Become a Merchant →

Step 5: Bank Messages

Suggest Edits

There are a number of messages that will be received and sent during the bank payment process.


Table Template
Url secure/transaction/create/:requestId/:bankId
Method POST
Headers See Common Headers
URL Params
Name Type Req Description
paymentStep string (50) Y The current step in the process. This would be the same as the last paymentStep value you received.
transactionId guid Y The transaction identifier.
Data Params
Type Req Description
Name-Value Pair[] N Bank Message responses contain a list of fields when input is required. This is an array of all the field names with the corresponding values received from the user.

*Login field values need to be encrypted using the method described later in this guide.
Response Object
Name Type Description
display Display Object Contains display information.
transaction Transaction Object CContains transaction information.
error Error Object If an error occurred this object will have details regarding the error.

Display Object

Name Type Description
title string (150) Title text to indicate the current step to the user.
instructions string (500) Instructions to display to the user (Could contain html).
inputFields InputField[] List of input fields that need to be displayed to the user for input.
type string (20) Indicates what type of display needs to be shown to the user. See possible values.
actionText string (20) Text you can use for the continue button. If this is null or empty don't show a button for that step.
allowResend bool Whether to show a resend button to the user.
resendDelay int The number of seconds to delay showing the resend button to the user.

InputField Object

See field types section as properties will vary depending on the type.

Transaction Object

Name Type Description
id guid The transaction identifier.
step string (50) The current step of the payment. This value needs to be sent back to Ozow for each bank message request.
status string (50) The status of the transaction. The status field will only have a value once an outcome has been reached. See possible values.
statusMessage string (500) A user friendly message that can be displayed to the customer if the transaction was not successful.
receiptId guid A reference for the outcome of certain transaction statuses.

*Successful transactions need to be confirmed using the status as receiptId is available for a few statuses.
Request Example 
               
POST https://api.ozow.com/secure/payment/process/PaymentDetails/26d93705-...
-10f632f86224 HTTP/1.1
Authorization: Bearer sNpM_uzQ8WerQvY...KHXaVc1sJ3FvJU
Accept: application/json
Content-Type: application/json
[{"name":"fromAnrfn","value":"-7668323"}]
Response Example 
               
{
    "error":null,
    "display":{
        "title":"FNB App Approve Request",
        "instructions":"Approve this transaction on the Banking App via Smart inContact",
        "inputFields":[],
        "type":"Prompt",
        "actionText":null,
        "allowResend":false,
        "resendDelay":0
    },
    "transaction":{
        "id":"26d93705-f3c8-4f1a-8fd3-10f632f86224",
        "step":"Await",
        "status":null,
        "statusMessage":null,
        "receiptId":null
    }
}

Display Types

The display types determine what needs to be displayed to the user.

Form

This requires you to display the input fields and a button (If the display action text property has a value)

If the input fields are empty and the "allowResend" property is true only a resend button should be displayed.
Prompt

This is sent when the user needs to complete an action on their side e.g. Accepting a push message notification on their phone.

n this instance the message in the title and instruction properties need to be displayed in a way that catches the user's attention so they can acknowledge what action needs to be completed.

A message should be sent back to Ozow after receiving a prompt display type to await for the next update.
Busy

This is sent when the user has or has not completed the action in the prompt.

When receiving this display type you should display a busy indicator to the user.

A message should be sent back to Ozow after receiving a busy display type to await for the next update.

Field Types

The field type will determine what type of field you display to the user.

Text

This can be displayed to the user as a text input field.

Name Type Description
name string (100) The name of the input field. Needs to be the name used in the name-value pair sent back to Ozow.
defaultValue string (50) Value that should be prepopulated or selected in the field displayed to the user.
maxLength int The maximum length for text input fields.
label string (50) The label text that should be used when displaying the field to the user.
type string (50) "Text"
group string (50) A category for the field which could be used to display icons. See possible values.
Password

This can be displayed to the user as a password input field.

This would have the same properties as the text field type above except the value of the type property would be "Password".
Select

There are a number of ways this can be displayed to a user e.g. Html select, custom picker, list of buttons (if there is no other input required for that step).

Name Type Description
name string (100) The name of the input field. Needs to be the name used in the name-value pair sent back to Ozow.
label string (50) The label text that should be used when displaying the field to the user.
options Option[] The list of options for the user to select from.
type string (50) Select
group string (50) A category for the field which could be used to display icons. See possible values.

Select Option Object

Name Type Description
text string (50) The display text for the option.
value string (50) The option's value which needs to be returned if the option is selected.
Partial Password

This is where a user only needs to enter certain character of their password. To determine which characters need to be entered, a field for each character is returned and the ones for which input is not required will have a disabled property set to true.

The fields that are not disabled should be displayed as password inputs.

Name Type Description
label string (50) The label text that should be used when displaying the field to the user.
fields Field[] The fields for each character in the partial password.
type string (50) PartialPassword

Field Object

Name Type Description
name string (100) The name of the input field. Needs to be the name used in the name-value pair sent back to Ozow.
defaultValue string (50) Value that should be prepopulated in the field displayed to the user. This will only be returned for the fields where disabled is set to true.
maxLength int Only the value of 1 would be returned.
disabled bool Indicates whether input is required for this field or not.
Image

Used for CAPTCHA images

Name Type Description
base64 string Base64 string for the image.
type string(50) Image
group string (50) A category for the field which could be used to display icons. See possible values.
group string (50) A category for the field which could be used to display icons. See possible values.

Field Groups

The use of icons for fields is not required, the list below is just an indication of icons you could use for the various field groups

Username
Password
Account
Otp
Reference
Captcha
UserNumber

Field Encryption

All values for the "Login" step need to be encrypted using this encryption method before sending back to Ozow. The resulting bytes from the encryption should be converted to a Base64 string.

Algorithms

AES
Mode

CBC
Key Length

256 bits
Key

Your 32 character API key provided to you by Ozow.

If you are using a key that is not 32 characters long you would need append it on itself until it is 32 characters or longer and use the first 32 characters.
IV

Get the lowercase string of the transaction identifier. Do a SHA512 hash on the lowercase result and use the first 16 characters

Examples

private static function encrypt($data, $key, $iv_string) {
	while (strlen($key) < 32) {
		$key .= $key;
	}
	$iv = substr(hash('sha512', strtolower($iv_string)), 0, 16);
	$encrypted_bytes = openssl_encrypt($data, 'AES-256-CBC', substr($key, 0, 32), OPENSSL_RAW_DATA, $iv);
	return base64_encode($encrypted_bytes);
}

public static string EncryptAes(string data, string key, string ivString)
{
	byte[] dataBytes = Encoding.UTF8.GetBytes(data);
	byte[] encryptedBytes;
	string iv = GetSHA512Hash(ivString.ToLower()).Substring(0, 16);
	while (key.Length < 32)
	{
		key += key;
	}
	using (var aes = new AesCryptoServiceProvider())
	{
		aes.Key = Encoding.UTF8.GetBytes(key.Substring(0, 32));
		aes.Mode = CipherMode.CBC;
		aes.IV = Encoding.UTF8.GetBytes(iv);
		var encryptor = aes.CreateEncryptor();
		encryptedBytes = encryptor.TransformFinalBlock(dataBytes, 0, dataBytes.Length);
		aes.Clear();
	}
	return Convert.ToBase64String(encryptedBytes, 0, encryptedBytes.Length);
}

Continue to Step 6: Outcome

Updated 5 days ago