Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

copy_ccavenue authqry doc20141104180531

advertisement 
CCAvenue AuthQuery
Introduction:
Information Security is a major concern while performing online transactions. We at CCAvenue use SSL for security of sensitive data,
in addition to that we use checksum for data integrity towards trapping the data transmission errors. Please note that the working
key is a vital security data used to calculate the checksum and should not be shared with or exposed to anyone. CCAvenue strongly
recommends changing of working key periodically (preferably monthly).
AuthQuery feature can be used as an additional security measure and it is especially recommended to the merchants rendering
goods and services in real time. This feature enables the merchants to make a server-to-server call to retrieve the response
parameters similar to the response they receive for the first time in real time and verify the transaction status and transaction
amount returned by CCAvenue server to trap any kind of tampering in the original values posted by CCAvenue server.
The “AuthQuery” can be used as an “Order Status Tracker” in case of unavoidable drops between various peers involved in the
entire transaction cycle due to connectivity issues or closing of browser. The same AuthQuery can be used here to ascertain the final
status of such “awaited” transactions. Various scenarios leading to awaited transactions are discussed below in detail.
There are a number of stakeholders involved in CCAvenue transactions e.g. customer, Avenues, bank and merchant. Each of these is
an integral part of the end-to-end transaction flow at some point of time or other. There are some un-avoidable circumstances
under which any of these stakeholders may go out of loop. The scenarios are as follows –
Consider that the payment details are submitted to some bank
A) If bank server goes down,
o Avenues will not receive any response from bank.
o Merchant will not receive any real-time parameters from Avenues.
o Customer’s browser will display error that bank’s URL is not reachable.
B) If bank server sent a response and customer’s browser is closed for reasons whatsoever,
o Avenues will not receive any response from bank.
o Merchant will not receive any real-time parameters from Avenues.
C) If bank server sent a response and Avenues did not get any response from bank,
o Avenues will not receive any response from bank.
o Merchant will not receive any real-time parameters from Avenues.
o Customer will not get any response from merchant’s website.
D) If Avenues posted response back to merchant but merchant did not receive
o Customer will not get any response from merchant’s website.
This clearly shows that in all the above mentioned circumstances, merchant will not receive any real-time parameters from Avenues.
For merchants, getting the status of each transaction in real-time is very critical as their next process in line cannot be initiated
without knowing the fate of payment made by customer. Also there may be data transmission errors which lead to checksum
mismatch at various points.
AuthQuery is a servlet which accepts merchant_id and order_id and retrieves the order details from CCAvenue database. These two
input parameters are to be posted through application over URLConnection (server-to-server call) using SSL. The base URL (url
through which request is sent) of any request to track transaction status must be the url of merchant registered with Avenues. For
example, if http://www.seasonsindia.com is the registered website url of merchant then all requests for transaction status tracking
that are coming from this url only will be entertained and others will be aborted for this merchant.


Parameters to be posted are Merchant_Id and Order_Id only.
The website URL of merchants registered with us will be checked against the base URL of each request before tracing the
transaction.



Return values will be exactly the same as that we post to our real time merchants except the BID number otherwise
returned for netbanking transactions.
Merchants need to split the return string first using ‘&’ separator and then each of the name value pairs using ‘=’ separator.
In case any error, parameter error will be posted with one of the following values –
o INVALID_SOURCE_URL – means base url is not registered with Avenues
o EMPTY_PARAMETERS – means required parameters missing
o INVALID_PARAMETERS – means invalid characters found in parameters
o INVALID_TRACKING_ID – means order not found for the merchant
o SYSTEM_ERROR – any other error
o ABANDONED_TRACKING_ID - If the status of transaction is not confirmed by bank and CCAvenue await for the
recon sheet
o Auth – (Y / N)
AuthQuery :
Merchants are required to make a URL connection to the following secured URLhttps://www.ccavenue.com/servlet/new_txn.OrderStatusTracker
This url will return the order details of only the recent transactions not older than 30 minutes.
Parameters you will send/receive are as follows:
List of parameters
Data
Length
Input/Output
Merchant_Id
50
I&O
Order_Id
50
Amount
12
I&O
Only O
AuthDesc
1
Checksum
10
Only O
Only O
billing_cust_name
50
Only O
billing_cust_address
500
Only O
billing_cust_city
30
Only O
billing_cust_state
30
Only O
billing_zip_code
10
Only O
billing_cust_country
50
Only O
billing_cust_tel
50
Only O
billing_cust_email
50
Only O
billing_cust_notes
50
Only O
delivery_cust_name
50
Only O
delivery_cust_address
200
Only O
delivery_cust_city
30
Only O
delivery_cust_state
30
Only O
delivery_zip_code
10
Only O
delivery_cust_country
50
Only O
delivery_cust_tel
50
Only O
Merchant_Param
100
Only O
Order Status Tracker:
For transactions initiated older than 45 minutes, to use the Order Status Tracker merchants are required to make a URL connection
to the following secured URL- https://mars.ccavenue.com/servlet/new_txn.OrderStatusTracker
This url will return the order details of any transaction older by 45 minutes.
Parameters you will receive at the end of a transaction:
List of parameters
Data
Length
Input/Output
Merchant_Id
50
I&O
Order_Id
50
Amount
12
I&O
Only O
AuthDesc
1
Checksum
10
Only O
Only O
billing_cust_name
50
Only O
billing_cust_address
500
Only O
billing_cust_city
30
Only O
billing_cust_state
30
Only O
billing_zip_code
10
Only O
billing_cust_country
50
Only O
billing_cust_tel
50
Only O
billing_cust_email
50
Only O
billing_cust_notes
50
Only O
delivery_cust_name
50
Only O
delivery_cust_address
200
Only O
delivery_cust_city
30
Only O
delivery_cust_state
30
Only O
delivery_zip_code
10
Only O
delivery_cust_country
50
Only O
delivery_cust_tel
50
Only O
Merchant_Param
100
Only O
nb_bid (Bank Refrence No)
20
Output
nb_order_no
20
Output
card_category(Debit card / Credit Card/ Netbanking)
20
Output
bank_name(ICICI/ AXIS/ SBI etc)
20
Output
Related documents
Clinical Research Management – Is not just a handshake deal?
Clinical Research Management – Is not just a handshake deal?
Vellaris Limited
Vellaris Limited
PowerPoint Presentation - QR Code
PowerPoint Presentation - QR Code
Base-Powerpoint-JDC
Base-Powerpoint-JDC
SET
SET
Rising Stars 4.4 - Woolton Primary Blog
Rising Stars 4.4 - Woolton Primary Blog
Answers to homework
Answers to homework
PHP Input, form validation
PHP Input, form validation
Answers to Chapters 7, 9 and 10
Answers to Chapters 7, 9 and 10
Download
advertisement