Step 5: Bank Messages
There are a number of messages that will be received and sent during the bank payment process.
Url | secure/transaction/create/:requestId/:bankId | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Method | POST | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Headers | See Common Headers | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
URL Params |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Data Params |
*Login field values need to be encrypted using the method described later in this guide. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Response Object |
Display Object
InputField ObjectSee field types section as properties will vary depending on the type. Transaction Object
*Successful transactions need to be confirmed using the status as receiptId is available for a few statuses. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Request Example |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Response Example |
|
Display Types
The display types determine what needs to be displayed to the user.
Form |
This requires you to display the input fields and a button (If the display action text property has a value) If the input fields are empty and the "allowResend" property is true only a resend button should be displayed. |
Prompt |
This is sent when the user needs to complete an action on their side e.g. Accepting a push message notification on their phone. n this instance the message in the title and instruction properties need to be displayed in a way that catches the user's attention so they can acknowledge what action needs to be completed. A message should be sent back to Ozow after receiving a prompt display type to await for the next update. |
Busy |
This is sent when the user has or has not completed the action in the prompt. When receiving this display type you should display a busy indicator to the user. A message should be sent back to Ozow after receiving a busy display type to await for the next update. |
Field Types
The field type will determine what type of field you display to the user.
Text |
This can be displayed to the user as a text input field.
|
|||||||||||||||||||||||||||
Password |
This can be displayed to the user as a password input field. This would have the same properties as the text field type above except the value of the type property would be "Password". |
|||||||||||||||||||||||||||
Select |
There are a number of ways this can be displayed to a user e.g. Html select, custom picker, list of buttons (if there is no other input required for that step).
Select Option Object
|
|||||||||||||||||||||||||||
Partial Password |
This is where a user only needs to enter certain character of their password. To determine which characters need to be entered, a field for each character is returned and the ones for which input is not required will have a disabled property set to true. The fields that are not disabled should be displayed as password inputs.
Field Object
|
|||||||||||||||||||||||||||
Image |
Used for CAPTCHA images
|
Field Groups
The use of icons for fields is not required, the list below is just an indication of icons you could use for the various field groups
Username | |
Password | |
Account | |
Otp | |
Reference | |
Captcha | |
UserNumber |
Field Encryption
All values for the "Login" step need to be encrypted using this encryption method before sending back to Ozow. The resulting bytes from the encryption should be converted to a Base64 string.
Algorithms |
AES |
Mode |
CBC |
Key Length |
256 bits |
Key |
Your 32 character API key provided to you by Ozow. If you are using a key that is not 32 characters long you would need append it on itself until it is 32 characters or longer and use the first 32 characters. |
IV |
Get the lowercase string of the transaction identifier. Do a SHA512 hash on the lowercase result and use the first 16 characters |
Examples
private static function encrypt($data, $key, $iv_string) {
while (strlen($key) < 32) {
$key .= $key;
}
$iv = substr(hash('sha512', strtolower($iv_string)), 0, 16);
$encrypted_bytes = openssl_encrypt($data, 'AES-256-CBC', substr($key, 0, 32), OPENSSL_RAW_DATA, $iv);
return base64_encode($encrypted_bytes);
}
public static string EncryptAes(string data, string key, string ivString)
{
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
byte[] encryptedBytes;
string iv = GetSHA512Hash(ivString.ToLower()).Substring(0, 16);
while (key.Length < 32)
{
key += key;
}
using (var aes = new AesCryptoServiceProvider())
{
aes.Key = Encoding.UTF8.GetBytes(key.Substring(0, 32));
aes.Mode = CipherMode.CBC;
aes.IV = Encoding.UTF8.GetBytes(iv);
var encryptor = aes.CreateEncryptor();
encryptedBytes = encryptor.TransformFinalBlock(dataBytes, 0, dataBytes.Length);
aes.Clear();
}
return Convert.ToBase64String(encryptedBytes, 0, encryptedBytes.Length);
}
Continue to Step 6: Outcome
Updated about 1 month ago