BankStore JET/XML integration

The JET (Javascript Encryption Technology) / XML integration allows the tokenisation of card information through javascript directly on the servers of PAYCOMET; therefore, the information will never be processed on the servers of the client.

The information is encrypted through an RSA algorithm based on the generation of public and private keys. The encryption is carried out with the public key (known) and decrypted with the private key (only known by PAYCOMET)

  1. Introduction
  2. Product configuration
  3. Tokenisation form
  4. Response received
  5. Return of the call
  6. Examples of use

Introduction

The JET integration forms part of the BankStore solution and carries out the preliminary tokenisations allowing payment operation to be carried out. It is independent from the user interface and especially recommended for integrations for mobile devices.

Product configuration

To be able to use the BankStore JET service in your business you must possess the necessary configuration parameters. These can be obtained through the client control panel (new version)

Once on the platform, you can review the product configuration through the My products -> Configure products menu

After clicking the “Edit” button of the selected product, a panel will appear with the basic product information under the “Technical configuration of the product section”. The specific information necessary during the integration process is:

  • JET ID

If your JET ID has still not been generated, you can click on the linkGenerate JET ID

At this time your JET ID will be generated. With this identifier you will be able to make the calls that we will explain in the following sections.

Tokenisation form

Elements that must be present on the call page: Form with the following information:


					
<form action="(callBackScript)" method="POST" id="paycometPaymentForm" onsubmit="return takingOff();">
	<input type="text" data-paycomet="cardHolderName">
	<input type="text" data-paycomet="paNumber">
	<input type="text" data-paycomet="cvc2">
	<input type="text" data-paycomet="dateMonth">
	<input type="text" data-paycomet="dateYear">
	<button type="submit">Pagar 2,02 € con PAYCOMET</button>
</form>
				

Call to the PAYPTV server with the JET ID identifier. The language is optional, if it is not entered, texts will appear by default in Spanish.


					<script src="https://api.paycomet.com/gateway/jet-paytpv.js?id=(yourJETID)&language=es"></script>				

A space on the page for if there are errors


					<span style="color:red;font-weight:bold;" id="paymentErrorMsg"></span>				

Script that manages the response obtained and shows the error or sends the request with the token received.


					
<script type="text/javascript">
	function takingOff() {
		var x = new PAYCOMET.Tokenizator();
		x.getToken(document.forms["paycometPaymentForm"], boarding);
		return false;
	};

	function boarding(passenger) {
		document.getElementById("paymentErrorMsg").innerHTML = "";
		if (passenger.errorID !== 0 || passenger.paycometToken === "") {
			document.getElementById("paymentErrorMsg").innerHTML = passenger.errorText;
		} else {
			var newInputField = document.createElement("input");

			newInputField.type = "hidden";
			newInputField.name = "paycometToken";
			newInputField.value = passenger.paycometToken;

			var paycometPaymentForm = document.forms["paycometPaymentForm"];
			paycometPaymentForm.appendChild(newInputField);

			paycometPaymentForm.submit();

		}
	}
</script>
				

Response received

The response obtained upon sending the card information, if the information is correct, will be a single-use token, which will represent the card information. In case of error, it will be shown in the element identified as paymentErrorMsg

With this token, you will be able to carry out the idUser/tokenUser conversion, necessary for subsequent operations. Tokens have a useful life of 5 minutes from generation; after this time they cannot be used.


					Tokenizator {errorID: 0, errorText: "", paycometToken: "7fd86dc537dcad68b5f9f755...a34a1e0a5c795b862fe12"}				

Upon receiving the token, it is entered in the form information and the call to the action script of the form is carried out.

Return of the call

The return script with receive the token. At this time, the call must be carried out in the add_user_token del web service xml-bankstore method to receive the idUser/tokenUser


					

$endPoint		= "https://api.paycomet.com/gateway/xml-bankstore?wsdl";
$merchantCode	= "*****";
$terminal		= "*****";
$password		= "*****";
$jetID			= "*****";

$signature		= hash("sha512",$merchantCode.$token.$jetID.$terminal.$password);
$ip				= $_SERVER["REMOTE_ADDR"];

$clientSOAP = new SoapClient($endPoint);

$addUserResponse = $clientSOAP->add_user_token($merchantCode, $terminal, $token, $jetID, $signature, $ip);
				

Examples of use

Previous form calls to jet_landing.php which content is:

<!-- PAYCOMET JET Form Example -->

<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
	input {width:150px;}
	input.min {width:30px;}
</style>
</head>

<body>

<form action="jet_landing.php" method="POST" id="paycometPaymentForm" onsubmit="return takingOff();">
	<label>Titular de la Tarjeta:</label>
	<input type="text" data-paycomet="cardHolderName" maxlength="50" required="required" title="máximo 50 caracteres"/><br/>
	<label>Número de tarjeta:</label>
	<input type="text" data-paycomet="paNumber" maxlength="16" required="required" placeholder="1234 5678 9012 3456" pattern="[0-9]{15,16}" title="15/16 caracteres numéricos" /><br/>
	<label>CVC2:</label>
	<input type="text" data-paycomet="cvc2" maxlength="4" required="required" placeholder="123" pattern="[0-9]{3,4}" title="3 o 4 caracteres" class="min" /><br/>
	<label>Fecha de caducidad:</label>
	<input type="text" data-paycomet="dateMonth" maxlength="2" placeholder="mm" required="required" pattern="(0[1-9]|1[012])" title="2 números de 01 a 12" class="min"/>
	<input type="text" data-paycomet="dateYear" maxlength="2" placeholder="aa" required="required" pattern="[1-9]{2}" title="2 números desde año actual" class="min"/><br/>
	<button type="submit">Pagar 2,02 € con PAYCOMET</button>
</form>

<span style="color:red;font-weight:bold;" id="paymentErrorMsg"></span>

<script type="text/javascript" src="https://api.paycomet.com/gateway/jet-paycomet.js?id=insertHereYourJETID&language=es"></script>

<script type="text/javascript">
	function takingOff() {
		var x = new PAYCOMET.Tokenizator();
		x.getToken(document.forms["paycometPaymentForm"], boarding);
		return false;
	};

	function boarding(passenger) {
		document.getElementById("paymentErrorMsg").innerHTML = "";
		if (passenger.errorID !== 0 || passenger.paycometToken === "") {
			document.getElementById("paymentErrorMsg").innerHTML = passenger.errorText;
		} else {
			var newInputField = document.createElement("input");

			newInputField.type = "hidden";
			newInputField.name = "paycometToken";
			newInputField.value = passenger.paycometToken;

			var paycometPaymentForm = document.forms["paycometPaymentForm"];
			paycometPaymentForm.appendChild(newInputField);

			paycometPaymentForm.submit();

		}
	}
</script>

</body>
</html>

/**
 * PAYCOMET JET callback
 * Tracking ID: SSX-7MS-JX3J
 *
 * @author PAYCOMET
 * @copyright Copyright (c) 2016, PAYCOMET
 * @version 1.0 2016-05-01
 */


	date_default_timezone_set("Europe/Madrid");

	$token = $_POST["paycometToken"];

	if ($token && strlen($token) == 64) {

		$endPoint		= "https://api.paycomet.com/gateway/xml-bankstore?wsdl";
		$merchantCode	= "************";
		$terminal		= "************";
		$password		= "************";
		$jetID			= "************";

		$signature		= hash("sha512",$merchantCode.$token.$jetID.$terminal.$password);
		$ip				= $_SERVER["REMOTE_ADDR"];

		try {

			$clientSOAP = new SoapClient($endPoint);

            $addUserTokenResponse
                = $clientSOAP->add_user_token(
                    $merchantCode,
                    $terminal,
                    $token,
                    $jetID,
                    $signature,
                    $ip
            );

            $purchaseSignature
                = hash("sha512",
                    $merchantCode +
                    $addUserResponse["DS_IDUSER"] +
                    $addUserResponse["DS_TOKEN_USER"] +
                    $terminal +
                    $_POST["amount"] +
                    "MERCHANTORDER" +
                    $password
            );

            $executePurchaseResponse
                = $clientSOAP->execute_purchase(
                        $merchantCode,
                        $terminal,
                        $addUserTokenResponse["DS_IDUSER"],
                        $addUserTokenResponse["DS_TOKEN_USER"],
                        $_POST["amount"],
                        "MERCHANTORDER",
                        "EUR",
                        $purchaseSignature;
            );

            if ($executePurchaseResponse->DS_RESPONSE == "1") {
                // OK
                return true;
            } else {
                //KO
                var_dump($executePurchaseResponse["DS_ERROR_ID"]);
                return false;
            }

		} catch(SoapFault $e){
			var_dump($e);
		}

	} else {
		var_dump("Error, cound't get token");
        return false;
	}
    return false;