API, an abbreviation of Application Program Interface, is a set of routines, protocols, and tools for building software applications. The API specifies how software components should interact. Virtually all software has to request other software to do some things for it. To accomplish this, the asking program uses a set of standardized requests, called Application Programming Interface (API). Building an application with no APIs is basically like building a house with no doors. The API for all computing purposes is how we open the blinds and the doors and exchange information. This documentation is about Token based payment in eSewa. This helps to understand and guide those partners which are intended to integrate token based payment. Token based payment implies, a unique token is generated at the merchant end. Customer enters the token at eSewa for payment, and then request is made to the client against the token generated from merchant. Upon getting the necessary information in response, payment is made from eSewa in next step. This documentation will help to accelerate the integration efforts of client application with eSewa.
The scenario visualized in above figure shows an overall communication from partner/client’s Server to eSewa and finally to the partner/client’s Server. Number in bracket specifies the order of process that is carried out between partner client and eSewa. Following lays the explanation:
URL
property_key:STATEMENT_URL
Request Id from esewa's inquiry will always only concat at end of Client's Url as path variable. Request Id from inquiry cannot be
used anywhere else on like on header or body. There is no need to have {{request_id}} in request url as it will always concat even if
it is not present but if request id is to be mentioned in url always must be in snake case like : {{request_id}}
Eg1: request_id : customer45 , url: clientUrl.com.np , final result: clientUrl.com.np/customer45
Eg2: request_id : customer45, url: clientUrl.com.np/{{request_id}} final result: clientUrl.com.np/customer45
Note : Request Id cannot be NULL or left blank. This is a mandatory field.
Http Method property_key:HTTP_METHOD Http method can be configured for inquiry API of Client as required. Note:: If not set, will be GET method by default.
Header Parameters property_key:HEADER_PARAMS If parameters are to be sent in header of Client’s inquiry that can be configured as well. Header must always be in JSON format. While header key’s value must be in list format. custom/dynamic field to take from input must always be enclosed by “{{}}“. Below is example format how data in db is stored
{
"client_code": ["{{client123}}"],
"vendor": ["ESEWA"]
}
Value enclosed in “{{}}“ must match to field's name in inquiry request: Eg:Sample Inquiry request:
{
"separate_integration": "true",
"product_type": "GENERIC_TOKEN_PAYMENT_V2",
"username": "ashish",
"user_id": "user123",
"emp_code": "empCcode123",
"name" : "Ashish Shrestha",
"customer_id": "customer123"
}
Sample Header JSON format:
{
"username": ["{{username}}"],
"user_id": ["{{user_id}}}"],
"emp_code": ["{{emp_code}}"],
"name" : ["{{name}}"],
"customer_id": ["{{customer_id}}"],
"staticField": ["ESEWA"]
}
1. Body must always be in JSON format as well and as mentioned above custom fields must always be enclosed by “{{}}“. Eg:
{
"clientCode": "{{client_code}}",
"dob" : "{{dob}}",
"username": "{{username}}",
"staticField": "ESEWA"
}
Note: Field name either in header, url or in body must always be in snake case i.e if we've field “Customer Id” it must always be as “customer_id”
Field | Type | Mandatory | Description |
---|---|---|---|
reponse_code | int | Yes | Success or failure is determined this field, where: 0 : Success 1 : Fail |
reponse_message | String | Yes | This message is shown to customer. |
amount | double | Yes(No incase of package.) | Amount for payment.Not mandatory incase of amount is fetched from package. |
request_id | String | Yes | Same “Customer code” sent in inquiry Url |
properties | Map |
No | Additional details that is shown to customer. |
packages | List |
No | Packages is list of object where Obj comprise following data. { String display; double value; Map <String, String> properties; } display:package name value: amount of package properties: additional info to recognize package + additional details |
Reponses from client must be in following format.
{
"response_code": 1,
"response_message": "Authentication Failed."
}
{
"amount": 515.15,
"properties": {
"Address": "Kathmandu",
"request_id": "Test-unique-key1",
"customer_name": "Ashish Shrestha"
},
"request_id": "Test-unique-key1",
"response_code": "0",
"response_message": "success"
}
{
"amount": 315.0,
"properties": {
"address": "Kathmandu",
"request_id": "customer12",
"customer_name": "Ashish Shrestha"
},
"packages": [
{
"display": "<Package Name1> <1month> [Rs. 1000]>",
"value": 100.0,
"properties": {
"package_id": "110"
}
},
{
"display": "<Package Name2> <2months> [Rs. 2000]>",
"value": 200.0,
"properties": {
"package_id": "210"
}
},
{
"display": "<Package Name3> <3months> [Rs. 3000]>",
"value": 300.0,
"properties": {
"package_id": "310"
}
},
{
"display": "<Package Name4> <4months> [Rs. 4000]>",
"value": 400.0,
"properties": {
"package_id": "410"
}
},
{
"display": "<Package Name5> <5months> [Rs. 5000]>",
"value": 500.0,
"properties": {
"package_id": "510"
}
}
],
"request_id": "customer12",
"response_code": "0",
"response_message": "success"
}
Authentication property_key:AUTHENTICATION_URL • Basic Authentication: : If AUTHENTICATION_URL key is not present or has no value then we consider client don't have dedicated authentication and will send Basic Authentication for authorization in every request. and take below mentioned keys for username and password property_key: HEADER_USER property_key: HEADER_PASSWORD(base64 encoded) •Client's Authentication:If AUTHENTICATION_URL key is present and has value,then we get access token from client's login. Property key HEADER_USER and HEADER_PASSWORD will be used for username and password. We have a below mentioned format for client for request and response:/n URLhttps://clientUrl.com/access-token Url for login as well as for refreshing token will be same HttpMethod:POST
{
"grant_type": "password",
"client_secret": {{base64 encoded client_secret key}},
"username": {{username}},
"password": {{base64 encoded password}}
}
Name | Description |
---|---|
grantType | As for authentication as well as for refresh token URL would be same but would be differentiated by : a)password: For authentication with username and password b) refresh_token : For authentication with refresh token |
client_secret | base64 Encoded value of key with length from 32 - 64 characters long. |
username | username provided by client. |
password | Base64 encoded value of password provided by client |
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqa1ZhNWI2TzZpNTJIeEdHSUN3NFhVTkFyLWpxSUs3
"expires_in": 250,
"token_type": "Bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkYTNlYjFjZS0wNGJlLTQ3Y2YtODlkYS02M2M5MDJ
"refresh_expires_in": 550
}
Name | Description |
---|---|
access_token | accessToken to sent in each request. |
expires_in | integer value in sec for how long access_token will be valid. |
token_type | prefix value of access token. |
refresh_token | If access token is expired, with this token access token is fetched. |
With above response from client. Esewa send’s access Token for Authentication for each request. In Header with key Authorization. Key is constructed as : token_type + “<space>“ + access_token Refresh Token: To refresh the token same authentication url is used with following request format :
{
"grant_type": "refresh_token",
"refresh_token": {{refresh_token from previous login}},
"client_secret": {{base64 encoded client_secret key}}
}
Name | Description |
---|---|
grant_type | refresh_token for refreshing token. |
refresh_token | refresh token from previous login |
client_secret | base64 encoded client_secret key |
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqa1ZhNWI2TzZpNTJIeEdHSUN3NFhVTkFyLWpxSUs3S
"expires_in": 200,
"token_type": "Bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkYTNlYjFjZS0wNGJlLTQ3Y2YtODlkYS02M2M5MDJk
"refresh_expires_in": 400
}
Note : A key is maintained to cache authentication according to Request Id property_key:CACHE_AUTH_ACC_TO_REQ_ID if value is set true, authentication is maintained according to request_id i.e token is, maintained for particular request_id for both inquiry and payment or else (default) separate authentication token is not maintained for each request and will be used same token for all eSewa user's requests for the particular Client. As for this to be maintained Client's Authentication system must also support such implementation where multiple sessions are maintained according to logins.
property_key:PAYMENT_URL For Payment Url is stored in key PAYMENT_URL.
{
"request_id": "12123122",
"amount": 1000,
"transaction_code": "01XV31A",
"package_id": 401
}
Success Response:
{
"amount": 1000,
"properties": {
"document_no": "KTM/010G0000/CPM14/01129",
"flag": "SUCCESS",
"expiry_date": "2024-11-28",
"receipt_no": "KTM/008507",
"receipt_date": "2023-11-28",
"effective_date": "2023-11-28",
"policy_no": "KTM/010G0000/CPM14/01129"
},
"request_id": "12123122",
"response_code": "0",
"response_message": "success",
"reference_code": "KTM/010G0000/CPM14/01129"
}
{
"response_code": 1,
"response_message": "Authentication Failed."
}
{
"response_code": 2,
"response_message": "Transaction is Pending."
}
property_key:TRANSACTION_STATUS_URL For Transaction Status, Url is stored in key TRANSACTION_STATUS_URL.
{
"amount": 123,
"transaction_code": "01XV31A",
"reference_code": 40111221,
"request_id": "req123"
}
Success Response:
{
"status": "SUCCESS",
"amount": 1000,
"properties": {
"receipt_no": "receipt_81503",
"expiry_date": "2024-12-28",
"effective_date": "2023-12-28"
},
"request_id": "cus_HpPgb",
"response_code": "0",
"response_message": "Transaction is complete.",
"reference_code": "401",
"transaction_code": "01XV31A"
}
{
"status": "FAILED",
"amount": 123,
"properties": null,
"request_id": "request002",
"response_code": "1",
"response_message": "Transaction is failed.",
"reference_code": "401",
"transaction_code": "01XV31A"
}
{
"status": "PENDING",
"amount": 124,
"properties": {
"receipt_no": "receipt_38477",
"expiry_date": "2024-12-28",
"effective_date": "2023-12-28"
},
"request_id": "request003",
"response_code": "2",
"response_message": "Transaction is pending.",
"reference_code": "401",
"transaction_code": "01XV31A"
}