Skip to content

Technical FAQ

Jump to bottom
Daniel Marek edited this page Jun 13, 2018 · 27 revisions

I am getting http status 400, bad request when calling the eAPI

In most of the cases, the reason is the wrong signature. The most common mistakes are:

  • the string for calculation of the signature is incorrect or the signature calculation algorithm is wrong. Please see more details in eAPI specification
  • incorrect private key is used for the signature (i.e. integration and production environment key mismatch)

What algorithm do I need to create and verify signature?

To create and verify signature use algorithm based on SHA-1. For example in Java for getting instance of class java.security.Signature use algorithm "SHA1withRSA", in PHP use "OPENSSL_ALGO_SHA1", default algorithm for openssl_sign() a openssl_verify() functions.

Example of crypto operations in Java

Example of crypto operations in .NET

Can the cart contain multiple items?

The eAPI v1, v1.5, v1.6 requires at least one (e.g.”credit top-up) and maximum two cart (e.g. “mobile phone” and “shipping”) items. Future versions will introduce a new cart with broader options.

I am getting response code 900 when calling payment/init operation

Beware of correct format of cart parameter, payment gateway expects the list of fields for cart parameter, i.e. fields must be enclosed in [ and ], especially if cart contains only single item.

correct cart content with one item:

"cart":[ { "name":"Reservation", "quantity":1, "amount":10000 } ]

incorrect:

"cart": { "name":"Reservation", "quantity":1, "amount":10000 }

Beware of the "extensions" parameter formatting in case of EET, it is important as you can see below to format this parameter like a field not as an object.

"extensions":[ { "extension": "eetV3", "dttm": "20170125131559", "data": { "premiseId": 181, "cashRegisterId": "00/2535/CN58", "totalPrice": 17896.00 }, "signature": "base64-encoded-extension-signature" } ]

How to load the public key in PEM format?

The public key of the payment gateway is distributed in the text PEM format. Please use the following examples for initialitaztion:

JAVA

String publicKeyFileName = "test.pub";
String content = FileUtils.readFileToString(new File(publicKeyFileName));
content = StringUtils.remove(content, "-----BEGIN PUBLIC KEY-----");
content = StringUtils.remove(content, "-----END PUBLIC KEY-----");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.decodeBase64(content));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(keySpec);

PHP

$publicKeyFileName = "test.pub";
$fp = fopen ($publicKeyFileName, "r" );
if (! $fp) {
    throw new Exception ( "Public key " . $publicKeyFileName . " not found" );
}
$content = fread ($fp, filesize ( $publicKeyFileName ) );
fclose ( $fp );
$publicKey = openssl_get_publickey ( $content );

.NET

Example of sign() and verify() operations in this snippet

The payment/process call returns http status 404, not found

Operation payment/process is called using the GET method. Please make sure that the last portion of the URL - signature parameter - is "URL encoded". The signature is transmitted to the gateway as Base64 encoded, therefore contains with a high probability the / character. Payment gateway will not accept the incorrectly formatted request (as it can not load the signature).

Legacy API (migration from GP Webpay) - how to call the transaction status

Legacy API does not support the transaction status enquiry. The operation [payment/status] is supported the new new eAPI

What time zone should I use for dttm parameter?

The recommended settings is Europe/Prague timezone. The same settings is used in responses sent from payment gateway. The main benefit for merchant is easier tracking of sent communication, however payment gateway does not validate timezone of dttm parameter, this parameter is primarily used for signature computing.

What encoding should I use in JSON requests?

Please use UTF-8 encoding in JSON requests in eAPI calls.

Generated key is not downloaded in Safari browser

Generated key from keygen application in Safari browser is not automatically downloaded, key is only displayed in browser. This is limitation of used js library. We recommend to store key manually by ⌘+S.

💳 Payment gateway

  1. Payment lifecycle
  2. Integration and API security
  3. Activation of the production environment
  4. Test cards and credentials
  5. API Sunset

💰 Payments

  1. Payment Authentication
  2. Basic Payment
  3. OneClick Payment
  4. Custom Payment
  5. Apple Pay
  6. Google Pay
  7. Collecting partial card payment
  8. ČSOB Payment Button
  9. Payment Skip Pay

🔬 eAPI 1.9

  1. API Integration
  2. Request Signing and Response Signature Validation
  3. API Methods Overview
  4. Basic Methods
  5. Methods for OneClick Payment
  6. Methods for Apple Pay
  7. Methods for Google Pay
  8. Methods for ČSOB Payment Button
  9. Methods for Skip Pay
  10. Purchase metadata

📐 Tools & how-to

  1. Payment method presentation
  2. Merchant Logo
  3. Colour scheme

📟 API extensions

  1. Extensions concept
  2. Exact date and time of transaction authorization
  3. Card data for OneClick Payment
  4. Card data for Basic Payment
  5. Tokenization
  6. Customer validation code

🔧 Frequently Asked Questions

  1. Payment methods and processing FAQ
  2. Technical FAQ
Clone this wiki locally