Pagsmile
  • Introduction
  • Reference
  • Payin API
    • Environments
    • All-In-One Checkout
      • Checkout Page (General)
      • Checkout Page (E-com)
    • Direct integration
      • Argentina
        • DebitCard
        • DEBIN
        • Khipu
        • QRCode
        • Rapipago
        • ❌Wallet
        • ❌Bank Transfer
        • ❌PagoFacil
      • Brazil
        • Credit Card
        • Credit Card Pre Auth
          • Capture
          • Void
          • Pagsmile JavaScript
        • Pix
        • Static Pix
        • Virtual PIX
          • Create Virtual PIX Account
          • Query Virtual PIX Account
          • Notification of Virtual PIX Account Payment
        • OpenFinance
        • Lottery
        • Boleto
        • Wallet
        • ❌Credit Card
        • ❌Deposit Express
      • Mexico
        • Credit Card
        • SPEI
        • Virtual SPEI
          • Create Virtual SPEI Account
          • Query Virtual SPEI Account
          • Cancel Virtual SPEI Account
          • Check Usage of Virtual SPEI Account
          • Notification of Virtual Account Payment
        • CoDi
        • OXXOPay
        • Cash
        • Dimo
        • Wallet
        • ❌OXXO
      • Colombia
        • PSE
        • Transfiya
        • Efecty
        • Bancolombia
        • SuRed
        • Wallet
        • Gana
        • ❌Baloto
      • Chile
        • Webpay
        • Khipu
        • Pago46
        • Bank Transfer
        • ❌Cash
        • Wallet
      • Peru
        • Credit Card
        • Bank Transfer
        • Cash
        • QRCode
        • ❌Pagoefectivo
      • Ecuador
        • Credit Card
        • Bank Transfer
        • Cash
      • Costa Rica
        • Cash
        • BNCR
        • ❌Bank Transfer
      • Panama
        • Cash
        • ❌Bank Transfer
      • Guatemala
        • Cash
        • ❌Bank Transfer
      • Bolivia
        • ❌Bank Transfer
      • Paraguay
        • ❌Bank Transfer
      • Uruguay
        • Cash
        • ❌Bank Transfer
      • El Salvador
        • ❌Cash
      • Nigeria
        • Bank Transfer
      • China
        • Wallet
        • Vault
      • Hongkong
        • Wallet
      • Taiwan
        • Bank Transfer
        • OTC
        • PostTransfer
        • Wallet
      • Indonesia
        • Bank Transfer
        • QRIS
        • Wallet
      • South Korea
        • Wallet
        • Bank Transfer
        • Virtual Account
      • Singapore
        • Wallet
      • Malaysia
        • Wallet
        • Vault
      • Philippines
        • AlipayPlus
        • QRPH
        • Wallet
        • Vault
      • Thailand
        • Wallet
      • Vietnam
        • QRCode
      • Türkiye
        • Wallet
      • Egypt
        • Credit Card
        • Wallet
        • Cash
        • Kiosk
      • Saudi Arabia
        • Credit Card
      • Kuwait
        • Credit Card
      • Qatar
        • Credit Card
      • Oman
        • Credit Card
      • United Arab Emirates
        • Credit Card
      • Bahrain
        • Credit Card
      • Kazakhstan
        • Credit Card
      • Uzbekistan
        • Credit Card
      • Europe
        • Credit Card
        • Wallet
      • North America
        • Credit Card
        • Wallet
    • Notification
      • Security
    • Recurring Payment
      • Support Target and Currency
    • PCI Direct Integration
      • Tokenization
      • Create Card Payment
      • Authorization
      • Capture
      • Void
    • Account Balance
    • Payin Detail
    • Refund
    • Plug-in & Tools
      • Pagsmile JavaScript
      • Pagsmile SDK
      • Get CreditCard Token
      • Supported Bank List Query
      • Installment Detail Query
      • Payin SFTP Report
    • Data
      • Bank list
        • Bank in Colombia
      • Country Code
      • Data for test (Sandbox)
      • Icon of methods
      • Payment Method
      • Payin Status
    • API Code
  • Payout API
    • Environments
    • Security
    • Submit a payout
      • Pagsmile Wallet
        • WebView Example
        • H5 Authorization
        • Native App Authorization
        • Send Prizes
      • PayPal
        • ❌Supported Countries
      • Argentina
        • Wallet
        • BankTransfer
      • Bolivia
        • ❌BankTransfer
      • Brazil
        • Pix
        • BankTransfer
      • Chile
        • Wallet
        • BankTransfer
      • Colombia
        • Wallet
        • Transfiya
        • BankTransfer
      • Costa Rica
        • ❌BankTransfer
      • Ecuador
        • BankTransfer
      • Guatemala
        • ❌BankTransfer
      • Mexico
        • SPEI
      • Panama
        • ❌BankTransfer
      • Peru
        • BankTransfer
        • Regions in Peru
      • Turkey
        • Wallet
        • BankTransfer
      • Uruguay
        • BankTransfer
      • Vietnam
        • BankTransfer
    • Notification
    • Payout DryRun
    • Checkout Page
    • Account Balance
    • Payout Proof
    • Payout Status
    • Payout Bank List
    • Payout List
    • Payout Detail
    • Payout SFTP Report
    • Payment Method
    • Data for test
    • Bank Code
      • Bank in Argentina
      • Bank in Bolivia
      • Bank in Brazil
        • Bank in Brazil (TED)
      • Bank in Chile
      • Bank in Colombia
      • Bank in Costa Rica
      • Bank in Ecuador
      • Bank in Guatemala
      • Bank in Mexico
      • Bank in Panama
      • Bank in Peru
      • Bank in Uruguay
    • API Code
  • Issuing Card API
    • Environments
    • Security
    • Common
    • Business
      • Partner
        • Create Deposit Order
        • Query Deposit Result
        • Transfer
        • Query Partner Balance
        • Query Partner Transactions
      • Cardholder
        • Create Cardholder
        • Update Cardholder
        • Query Cardholder
        • Upload Supporting Documents
        • Create Corporation Cardholder
        • Update Corporation Cardholder
        • Query Corporation Cardholder
      • Card
        • Apply For a Card
        • Query Apply Result
        • Query Card Information
        • Topup a Card
        • Card Balance Return
        • Query Card Balance
        • Update a Card
          • Revoke
          • Block a Card
          • UnBlock a Card
        • Retrieve Password
        • Query Transaction Detail information
        • Query Transactions
        • Query Authorizations
        • Card Limit
          • Create Card Limit
          • Update Card Limit
          • Query Card Limit
          • Query Default Card Limit
          • Query Remaining Card Limit
        • Query Available Card BINs
      • Webhook
        • Manage Webhook URL
          • Create Webhook URL
          • Update Webhook URL
          • Query Webhook URL
        • Apply Card Result Notification
        • Card Status Notification
        • Cardholder Audit Status Notification
        • Authorization Details Notification
        • OTP Information Notification
    • Data
      • Dictionary Item
        • CustomerType
        • CustomerAuditStatus
        • Customer Codes
        • Gender
        • IdType
        • CustomerStatus
        • RiskLevel
        • CardOrderStatus
        • CardType
        • CardSchema
        • CardStatus
        • TransactionType
        • TransationStatus
        • CardLog.logType
        • AccountStatus
        • AuthStatus
        • AuthSettleStatus
        • ProcessStatus
        • FeeMethod
        • FeeStatus
        • NotificationStatus
        • Currency
        • CustomerFileType
        • WebhookType
        • ResponseCode
        • CHARSETS
        • CountryCode
      • Trade Currency
  • Remittance API
    • Environments
    • Security
    • Common
    • Business
      • Onboard
        • Create Corporation
        • Update Corporation
        • Query Corporation
        • Create Individual
        • Update Individual
        • Query Individual
        • Add Shop
        • Delete Shop
        • Query Shops
      • Collection
        • Apply VA
        • Query Apply VA Result
        • Apply VA Result Notification
        • Collection Notification
        • Query Collections
        • Create Material
        • Upload Material Document
        • Submit Material Document
        • Query Materials
        • Material Audit Result Notification
        • Link Material and Collection
        • Query Linked Materials By Collection
        • Link Result Notification
      • Exchange
        • Query Support Currency Pairs
        • Query Quote
        • Create Exchange Order
        • Query Exchange Orders
      • Payment
        • Query Payment Fields
        • Add Payee
        • Update Payee
        • Delete Payee
        • Query Payee Detail
        • Create Payment Order
        • Query Payment Orders
        • Payment Result Notification
      • Withdrawal
        • Add Withdrawal Account
        • Update Withdrawal Account
        • Delete Withdrawal Account
        • Query Withdrawal Account Detail
        • Create Withdrawal Order
        • Query Withdrawal Orders
        • Withdrawal Result Notification
      • Transfer
        • Internal transfer
      • Account
        • Query Account Balance
        • Query Account Transactions
      • Partner
        • Create Topup Order
        • Query Topup Result
        • Query Partner Balance
        • Query Partner Transactions
      • Webhook
        • Webhook Common
        • Manage URL
          • Create Webhook URL
          • Update Webhook URL
          • Query Webhook URL
    • Data
      • Dictionary Item
        • Business Type
        • Business Category
        • Webhook Type
        • All Collection Status
        • Transaction Type
        • Transaction Status
        • Gender
        • Id Type
        • File Type
        • Fixed Side
        • Order Status
        • Pay Type
        • Payee Type
        • Currency
        • CHARSETS
        • Country Code
      • Trade Currency
  • E-com Platform
    • Shopify
    • Shoplazza
    • WIX
    • Woocommerce
  • Country Info
  • OTHER
    • Changelog
Powered by GitBook
On this page
  • Request Signature
  • Response Signature
  • Example

Was this helpful?

  1. Issuing Card API

Security

In today's digital landscape, safeguarding sensitive financial information is paramount. We are equipped with strong security measures to protect both your data and that of your customers.

Request Signature

1、Request header

Name
Type
Description

Content-Type*

string

application/json; chartset=UTF-8

2、Request body

{
    "app_id": "2017051914172236111",
    "partner_id": "000000000000001",
    "sub_partner_id": "",
    "timestamp": "2011-09-23 04:24:03",
    "version": "1.0",
    "random_key": "OvUp0Z7zhLfYdBR1lOK", //need to be encrypted
    "request_id": "jJT3+PR9CSowcR2QOK5OzMjVmTSjGoectzYbO8lENHnboElE",
    "sign_type": "RSA",
    "biz_data": {}. //need to be encrypted
}

3、Signature

randomKey: Encrypt using Pagsmile RSA public key for secure communication.

Step 1 : Randomly generate a 16-byte AES KEY;

Step 2 : Encrypt AES KEY with Pagsmile RSA public key;

Find the Pagsmile RSA public key in the config of the app under the App Management section of the Pagsmile Dashboard.

*The RSA key pairs are 2048 bits in length.

biz_Data: Encrypt using the AES KEY generated in Step 1.

Response Signature

1、Response body

{
    "code": "10000",
    "msg": "Success",
    "data": { }, //need to be decrypted
    "total":1
    "random_key":"OvUp0Z7zhLfYdBR1lOK/F1fE0jKGiwsIea9XD9urkav",//need to be decrypted
    "sign_type": "RSA",
    "app_id": "2017051914172236111"
}

2、Signature

random_key: Decrypt using the Merchant RSA private key, which is part of the pair with the Merchant RSA public key saved in the Pagsmile test dashboard.

Generate a pair of RSA keys and ensure that you update the Merchant RSA Public Key in the App Management section of the Pagsmile Dashboard.

data: Decrypt using the AES KEY provided in the request message.

Example


public class CryptoUtil {
    private static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes(StandardCharsets.US_ASCII);
    public static IvParameterSpec generateIvValue() {
        return new IvParameterSpec(generateRandom16Chars().getBytes());
    }
    private static String generateRandom16Chars() {
        byte[] array = new byte[8];
        SecureRandom random = new SecureRandom();
        random.nextBytes(array);
        return bytesToHex(array);
    }
    private static String bytesToHex(byte[] bytes) {
        byte[] hexChars = new byte[bytes.length * 2];
        for (int j = 0; j < bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j * 2] = HEX_ARRAY[v >>> 4];
            hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
        }
        return new String(hexChars, StandardCharsets.UTF_8);
    }
}

public class CryptoExample {

    //encrypt random_key
    public static String encryptSecret(PublicKey publicKey, String secret) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); // PKCS1 or OAEP padding "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" can be used
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        byte[] encryptedSign = cipher.doFinal(secret.getBytes());
        return Base64.getEncoder().encodeToString(encryptedSign);
    }
    //encrypt biz_data
    public static String encryptContentMode(String content, String secret) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        IvParameterSpec iv = CryptoUtil.generateIvValue();
        SecretKey secretKey = new SecretKeySpec(secret.getBytes(), "AES");
        Cipher dataCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        dataCipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
        byte[] encryptedDataBytes = dataCipher.doFinal(content.getBytes());
        return new String(iv.getIV()) + Base64.getEncoder().encodeToString(encryptedDataBytes);
    }
    //decrypt random_key
    public static String decryptSecretMode(PrivateKey privateKey, String sign) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        byte[] encryptedDataBytes = Base64.getDecoder().decode(sign);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); // PKCS1 or OAEP padding "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" can be used
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        byte[] secretByte = cipher.doFinal(encryptedDataBytes);
        return new String(secretByte);
    }
    //decrypt data
    public static String decryptContentMode(String encryptedContent, String secret) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        String ivString = encryptedContent.substring(0, 16);
        String correctEncryptedData = encryptedContent.substring(16);
        byte[] encryptedDataBytes = Base64.getDecoder().decode(correctEncryptedData);
        IvParameterSpec iv = new IvParameterSpec(ivString.getBytes());
        SecretKey secretKey = new SecretKeySpec(secret.getBytes(), "AES");
        Cipher dataCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        dataCipher.init(Cipher.DECRYPT_MODE, secretKey, iv);
        byte[] decryptedDataBytes = dataCipher.doFinal(encryptedDataBytes);
        return new String(decryptedDataBytes);
    }
}

Encryption algorithm in PHP-encrypt with RSA Public Key

<?php

// public key
$publicKey = 'public key';

function encryptSecret(string $secret, string $publicKey): string
{
    // OPENSSL_PKCS1_OAEP_PADDING or OPENSSL_PKCS1_PADDING
    openssl_public_encrypt($secret, $encryptedData, $publicKey, OPENSSL_PKCS1_PADDING);

    return base64_encode($encryptedData);
}

function encryptContent(string $content, string $secret): string
{
    $iv = bin2hex(random_bytes(8));
    $encryptedData = openssl_encrypt($content, 'aes-256-cbc', $secret, OPENSSL_RAW_DATA, $iv);

    return $iv.base64_encode($encryptedData);
}

// usage
$secret = 'RandomString32CharactersLength12'; // 32 characters; must be randomly generated for every response 
$random_key = encryptSecret($secret, $publicKey); // add to 'random_key'
$biz_data = '{"responseCode":"00","billingAmount":"11186","holderAmount":"11186","availableBalance":100008814,"settledBalance":100020000}';
$encryptedContent = encryptContent($content, $secret); // set this to be the response body

// Optional outputs that show the result
echo $sign.PHP_EOL;
echo $encryptedContent.PHP_EOL;

Decryption algorithm in PHP

<?php

// Client private key
$privateKey = 'insert your private key here';
$encryptedContent = 'raw response body'; // Get from the webhook body

function decryptSecret(string $sign, string $privateKey): string
{
    // OPENSSL_PKCS1_OAEP_PADDING or OPENSSL_PKCS1_PADDING
    openssl_private_decrypt(base64_decode($sign), $secret, $privateKey, OPENSSL_PKCS1_PADDING);

    return $secret;
}

function decryptContent(string $encryptedContent, string $secret): string
{
    $iv = substr($encryptedContent, 0, 16);
    $encryptedData = base64_decode(substr($encryptedContent, 16));

    return openssl_decrypt($encryptedData, 'aes-256-cbc', $secret, OPENSSL_RAW_DATA, $iv);
}

// usage
$decryptedSecret = decryptSecret($sign, $privateKey);
$decryptedContent = decryptContent($encryptedContent, $decryptedSecret);

// Optional output that shows the result
echo $decryptedContent.PHP_EOL;

Encryption algorithm in C# (MODE 2 - encrypt with RSA public key)


// ISAC public key
string publicKey = "insert ISAC public key here";

static string EncryptSecret(string secret, string publicKey)
{
    // OaepEncoding or Pkcs1Encoding
    var encryptEngine = new OaepEncoding(new RsaEngine());
    using (var reader = new StringReader(publicKey))
    {
        encryptEngine.Init(true, (AsymmetricKeyParameter)new PemReader(reader).ReadObject());
    }

    var data = Encoding.UTF8.GetBytes(secret);
    var encryptedData = encryptEngine.ProcessBlock(data, 0, data.Length);

    return Convert.ToBase64String(encryptedData);
}

static string EncryptContent(string content, string secret)
{
    var iv = Hex.Encode(new SecureRandom().GenerateSeed(8));

    var cipher = CipherUtilities.GetCipher("AES/CBC/PKCS7PADDING");
    var keyParam = new KeyParameter(Encoding.UTF8.GetBytes(secret));
    var keyParamWithIv = new ParametersWithIV(keyParam, iv, 0, 16);
    cipher.Init(true, keyParamWithIv);

    var encryptedData = cipher.DoFinal(Encoding.UTF8.GetBytes(content));

    return Encoding.UTF8.GetString(iv) + Convert.ToBase64String(encryptedData);
}

string secret = "RandomString32CharactersLength12"; // 32 characters; must be randomly generated for every response
string sign = EncryptSecret(secret, publicKey); //
string bizData = "{"responseCode":"00","billingAmount":"11186","holderAmount":"11186","availableBalance":100008814,"settledBalance":100020000}";
string encryptedContent = EncryptContent(content, secret); // set this to be the response body
// Optional outputs that show the result
Console.WriteLine(sign);
Console.WriteLine(encryptedContent);

Decryption algorithm in C#


// Client private key
string privateKey = "Client private key";

string sign = "response"; // Get from response 'random_Key'
string encryptedContent = "raw response body"; // Get from Get from response 'data'

static string DecryptSecret(string sign, string privateKey)
{
    // OaepEncoding or Pkcs1Encoding
    var decryptEngine = new OaepEncoding(new RsaEngine());
    using (var reader = new StringReader(privateKey))
    {
        decryptEngine.Init(false, (AsymmetricKeyParameter)new PemReader(reader).ReadObject());
    }

    var data = Convert.FromBase64String(sign);
    var decryptedData = decryptEngine.ProcessBlock(data, 0, data.Length);

    return Encoding.UTF8.GetString(decryptedData);
}

static string DecryptContent(string encryptedContent, string secret)
{
    var iv = Encoding.UTF8.GetBytes(encryptedContent.Substring(0, 16));
    var encryptedData = Convert.FromBase64String(encryptedContent.Substring(16));

    var cipher = CipherUtilities.GetCipher("AES/CBC/PKCS7PADDING");
    var keyParam = new KeyParameter(Encoding.UTF8.GetBytes(secret));
    var keyParamWithIv = new ParametersWithIV(keyParam, iv, 0, 16);
    cipher.Init(false, keyParamWithIv);

    var data = cipher.DoFinal(encryptedData);

    return Encoding.UTF8.GetString(data);
}

// usage
string decryptedSecret = DecryptSecret(sign, privateKey);
string decryptedContent = DecryptContent(encryptedContent, decryptedSecret);

// Optional output that shows the result
Console.WriteLine(decryptedContent);

Encryption algorithm in Node.js (MODE 2 - encrypt with RSA public key)

// Import necessary modules
const crypto = require('crypto');

// ISAC public key
const publicKey = `insert public key here`;

function encryptSecret(secret, publicKey) {
    // RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PADDING
    const encryptedData = crypto.publicEncrypt({
        key: publicKey,
        padding: crypto.constants.RSA_PKCS1_PADDING
    }, Buffer.from(secret));

    return encryptedData.toString('base64');
}

function encryptContent(content, secret) {
    const iv = crypto.randomBytes(8).toString('hex');
    const cipher = crypto.createCipheriv('aes-256-cbc', secret, iv);

    let encryptedData = cipher.update(content, 'utf8', 'base64');
    encryptedData += cipher.final('base64');

    return iv + encryptedData;
}
// usage
const secret = 'RandomString32CharactersLength12'; // 32 characters; must be randomly generated for every response to a webhook
const sign = encryptSecret(secret, publicKey); // add to 'random_key'
const content = `{"responseCode":"00","billingAmount":"11186","holderAmount":"11186","availableBalance":100008814,"settledBalance":100020000}`;
const encryptedContent = encryptContent(content, secret); //  add to 'biz_data'

console.log(sign);
console.log(encryptedContent);

Decryption algorithm in Node.js

// Import necessary modules
const crypto = require('crypto');

//  private key
const publicKey = `insert your private key here`;
const sign = ``; // Get from response as 'random_key'
const encryptedContent = `raw response body`; // Get from response as 'data'

function decryptSecret(sign, privateKey) {
    // RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PADDING
    const decryptedData = crypto.privateDecrypt({
        key: privateKey,
        padding: crypto.constants.RSA_PKCS1_PADDING
    }, Buffer.from(sign, 'base64'));

    return decryptedData.toString();
}

function decryptContent(encryptedContent, secret) {
    const iv = encryptedContent.slice(0, 16);
    const encryptedData = Buffer.from(encryptedContent.slice(16), 'base64');

    const decipher = crypto.createDecipheriv('aes-256-cbc', secret, iv);
    decipher.setAutoPadding(false);
    let decryptedData = decipher.update(encryptedData);
    decryptedData = Buffer.concat([decryptedData, decipher.final()]);

    return decryptedData.toString();
}
// usage
decryptedSecret = decryptSecret(sign, privateKey);
decryptedContent = decryptContent(encryptedContent, decryptedSecret);
console.log(decryptedContent);

PreviousEnvironmentsNextCommon

Last updated 29 days ago

Was this helpful?