citcon account holds funds from payment method(s) transactions settled based on settlement timing of the payment method. Successfully charged transactions are added and refunds are deducted from your account. Merchants may apply for an exemption when there’s insufficient funds in your Citcon account to refund by submitting a request through support@citcon-inc.com. Merchants may also apply to support@citcon-inc.com to enable refunds within the Citcon Dashboard. Merchants may also submit to support@citcon-inc.com requesting Citcon enable refunds even when their Citcon account balance has insufficient funds.
Refund Use Case
Refunds submitted on subsequent days may fail due to insufficient funds in your Citcon account. For example When you start your day, you have zero $ in open balance. If a customer comes and asks for a refund, you have no cash to give, therefore a refund cannot happen.
Attributes
End Point
Request
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'amount=1' \
--data-urlencode 'currency=USD' \
--data-urlencode 'transaction_id={transaction_id}' \
--data-urlencode 'reason=test'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'amount=1' \
--data-urlencode 'currency=USD' \
--data-urlencode 'reference={reference}' \
--data-urlencode 'reason=test'
Response
CANCEL
Some wallets may have cancellation window restrictions. Please check the response code and retry if it has not reached the cancellation window. Cancel API currently supports Alipay and WeChat Pay only.
If a payment has already been settled, merchants should use refund API, instead of cancel API, to return payment funds to consumers.
If a payment has already been cancelled, merchants will receive an error message which is “Duplicate cancellation“.
If a cancel request is out of cancellation windows, merchants will receive an error message which is “Not in cancellation window“.
Attributes
End Point
Request
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'transaction_reference={reference}'
--header 'Authorization: Bearer {access-token}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'transaction_id={transaction_id}'
Response
URL Redirect
callback_url_success
CHOP redirects to callback_url_success in the following scenarios:
- When payment method is wallet based and consumer successfully completes payment in their wallet app.
- When payment method is Credit Card and consumer successfully completes payment in CHOP.
Merchant’s callback_url_success page can either be static (which ignores all the query string parameters) or dynamic. If it’s a dynamic page, it can handle the following query string parameters:
payment_instance_token (CHOP ID that merchants can reference when contacting Citcon)
ssl_amount (amount paid in cents, for example, 9.99 is in the form of 999)
ssl_result (0 indicates success)
ssl_approval_code (only in Credit Card payment)
ssl_cvv2_response (only in Credit Card payment; CVV2 validation result, see CVV2/CVC2 section)
ssl_avs_response (only in Credit Card payment and when AVS is enabled; AVS validation result, see AVS section)
ssl_txn_id (only in Credit Card payment; credit card transaction ID)
ssl_card_number (only in Credit Card payment; masked credit card number, such as 4111xxxxxxxx1111)
ssl_exp_date (only in Credit Card payment; expiration date in 2-digit month followed by 2-digit year, such as 1020)
ssl_txn_time (only in Credit Card payment; credit card transaction time, in mm/dd/yyyy HH:mm:ss AM)
callback_url_fail
CHOP redirects to callback_url_fail in the following scenarios:
- When payment method is Credit Card and consumer’s credit card gets a decline.
- When payment method is Wallet based and consumer payment method is declined.
Merchant’s callback_url_fail page can either be static (which ignores all the query string parameters) or dynamic. If it’s a dynamic page, it can handle the following query string parameters:
payment_instance_token (CHOP ID that merchants can reference when contacting Citcon)
ssl_amount (amount paid in cents, for example, 9.99 is in the form of 999)
ssl_result (in Alipay/WeChat pay, any value other than 0 is a failed one. In Credit Card transactions, it’s the decline code, see Error Codes section)
ssl_cvv2_response (only in Credit Card payment; CVV2 validation result, see CVV2/CVC2 section)
ssl_avs_response (only in Credit Card payment and when AVS is enabled; AVS validation result, see AVS section)
ssl_txn_id (only in Credit Card payment; credit card transaction ID)
ssl_card_number (only in Credit Card payment; masked credit card number, such as 4111xxxxxxxx1111)
ssl_exp_date (only in Credit Card payment; expiration date in 2-digit month followed by 2-digit year, such as 1020)
ssl_txn_time (only in Credit Card payment; credit card transaction time, in mm/dd/yyyy HH:mm:ss AM)
IPN
IPN (Instant Payment Notification)
For a merchant to get notified when a payment has been successfully completed for an order, merchants will provide an ipn_url in CHOP API call. When payment is successfully completed, Citcon, asynchronously, sends an HTTP POST to this url and passes in the following parameters:
- id (the CHOP id merchants can reference to when contacting Citcon or initiate a refund)
- amount (the payment amount in cents. For example, 9.99 is in the form of 999)
- notify_status (success/fail)
- currency (ISO 3-character currency code, for example, USD)
- time (time of payment, in the format of yyyy-MM-dd HH:mm:ss)
- reference (Merchant’s internal identifier that is used to initiate CHOP)
- notify_id (the ID related to a notification. Merchants can reference to it when contacting Citcon)
- approval_code (only available for successful credit card transactions)
- card_token (only available for successful credit card transactions)
- result_message (only available for credit card or credit card recurring transactions. detailed message of responses)
- card_number (only available for credit card or credit card recurring transactions. masked credit card number)
- exp_date (only available for credit card or credit card recurring transactions. expiration date in the format of MMYY)
- transaction_type (only available for credit card or credit card recurring transactions, such as SALE, RECURRING)
- recurring_id (only available for credit card recurring transactions, the identifier of a recurring payment setup. This recurring_id can be used to update or delete recurring)
- fields (a comma separated list of field names included in IPN. for example, “id,amount,notify_status,currency,time,reference,notify_id”)
- sign (a signature for merchants to authenticate the IPN content)
-
- Construct a string of all key/value pairs using only keys in the “fields” field,including the “fields” using the format of key1=value1&key2=value2, this list should be sorted alphabetically by keys. Note that neither the keys or values should be URL encoded. As followed is a potential example of the constructed string.
amount=1&card_number=41**********1111¤cy=USD&exp_date=1020&fields=id,amount,notify_status,currency,time,reference,notify_id,result_message,card_number,exp_date,transaction_type,recurring_id&id=af37ffeb2f4785a97bba4e0496cc0c80; notify_id=090217A15-6222841B-5363-4FB7-886F-3CE38415ACDD¬ify_status=success&recurring_id=af37ffeb2f4785a97bba4e0496cc0c80&reference=7ed9e2623acdd8ffb8c6a90dd605c6cf&result_message=SUCCESS&time=2017-02-09 13:50:42&transaction_type=CCADDRECURRING
- Append &token=<merchant token> to the end of the string above. As followed is the resulted string.
amount=1&card_number=41**********1111¤cy=USD&exp_date=1020&fields=id,amount,notify_status,currency,time,reference,notify_id,result_message,card_number,exp_date,transaction_type,recurring_id&id=af37ffeb2f4785a97bba4e0496cc0c80& notify_id=090217A15-6222841B-5363-4FB7-886F-3CE38415ACDD¬ify_status=success&recurring_id=af37ffeb2f4785a97bba4e0496cc0c80&reference=7ed9e2623acdd8ffb8c6a90dd605c6cf&result_message=SUCCESS&time=2017-02-09 13:50:42&transaction_type=CCADDRECURRING&token=123456
- MD5 hash the string above, to compute a signature. This signature should match the sign field posted in IPN.
As followed please find the sample code to compute a signature using Php.
function sign_ipn($reply, $token) { ksort($reply); $flat_reply = ""; foreach ($reply as $key=>$value){ $flat_reply = $flat_reply."$key=$value&"; } $flat_reply = $flat_reply."token=$token"; return md5($flat_reply); } $fields = $_POST['fields']; $data['fields'] = $fields; $tok = strtok($fields, ","); while ($tok !== false) { $data[$tok] = $_POST[$tok]; $tok = strtok(","); } $mysign = sign_ipn($data, '123456');
Upon receipt of the notification, merchants can mark their internal databases or system of payment status, or communicate with customers accordingly asynchronously.
The IPNs are initiated from Citcon’s servers hosted in AWS. Please make sure that merchants allow HTTP incoming traffic from AWS.
An example of IPN HTTP POST field:"id"="0c4486d74a30e87adcbc569156a6084d" "amount"="1" "notify_status"="success" "currency"="USD" "time"="2016-11-09 07:49:53" "reference"="ABCD123457890" "notify_id"="78b6d63503e7a97cb6e8d09c23de5f5n0u" "fields"="id,amount,notify_status,currency,time,reference,notify_id"
- Construct a string of all key/value pairs using only keys in the “fields” field,including the “fields” using the format of key1=value1&key2=value2, this list should be sorted alphabetically by keys. Note that neither the keys or values should be URL encoded. As followed is a potential example of the constructed string.
CHOP API Error Codes
Code | Message | ||
---|---|---|---|
2000 | “Success” | ||
4010 | “Invalid Token!” | ||
4011 | “unknown vendor” | ||
4012 | “invalid currency %s, it is not merchant’s primary currency.” | ||
4013 | “Invalid original transaction id” | ||
4020 | “request is invalid” | ||
4021 | “This transaction is already paid” | ||
4022 | “no transaction found” | ||
4030 | “Amount must be greater than 0” | ||
4031 | “invalid amount” | ||
4040 | “Unable to create transaction.” | ||
4052 | “Must pass in original transaction id” | ||
4054 | “payment method not allowed for this merchant” | ||
4055 | “invalid timeout value. Please enter a positive integer representing number of seconds” | ||
4070 | “Invalid source. Please contact Citcon.” | ||
4071 | “Refund amount greater than allowed.” | ||
4072 | “refund amount greater than payment amount” | ||
4073 | “Refund amount cannot be greater than today’s overall payment amount” | ||
4074 | “refund restricted” | ||
4075 | “refund limit reached” | ||
4080 | “Request parameter error” | ||
4100 | “No transaction identified” | ||
4101 | “unknown error” |