Mandiri e-cash Online

eCommerce Payment Gateway

Implementation Guide
Version: 1.8

1
Index of Contents
General Overview ....................................................................................................................................................... 3

MANDIRI E-CASH ECOMMERCE GATEWAY IMPLEMENTATION.................................................................... 5

Prerequisites .......................................................................................................................................................................................... 5

Implementation .................................................................................................................................................................................... 5

Process Flow........................................................................................................................................................................................... 8

Sandbox / development environment for Mandiri e-cash IPG..................................................................................... 11

2
General Overview
Payment by using Mandiri e-cash online payment gateway has many similarities with other
payment gateway like Paypal, in the merchant page where the costumer checks out using e-cash
payment method, the first step is to generate the payment ticket, redirects the customer to e-cash
payment page, and afterwards the customer completes the payment in Mandiri e-cash page, and
then after payment is processed, the merchant will receive notification of the ticket that has
completed by Mandiri e-cash server, after that the customer will be redirected to the merchants
return page that will be the landing page of Mandiri e-cash payment. Using the ticket received in the
notification and redirection process the merchant will do verification of the payment in the
validation page of mandiri e-cash.

3
4
MANDIRI E-CASH ECOMMERCE GATEWAY IMPLEMENTATION
Prerequisites
1. Merchant has been registered in the Mandiri e-cash online payment System, Received the
MID (Merchant ID) and also have an active Mandiri Bank Account.
2. Merchant enlisted their IP of the server or the Domain name that is used for the server.
3. Customer that will do transaction in the merchants website is registered member in the
merchants website, so there is no anonymous customers.

Implementation
1. In the website Merchant adds Mandiri e-cash as a method of payment in their web, for
example :
Choose your payment methodPilih jenis pembayaran :
a. Bank Transfer
b. Credit Card
c. Mandiri e-cash
2. When the customer chooses to pay by using mandiri e-cash payment, the merchant will call
the Mandiri e-cash payment gateway web service (<e-
cash_site>/ecommgateway/services/ecommgwws) to generate transaction ID that will be
used in the Payment Page, to call this web service the website must :
1. Use HTTPS Protocol (SSL)
2. Use HTTP basic authentication containing username (MID) and password (MIDs
Password)
3. Sends the following parameters

Parameters Format Explanations Accepted Values

amount Amount that will be paid BigDecimal

clientAddress Customers IP Address String

description Description of the transaction String

memberAddress Merchants IP Address String

returnUrl The URL that will receive completed transaction String

5
 redirection and Payment notification

toUsername MID String

trxid Transaction ID / Order ID of the transaction process String

hash Hash generated From String

toUsername+amount+clientAddress

The correct response will be :

Parameters Format Explanations Values

Id Id unik transaksi yang digenerate eCash. String

Parameter Hash:
For Hash parameter that is sent to Mandiri e-cash ecommerce gateway must be generated by
SHA-1 of the parameters UPPERCASE(toUsername)+amount+clientAddress like the
following example :

toUsername = merchant0001

Amount = 22000

clientAddress = 192.168.30.118

input = MERCHANT000122000192.168.30.118

result = fcb8d06b2d4d367e9bcc4178e8f87dd44adc1b61

Example of the webservice request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ws="http://ws.service.gateway.ecomm.ptdam.com/">

<soapenv:Header/>

<soapenv:Body>

<ws:generate>

6
 <params>

<amount>10000</amount> <clientAddress>182.253.203.91</clientAddress>

<description>Yearly Calendar Sale Model 001</description>

<memberAddress>182.253.203.90</memberAddress>

<returnUrl>https://merchant.com/return.html</returnUrl>

<toUsername>emerchant</toUsername>

<trxid>ONL.130530.GRMD</trxid>

<hash>bdyrms7ghbgs2m7ztvqc7k49jz19l1ji</hash>

</params>

</ws:generate>

</soapenv:Body>

</soapenv:Envelope>

Result

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Body>

<ns2:generateResponse xmlns:ns2="http://ws.service.gateway.ecomm.ptdam.com/"
xmlns:ns3="http://ws.service.ecomm.emoney.ptdam.com/">

<return>k7p79bihoxbccgdbrida0igxqhenwljz</return>

</ns2:generateResponse>

</soap:Body>

</soap:Envelope>

Other possible results in the return parameter:

INVALID_DATA : Possible Parameter Fault, like the Hash, toUsername &
clientAdress/memberAddress
INVALID_RETURNURL : Invalid format in the return URL, the return URL must use
HTTPS in the protocol
EMPTY RETURN / NO RETURN : Invalid MID / Password

7
 3. Makes an URL for receiving notification from the server and redirects form the customer.
After the transaction process is completed in Mandiri e-cash, the customer will be redirected
back to that URL with GET parameter the transaction ID.
4. Creates a method that will do transaction verification and update of the transaction status,
that will call the following URL

https://<e-cash_site>/ecommgateway/validation.html

With the POST parameter id (ID number that is received in the 3rd step) will results status
SUCCESS/FAILED with the following format in the body of the result

<id_e-cash>,<tracenumber_e-cash>,<nohp>,<merchant_trxid>,<status>

example:
c7yxnq5m10c5osrwnofw0aqlxpnvopw4,0000000000300,085624340035,ONL.130530.GRMD,
SUCCESS

Process Flow

1. The customer choose Mandiri e-cash as the method of payment

2. Merchant will process the order that is requested by the customer and then generate the ID
by sending the generate parameters in the Mandiri e-cash payment gateway web service.
3. Merchant redirects the customer and also the id that was generated, for example:

Generated ID : K7P79BIHOXBCCGDBRIDA0IGXQHENWLJZ

e-cash Payment Gateway URL : https://<e-cash_site>/ecommgateway/payment.html

So the merchant redirects the customer to the following URL:

https://<ecash_site>/ecommgateway/payment.html?id=K7P79BIHOXBCCGDBRIDA0IGXQHENW
LJZ

4. Customer will be redirected to the Mandiri e-cash Payment page to complete the payment
the following is the example of the payment page in Mandiri e-cash:

8
 Explanation :

Nomor This mandatory field is filled with

Ponsel the Customers Phone Number that
is registered in the Mandiri e-cash
system.

PIN This mandatory field is filled with

the Customers valid PINField ini
diisi dengan PIN customer yang
valid.

5. After customers phone number and PIN successfully verified, customer will receive SMS
containing OTP that will be used as payment confirmation, the customer must enter the OTP
in the following page :

Explanation :

OTP This mandatory field is filled with

OTP (One Time Password) that
customer receive, the OTP only valid
on one try.

9
6. After the customer inputs the valid OTP, the transaction is commited and Mandiri e-cash
server will show result page.

Keterangan :

Ok If the user pressed this button then

Mandiri e-cash server will redirect
the user to the merchants return
URL.

7. Merchant will be notified by POST method in the body, in the return URL about the
transaction finished with the following format:

<id_e-cash>,<tracenumber_e-cash>,<nohp>,<merchant_trxid>,<status>

Example:

c7yxnq5m10c5osrwnofw0aqlxpnvopw4,0000000000300,085624340035,ONL.130530.GRMD,
SUCCESS
from this notification the merchant must do validation to the validation URL
(https://<ECASH_SERVER>/ecommgateway/validation.html) by posting the transaction ID
received in the notification process to verify the notification is from mandiri e-cash server.

8. After the transaction is done, the customer will be redirected if they clicked OK or
automatically after 5 seconds to the return URL, for example:

https://<merchant_returnurl>/?id=c7yxnq5m10c5osrwnofw0aqlxpnvopw4

If the merchant didnt receive the notification ( step 7 ) the merchant then should do
validation in this step instead.
The validation process is the same like the 7th process, the validation is done on validation

10
 URL (https://<ECASH_SERVER>/ecommgateway/validation.html) by posting the
transaction ID received in the notification process to verify the notification is from mandiri
e-cash server.

Sandbox / development environment for Mandiri e-cash IPG

PT DAM provides development environment for Mandiri e-cash integration, to use the sandbox the
following prerequisites must be met:

1. Informs the IP or the domain name of the merchants server .

2. Register 1 or more mobile phone number as the tester costumer that will do the testing
transactions.

3. Receive the MID & the password for the merchant

4. Using this URL as the ID generation webservice:

https://mandiri-ecash.com/ecommgateway/services/ecommgwws?wsdl

Or

http://mandiri-ecash.com:19443/ecommgateway/services/ecommgwws?wsdl

5. Using this URL as the payment redirection:

https://mandiri-ecash.com/ecommgateway/payment.html

Or

http://mandiri-ecash.com:19443/ecommgateway/payment.html

11
6. Using this URL as the validation :

https://mandiri-ecash.com/ecommgateway/validation.html

Or

http://mandiri-ecash.com:19443/ecommgateway/validation.html

12