Before Starting the Integration section in the API:

Step 1: Access your test account
You have to make sure that you get access to a test account, it’s a full test environment allow you to simulate and process simulation transactions. You can contact support@payfort.com to get your test account.

Step 2: make sure that you are using the correct integration type
Before building the integration, you need to make sure that you are selecting and using the proper parameters in the API calls as per the required integration type.

All the mandatory parameters mentioned in every section in the API documentation.

Step 3: Create the transaction request
Process a valid API request depends on transaction parameters included, you need to check the documentation and read every parameter possible values in order to reduce the errors in processing the transaction.

Step 4: Process the transaction response
After each payment processed, PayFort returns the transaction’s response on the URL configured in your account under Technical Settings channel configuration.

You can find more details in the API documentation section Direct Transaction Feedback.

You need to validate the response parameters returned on this URL by calculating the signature for the response parameters using the SHA Response Phrase configured in your account under Security Settings.

Step 5: Test and Go Live
You can use our testing cards to test your integration and simulate your test cases.

PayFort requires to test your integration before going live to verify the integration and make sure it’s implemented properly.

Query Operations

A type of query that can be requested through our system, which includes the “Check Status” query.

Check Status

Check Status allows the Merchant to check the status of a specific order and the status of the latest operation performed on that order.

Check Status URLs

Test Environment URL:

https://sbpaymentservices.payfort.com/FortAPI/paymentApi

Production Environment URL:

https://paymentservices.payfort.com/FortAPI/paymentApi

Parameters Submission Type

REST POST request using JSON.

Check Status - Request

(Please take a look at the Check Status Request Example on the right side of the page.)

Check Status Request Example

curl -H "Content-Type: application/json" -d
'{"query_command":"CHECK_STATUS","access_code":"zx0IPmPy5jp1vAz8Kpg7","merchant_identifier":"CycHZxVj","merchant_reference":" XYZ9239-yu898 ","language":"en","signature":"7cad05f0212ed933c9a5d5dffa31661acf2c827a"}'
https://sbpaymentservices.payfort.com/FortAPI/paymentApi

error_reporting(E_ALL);
ini_set('display_errors', '1');

$url = 'https://sbpaymentservices.payfort.com/FortAPI/paymentApi';
$arrData = array(
'query_command' => 'CHECK_STATUS',
'access_code' => 'zx0IPmPy5jp1vAz8Kpg7',
'merchant_identifier' => 'CycHZxVj',
'merchant_reference' => 'XYZ9239-yu898',
'language' => 'en',
'signature' => '7cad05f0212ed933c9a5d5dffa31661acf2c827a',
);

$ch = curl_init( $url );
# Setup request to send json via POST.
$data = json_encode($arrData);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $data );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type:application/json'));
# Return response instead of printing.
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
# Send request.
$result = curl_exec($ch);
curl_close($ch);
# Print response.
echo "<pre>$result</pre>";

String jsonRequestString = "{\"query_command\" : \"CHECK_STATUS\" \"access_code\" : \"zx0IPmPy5jp1vAz8Kpg7\", \"merchant_identifier\" : \"CycHZxVj\","
        + "\"merchant_reference\" : \"XYZ9239-yu898\", \"language\" : \"en\", "
        + "\"signature\" : \"7cad05f0212ed933c9a5d5dffa31661acf2c827a\"}";

// Define and Initialize HttpClient
HttpClient httpClient = HttpClientBuilder.create().build();
// Intialize HttpPOST with FORT Payment services URL
HttpPost request = new HttpPost("https://sbpaymentservices.payfort.com/FortAPI/paymentApi");
// Setup Http POST entity with JSON String
StringEntity params = new StringEntity(jsonRequestString);
// Setup request type as JSON
request.addHeader("content-type", "application/json");
request.setEntity(params);
// Post request to FORT
HttpResponse response = httpClient.execute(request);
// Read response using StringBuilder
StringBuilder sb = new StringBuilder();
BufferedReader reader = new BufferedReader(new InputStreamReader(
    response.getEntity().getContent()), 65728);
String line = null;
while ((line = reader.readLine()) != null) {
  sb.append(line);
}
// Print response
System.out.println(sb.toString());

import urllib
import urllib2
import json

url = 'https://sbpaymentservices.payfort.com/FortAPI/paymentApi';
arrData = {
'query_command' : 'CHECK_STATUS',
'access_code' : 'zx0IPmPy5jp1vAz8Kpg7',
'merchant_identifier' : 'CycHZxVj',
'merchant_reference' : 'XYZ9239-yu898',
'language' : 'en',
'signature' : '7cad05f0212ed933c9a5d5dffa31661acf2c827a',
};

values = json.dumps(arrData)
data = urllib.urlencode(values)
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
page = response.read()
print page + '\n\n'

require 'json'
require 'net/http'
require 'net/https'
require 'uri'
require 'openssl'

arrData = {
'query_command' => 'CHECK_STATUS',
'access_code' => 'zx0IPmPy5jp1vAz8Kpg7',
'merchant_identifier' => 'CycHZxVj',
'merchant_reference' => 'XYZ9239-yu898',
'language' => 'en',
'signature' => '7cad05f0212ed933c9a5d5dffa31661acf2c827a',
};

arrData = arrData.to_json
uri = URI.parse("https://sbpaymentservices.payfort.com/FortAPI/paymentApi")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new("/v1.1/auth")
request.add_field('Content-Type', 'application/json')
request.body = arrData
response = http.request(request)

Include the following parameters in the Request you will send to PayFort:

ATTRIBUTES	Description
query_command Alpha Mandatory max: 50	The query operations command. Possible/ expected values: CHECK_STATUS Special characters: _
access_code Alphanumeric Mandatory Max: 20	Access code. Example: zx0IPmPy5jp1vAz8Kpg7
merchant_identifier Alphanumeric Mandatory Max: 20	The ID of the Merchant. Example: CycHZxVj
merchant_reference Alphanumeric Mandatory Max: 40	The Merchant’s unique order number. Example: XYZ9239-yu898 Special characters: - _ .
language Alpha Mandatory Max: 2	The checkout page and messages language. Possible/ expected values: en/ ar
signature Alphanumeric Mandatory max: 200	A string hashed using the Secure Hash Algorithm. Please refer to section Signature Example: 7cad05f0212ed933c9a5d5dffa31661acf2c827a
fort_id Numeric Optional Max: 20	The order’s unique reference returned by our system. Example: 149295435400084008

Check Status - Response

(Please take a look at the Check Status Example Response on the right side of the page.)

Check Status Response Example

{"query_command":"CHECK_STATUS","access_code":"s31bpM1ebfNnwqo","merchant_identifier":"FD1Ptq","merchant_reference":"141127176","language":"en","signature":"90f7092923c9eea8b0df6d509453a1791a36e2cd4a80eaef366e235b169a40e0","fort_id":"21722423333","response_message":"Success","response_code":"12000","status":"12","transaction_status":"12","transaction_code":"12000","transaction_message":"Success"}

{"query_command":"CHECK_STATUS","access_code":"s31bpM1ebfNnwqo","merchant_identifier":"FD1Ptq","merchant_reference":"141127176","language":"en","signature":"90f7092923c9eea8b0df6d509453a1791a36e2cd4a80eaef366e235b169a40e0","fort_id":"21722423333","response_message":"Success","response_code":"12000","status":"12","transaction_status":"12","transaction_code":"12000","transaction_message":"Success"}

{"query_command":"CHECK_STATUS","access_code":"s31bpM1ebfNnwqo","merchant_identifier":"FD1Ptq","merchant_reference":"141127176","language":"en","signature":"90f7092923c9eea8b0df6d509453a1791a36e2cd4a80eaef366e235b169a40e0","fort_id":"21722423333","response_message":"Success","response_code":"12000","status":"12","transaction_status":"12","transaction_code":"12000","transaction_message":"Success"}

{"query_command":"CHECK_STATUS","access_code":"s31bpM1ebfNnwqo","merchant_identifier":"FD1Ptq","merchant_reference":"141127176","language":"en","signature":"90f7092923c9eea8b0df6d509453a1791a36e2cd4a80eaef366e235b169a40e0","fort_id":"21722423333","response_message":"Success","response_code":"12000","status":"12","transaction_status":"12","transaction_code":"12000","transaction_message":"Success"}

{"query_command":"CHECK_STATUS","access_code":"s31bpM1ebfNnwqo","merchant_identifier":"FD1Ptq","merchant_reference":"141127176","language":"en","signature":"90f7092923c9eea8b0df6d509453a1791a36e2cd4a80eaef366e235b169a40e0","fort_id":"21722423333","response_message":"Success","response_code":"12000","status":"12","transaction_status":"12","transaction_code":"12000","transaction_message":"Success"}

The following parameters will be returned in PayFort’s Response:

ATTRIBUTES	Description
query_command Alpha max: 50	The query operations command. Possible/ expected values: CHECK_STATUS
access_code Alphanumeric Max: 20	Access code. Example: zx0IPmPy5jp1vAz8Kpg7
merchant_identifier Alphanumeric Max: 20	The ID of the Merchant. Example: CycHZxVj
merchant_reference Alphanumeric Max: 40	The Merchant’s unique order number. Example: XYZ9239-yu898
language Alpha Max: 2	The checkout page and messages language. Possible/ expected values: en/ ar
signature Alphanumeric Max: 200	A string hashed using the Secure Hash Algorithm. Please refer to section Signature Example: 7cad05f0212ed933c9a5d5dffa31661acf2c827a
fort_id Numeric Max: 20	The order’s unique reference returned by our system. Example: 149295435400084008
response_message Alphanumeric Max: 150	Message description of the response code; it returns according to the request language. Possible/ expected values: Please refer to section messages
response_code Numeric Max: 5	Response Code carries the value of our system’s response. *The code consists of five digits, the first 2 digits represent the response status, and the last 3 digits represent the response messages. Example: 20064
status Numeric Max: 2	A two-digit numeric value that indicates the status of the transaction. Possible/ expected values: Please refer to section statuses
transaction_status Numeric Max: 2	The status of the last operation performed on a specific order. Possible/ expected values: Please refer to section statuses
transaction_code Numeric Max: 5	The message code returned for the last operation performed on a specific order. Possible/ expected values: Please refer to section messages
transaction_message Alphanumeric Max: 150	The message returned for the last operation performed on a specific order. Example: Success
refunded_amount Numeric Max: 10	The total refunded amount for the order. Example: 10000
captured_amount Numeric Max: 10	The total captured amount for the order. Example: 10000
authorized_amount Numeric Max: 10	The total authorized amount for the order. Example: 10000

Services Activation

Services are activated for our Merchants by our back-office team. Once you open your Merchant account and click “Payment Stack” under the Services tab. The services provided by PayFort are:

• Fraud Prevention.
• 3-D Secure.
• Installments.
• Tokenization.
• Batch service.

FORT Transaction Feedback

Overview

The FORT transaction Feedback system provides Merchants with two types of configurable notifications:
1. Direct Transaction Feedback, PayFort will send Merchants HTTPs notifications that inform Merchants of the transaction’s final status whenever a transaction is processed.
2. Notification Transaction Feedback, PayFort will send Merchants HTTPs notifications that inform Merchants of the transaction’s final status whenever a transaction status is updated.

Registering Transaction Feedback URLs

1. Log in to your back-office account.
2. Select the active channel under Integration Settings > Technical Settings.
3. Enter your Direct Transaction Feedback URL and Notification Transaction Feedback URL.
4. Click “Save Changes” button.

Transaction Feedback submission

The FORT will send Transaction Feedback data as form POST Parameters to the Merchant’s Transaction Feedback URLs.
However if you want to change the submission type to JSON or XML, you can contact us on integration@payfort.com.
This configuration can be enabled by internal PayFort team only
The specifics of the data will differ based upon the financial operation that has been processed.
Please refer to the FORT integration guide for more details.

Responding to FORT Transaction Feedback

Beyond whatever your Transaction Feedback URL does with the data received, it must also return a 2xx (like 200 , 201 , etc…) or 302 HTTP status code to tell the FORT that the notification was received. If your URL does not return 2xx or 302, the FORT will continue to retry the notification until it’s properly acknowledged.
In case the FORT does not receive 200 or 302 HTTP status code it will attempt to send the notification for 10 times with 10 seconds in between.
This configuration is editable as well, if you want to change the grace period or the time interval between the retries please contact us on integration@payfort.com.

Signature

The Signature is a parameter that holds the digital signature value calculated by the SHA algorithm. The digital signature is used to authenticate the sender and receiver of the message and allows the receiver to verify the integrity of the message.

Message Digest

Name	Description
SHA Type	The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards as a US Federal information processing standard (FIPS) including: SHA-0, SHA-2, and SHA-3. Values: SHA-256, SHA 512, and SHA-128 (not recommended).
SHA Request Phrase	This value is used when the Merchant generates the request signature. Values: Dynamic value defined by the Merchant.
SHA Response Phrase	This value is used by our system to generate the response signature for the Merchant’s Request. Values: Dynamic value defined by the Merchant.

Signature Pattern

The below steps describe the signature pattern:

1. Sort all PayFort requests parameters (both mandatory and optional) in an ascending alphabetical order based on the parameters names.

2. Concatenate the parameter name with the value separated by ’=’ (param_name=param_value).

3. Concatenate all the parameters directly without any separator. (param_name1=param_value1param_name2=param_value2).

4. Add the Merchant’s Passphrase at the beginning and end of the parameters string. (REQUESTPHRASEparam_name1=param_value1param_name2=param_value2RE QUESTPHRASE).

5. Use the SHA function to generate the SHA value of the resulted string depending on the type of SHA selected by the Merchant.

Create Signature Value

In this section, you can find examples on how to create the signature value for request and response messages. Please note that all values mentioned in the examples are fictitious.

The following is an example of the Request Parameters:

• signature = b88db48baaa600c3fadac502c75a832e3470029f
• command = PURCHASE
• merchant_reference = Test010
• amount = 1000
• access_code = SILgpo7pWbmzuURp2qri
• merchant_identifier = MxvOupuG
• currency = USD
• language = en
• customer_email = test@gmail.com

Below are the Merchant signature settings from the back-office:

• SHA Request Phrase: PASS.
• SHA-Type: SHA-256.

After sorting the parameters and completing step 4 of the Signature Pattern, the result will be the following concatenated string:

After applying step 5 of the Signature Pattern, the result will be as follows:

The following is an example for the Merchant Page 2.0 request signature calculations:

Assume you have the below parameters included in the request of Merchant Page 2.0:

• service_command = TOKENIZATION
• language = en
• merchant_identifier = MxvOupuG
• access_code = SILgpo7pWbmzuURp2qri
• merchant_reference = MyReference0001
• card_security_code = 123
• card_number = 4005550000000001
• expiry_date = 2105
• remember_me = YES
• card_holder_name = John Smith

Below are the Merchant signature settings from the back-office:

• SHA Request Phrase: PASS.
• SHA-Type: SHA-256.

The string to hash should be prepared for the above request is the following step 4 of the Signature Pattern:

After applying step 5 of the Signature Pattern, the result will be as follows:

*The following is an example for the Reporting API request signature calculations: *

*Assume you have the below parameters included in the request of Reporting API: *

• query_command = GENERATE_REPORT • access_code = zx0IPmPy5jp1vAz8Kpg7 • merchant_identifier = CycHZxVj • merchant_reference = XYZ9239-yu898 • columns = [order_description, customer_ip, eci, geolocation_ip, merchant_reference, card_holder_name, currency, amount, payment_option, fort_id, customer_email, customer_name, operation] • filters = [{key=currency, value=USD}, {key=payment_option, value= VISA}] • from_date = 2017-08-03T00:00:01+03:00 • to_date = 2017-08-03T23:59:59+03:00 • response_format = JSON • language = en

Below are the Merchant signature settings from the back-office:

• SHA Request Phrase: PASS.
• SHA-Type: SHA-256.

The string to hash should be prepared for the above request is the following step 4 of the Signature Pattern:

After applying step 5 of the Signature Pattern, the result will be as follows:

PayFort Gateway includes the signature in the Response so you can check the integrity of the received data. You do this by calculating the secure hash using the above method, then comparing your calculation with the value you received from PayFort Gateway. If the values match, then you can be assured that we received the data you sent, and you received the data we sent.

FORT XML Response Builder

Through this section you can discover one of the FORT services that enables you to receive the FORT response in XML format.

Structure

The XML response builder results specifications are:
1. The root node name is ‘response’.
2. The FORT_PARAMETER of type “List” has a special tag name format; where the parent node tag name format is:
<FORT_PARAMETER + “_list”>
3. The list child nodes tag name’s is the name of the parameter name itself.

Sample Code

Transactions Response Codes

The Response code is made up of 5 digits; a combination of a 2-digit Status (Please see section statuses) and a 3-digit Message (Please see section messages).

Statuses

Status Code	Description
00	Invalid Request.
01	Order Stored.
02	Authorization Success.
03	Authorization Failed.
04	Capture Success.
05	Capture failed.
06	Refund Success.
07	Refund Failed.
08	Authorization Voided Successfully.
09	Authorization Void Failed.
10	Incomplete.
11	Check status Failed.
12	Check status success.
13	Purchase Failure.
14	Purchase Success.
15	Uncertain Transaction.
17	Tokenization failed.
18	Tokenization success.
19	Transaction pending.
20	On hold.
21	SDK Token creation failure.
22	SDK Token creation success.
23	Failed to process Digital Wallet service.
24	Digital wallet order processed successfully.
27	Check card balance failed.
28	Check card balance success.
29	Redemption failed.
30	Redemption success.
31	Reverse Redemption transaction failed.
32	Reverse Redemption transaction success.
40	Transaction In review.
42	Currency conversion success.
43	Currency conversion failed.
44	3ds success.
45	3ds failed.
46	Bill creation success.
47	Bill creation failed.
48	Generating invoice payment link success.
49	Generating invoice payment link failed.
50	Batch file upload successfully.
51	Upload batch file failed.
52	Token created successfully.
53	Token creation failed.
54	Get Tokens Success.
55	Get Tokens Failed.
56	Reporting Request Success.
57	Reporting Request Failed.
58	Token updated successfully.
59	Token updated failed.
62	Get Installment Plans Successfully.
63	Get Installment plans Failed.
66	Delete Token Success.
70	Get batch results successfully.
71	Get batch results failed.
72	Batch processing success.
73	Batch processing failed.
74	Bank transfer successfully.
75	Bank transfer failed.
76	Batch validation successfully.
77	Batch validation failed.
80	Credit card verified successfully.
81	Failed to verify credit card.

Messages

Message Code	Message Value
000	Success.
001	Missing parameter.
002	Invalid parameter format.
003	Payment option is not available for this merchant’s account.
004	Invalid command.
005	Invalid amount.
006	Technical problem.
007	Duplicate order number.
008	Signature mismatch.
009	Invalid merchant identifier.
010	Invalid access code.
011	Order not saved.
012	Card expired.
013	Invalid currency.
014	Inactive payment option.
015	Inactive merchant account.
016	Invalid card number.
017	Operation not allowed by the acquirer.
018	Operation not allowed by processor.
019	Inactive acquirer.
020	Processor is inactive.
021	Payment option deactivated by acquirer.
023	Currency not accepted by acquirer.
024	Currency not accepted by processor.
025	Processor integration settings are missing.
026	Acquirer integration settings are missing.
027	Invalid extra parameters.
029	Insufficient funds.
030	Authentication failed.
031	Invalid issuer.
032	Invalid parameter length.
033	Parameter value not allowed.
034	Operation not allowed.
035	Order created successfully.
036	Order not found.
037	Missing return URL.
038	Token service inactive.
039	No active payment option found.
040	Invalid transaction source.
042	Operation amount exceeds the authorized amount.
043	Inactive Operation.
044	Token name does not exist.
046	Channel is not configured for the selected payment option.
047	Order already processed.
048	Operation amount exceeds captured amount.
049	Operation not valid for this payment option.
050	Merchant per transaction limit exceeded.
051	Technical error.
052	Consumer is not in OLP database.
053	Merchant is not found in OLP Engine DB.
054	Transaction cannot be processed at this moment.
055	OLP ID Alias is not valid. Please contact your bank.
056	OLP ID Alias does not exist. Please enter a valid OLP ID Alias.
057	Transaction amount exceeds the daily transaction limit.
058	Transaction amount exceeds the per transaction limit.
059	Merchant Name and SADAD Merchant ID do not match.
060	The entered OLP password is incorrect. Please provide a valid password.
062	Token has been created.
063	Token has been updated.
064	3-D Secure check requested.
065	Transaction waiting for customer’s action.
066	Merchant reference already exists.
067	Dynamic Descriptor not configured for selected payment option.
068	SDK service is inactive.
069	Mapping not found for the given error code.
070	device_id mismatch.
071	Failed to initiate connection.
072	Transaction has been cancelled by the consumer.
073	Invalid request format.
074	Transaction failed.
075	Transaction failed.
076	Transaction not found in OLP.
077	Error transaction code not found.
078	Failed to check fraud screen.
079	Transaction challenged by fraud rules.
080	Invalid payment option.
082	Inactive fraud service.
083	Unexpected user behavior.
084	Transaction amount is either bigger than maximum or less than minimum amount accepted for the selected plan.
086	Installment plan is not configured for Merchant account.
087	Card BIN does not match accepted issuer bank.
088	Token name was not created for this transaction.
089	Failed to retrieve digital wallet details.
090	Transaction in review.
092	Invalid issuer code.
093	service inactive.
094	Invalid Plan Code.
095	Inactive Issuer.
096	Inactive Plan.
097	Operation not allowed for service.
098	Invalid or expired call_id.
099	Failed to execute service.
100	Invalid expiry date.
101	Bill number not found.
102	Apple Pay order has been expired.
103	Duplicate subscription ID.
104	No plans valid for request.
105	Invalid bank code.
106	Inactive bank.
107	Invalid transfer_date.
110	Contradicting parameters, please refer to the integration guide.
111	Service not applicable for payment option.
112	Service not applicable for payment operation.
113	Service not applicable for e-commerce indicator.
114	Token already exist.
115	Expired invoice payment link.
116	Inactive notification type.
117	Invoice payment link already processed.
118	Order bounced.
119	Request dropped.
120	Payment link terms and conditions not found.
121	Card number is not verified.
122	Invalid date interval.
123	You have exceeded the maximum number of attempts.
124	Account successfully created.
125	Invoice already paid.
126	Duplicate invoice ID.
127	Merchant reference is not generated yet.
128	The generated report is still pending, you can’t download it now.
129	“Downloaded report” queue is full. Wait till its empty again.
134	Your search results have exceeded the maximum number of records.
136	The Batch file validation is failed.
137	Invalid Batch file execution date.
138	The Batch file still under validation.
140	The Batch file still under processing.
141	The Batch reference does not exist.
142	The Batch file header is invalid.
144	Invalid Batch file.
146	The Batch reference is already exist.
147	The Batch process request has been received.
148	Batch file will be processed.
149	Payment link request id not found.
150	Payment link is already open.
151	3ds_id does not exist.
152	3Ds verification doesn’t match the request details.
154	You have reached the maximum number of upload retries.
155	The upload retries is not configured.
662	Operation not allowed. The specified order is not confirmed yet.
666	Transaction declined.
773	Transaction closed.
777	The transaction has been processed, but failed to receive confirmation.
778	Session timed-out.
779	Transformation error.
780	Transaction number transformation error.
781	Message or response code transformation error.
783	Installments service inactive.
784	Transaction still processing you can’t make another transaction.
785	Transaction blocked by fraud check.
787	Failed to authenticate the user.
788	Invalid bill number.
789	Expired bill number.
790	Invalid bill type code.

Security Settings

Security Settings are configurations to the Merchant account. The Security Settings differ based on the Merchant Account. The validation takes place based on the settings pertaining to each Merchant Account.

Security Settings Configuration

To configure your security settings, do the following:

1. Select “Security Settings” under the Integration Settings tab.
2. Click “Generate” to generate your Access Code.
3. Select the SHA Type from the available drop-down list.
4. Enter the SHA Request Phrase and the SHA Response Phrase.
5. Enter the Origin IP or the Origin URL.
6. Click “Save Changes”.