CCAvenue is a payment gateway provider which has numerous variety of features which suits everyone’s business requirements. It offers various features such as, 200+ Payment Options, Multiple Currency processing, Dynamic Routing, Payments page customization and much more!
In this guide, we are going to look how we can enrich our PHP application by integrating CCAvenue payment gateway system.
Prerequisites:
Before we roll our sleeves to begin with coding our application, let’s first gather all the required variables for the gateway’s API.
Open the API Keys page which is under the Settings item in the navigation menu. There you’ll find the API credentials and details.
Here are the variable which are required:
- merchant_id – Unique merchant identification number provided by CCAvenue.
- working_key – This is the encryption key, which is provided by CCAvenue itself.
- access_code – Your unique API secret code. Provided by CCAvenue.
All these three variables are required. Please ensure that your working_key is always hidden from user’s access.
Let the keyboard action begin…
We’ll be creating five PHP files as follows:
- index.php – Our application will be served through this file.
- config.php – We’ll store our API variable in here.
- ccavRequestHandler.php – This file is responsible for preparing our gateway request.
- ccavResponseHandler.php – Upon completion of transaction, we’ll be redirected here.
- Crypto.php – To encrypt our requested variable and to decrypt the encrypted response.
config.php
This file contains all the global variable which we’ll be using often in our application. It will contain variables such as API Credentials, User Settings, Redirect URLs etc.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
<?php // Redirect URLs $redirect_url = 'http://xyz.com/ccavResponseHandler.php'; $cancel_url = 'http://xyz.com/ccavResponseHandler.php?cancel=true'; // CCAvenue Settings $merchant_id = 00000; // Replace 00000 with your merchant ID $working_key = 'XYZABC'; // Add your working key $access_code = 'ABCD'; // Your access code here // User Defined Settings $currency = 'INR'; // User defined, if you want to accept payment in USD then replace with USD ?> |
Crypto.php
This file is used to encrypt the request parameters which we have to send to the CCAvenue Payment Gateway server. We also have a decrypt function in it which is used to decrypt the encrypted response which we receive upon callback from CCAvenue Payment page.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
<?php error_reporting(0); function encrypt($plainText,$key) { $secretKey = hextobin(md5($key)); $initVector = pack("C*", 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f); $openMode = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '','cbc', ''); $blockSize = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc'); $plainPad = pkcs5_pad($plainText, $blockSize); if (mcrypt_generic_init($openMode, $secretKey, $initVector) != -1) { $encryptedText = mcrypt_generic($openMode, $plainPad); mcrypt_generic_deinit($openMode); } return bin2hex($encryptedText); } function decrypt($encryptedText,$key) { $secretKey = hextobin(md5($key)); $initVector = pack("C*", 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f); $encryptedText=hextobin($encryptedText); $openMode = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '','cbc', ''); mcrypt_generic_init($openMode, $secretKey, $initVector); $decryptedText = mdecrypt_generic($openMode, $encryptedText); $decryptedText = rtrim($decryptedText, "\0"); mcrypt_generic_deinit($openMode); return $decryptedText; } //*********** Padding Function ********************* function pkcs5_pad ($plainText, $blockSize) { $pad = $blockSize - (strlen($plainText) % $blockSize); return $plainText . str_repeat(chr($pad), $pad); } //********** Hexadecimal to Binary function for php 4.0 version ******** function hextobin($hexString) { $length = strlen($hexString); $binString=""; $count=0; while($count<$length) { $subString =substr($hexString,$count,2); $packedString = pack("H*",$subString); if ($count==0) { $binString=$packedString; } else { $binString.=$packedString; } $count+=2; } return $binString; } ?> |
index.php
This file has the checkout page fields on which you can show the user his ordered items and their details. After details, we can add a payment button by which the user will be redirected to the gateway’s payment page.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
<!DOCTYPE html> <html lang="en"> <head> <title>Checkout Page</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <script> window.onload = function() { var d = new Date().getTime(); document.getElementById("tid").value = d; }; </script> </head> <body> <div class="container"> <h2>Checkout Page</h2> <form method="post" name="customerData" action="ccavRequestHandler.php"> <div class="form-group"> <input type="text" class="form-control" id="name" placeholder="Enter name" name="name"> </div> <div class="form-group"> <input type="text" class="form-control" id="email" placeholder="Enter Email Address" name="email"> </div> <div class="form-group"> <input type="text" class="form-control" id="amount" placeholder="Enter amount" name="amount"> </div> <input type="hidden" name="tid" id="tid" readonly /> <input type="hidden" name="merchant_id" value="<?php echo $merchant_id; ?>"/> <input type="hidden" name="order_id" value="<?php echo rand(0, 100000); ?>"/> <input type="hidden" name="currency" value="<?php echo $currency; ?>"/> <input type="hidden" name="redirect_url" value="<?php echo $redirect_url; ?>"/> <input type="hidden" name="cancel_url" value="<?php echo $cancel_url; ?>"/><input type="hidden" name="language" value="EN"/> <button type="submit" class="btn btn-default">Pay Now</button> </form> </div> </body> </html> |
ccavRequestHandler.php
This is the request page, which is displayed after the checkout page. With this PHP file we are securing and preparing our user’s defined payment parameters. We utilize the encrypt function of crypto.php file here to encrypt and secure the data of our users.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
<?php require_once 'config.php'; require_once 'Crypto.php'; foreach ($_POST as $key => $value) { $merchant_id .= $key . '=' . $value . '&'; } $encrypted_data = encrypt($merchant_id, $working_key); // Ecrypting Data ?> <html> <head> <title>CCAvenue Gatway Request</title> </head> <body> <center> <form method="post" name="redirect" action="https://secure.ccavenue.com/transaction/transaction.do?command=initiateTransaction"> <?php echo "<input type=hidden name=encRequest value=$encrypted_data>"; echo "<input type=hidden name=access_code value=$access_code>"; ?> </form> </center> <script language='javascript'>document.redirect.submit();</script> </body> </html> |
ccavResponseHandler.php
After a successful or failed or aborted payment action the payment gateway will redirect us the response data here. Upon receiving the user response data this file then decrypts it, processes the decrypted data for usage, performs conditional checks to determine the payment status, and serializes the data for further usage as values for database or for displaying it to user or for debugging purposes.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
<?php require_once 'config.php'; require_once 'Crypto.php'; // Handling Manual Cancellation if(isset($_GET['cancel'])) { die("User manually cancelled the payment."); } // Catch the Payment Response $encResponse = htmlentities($_POST["encResp"], ENT_QUOTES, 'utf-8'); //This is the response sent by the CCAvenue Server $rcvdString = decrypt($encResponse, $working_key); //Crypto Decryption used as per the specified working key. // Preparing decrypted data $order_status = ""; $decryptValues = explode('&', $rcvdString); $dataSize = sizeof($decryptValues); // Process the decrypted data for($i = 0; $i < $dataSize; $i++) { $information = explode('=', $decryptValues[$i]); if($i == 3) { $order_status = $information[1]; } } // Show user order message / response if($order_status === "Success") { echo "Thank you for shopping with us. Your payment is processed successfully."; } else if($order_status === "Aborted") { echo "Hey! Looks like you canceled your payment."; } else if($order_status === "Failure") { echo "Thank you for shopping with us. However, the transaction has been declined by your card or bank authority."; } else { die("Security Error. Illegal access detected"); } // Response Data $payment_data = array(); for($i = 0; $i < $dataSize; $i++) { $information = explode('=', $decryptValues[$i]); $payment_data[$information[0]] = $information[1]; } // Print the securely processed payment data for further usage. print_r($payment_data); ?> |
Now that we have successfully integrated the CCAvenue payment gateway processor in our PHP Application. Let’s take a look at the troubles and errors you might face.
Possible Error with fixes while integrating the payment gateway:
#1 After clicking the payment link, it shows “Merchant Authentication Failed” error.
Solution: Please double check merchant_id , working_key , access_code , redirect_url . Your redirect_url should be the same domain with which you have registered on CCAvenue MARS platform.
#2 I have double checked the credentials, but still the errors persist.
Solution: Please also check the currency for which you have registered on CCAvenue and the currency which you are sending the request parameters. For example, if you have registered for INR currency but in payment gateway request you are submitting USD as parameter then you may receive “Merchant Authentication Failed” error.
#3 There is no error, but it is still not accepting user’s payment.
Solution: Often this happen because you have registered for .in CCAvenue and you are submitting your request to .com or .ae or any other international CCAvenue service website. To solve this, replace .com with .in (if you are dealing in India) https://secure.ccavenue.com/transaction/transaction.do?command=initiateTransaction . If error still persist then contact CCAvenue to confirm if there’s no restriction placed on the account.