CSC SPV – Service Provider
Integration Steps
CSC SPV – Payment Gateway (Network Interface Steps)
Introduction
This document is for audience who are integrating their Portal with Wallet System of CSC SPV.
The following is the Network Diagram for the same. There may be several servers hosted on Third
party for Internal/External Usage.
White Listing of CSC SPV (Staging/Live) Server is First Step (Depends which Server is under testing
i.e. Staging Or Live) for Incoming/Outgoing Traffic as per following conditions.
3 Process for Integration
There are 3 processes to integrate with 3 CSC SPV for Service Fulfillment.
1. Auto Login (User need not to login to Third Party Portal since it is already authenticated on
CSC SPV Portal)
2. Payment Verification (Payment for Any Service selected on Third Party Portal is done by this
process)
3. Double Verification (This is Server to Server Verification for Service Amount to prevent
Frauds)
3
CSC SPV – Payment Gateway (Network Interface Steps)
4
CSC SPV – Payment Gateway (Network Interface Steps)
5
INTEGRATION PARAMETER
We will send parameter with URL provided by client Like ex:
http://apna.csc.gov.in? userHandle+transId+checksumPrivatekey
Parameter
Description
Type
Mandatory (Y/N)
User Handler
We will pass CSC ID to check which
Vle will come on site
A unique number
String
Yes
String
Yes
Checksum of user id and pass key (It
will be generated using mutually
agreed checksum generation
key. We will provide you
mechanism to create checksum).
String
Yes
transid
checksum
TECHNICAL FUNCTION FOR CHECKSUM
PHP
//function for checksum
function adler32($data) {
$a = 1; $b = 0; $len = strlen($data);
for ($index = 0; $index < $len; ++$index) {
$a = ($a + ord($data[$index])) % 65521;
$b = ($b + $a) % 65521;
}
return ($b << 16) | $a;
}
Java
import java.util.zip.Adler32;
String input = "12345"+"trn1"+"checksum";
Adler32 adl = new Adler32();
String checksum = String.valueOf(adl.getValue()));
CSC-SPV PAYMENT GATEWAY
VERSION 1.5
INTRODUCTION
CSC-SPV Payment Gateway offers e-merchants in India a one-stop solution for processing etransactions through VLE prepaid wallet.
At CSC-SPV we strive to offer value added services to the e-merchant to increase the number of
transactions, their value and overall profitability and to enhance transaction security.
OBJECTIVE
CSC-SPV Payment Gateway has been designed for quick and secure integration and ease of use. This
document is intended to work as a setup guide for new merchants of CSC-SPV Payment Gateway.
It outlines the integration process and the steps required to be followed for a successful and quick
integration of CSC-SPV Payment Gateway.
SECURITY
CSC-SPV Payment Gateway is a secure payment gateway and it implements following to achieve the
same:
1. Secured Socket Layer Implementation on server.
2. Encrypted Request and Response to and from Payment Gateway.
3. Implementation of Mac Address binding for encryption library provided to each merchant.
4. Merchant specific encryption/decryption key
5. Fixed Request URL [Note: Server required to send http referrer and x-forwarded-for values]
6. Fixed Response URL
7. Double verification process for added security [Note: To be used only when a successful
response received for the payment request]
REQUIREMENTS
CSC-SPV will provide following to merchant (or Vice-Versa) to enable Integration of CSC-SPV Payment
Gateway:
1. Merchant ID to be used for Payment Gateway.
2. URL of the Payment Gateway (once network connectivity is done)
3. Encryption/Decryption Library
[Note: Merchant need to provide Mac Address of the server where it will be deployed]
4. Merchant need to provide its Request URL which will be used to accept payment requests
coming from Merchant.
5. Merchant need to provide its Response URL to receive response from the CSC-SPV Payment
Gateway.
6. CSC-SPV will be providing a merchant specific key to be used for encryption and decryption of
Request/Response to and from payment gateway.
7. CSC-SPV will provide URL of double verification service of CSC-SPV Payment Gateway. [Note:
To be used only when a successful response received for the payment request]
CSC-SPV PAYMENT GATEWAY PROCESS
Merchant is required to post all the mandatory parameters to the CSC-SPV Payment Gateway URL
through POST method.
All the parameter values are required to be encrypted (except MID which should be sent as plain
text) using the key and encryption/decryption library provided by CSC-SPV.
Request Parameters
Parameter
Description
Type
Mandatory
Encrypted
Maximum
(Y/N)
(Y/N)
Length
mtrxid
Transaction Id generated by
merchant [through merchant
application]. It need to be
unique per transaction. (Max.
25 characters)
String
Yes
Yes
25
amount
Payment amount
money
Yes
Yes
Money
mid
Merchant’s ID given by CSCSPV (In case of I3 Integration
- ICICI)
String
Yes
No
10
mitem
Merchant’s Product/service
ID (In case of I3 integration –
Service|CustomerId
e.g
AIR|9891169611)
String
Yes
Yes
50
Othervals
Merchant can send any other
value to Payment Gateway,
which he can get back in
response along with other
response parameters
string
No
Yes
500
smer
Sub Merchant ID(To be
registered by Service
provider with CSC-SPV)
String
No
No
10
Once payment is processed at CSC-SPV Payment Gateway, CSC-SPV Payment Gateway will send
response back to the response URL of the merchant as communicated earlier. Response will contain
all the response parameters as specified below with all the values encrypted. Merchant will be required
to decrypt all the response parameter values using the same key and encryption/decryption library.
RESPONSE PARAMETERS
Parameter
Description
Type
oxitrxid
Transaction ID generated at CSC-SPV server
string
20
mtrxid
Unique transaction id generated by merchant.
string
25
trxstatus
0 (Successful ) or 1 (Unsuccessful)
string
1(Decrypted)
trxmsg
Transaction response message from payment
gateway
string
500
paidamt
As requested for payment
string
money
othervals
Same as othervals received in request
string
500
If merchant received a successful response in reply to the payment request, he/she will be required
to post to double verification URL through GET method with the specified parameters as explained
below in the details of double verification process and ONLY if a successful transaction confirmation
response is received from double verification URL, merchant can consider the transaction as
successful.
If Merchant received failure response in reply to the payment request, he/she will not call the
double verification
In all other cases transaction should not be considered as successful.
DOUBEL VERIFICATION PROCESS
Merchant is required to first prepare a string as below:
oxitrxid|<value as received in response of payment request encrypted by encryption
library>&mtrxid|<value as sent by merchant for payment request encrypted by encryption
library>&paidamt|<value as sent my merchant for payment request encrypted by encryption library>
Once a string is prepared as above it need to be encrypted further as a whole and a query string need to
be prepared as below:
Encdata=<whole string as encrypted by encryption library>&mid=<merchant id as plain text> and then
it need to be posted on double verification URL as provided by CSC-SPV.
e.g https:// <TBD>//doubleverification.aspx?Encdata=<whole string as encrypted by encryption
library>&mid=<merchant id as plain text>
Double verification URL will provide an XML response:
<response>
<mtrxid>12345</mtrxid>
<oxitrxid>54321</oxitrxid>
<trxstatus>0</trxstatus>
<trxmsg>Successful</trxmsg>
<paidamt>100</paidamt>
</response>
Note: 1. Please make sure to open port 8082 when you are interacting with our test server for PG
Integration for two way communication.
2. Please make sure to open port 80 when you are interacting with our production server for PG
integration for two way communication.
3. Please share the “MAC ID, Response URL, and Request URL & public IPs” of Staging and
Production so Testing/Production URL can be shared with you to start the Payment Gateway
Integration.
Parameters required from Service Provider for Integration:
(Needed two sets for Production and staging environment)
1.
2.


S.No Parameter
IP Address
3.
MAC Address( multiple MAC needed in case
there are more than one servers)
Platform(Java, .NET, PHP etc)
4.
Auto login URL
5.
Payment Request URL
6.
Payment Response URL
Value
Make sure to open port 8082 for double verification on your staging environment
for two way communication.
Make sure to open port 80/443 for double verification on your Production environment
for two way communication.