Commonalities between the different bank API

All those credit card payment API have in common to use some kind of HMAC signature to ensure integrity on the exchanged message with the bank server. SPPlus also use DES enciphering of the HMAC key, but the ciphering key is hidden in the source code of the kit which is stupid. ATOP/SIPS seems to use the DES symetric cipher but as the source code is not available we can not tell if it used for confidentiality of the messages.

Transaction id

Transaction id is automatically generated to conform to the different API constraints (some accept 6 digits, other 20 alphanumeric characters). The transaction id is made to be unique for a given day.

Documentation des différents fournisseurs d'API

Codes pour les tests

  • paybox : 1111222233334444, date dans le futur, 123.

Also available in: PDF HTML TXT