Mobile App Integration Document

In case of Android Mobile App Integration the transaction flow is same only the following parameter
need to passed at the time of web view calling i.e. referer” header parameter must be present in the
transaction request while merchant connects to SBI PG we had received updated from our PG team
in which they have mentioned that PG team expect the “Referrer” parameter in request header. If
this parameter is not defined in request header while sending the payment request during web view
call, it will get declined by PG as PG has validation on this parameter.

To resolve this issue, request you to please add the “Referer” parameter in request header and
confirm. For your reference, refer to below attached desktop browser header information.

On click of F12 go to network tab, In header block the Referer parameter having merchant url which
verifies that the request is coming from authorized domain If this parameter is not defined in
request header while sending the payment request during web view call, it will get declined by PG as
PG has validation on this parameter.

Below are the steps to integrate mobile app transaction.

REQUEST

Android:
 Mobile App Integration Document

1) On click of pay button, invoke a webview. We load the url to our server that redirects to payment
gateway.

WebView webView = (WebView) view.findViewById(R.id.pg_webview);

StringBuilder queryparamBuilder = new StringBuilder().append(pgURL)

.append("opCode").append(EQUALS)

.append(opcode).append(APPENDER)

.append("amount").append(EQUALS)

.append(charge).append(APPENDER)

.append("tx_date").append(EQUALS)

.append(date).append(APPENDER)

.append("tx_id").append(EQUALS);

String queryparams = queryparamBuilder.toString();

2) Add headers and Referer to the url and send a GET request to the server as we could not add
headers in POST for Android Webview

Map<String, String> extraHeaders = new HashMap<String, String>();

SharedPreferences preferences = getActivity().getSharedPreferences("patient",

MODE_PRIVATE);

String sessionId = preferences.getString("sessionID" , null);

Long expires = preferences.getLong("expires", 0);

Log.i(TAG, "sessionID -- " + sessionId + " expiry " + expires);

extraHeaders.put("Authorization", AUTHTOKEN );

extraHeaders.put("Set-Cookie", "sessionID="+sessionId+" ; expires="+ expires);

extraHeaders.put("Referer", REFERER_URL);

webView.loadUrl(pgURL, extraHeaders);

webView.getSettings().setJavaScriptEnabled(true);

3)On loading the server URL, server encrypts the payment details and redirects to servlet to submit
form

SERVER:
 Mobile App Integration Document

public Response startpay(@QueryParam(value = "opCode") String opCode, @QueryParam(value =

"tx_date") String tx_date, @QueryParam(value = "amount") String charge , @QueryParam(value =
"tx_id") String tx_id) {

StringBuilder querystring = new

StringBuilder().append(MERCHANT_ID).append("|").append(OPERATING_MODE)

.append("|").append(MERCHANT_COUNTRY).append("|").a
ppend(MERCHANT_CURRENCY).append("|")

.append(amount).append("|").append(otherDetails).append
("|")

.append(PG_RESPONSE_URL).append("|")

.append(PG_RESPONSE_URL).append("|").append(AGGREG
ATOR_ID)

.append("|").append(MerchantOrderNo).append("|").appe
nd(MerchantCustomerID).append("|")

.append(Paymode).append("|").append(Accesmedium).app
end("|").append(TransactionSource);

String secretKey = ENC_SECRET_KEY;

String encstr = AES128Bit.encrypt(querystring.toString(), secretKey);

encstr = encstr.replaceAll("\n", "");

// payment details

StringBuilder paymentDetails = new StringBuilder();

paymentDetails.append("aggGtwmapID||||||||");

String encryptPaymentDetails =
AES128Bit.encrypt(paymentDetails.toString(), secretKey);

encryptPaymentDetails.replaceAll("\n", "");

logger.info(TAG + "redirecting to pg");

URI uri =
UriBuilder.fromPath(QUERY_REQUEST_URL).queryParam("queryRequest", encstr)

.queryParam("PaymentDtls",
encryptPaymentDetails).build();
 Mobile App Integration Document

return Response.seeOther(uri).build();

4) In Servlet handle the http request in doGet, set requestparams and forward the request to JSP
page

Servlet:

public void doGet(HttpServletRequest request, HttpServletResponse response) throws

ServletException, IOException

String value=request.getParameter("queryRequest");

String payment=request.getParameter("PaymentDtls");

request.setAttribute("queryRequest", value);

request.setAttribute("PaymentDetails", payment);

request.getRequestDispatcher(JSP_FORM_PATH).forward(request, response);

5) Submit the form to PaymentGateway URL

JSP:

<form name="form" id="form"

action="<%=PgConnectionConfig.getPG_PAYMENT_URL()%>" method="POST">

<input type="hidden" name="EncryptTrans"

value="<%=request.getParameter("queryRequest")%>"> <input

type="hidden" name="EncryptpaymentDetails"

value="<%=request.getParameter("PaymentDetails")%>"> <input

type="hidden" name="merchIdVal"

value="<%=PgConnectionConfig.getMERCHANT_ID()%>" />

</form>
 Mobile App Integration Document

RESPONSE

1)Payment Gateway response redirects to server. On receiving encrypted data, again request for
doubleverification is redirected to paymentGateway. This response in server side based on
success/failure of payment transaction updates the transaction details in database and then
redirects to a PGSUCCESS_URL/ PGFAILURE_URL

Server:

public Response pgresponse(@FormParam("encStatusData") String encData,

@FormParam("merchIdVal") String merchIdVal){

//update transaction status in DB

if(status.equalsIgnoreCase("success"))

uri = UriBuilder.fromPath(PG_SUCCESS_URL).build();

else

uri = UriBuilder.fromPath(PG_FAIL_URL)

.queryParam("reason", status_des).build();

return Response.seeOther(uri).build();

2) In Android Webview, final redirection url to PG_SUCCESS/ PG_FAIL is captured, based on this url
payment status is confirmed. Then proceeds to next activity in android screen.

Android:

webView.setWebViewClient(new WebViewClient() {

@Override

public void onPageFinished(WebView view, String url) {

if (url.contains(PG_SUCCESS)) {
 Mobile App Integration Document

stepperflag = true;

Bundle b = new Bundle();

b.putString("paymentStatus", "success");

mListener.onProceed(step, b); //PROCEED TO PAYMENT COMPLETE SCREEN

} else if (url.contains(PG_FAILURE)) {

stepperflag = true;

String reason = url.substring(url.lastIndexOf("=") + 1);

Bundle b = new Bundle();

b.putString("paymentStatus", "failure");

reason = Utils.getStatusMsg(reason);

b.putString("reason", reason);

mListener.onProceed(step, b); //PROCEED TO PAYMENT COMPLETE SCREEN

*********************PG and Referer URL sample Value *************************

pgURL = "https://psgimsr.ac.in/althos/ihsrest/v1/pay?"; // merchant URL

String queryparams = "opCode=" + opcode + "&tx_date=" + date + "&amount=" + charge + "&tx_id="

+ txid;

pgURL = pgURL + queryparams;

Map<String, String> extraHeaders = new HashMap<String, String>();

String sessionId = preferences.getString("sessionID" , null);

Long expires = preferences.getLong("expires", 0);

Log.i(TAG, "sessionID -- " + sessionId + " expiry " + expires);

extraHeaders.put("Authorization", "Bearer " +

"U1NncFdkdzVTU2dwV2R3Nl9JRDpTU2dwV2R3NVNTZ3BXZHc2X1NFS1JFVA==");
 Mobile App Integration Document

extraHeaders.put("Set-Cookie", "sessionID="+sessionId+" ; expires="+ expires);

extraHeaders.put("Referer", "https://psgimsr.ac.in/althos/ROOT/ihsrest/v1");

webView.loadUrl(pgURL, extraHeaders);

webView.getSettings().setJavaScriptEnabled(true);

Below is a reference code :

private class MyBrowser extends WebViewClient {

@Override

public boolean shouldOverrideUrlLoading(WebView view, String url) {

Map<String, String> extraHeaders = new HashMap<String, String>();

extraHeaders.put("Referer",sampleUtils.refererURL);

view.loadUrl(url,extraHeaders);

return true;

@Override

public void onPageFinished(WebView view, String url) {

Log.e(TAG, "URL:: " + url);

if (isFirst) {

view.loadUrl(loadurl);

isFirst = false;

dismissDialog();

}
 Mobile App Integration Document

@Override

public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {

// super.onReceivedSslError(view, handler, error);

final AlertDialog.Builder builder = new AlertDialog.Builder(PNGPaymentActivity.this);

String message = "SSL Certificate error.";

switch (error.getPrimaryError()) {

case SslError.SSL_UNTRUSTED:

message = "The certificate authority is not trusted.";

break;

case SslError.SSL_EXPIRED:

message = "The certificate has expired.";

break;

case SslError.SSL_IDMISMATCH:

message = "The certificate Hostname mismatch.";

break;

case SslError.SSL_NOTYETVALID:

message = "The certificate is not yet valid.";

break;

message += " Do you want to continue anyway?";

builder.setTitle("SSL Certificate Error");

builder.setMessage(message);

builder.setPositiveButton("Continue", new DialogInterface.OnClickListener() {

@Override

public void onClick(DialogInterface dialog, int which) {

handler.proceed();

});
 Mobile App Integration Document

builder.setNegativeButton("Cancel", new DialogInterface.OnClickListener() {

@Override

public void onClick(DialogInterface dialog, int which) {

handler.cancel();

WebView webView = (WebView) findViewById(R.id.webview);

webView.setVisibility(View.GONE);

paymentGatewayHeader.setText(getResources().getString(R.string.payment_gateway_header_failur
e));

paymentGatewayMsg.setText(getResources().getString(R.string.payment_gateway_failure_msg));

tvTransactionId.setVisibility(View.GONE);

paymentGatewayFooter.setVisibility(View.GONE);

successLayout.setVisibility(View.VISIBLE);

});

final AlertDialog dialog = builder.create();

dialog.show();