EFIPAY - API Documentation ## Sections • [Getting Started](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/getting-started.md): Welcome to EFIPAY API Doc! The EFIPAY payment solution designed to streamline transactions in the modern economy. With EFIPAY, users can enjoy a seamless and secure payment experience. How to get keys Our API integration starts in your dashboard. Browse to the account settings section and get your first API Key and Salt Key. Security Measures: Following these steps fortifies your API against potential threats, ensuring the integrity and confidentiality of your data. Safeguard your keys: Keep API keys and salt keys confidential to prevent unauthorized access. Ensure HTTPS Usage: Encrypt data transmission using HTTPS to prevent eavesdropping and tampering. • [Authentication](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/authentication.md): Our API uses the HMAC algorithm to authenticate your requests. The idea is simple, every request (URL path + body) needs to be signed using your API Secret. Then our server makes sure the signature is correct and processes the query. This provides a comprehensive guide on encrypting and signing API requests using JavaScript. It utilizes the CryptoJS library to implement HMAC-SHA256 encryption for securing the requests. Important Notes : All private REST requests must contain the following headers: The API request payload and signature payload must maintain the same order to ensure accurate processing and verification. This alignment in order is crucial for maintaining data integrity and security protocols within the system architecture. URLPath - Use last segment of the URL. Ex: https://example.com/api/user/s2s/create_transaction use only “/create_transaction” Don't send the file/picture in the body params. HMAC authentication doesn't support files in the payload due to its reliance on hashing, which only works with text or binary data. Header Params : All private REST requests must contain the following headers: X-Api-Key: The API key as a string X-Api-Signature : The Base64-encoded signature (see 2. Encryption & Signing section for details). 1. Encryption and Signing Function: This function takes four parameters: urlPath : The URL End segment of the API endpoint. body : The request body. This parameter is optional. apiKey : Your API key. saltKey : Your Salt key. It returns a string representing the generated signature for the API request. You can use this function to sign your API requests before sending them to ensure their authenticity and integrity. Below is the JavaScript function that you can use to generate a signature for your API request. To get started, ensure that CryptoJS is installed in your project. You can install it via npm using the following command: Select... npm install crypto-js Select... const CryptoJS = require("crypto-js"); /** * Generate a signature for the API request. * @param {string} urlPath - The URL End segment of the API endpoint. (Ex: /create_transaction, /transaction_status) * @param {object} body - The request body (if any). * @param {string} apiKey - Your API key. * @param {string} saltKey - Your salt key. * @returns {string} - The generated signature. */ function signContent(urlPath, body, apiKey, saltKey) { // Concatenate URL, request body (if available), and salt key const plainContent = `${urlPath}${body ? JSON.stringify(body) : ""}${saltKey}`; // Generate HMAC-SHA256 hash and convert it to Hex return CryptoJS.HmacSHA256(plainContent, apiKey).toString(CryptoJS.enc.Hex); } const urlPath = "/create_transaction"; const body = { requestId: "fd33ba787612d595eff03f866b745ed4f", amount: "1000" }; const apiKey = "<the-provided-api-key>"; const saltKey = "<the-provided-salt-key>"; const signature = signContent(urlPath, body, apiKey, saltKey); console.log("Generated Signature:", signature) Below is the Java function that you can use to generate a signature for your API request. To get started, ensure that CryptoJS is installed in your project. You can install it via npm using the following command: Select... import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; public class HMACExample { public static String calculateHMAC(String data, String apiKey) throws NoSuchAlgorithmException, InvalidKeyException { Mac hmacSha256 = Mac.getInstance("HmacSHA256"); SecretKeySpec secretKey = new SecretKeySpec(apiKey.getBytes(), "HmacSHA256"); hmacSha256.init(secretKey); byte[] hmacBytes = hmacSha256.doFinal(data.getBytes()); StringBuilder hexString = new StringBuilder(); for (byte b : hmacBytes) { String hex = Integer.toHexString(0xff & b); if (hex.length() == 1) { hexString.append('0'); } hexString.append(hex); } return hexString.toString(); } public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException { String urlPath = "/create_transaction"; String body = "{"requestId":"fd33ba787612d595eff03f866b745ed4f","amount":"1000"}"; //Make sure the body values is a stringified JSON object String apiKey = "<the-provided-api-key>"; String saltKey = "<the-provided-salt-key>"; String data = urlPath+body+saltKey String hmac = calculateHMAC(data, apiKey); System.out.println(hmac); } } Below is the PHP function that you can use to generate a signature for your API request. To get started, ensure that CryptoJS is installed in your project. You can install it via npm using the following command: Select... <?php function signContent($urlPath, $body, $apiKey, $saltKey) { try { $body = empty($body) ? "{}" : json_encode($body, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); $body = str_replace("null", '""', $body); $plain_content = "$urlPath$body$saltKey"; $signature = hash_hmac('sha256', $plain_content, $apiKey); return $signature; } catch (Exception $ex) { return null; // Or handle the error as per your requirement } } $urlPath = "/create_transaction"; $body = { requestId: "fd33ba787612d595eff03f866b745ed4f", amount: "1000" }; $apiKey = "<the-provided-api-key>"; $saltKey = "<the-provided-salt-key>"; $signedText = signContent($urlPath, $body, $apiKey, $saltKey); echo "Signature: " . $signedText . "\n"; ?> In this example: urlPath : Represents the last endpoint of the API URL ("/create_transaction"). body : Contains the request parameters, such as requestId and amount. apiKey : Your API key provided for authentication. saltKey : Your salt key used for enhancing security. signature : Holds the generated signature using the signContent function. Ensure that you replace < the-provided-api-key > and < the-provided-salt-key > with your actual API key and salt key, respectively. After executing this code, you will obtain the generated signature for your API request. 4. How to Include Signing Keys in API Headers: After generating the necessary keys, you can include them in your API headers to authenticate and authorize your requests. Below is an example of how to include the generated keys in your API headers using JavaScript: Select... const headers = { 'X-Api-Key': apiKey, 'X-Api-Signature': signature, }; const apiEndpoint = "https://example.com/api/user/create_transaction"; // Include headers in your API request (example using Fetch API) fetch(apiEndpoint, { method: 'POST', headers: headers, body: JSON.stringify(body), }) .then(response => response.json()) .then(data => console.log(data)) .catch(error => console.error('Error:', error)); In this example: headers : Object containing the API headers. 'X-Api-Key' : Represents the API key generated for authentication. 'X-Api-Signature' : Represents the signature generated for the request. fetch : Invokes the Fetch API to make an HTTP request. method: 'POST' : Specifies that the request is a POST method. headers : Includes the headers object containing the API key and signature. body : Contains the request body, converted to JSON format using JSON.stringify(body) . Ensure that you replace apiEndpoint with the actual URL of your API endpoint. This code snippet demonstrates how to send an authenticated API request using the Fetch API in JavaScript. • [Base URL](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/base-url.md): The base URL is the root address for all API calls. Depending on the stage of development or deployment, you will use either the production or sandbox base URL. Ensure you are using the correct base URL to avoid unintended effects, such as affecting live data when testing. Production Environment The production environment is meant for live applications. When your application is ready for deployment and intended for real users, use the production base URL for all API requests. Sandbox Environment The sandbox environment is a testing environment that mirrors the production environment but does not affect live data. Use the sandbox base URL for testing, development, and experimentation to ensure that your application behaves as expected before deploying it to production. Choosing the Right Environment Use the production environment for all API calls related to your live application. This environment should be used with real transactions and when your application is being used by actual users. Use the sandbox environment for development, testing, and experimentation. This environment is ideal for trying out new features or making changes to your application without the risk of affecting your live data. Notes and Best Practices Always ensure you are using the correct base URL for your intended environment to prevent data corruption or unintended side effects. Regularly test your application in the sandbox environment before any production deployment. Keep your API keys or authentication credentials separate for each environment to enhance security and prevent accidental access to the production environment. • [PayOut](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payout.md): The Payout API allows users to withdraw funds from their wallet using two methods: IMPS (Immediate Payment Service) and UPI (Unified Payments Interface). This document outlines the steps for initiating a payout, handling callbacks for transaction outcomes, and checking transaction status. 1. Payout Methods 1.1 IMPS Transaction To initiate a payout via IMPS, the user must provide their bank account details. The required information typically includes the account number, IFSC code, and the account holder's name. Request Parameters: beneficiaryAccount : The bank account number of the user. beneficiaryIFSC : The IFSC code of the user's bank branch. beneficiaryAddress : The address of the account holder as per bank records. 1.2 UPI Transaction For a UPI transaction, the user needs to provide their UPI ID. A UPI transaction is generally quicker and requires less information. Request Parameters: upi_id : The UPI ID of the user (e.g., test@icici ). 2. Transaction Callback After a transaction is success/failed, a callback will be sent to a predefined URL with the transaction details. This callback contains information about the transaction's success or failure. 3. Status API The Status API can be used to check the current status of a transaction. This is useful for verifying transactions when a callback has not been received. Request: To check the status of a transaction, the orderId must be provided. Request Parameters: orderId : The unique identifier for the transaction whose status you wish to check. • [IMPS Send Payout Request](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payout/imps-send-payout-request.md) • [UPI Send Payout Request](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payout/upi-send-payout-request.md) • [Get Payout Status](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payout/get-payout-status.md) • [Get Balance](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payout/get-balance.md) • [Callback Response](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payout/callback-response.md): When certain API requests are made, a callback response may be sent to a specified URL to inform your application about the status or result of the request. This section details the structure, types, and handling of callback responses from our API. Configuring Callback URLs Before you can receive callback responses, ensure you have set up and provided a callback URL in your API request. The callback have to be in POST method, so that you will receive the callback properly. Callback Response Structure Callback responses typically contain a JSON payload with a standard structure. This structure may include, but is not limited to, the following fields: Handling Encrypted Callback Responses If your callback responses are encrypted for enhanced security, you must decrypt them to access the actual data. This section outlines the decryption process based on the encryption method used by our API. Understanding Encrypted Callbacks Encrypted callbacks ensure sensitive information is securely transmitted. Only parties with the correct decryption key can access the original data, protecting it from unauthorized access or eavesdropping. Encryption Method Our API uses the following encryption method for callback responses: Algorithm : (Specify the algorithm, e.g., AES-128) Mode : (Specify the mode, e.g., CBC) Salt Key : The decryption key is your Salt Key provided separately for security reasons. Ensure you store it securely and do not expose it in your application code or version control systems. Decryption Process Below is the JavaScript function that you can use to decrypt an encrypted callback response: Select... async function decrypt(key, data) { try { const parts = data.split(":"); const ivBytes = Uint8Array.from(atob(parts[1]), c => c.charCodeAt(0)); const encryptedData = Uint8Array.from(atob(parts[0]), c => c.charCodeAt(0)); const algorithm = { name: 'AES-CBC', iv: ivBytes }; const keyBytes = await crypto.subtle.importKey( 'raw', new TextEncoder().encode(key), 'AES-CBC', false, ['decrypt'] ); const decryptedData = await crypto.subtle.decrypt( algorithm, keyBytes, encryptedData ); return new TextDecoder().decode(decryptedData); } catch (ex) { console.error(ex); return null; } } const key = "<YOUR-SALT-KEY>"; const data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; decrypt(key, data).then(decryptedText => { console.log("Decryption:", decryptedText); }); Below is the Java function that you can use to decrypt an encrypted callback response: Select... import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.crypto.Cipher; import java.util.Base64; import java.security.SecureRandom; class Java_AES_Cipher { private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding"; // Use PKCS5Padding for compatibility with PHP private static int CIPHER_KEY_LEN = 16; //128 bits public String decrypt(String key, String data) { try { String[] parts = data.split(":"); byte[] ivBytes = Base64.getDecoder().decode(parts[1]); byte[] encryptedData = Base64.getDecoder().decode(parts[0]); IvParameterSpec iv = new IvParameterSpec(ivBytes); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(CIPHER_NAME); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); byte[] original = cipher.doFinal(encryptedData); return new String(original); } catch (Exception ex) { ex.printStackTrace(); } return null; } public static void main(String args[]) { Java_AES_Cipher ciph = new Java_AES_Cipher(); // ciph.generateKey(); System.out.println("Decryption : " + ciph.decrypt("<YOUR-SALT-KEY>", "<ENCRYPTED-TOKEN-FROM-CALLBACK>")); } } Below is the PHP function that you can use to decrypt an encrypted callback response: Select... <?php function decrypt($key, $data) { try { $parts = explode(":", $data); $iv = base64_decode($parts[1]); $encryptedData = base64_decode($parts[0]); // Decrypt the data $decryptedData = openssl_decrypt($encryptedData, 'aes-128-cbc', $key, OPENSSL_RAW_DATA, $iv); return $decryptedData; } catch (Exception $ex) { error_log($ex->getMessage()); return null; // Or handle the error as per your requirement } } $key = "<YOUR-SALT-KEY>"; // Ensure this is the correct key for decryption $data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; // The encrypted data you need to decrypt $decryptedText = decrypt($key, $data); echo "Decryption: " . $decryptedText . "\n"; ?> • [Invoice Payin](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/invoice-payin.md): With Invoice Payin, you can start invoice transactions using the payment interface from efipay. Unlike S2S Payin, you don't have to handle designs. Simply use our payment page to collect payments from users. Create Transaction: Provide all required parameters to initialize the transaction. Upon completion, obtain the "redirect_url" from the response, which can be accessed via browser or utilized in your application as needed. Get Transaction status: Monitor the transaction status through the dedicated API, providing updates on the ongoing verification process and allowing you to stay informed about the current status. • [Create Transaction](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/invoice-payin/create-transaction-2.md): The Create transaction allows users to initiate a new transaction by providing the necessary parameters. • [Get Transaction Status](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/invoice-payin/get-transaction-status-2.md) • [Callback Response](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/invoice-payin/callback-response-5.md): When certain API requests are made, a callback response may be sent to a specified URL to inform your application about the status or result of the request. This section details the structure, types, and handling of callback responses from our API. Configuring Callback URLs Before you can receive callback responses, ensure you have set up and provided a callback URL in your API request. The callback have to be in POST method, so that you will receive the callback properly. Callback Response Structure Callback responses typically contain a JSON payload with a standard structure. This structure may include, but is not limited to, the following fields: Handling Encrypted Callback Responses If your callback responses are encrypted for enhanced security, you must decrypt them to access the actual data. This section outlines the decryption process based on the encryption method used by our API. Understanding Encrypted Callbacks Encrypted callbacks ensure sensitive information is securely transmitted. Only parties with the correct decryption key can access the original data, protecting it from unauthorized access or eavesdropping. Encryption Method Our API uses the following encryption method for callback responses: Algorithm : (Specify the algorithm, e.g., AES-128) Mode : (Specify the mode, e.g., CBC) Salt Key : The decryption key is your Salt Key provided separately for security reasons. Ensure you store it securely and do not expose it in your application code or version control systems. Decryption Process Below is the JavaScript function that you can use to decrypt an encrypted callback response: Select... async function decrypt(key, data) { try { const parts = data.split(":"); const ivBytes = Uint8Array.from(atob(parts[1]), c => c.charCodeAt(0)); const encryptedData = Uint8Array.from(atob(parts[0]), c => c.charCodeAt(0)); const algorithm = { name: 'AES-CBC', iv: ivBytes }; const keyBytes = await crypto.subtle.importKey( 'raw', new TextEncoder().encode(key), 'AES-CBC', false, ['decrypt'] ); const decryptedData = await crypto.subtle.decrypt( algorithm, keyBytes, encryptedData ); return new TextDecoder().decode(decryptedData); } catch (ex) { console.error(ex); return null; } } const key = "<YOUR-SALT-KEY>"; const data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; decrypt(key, data).then(decryptedText => { console.log("Decryption:", decryptedText); }); Below is the Java function that you can use to decrypt an encrypted callback response: Select... import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.crypto.Cipher; import java.util.Base64; import java.security.SecureRandom; class Java_AES_Cipher { private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding"; // Use PKCS5Padding for compatibility with PHP private static int CIPHER_KEY_LEN = 16; //128 bits public String decrypt(String key, String data) { try { String[] parts = data.split(":"); byte[] ivBytes = Base64.getDecoder().decode(parts[1]); byte[] encryptedData = Base64.getDecoder().decode(parts[0]); IvParameterSpec iv = new IvParameterSpec(ivBytes); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(CIPHER_NAME); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); byte[] original = cipher.doFinal(encryptedData); return new String(original); } catch (Exception ex) { ex.printStackTrace(); } return null; } public static void main(String args[]) { Java_AES_Cipher ciph = new Java_AES_Cipher(); // ciph.generateKey(); System.out.println("Decryption : " + ciph.decrypt("<YOUR-SALT-KEY>", "<ENCRYPTED-TOKEN-FROM-CALLBACK>")); } } Below is the PHP function that you can use to decrypt an encrypted callback response: Select... <?php function decrypt($key, $data) { try { $parts = explode(":", $data); $iv = base64_decode($parts[1]); $encryptedData = base64_decode($parts[0]); // Decrypt the data $decryptedData = openssl_decrypt($encryptedData, 'aes-128-cbc', $key, OPENSSL_RAW_DATA, $iv); return $decryptedData; } catch (Exception $ex) { error_log($ex->getMessage()); return null; // Or handle the error as per your requirement } } $key = "<YOUR-SALT-KEY>"; // Ensure this is the correct key for decryption $data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; // The encrypted data you need to decrypt $decryptedText = decrypt($key, $data); echo "Decryption: " . $decryptedText . "\n"; ?> • [S2S PayIn Manual](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-manual.md): For customizing your payment page with your brand design, leverage the S2S Payin API to access payment details and effortlessly update transactions. S2S Payin provides convenient REST API access for payment processing. Follow the outlined steps below for comprehensive guidance on integration and customization. Follow the below steps to complete Step 1 - Create Transaction : Begin by creating a transaction using the API, ensuring all required parameters are filled, especially the accurate order_id, pivotal for retrieving payment information in the next step. Step 2 - Get Payment Method : Retrieve payment method details by passing the order_id, acquiring essential information like QR Code or UPI details. Proceed to transfer money via UPI using this provided information. Step 3 - Update Transaction: After completing the UPI payment, proceed to update the transaction by entering the UTR number and attaching the payment reference file. Once submitted, the transaction will be verified using the provided UTR number. Step 4 - Get Transaction Status: Monitor the transaction status through the dedicated API, providing updates on the ongoing verification process and allowing you to stay informed about the current status. • [Create Transaction](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-manual/create-transaction-3.md): The Create transaction allows users to initiate a new transaction by providing the necessary parameters. • [Get Payment Method](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-manual/get-payment-method.md) • [Update Transaction](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-manual/update-transaction.md): Note: X-Api-Signature - Don't send the file/picture in the body params while generating the signature. HMAC authentication doesn't support files in the payload due to its reliance on hashing, which only works with text or binary data. • [Get Transaction Status](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-manual/get-transaction-status-3.md) • [Callback Response](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-manual/callback-response-2.md): When certain API requests are made, a callback response may be sent to a specified URL to inform your application about the status or result of the request. This section details the structure, types, and handling of callback responses from our API. Configuring Callback URLs Before you can receive callback responses, ensure you have set up and provided a callback URL in your API request. The callback have to be in POST method, so that you will receive the callback properly. Callback Response Structure Callback responses typically contain a JSON payload with a standard structure. This structure may include, but is not limited to, the following fields: Handling Encrypted Callback Responses If your callback responses are encrypted for enhanced security, you must decrypt them to access the actual data. This section outlines the decryption process based on the encryption method used by our API. Understanding Encrypted Callbacks Encrypted callbacks ensure sensitive information is securely transmitted. Only parties with the correct decryption key can access the original data, protecting it from unauthorized access or eavesdropping. Encryption Method Our API uses the following encryption method for callback responses: Algorithm : (Specify the algorithm, e.g., AES-128) Mode : (Specify the mode, e.g., CBC) Salt Key : The decryption key is your Salt Key provided separately for security reasons. Ensure you store it securely and do not expose it in your application code or version control systems. Decryption Process Below is the JavaScript function that you can use to decrypt an encrypted callback response: Select... async function decrypt(key, data) { try { const parts = data.split(":"); const ivBytes = Uint8Array.from(atob(parts[1]), c => c.charCodeAt(0)); const encryptedData = Uint8Array.from(atob(parts[0]), c => c.charCodeAt(0)); const algorithm = { name: 'AES-CBC', iv: ivBytes }; const keyBytes = await crypto.subtle.importKey( 'raw', new TextEncoder().encode(key), 'AES-CBC', false, ['decrypt'] ); const decryptedData = await crypto.subtle.decrypt( algorithm, keyBytes, encryptedData ); return new TextDecoder().decode(decryptedData); } catch (ex) { console.error(ex); return null; } } const key = "<YOUR-SALT-KEY>"; const data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; decrypt(key, data).then(decryptedText => { console.log("Decryption:", decryptedText); }); Below is the Java function that you can use to decrypt an encrypted callback response: Select... import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.crypto.Cipher; import java.util.Base64; import java.security.SecureRandom; class Java_AES_Cipher { private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding"; // Use PKCS5Padding for compatibility with PHP private static int CIPHER_KEY_LEN = 16; //128 bits public String decrypt(String key, String data) { try { String[] parts = data.split(":"); byte[] ivBytes = Base64.getDecoder().decode(parts[1]); byte[] encryptedData = Base64.getDecoder().decode(parts[0]); IvParameterSpec iv = new IvParameterSpec(ivBytes); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(CIPHER_NAME); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); byte[] original = cipher.doFinal(encryptedData); return new String(original); } catch (Exception ex) { ex.printStackTrace(); } return null; } public static void main(String args[]) { Java_AES_Cipher ciph = new Java_AES_Cipher(); // ciph.generateKey(); System.out.println("Decryption : " + ciph.decrypt("<YOUR-SALT-KEY>", "<ENCRYPTED-TOKEN-FROM-CALLBACK>")); } } Below is the PHP function that you can use to decrypt an encrypted callback response: Select... <?php function decrypt($key, $data) { try { $parts = explode(":", $data); $iv = base64_decode($parts[1]); $encryptedData = base64_decode($parts[0]); // Decrypt the data $decryptedData = openssl_decrypt($encryptedData, 'aes-128-cbc', $key, OPENSSL_RAW_DATA, $iv); return $decryptedData; } catch (Exception $ex) { error_log($ex->getMessage()); return null; // Or handle the error as per your requirement } } $key = "<YOUR-SALT-KEY>"; // Ensure this is the correct key for decryption $data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; // The encrypted data you need to decrypt $decryptedText = decrypt($key, $data); echo "Decryption: " . $decryptedText . "\n"; ?> • [S2S PayIn Automatic](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-automatic.md): For customizing your payment page with your brand design, leverage the S2S Payin API to access payment details and effortlessly update transactions. S2S Payin provides convenient REST API access for payment processing. Follow the outlined steps below for comprehensive guidance on integration and customization. Follow the below steps to complete Step 1 - Create Transaction : Begin by creating a transaction using the API, ensuring all required parameters are filled, especially the accurate order_id. Step 2 - Redirection : You will get a redirection URL in the response, which is used to redirect back to the payment page where user can pay for the transaction. Step 3 - Get Transaction Status: Monitor the transaction status through the dedicated API, providing updates on the ongoing verification process and allowing you to stay informed about the current status. • [Create Transaction](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-automatic/create-transaction.md) • [Get Transaction Status](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-automatic/get-transaction-status.md) • [Callback Response](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/s2s-payin-automatic/callback-response-3.md): When certain API requests are made, a callback response may be sent to a specified URL to inform your application about the status or result of the request. This section details the structure, types, and handling of callback responses from our API. Configuring Callback URLs Before you can receive callback responses, ensure you have set up and provided a callback URL in your API request. The callback have to be in POST method, so that you will receive the callback properly. Callback Response Structure Callback responses typically contain a JSON payload with a standard structure. This structure may include, but is not limited to, the following fields: Handling Encrypted Callback Responses If your callback responses are encrypted for enhanced security, you must decrypt them to access the actual data. This section outlines the decryption process based on the encryption method used by our API. Understanding Encrypted Callbacks Encrypted callbacks ensure sensitive information is securely transmitted. Only parties with the correct decryption key can access the original data, protecting it from unauthorized access or eavesdropping. Encryption Method Our API uses the following encryption method for callback responses: Algorithm : (Specify the algorithm, e.g., AES-128) Mode : (Specify the mode, e.g., CBC) Salt Key : The decryption key is your Salt Key provided separately for security reasons. Ensure you store it securely and do not expose it in your application code or version control systems. Decryption Process Below is the JavaScript function that you can use to decrypt an encrypted callback response: Select... async function decrypt(key, data) { try { const parts = data.split(":"); const ivBytes = Uint8Array.from(atob(parts[1]), c => c.charCodeAt(0)); const encryptedData = Uint8Array.from(atob(parts[0]), c => c.charCodeAt(0)); const algorithm = { name: 'AES-CBC', iv: ivBytes }; const keyBytes = await crypto.subtle.importKey( 'raw', new TextEncoder().encode(key), 'AES-CBC', false, ['decrypt'] ); const decryptedData = await crypto.subtle.decrypt( algorithm, keyBytes, encryptedData ); return new TextDecoder().decode(decryptedData); } catch (ex) { console.error(ex); return null; } } const key = "<YOUR-SALT-KEY>"; const data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; decrypt(key, data).then(decryptedText => { console.log("Decryption:", decryptedText); }); Below is the Java function that you can use to decrypt an encrypted callback response: Select... import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.crypto.Cipher; import java.util.Base64; import java.security.SecureRandom; class Java_AES_Cipher { private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding"; // Use PKCS5Padding for compatibility with PHP private static int CIPHER_KEY_LEN = 16; //128 bits public String decrypt(String key, String data) { try { String[] parts = data.split(":"); byte[] ivBytes = Base64.getDecoder().decode(parts[1]); byte[] encryptedData = Base64.getDecoder().decode(parts[0]); IvParameterSpec iv = new IvParameterSpec(ivBytes); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(CIPHER_NAME); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); byte[] original = cipher.doFinal(encryptedData); return new String(original); } catch (Exception ex) { ex.printStackTrace(); } return null; } public static void main(String args[]) { Java_AES_Cipher ciph = new Java_AES_Cipher(); // ciph.generateKey(); System.out.println("Decryption : " + ciph.decrypt("<YOUR-SALT-KEY>", "<ENCRYPTED-TOKEN-FROM-CALLBACK>")); } } Below is the PHP function that you can use to decrypt an encrypted callback response: Select... <?php function decrypt($key, $data) { try { $parts = explode(":", $data); $iv = base64_decode($parts[1]); $encryptedData = base64_decode($parts[0]); // Decrypt the data $decryptedData = openssl_decrypt($encryptedData, 'aes-128-cbc', $key, OPENSSL_RAW_DATA, $iv); return $decryptedData; } catch (Exception $ex) { error_log($ex->getMessage()); return null; // Or handle the error as per your requirement } } $key = "<YOUR-SALT-KEY>"; // Ensure this is the correct key for decryption $data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; // The encrypted data you need to decrypt $decryptedText = decrypt($key, $data); echo "Decryption: " . $decryptedText . "\n"; ?> • [Payin Mobile UPI Intent](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payin-mobile-upi-intent.md): This API is designed specifically for mobile applications to integrate a payment button, enabling a seamless redirection to the payment application installed on the user's device. Follow the outlined steps below for comprehensive guidance on integration and customization. Follow the below steps to complete Step 1 - Create Transaction : Begin by creating a transaction using the API, ensuring all required parameters are filled, especially the accurate order_id. Step 2 - Redirection : After successfully creating a transaction, you'll use the upi_url from the response in your website or mobile application to redirect the user to their payment application to complete the transaction. Step 3 - Get Transaction Status: Monitor the transaction status through the dedicated API, providing updates on the ongoing verification process and allowing you to stay informed about the current status. • [Create Transaction](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payin-mobile-upi-intent/create-transaction-1.md): To facilitate deep linking or redirecting payments to UPIs, utilize the " upi_url " key from the transaction response. • [Get Transaction Status](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payin-mobile-upi-intent/get-transaction-status-2.md) • [Callback Response](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/payin-mobile-upi-intent/callback-response-4.md): When certain API requests are made, a callback response may be sent to a specified URL to inform your application about the status or result of the request. This section details the structure, types, and handling of callback responses from our API. Configuring Callback URLs Before you can receive callback responses, ensure you have set up and provided a callback URL in your API request. The callback have to be in POST method, so that you will receive the callback properly. Callback Response Structure Callback responses typically contain a JSON payload with a standard structure. This structure may include, but is not limited to, the following fields: Handling Encrypted Callback Responses If your callback responses are encrypted for enhanced security, you must decrypt them to access the actual data. This section outlines the decryption process based on the encryption method used by our API. Understanding Encrypted Callbacks Encrypted callbacks ensure sensitive information is securely transmitted. Only parties with the correct decryption key can access the original data, protecting it from unauthorized access or eavesdropping. Encryption Method Our API uses the following encryption method for callback responses: Algorithm : (Specify the algorithm, e.g., AES-128) Mode : (Specify the mode, e.g., CBC) Salt Key : The decryption key is your Salt Key provided separately for security reasons. Ensure you store it securely and do not expose it in your application code or version control systems. Decryption Process Below is the JavaScript function that you can use to decrypt an encrypted callback response: Select... async function decrypt(key, data) { try { const parts = data.split(":"); const ivBytes = Uint8Array.from(atob(parts[1]), c => c.charCodeAt(0)); const encryptedData = Uint8Array.from(atob(parts[0]), c => c.charCodeAt(0)); const algorithm = { name: 'AES-CBC', iv: ivBytes }; const keyBytes = await crypto.subtle.importKey( 'raw', new TextEncoder().encode(key), 'AES-CBC', false, ['decrypt'] ); const decryptedData = await crypto.subtle.decrypt( algorithm, keyBytes, encryptedData ); return new TextDecoder().decode(decryptedData); } catch (ex) { console.error(ex); return null; } } const key = "<YOUR-SALT-KEY>"; const data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; decrypt(key, data).then(decryptedText => { console.log("Decryption:", decryptedText); }); Below is the Java function that you can use to decrypt an encrypted callback response: Select... import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.crypto.Cipher; import java.util.Base64; import java.security.SecureRandom; class Java_AES_Cipher { private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding"; // Use PKCS5Padding for compatibility with PHP private static int CIPHER_KEY_LEN = 16; //128 bits public String decrypt(String key, String data) { try { String[] parts = data.split(":"); byte[] ivBytes = Base64.getDecoder().decode(parts[1]); byte[] encryptedData = Base64.getDecoder().decode(parts[0]); IvParameterSpec iv = new IvParameterSpec(ivBytes); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(CIPHER_NAME); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); byte[] original = cipher.doFinal(encryptedData); return new String(original); } catch (Exception ex) { ex.printStackTrace(); } return null; } public static void main(String args[]) { Java_AES_Cipher ciph = new Java_AES_Cipher(); // ciph.generateKey(); System.out.println("Decryption : " + ciph.decrypt("<YOUR-SALT-KEY>", "<ENCRYPTED-TOKEN-FROM-CALLBACK>")); } } Below is the PHP function that you can use to decrypt an encrypted callback response: Select... <?php function decrypt($key, $data) { try { $parts = explode(":", $data); $iv = base64_decode($parts[1]); $encryptedData = base64_decode($parts[0]); // Decrypt the data $decryptedData = openssl_decrypt($encryptedData, 'aes-128-cbc', $key, OPENSSL_RAW_DATA, $iv); return $decryptedData; } catch (Exception $ex) { error_log($ex->getMessage()); return null; // Or handle the error as per your requirement } } $key = "<YOUR-SALT-KEY>"; // Ensure this is the correct key for decryption $data = "<ENCRYPTED-TOKEN-FROM-CALLBACK>"; // The encrypted data you need to decrypt $decryptedText = decrypt($key, $data); echo "Decryption: " . $decryptedText . "\n"; ?> • [FAQ](https://app.theneo.io/015b566c-c617-4357-a975-5968e062d3e1/efipay-api-documentation-payin-payout/faq.md): 1 . Where to find the saltKey or API key? Login into your account → Go to “Account Settings” → Check “View Api Key”/ “View Salt Key” 2. How long it will take to verify the transaction? After the transaction initiated, it will take 15 to 20mins. if still not verified, please contact our support team.