Encrypted Payment Gateway (S2S)
AES-256-CBC encrypted payload for maximum data protection.
POST
http://localhost:9003/api/s2s/encryptEncrypted payment online from customers
Remark: 12 mandatory parameters — payload sent as encrypted_data
Concatenate all parameters into a query string (e.g. &bill_amt=11.00&fullname=dev+tech), encrypt using AES-256-CBC with your private_key and public_key, append public_key to the encrypted string, and POST as encrypted_data.
Encryption flow
- Build query string from all payment parameters
- Encrypt with AES-256-CBC (IV derived from SHA-256 of public_key)
- Append public_key to encrypted output
- POST { encrypted_data: encryptedPayload + publicKey }
- Set encryption_method=aes256 to receive encrypted webhook responses
Request
POST /api/s2s/encrypt
POST http://localhost:9003/api/s2s/encrypt
Content-Type: application/x-www-form-urlencoded
encrypted_data=Fx9PJmn4TknBmttkHe3JX...{public_key}Response (3DS pending)
json
{
"authurl": "http://localhost:9003/api/authurl/38FACFT0nigxaW_OyOojZoxYGlxqDzUCz_TJFL_M1nk=",
"transID": "100135250426141606",
"reference": "22DEVJAVA250415",
"order_status": "0",
"status": "Pending",
"bill_amt": "11.11",
"bill_currency": "EUR",
"response": "Payment is pending"
}Decrypted webhook response
After decrypting data parameter
bill_currency=EUR&transID=100203250509173720&mop=Visa&ccno=411111XXXXXX1111
&reference=22PostDEVJAVA250415&order_status=25&bill_amt=130.0&status=Test Approvedencryption_method: aes256 = encrypted webhook · none = plain text webhook. private_key is required for decryption.
| Parameter | Type | Description |
|---|---|---|
| public_key | str M | Terminal public key from My Terminal → Terminal Public Key. |
| terNO | int M | Unique terminal number from My Terminal → Add New Terminal List. |
| integration-type | str D | Default fixed value: s2s. |
| bill_amt | dec(10,2) M | Bill amount in decimal format (e.g. 120.00). |
| bill_currency | str M | ISO currency code (e.g. EUR, USD). |
| product_name | str M | Product or service name. |
| reference | str M | Your unique order ID — returned in callbacks. |
| webhook_url | str M | Server-to-server webhook URL for status updates. |
| return_url | str M | Customer redirect URL after authentication. |
| bill_ip | server D | Customer IP — set server-side from REMOTE_ADDR. |
| encryption_method | str D | aes256 or none — controls webhook encryption. |
| fullname | str C | Customer full name (optional). |
| bill_email | str C | Customer billing email (optional). |
| mop | str M | Payment mode: CC, DC, NB, WALLET, UPICOLLECT, QRINTENT. |
| ccno | str C | Card number (required for mop=CC). |
| ccvv | str C | Card CVV (required for mop=CC). |
| month | str C | Card expiry month (required for mop=CC). |
| year | str C | Card expiry year (required for mop=CC). |