Payment solution BD 1

Payment Methods Overview

Creating payments via Payment Card BDT

Certificate Setup

To generate API certificate for payment, visit: https://merchant.alikassa.com/cabinet/form/setting-api-certs

Save the archive and unpack to get:

password.txt
private.pem
public.pem

We keep only public.pem for signature verification.

Signature Generation

Wrap all POST data in json (in the same order) and sign:

$data = json_encode($data);

$privateKey = openssl_pkey_get_private(
    file_get_contents('private.pem'),
    file_get_contents('password.txt')
);

if ($privateKey === false) {
    throw new \Exception('Error cert.');
}

openssl_sign($data, $sign, $privateKey);
$sign = base64_encode($sign);

import { readFileSync } from 'fs';
import { createSign } from 'crypto';

const dataStr = JSON.stringify(data);
const key = readFileSync('private.pem', 'utf8');
const passphrase = readFileSync('password.txt', 'utf8').trim();
const signer = createSign('SHA256');
signer.update(dataStr);
signer.end();
const sign = signer.sign({ key, passphrase }, 'base64');

import json, base64
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding

data_bytes = json.dumps(data).encode('utf-8')
with open('password.txt', 'rb') as f:
    password = f.read().strip()
with open('private.pem', 'rb') as f:
    private_key = serialization.load_pem_private_key(f.read(), password=password)
signature = private_key.sign(data_bytes, padding.PKCS1v15(), hashes.SHA256())
sign = base64.b64encode(signature).decode('utf-8')

import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Signature;
import java.util.Base64;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

byte[] dataBytes = new com.fasterxml.jackson.databind.ObjectMapper().writeValueAsBytes(data);
char[] pass = Files.readString(Paths.get("password.txt")).toCharArray();
PEMParser parser = new PEMParser(Files.newBufferedReader(Paths.get("private.pem")));
PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) parser.readObject();
var privateKey = new JcaPEMKeyConverter()
    .getKeyPair(ckp.decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(pass)))
    .getPrivate();
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initSign(privateKey);
sig.update(dataBytes);
String sign = Base64.getEncoder().encodeToString(sig.sign());

import (
    "crypto"
    "crypto/rand"
    "crypto/rsa"
    "crypto/sha256"
    "crypto/x509"
    "encoding/base64"
    "encoding/json"
    "encoding/pem"
    "io/ioutil"
)

dataBytes, _ := json.Marshal(data)
pemBytes, _ := ioutil.ReadFile("private.pem")
passBytes, _ := ioutil.ReadFile("password.txt")
block, _ := pem.Decode(pemBytes)
der, _ := x509.DecryptPEMBlock(block, passBytes)
priv, _ := x509.ParsePKCS1PrivateKey(der)
hash := sha256.Sum256(dataBytes)
sigBytes, _ := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, hash[:])
sign := base64.StdEncoding.EncodeToString(sigBytes)

Pass the received $sign in the Sign header.

Creating Payments

Endpoint

POSThttps://api-merchant.alikassa.com/v1/payment📋

Headers

Header	Value
Content-Type	application/json
Account	Your account uuid, you can find in Accounts
Sign	Request signature

Parameters

* - Required fields

Name	Type	Description
amount*	decimal (11.2)	Amount
order_id*	string (128)	Your id must be unique
service*	string (100)	payment_card_bdt_hpp
customer_ip*	ip	Payer's IP address
customer_code*	string (100)	Deposit Bank Code
success_redirect_id	int	Id of redirect upon successful payment
fail_redirect_id	int	Id of redirect in case of unsuccessful payment
notification_endpoint_id	int	Notification id
success_redirect_url	string\|max:255	Link to redirect after successful payment
fail_redirect_url	string\|max:255	Link to redirect after unsuccessful payment
notification_endpoint_url	string\|max:255	Link to send a callback after the statuses are finalized

Response

Name	Description
url	Link to payment
payment_status	Payment status wait — in the process of payment
id	AliKassa payment id
uuid	AliKassa payment uuid
success_redirect_url	Link to your page for client redirect after successful payment

Important

When creating, always wait, check the payment status via the API or wait for a notification!

Success Response Example (HTTP CODE 200)

{
  "url": "https://pay-merchant.alikassa.com/bd291fe1-5c19-4113-ae62-a2d3c4d01d20",
  "payment_status": "wait",
  "id": 108465371,
  "uuid": "bd291fe1-5c19-4113-ae62-a2d3c4d01d20",
  "success_redirect_url": null
}

Error Response Example (HTTP CODE 400)

{
  "message": "The given data was invalid.",
  "errors": {
    ...
  }
}

After receiving the url, redirect the client to the link.

Possible values of payment_status, see the documentation "Payment status".

caution

If you passed notification_endpoint_id or notification_endpoint_url, you will receive a notification about the payment status change

Deposit Bank Codes

service	customer_code
payment_card_bdt_hpp	nagad
	bkash
	rocket

Payment Methods Overview​

Certificate Setup​

Signature Generation​

Creating Payments​

Endpoint​

Headers​

Parameters​

Response​

Success Response Example (HTTP CODE 200)​

Error Response Example (HTTP CODE 400)​

Deposit Bank Codes​