Skip to main content

Transaction Flow

Transaction Process

After authentication, users can proceed with the transaction. Upon successful completion of the transaction, users receive instant notifications through the CityPay mobile app, ensuring transparency and real-time updates.

HMAC/SHA256 Security

Security is paramount in ensuring the integrity of transactions. CityPay API utilizes HMAC/SHA256 for message authentication. When initiating a transaction with CityPay, ensure that the API request includes the generated signature hash in the body.

Follow these steps to generate and verify the signature hash:

1. Secret Key Setup

CityPay provides the partner merchant with a secret key for HMAC signature generation.

2. Generate Signature

Include mandatory parameters in the request which are Total Amount, Transaction ID, Merchant Code Concatenate the mandatory parameters into a string in the same order. Generate an HMAC signature using the secret key and the concatenated parameter string.

Calculate the HMAC/SHA256 signature hash using the following formula:
C#
var signatureValue = String.Concat(transactionModel.TotalAmount,transactionModel.TransactionId,transactionModel.MerchantCode);
string signature = Sha256HashHelper.HmacSha256(signatureValue, “secretKey”);
Javascript
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1
/crypto-js.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1
/hmac-sha256.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1
/enc-base64.min.js"></script>
<script>
 var signature = CryptoJS.HmacSHA256("Message", "secret");
</script>

Concatenate the total_amount, transaction_id, and merchant_code, and then apply HMAC-SHA256 with the provided secret key. Include Signature in Request: Add the generated signature to the request parameters.

3. Send Request

Include the request parameters, including the generated signature, in the API request. The partner merchant should follow this protocol for all API requests to maintain a secure communication channel with CityPay. These are the parameters that need to be sent by the partner merchant on the request body while initiating transaction using CItyPay payment portal.

For dev please use the following url: https://dev-api.citypay.ekbana.net/api/v2/payment/form
For production please use the following url: https://uat-api.citypay.ekbana.net/api/v2/payment/form

Form Data
{
"amount": "100",
"taxAmount": "0",
"totalAmount": "100",
"serviceCharge": "0",
"deliveryCharge": "0",
"transactionId": "123456",
"merchantCode": "supervendor",
"remarks": "ProductPayment",
"successUrl": "string",
"failureUrl": "string",
"signature": "09fb7030d5efc74d62b7adf9f451a2a1e0cbf5f73a29595a7329ce5db89637bf"
}

Request Parameter Details

Amount: Transaction Amount
Tax Amount: Tax amount assosciated with the transaction
Total Amount: Total transaction amouny, including taxes and additional charges
Service Charge: Service Charge for transaction
Delivery Charge: Delivery Charge for the transaction
Transaction Id: Unique identifier for tracking individual transactions
Merchant Code: Unique code or identifier for the initiating merchant Remarks: Additional information or comments for the transaction SuccessUrl: URL for successful transaction redirection FailureUrl: URL for redirection in case of transaction failure Signature: HMAC signature for ensuring request integrity and authenticity