PHP Merchant Integration Guide

1
Copyright © ICICI Bank Limited. All rights reserved.
Copyright Information

Copyright © ICICI Bank Ltd. All rights reserved. No part of this document may be
reproduced, stored in retrieval form, adopted or transmitted in any form or by
any means, electronic, mechanical, photographic, graphic, optic or otherwise,
translated in any language or computer language, without prior written permission
from ICICI Bank Ltd.

Disclaimer

This document has been prepared in accordance with the accepted techniques for
solution specifications definition at ICICI Bank Ltd. The information represented
herein, has been gathered after studying market trends and inputs supplied by
expert consultants. The representations and related information contained in the
document reflect ICICI Bank’s best understanding of the business. However, ICICI
Bank makes no representation or warranties with respect to the contents hereof and
shall not be responsible for any loss or damage caused to the user by the direct or
indirect use of this document and the accompanying software package.
Further, ICICI Bank reserves the right to alter, modify or otherwise change in any
manner the content hereof, without the obligation to notify any person of such
revision or changes.

About Payseal

Payseal is brought to you by ICICI Bank Ltd. Payseal provides secure electronic
commerce payment solutions in the B2C & B2B environments.

2
Copyright © ICICI Bank Limited. All rights reserved.
About ICICI

ICICI Bank is India's second-largest bank with total assets of Rs. 3,997.95
billion (US$ 100 billion) at March 31, 2008 and profit after tax of Rs. 41.58 billion for
the year ended March 31, 2008. ICICI Bank is second amongst all the companies
listed on the Indian stock exchanges in terms of free float market capitalization*. The
Bank has a network of about 1,308 branches and 3,950 ATMs in India and presence
in 18 countries. ICICI Bank offers a wide range of banking products and financial
services to corporate and retail customers through a variety of delivery channels
and through its specialized subsidiaries and affiliates in the areas of investment
banking, life and non-life insurance, venture capital and asset management. The
Bank currently has subsidiaries in the United Kingdom, Russia and Canada,
branches in Unites States, Singapore, Bahrain, Hong Kong, Sri Lanka, Qatar and
Dubai International Finance Centre and representative offices in United Arab
Emirates, China, South Africa, Bangladesh, Thailand, Malaysia and Indonesia. Our
UK subsidiary has established branches in Belgium and Germany.

ICICI Bank's equity shares are listed in India on Bombay Stock Exchange and
the National Stock Exchange of India Limited and its American Depositary Receipts
(ADRs) are listed on the New York Stock Exchange (NYSE).After consideration of
various corporate structuring alternatives in the context of the emerging competitive
scenario in the Indian banking industry, and the move towards universal banking,
the managements of ICICI and ICICI Bank formed the view that the merger of ICICI
with ICICI Bank would be the optimal strategic alternative for both entities, and
would create the optimal legal structure for the ICICI group's universal banking
strategy. The merger would enhance value for ICICI shareholders through the
merged entity's access to low-cost deposits, greater opportunities for earning fee-
based income and the ability to participate in the payments system and provide
transaction-banking services. The merger would enhance value for ICICI Bank
shareholders through a large capital base and scale of operations, seamless access
to ICICI's strong corporate relationships built up over five decades, entry into new
business segments, higher market share in various business segments, particularly
fee-based services, and access to the vast talent pool of ICICI and its subsidiaries. In
October 2001, the Boards of Directors of ICICI and ICICI Bank approved the merger
of ICICI and two of its wholly-owned retail finance subsidiaries, ICICI Personal
Financial Services Limited and ICICI Capital Services Limited, with ICICI Bank. The
merger was approved by shareholders of ICICI and ICICI Bank in January 2002, by
the High Court of Gujarat at Ahmedabad in March 2002, and by the High Court of
Judicature at Mumbai and the Reserve Bank of India in April 2002. Consequent to
the merger, the ICICI group's financing and banking operations, both wholesale and
retail, have been integrated in a single entity.

3
Copyright © ICICI Bank Limited. All rights reserved.
Technical Contact

Email pghelpdesk@icicibank.com
Tel 91-022-66673128

Operations Contact

Email pgpayments@icici.com
Tel 91-022- 66673918

4
Copyright © ICICI Bank Limited. All rights reserved.
Installing the SFA PHP Library
Pre-requisites – The Merchant's machine where SFA will be
installed should have PHP with java support enabled.

a. PHP version >= 4.3.4 (recommended version is >=

5.2)

b. JDK 1.4.2 or greater should be available (pre

requisite for JavaBridge)

c. http://php-java-
bridge.sourceforge.net/pjb/installation.php

d. Use javabridge version <= 4.0 (however the latest

versions should work fine)

1. Public certificates of Verisign Intermediate CA and Verisign

Root CA who has issued the Payseal certificate needs to be
available in the java certificate store (cacerts file).

2. The Merchant must possess the key file generated by the

Payment Gateway (available in the zip as 00001003.key).
The file name should not be changed, where 00001003 is
the merchant ID.

Steps for obtaining the key file –

1. Login into the Merchant Web Interface using the Mer­

chant Super User login.

2. Click on the link “Personalize>> Key Download”

3. Save the “.key” file sent by the Payment Gateway in a

local folder.

Note – The key file can be downloaded only once. Please

keep the key file in a secure location. Contact PG System
Administrator in case the key file needs to be
5
Copyright © ICICI Bank Limited. All rights reserved.
 regenerated.

Note:

1. Check php.ini for the java settings, java.java_home and

java.java. The property values needs to be set to the
JDK which was used for compilation (in case
JavaBridge has been compiled to produce a dynamic
module).

2. Enable Java Bridge logging during integration phase.

3. Verify java support by using the Test page (testjava.php)

shipped with PHP SFA library.

The PHP SFA comes bundled as 2 zip files -

1. SFAClient.zip - This zip file contains the components, which

provide the core SFA functionality and test pages

2. SFA_Dependencies.zip - This zip file contains the

components that are required for the SFA to function

The installation process for SFA_Dependencies.zip is as

follows –

1. Copy the ZIP file to a temporary location on the Merchant

site

2. The zip has the following files

1) cryptix32.jar – Required by SFA to encrypt the data sent

to the ePG

6
Copyright © ICICI Bank Limited. All rights reserved.
 2) jcert.jar – Required to establish the SSL connection with
ePG

3) jnet.jar – Required to establish the SSL connection with

ePG

4) jsse.jar – Required to establish the SSL connection with

ePG

5) Servlet.jar – HTTP Request/Response handling

6) Sfa.jar – SFA Java library

3. Copy the folder to a desired location (folder path names

should not have spaces).

4. Set the Jar files in the system classpath. This is not needed
in case the jar files have been copied to the extension di­
rectory of JDK used.
Note: The extension directory can be checked from the
JavaBridge log as well. It is printed on startup of
JavaBridge. In case a J2EE backend (like tomcat or some
servlet engine) is configured for JavaBridge, then copy the
jars to the extension directory of the JDK used by the J2EE
backend.

5. Editing the sfa.properties file

a. Open the file sfa.jar using WINZIP. Open the

sfa.properties file.

Note - If WINZIP or a similar facility is not

available on the machine then the following
java command can be used for extracting

7
Copyright © ICICI Bank Limited. All rights reserved.
 the properties file

Jar -xvf sfa.jar

To jar the file again use,

Jar -cvf sfa.jar com sfa.properties

b. For the parameter 'Key.Directory' in the properties

file set the name of the folder, which contains the
merchant key. A trailing slash has to be put at the
end of this value. The name of the file need not be
set. Save the file after making other relevant
changes.

c. For the parameter “traceLog”, set the name of the

folder to which sfa logs needs to be written. It shall
point to a folder to which write permissions are
available to java.

d. Enable the verbose parameter to “true” only when

necessary as the log generated might be consider­
able depending on the number of transactions.

e. To verify the success of the above operations open

the jar file again and check if the properties file has
the values set.

The Installation process for SFAClient.zip is as follows -

1. Copy the ZIP file to a temporary location on the Merchant

site

8
Copyright © ICICI Bank Limited. All rights reserved.
2. Unzipping shall create a folder called SFAClient.

3. SFAClient contains the following files/directories

1. Sfa – SFA Client library (contains the PHP Sfa library)

2. TestPages – Sample pages for transactions and a test

page (testjava.php) for testing java support.

The Merchants PHP pages can now start using the SFA library.
Test pages are shipped along with the distribution, which can
be used for test/understanding purposes.

Note:

Sfa folder should be copied to the folder where

TestPages/Merchant pages are present.

9
Copyright © ICICI Bank Limited. All rights reserved.
Appendix A

What’s in This Appendix?

The MOTO and the SSL Merchant’s use the Store Front
Adaptor for integrating with the Payment Gateway. This
appendix details the data that is passed from the Merchant to
the Payment Gateway via the Store Front Adaptor.

The following sections define the various parameters and their

definitions.

Note -

1. The information provided in the section “VBV fields for

MOTO Merchants” and “VBV fields for SSL Merchant” are
applicable only to the Merchants enrolled for MPI. For
MOTO merchants who support MPI, it is mandatory to
send the data received from the MPI to the Payment Gate­
way.

2. In case of the SSL Merchant, the Card details will be ac­

cepted by the Payment Gateway. Hence, the Object map­
ping to the Card details mentioned below need not be
populated.

10
Copyright © ICICI Bank Limited. All rights reserved.
Merchant Information

Function Name - setMerchantDetails

Sr Parameter Details Valid values Mandato

No ry
1 ID assigned by the Payment Data with maximum Y
astrMerchantID Gateway to the Merchant size of 8 characters
2 astrVendor Same as Merchant ID Data with maximum N
size of 8 characters
3 astrPartner Same as merchant ID Data with maximum N
size of 8 characters

4 astrCustIPAddress Corresponds to the IP Address Data with maximum N (for

of the Customer. In case of a size of 20 characters SSL)
SSL merchant this data will be Y (for
captured by the Payment MOTO)
Gateway. However, a MOTO
merchant has to pass this data
to the Payment Gateway. This
data is mandatory for a MOTO
merchant and non-mandatory
for the SSL merchant
5 astrMerchantTxnI Transaction number generated Alpha-numeric data Y
D by the Merchant for reference. with maximum size
Root Transactions should have of 50 characters
unique Transaction Reference
Number.
6 Order number generated by Alpha-numeric data N
the Merchant for his/her with maximum size
astrOrderReferenc reference. of 30 characters
eNo
7 astrRespURL URL of the Merchants site on Data with maximum Y (for
which the Payment Gateway size of 80 characters SSL
must post the results of the merchan
transaction. This parameter is ts only)
valid only in case of a SSL
merchant The MOTO
merchant always receives the
response via the PGResponse
Object

11
Copyright © ICICI Bank Limited. All rights reserved.
Sr Parameter Details
No
8 astrRespMethod HTTP method (GET/POST) to Data with maximum Y
be used by the Payment
Gateway for posting the
results of the transaction to
the Merchants site. In case of
SSL Merchants the value
should be POST as the
response is sent via a
redirection.
9 astrCurrCode Currency of the transaction
10 astrInvoiceNo Invoice number generated by Alpha-numeric data N
the Merchants application
Valid values Mandato
ry
size of 4 characters.
(GET/POST)
Data with maximum Y
size of 3 characters.
ISO Alpha Currency
Code
‘INR’ for transactions
in Rupees.
with maximum size
of 20 characters

11 astrMessageType Indicates the type of Data with maximum Y

transaction. This field can size of 20 characters.
contain either of the values req.Preauthorization
mentioned in the adjacent req.Sale
field
12 astrAmount Amount of the transaction Numeric with Y
maximum size of 15
digits. Maximum
exponent is 5.For
example, maximum
possible data in the
amount field can be
999999999999999.99
999 but subject to
the define exponent
for currency
13 astrGMTOffset GMT Time Offset of the Data with maximum N
Merchants sites locale size of 9 characters
Format:
GMT+hh:mm
14 astrExt1 Additional fields provided to Data with maximum N
the Merchant for passing any size of 50 characters
specific data
15 astrExt2 Additional field provided to Data with maximum N

12
Copyright © ICICI Bank Limited. All rights reserved.
Sr Parameter Details Valid values Mandato
No ry
the Merchant for passing any size of 50 characters
specific data. Should be “true”
for SSL merchant
16 astrExt3 Reserved Data with maximum N
size of 50 characters
17 astrExt4 Additional field provided to Data with maximum N
the Merchant for passing any size of 50 characters
specific data
18 astrExt5 Additional field provided to Data with maximum N
the Merchant for passing any size of 50 characters
specific data

13
Copyright © ICICI Bank Limited. All rights reserved.
Function Name - setMerchantRelatedTxnDetails

Sr Parameter Details Valid values Mandatory

No
1 ID assigned by the Payment Data with Y
astrMerchantID Gateway to the Merchant maximum
size of 8
characters. Id
given to the
Merchant for
identification
by the PG
2 astrVendor Same as Merchant ID Data with N
maximum
size of 8
characters.
3 astrPartner Same as Merchant ID Data with N
maximum
size of 8
characters.
4 astrMerchantTxnI Transaction number generated Alpha- Y
D by the Merchant for reference. numeric data
with
maximum
size of 50
characters.
5 astrRootTxnSysRe Transaction reference number Numeric data Y
fNum generated by the Payment with
Gateway for the original maximum
transaction and sent to the size of 15
merchant. Example, for an characters
Authorization transaction the
Root Transaction System
reference of Pre-Authorization
needs to be given. Similarly,
for a Refund transaction the
Root Transaction System
reference of Authorization
needs to be given
6 astrRootPNRef RRN number sent by the Numeric data Y
Payment Gateway to the with
merchant for the original maximum
transaction. Example, for an size of 20
Authorization transaction the characters
14
Copyright © ICICI Bank Limited. All rights reserved.
Sr Parameter Details Valid values Mandatory
No
RRN of Pre-Authorization
needs to be given. Similarly,
for a Refund transaction the
RRN of Authorization needs to
be given.
7 astrRootAuthCode Auth Code sent by the Numeric data Y
Payment Gateway to the with
merchant for the original maximum
transaction size of 6
characters
8 astrCurrCode Currency of the transaction Data with Y
maximum
size of 3
characters.
ISO Alpha
Currency
Code.
‘INR’ for
transactions
in Rupees
9 astrMessageType Indicates the type of Data with Y
transaction. This field can maximum
contain either of the values size of 20
mentioned in the adjacent fieldcharacters.
req.Refund
req.Authoriza
tion
10 astrAmount Amount of the transaction Numeric Y
with
maximum
size of 15
digits.
Maximum
exponent is
5.For
example,
maximum
possible data
in the
amount field
can be
99999999999
9999.99999

15
Copyright © ICICI Bank Limited. All rights reserved.
Sr Parameter Details Valid values Mandatory
No
11 astrGMTOffset GMT Time Offset of the Data with N
Merchants sites locale maximum
size of 9
characters.
GMT+hh:m
m

12 astrExt1 Additional fields provided to Data with N

the Merchant for passing any maximum
specific data size of 50
characters
13 astrExt2 Additional field provided to Data with N
the Merchant for passing any maximum
specific data size of 50
characters
14 astrExt3 Additional field provided to Data with N
the Merchant for passing any maximum
specific data size of 50
characters
15 astrExt4 Additional field provided to Data with N
the Merchant for passing any maximum
specific data size of 50
characters
16 astrExt5 Additional field provided to Data with N
the Merchant for passing any maximum
specific data size of 50
characters

16
Copyright © ICICI Bank Limited. All rights reserved.
Card Information

Function Name - setCardDetails

Manda
Sr No Field Details Valid values tory
1 astrCardType Data with maximum size of 5 Y
characters.
VISA –Visa
MC- MasterCard
2 astrCardNum Numeric data with maximum size of 20 Y

3 astrCVVNum AlphaNumeric data with maximum size Y

of 5.

For VISA,This field should contain the

value in the following format
CVVNum $ Presence Indicator
Where CVVNum is a CVV value
Presence indicator is one of the
following
1 – CVV2 value is present
2 – CVV2 value is on the Card, but is
illegible
9 – Cardholder states CVV2 is not
present on the Card

e.g 010$1, 011$2 , $9

4 astrExpDtYr yyyy Data with maximum size of 4 Y

characters.
5 astrExpDtMon mm Data with maximum size of 2 Y
characters.
6 astrNameOnCard Alphabetic data with maximum size of N
80 characters
7 astrInstrType Mode of Data with maximum size of 5 Y
payment - characters.
Credit/ CREDI - For credit cards
Debit DEBIT- For Debit Cards

17
Copyright © ICICI Bank Limited. All rights reserved.
Ship To Address

Function Name - setAddressDetails

The Payment Gateway will store the Ship To Address details in its database only if all
the details mentioned as mandatory are populated. If the merchant is not capturing
the Address then this object can be passed as null to the SFA. However, if the Class
is instantiated and passed to the SFA, then it is necessary to populate the fields
marked as mandatory

Sr Detail
No Field s Valid values Mandatory
1 astrAddrLine1 Alphabetic data with maximum size Y
of 50 characters
2 astrAddrLine2 Alphabetic data with maximum size N
of 50 characters
3 astrAddrLine3 Alphabetic data with maximum size N
of 50 characters
4 astrCity Alphabetic data with maximum size Y
of 30 characters
5 astrState Alphabetic data with maximum size Y
of 30 characters
6 astrZip Numeric data with maximum size of Y
10 digits
7 astrCountryAlp Alphabetic data with maximum size Y
haCode of 3 characters IND for INDIA
8 astrEmail Alpha-Numeric data with maximum N
size of 80 characters

18
Copyright © ICICI Bank Limited. All rights reserved.
Bill To Address

Function Name - setAddressDetails

The Payment Gateway will store the Ship To Address details in its database only if all
the details mentioned as mandatory are populated. If the merchant is not capturing
the Address then this object can be passed as null to the SFA. However, if the Class
is instantiated and passed to the SFA, then it is necessary to populate the fields
marked as mandatory

Sr Mandato
No Field Details Valid values ry
1 astrCustomerIIf customer is Data with maximum size of 10 N
d a registered characters
customer with
the merchant,
then his ID
needs to be
populated in
this field.
2 astrCustomer Data with maximum size of 80 N
Name characters

3 astrAddrLine1 Alphabetic data with maximum size of Y

50 characters

4 astrAddrLine2 Alphabetic data with maximum size of N

50 characters
5 astrAddrLine3 Alphabetic data with maximum size of N
50 characters
6 astrCity Alphabetic data with maximum size of Y
30 characters
7 astrState Alphabetic data with maximum size of Y
30 characters
8 astrZip Numeric data with maximum size of 10 Y
digits
9 astrCountryAl Alphabetic data with maximum size of 3 Y
phaCode characters
IND for India
10 astrEmail Alpha-Numeric data with maximum size N
of 80 characters

19
Copyright © ICICI Bank Limited. All rights reserved.
Customer Details (required for FDMS)

Function Name - setCustomerDetails

Customer information is sent to the Fraud Detection system for risk verification. If
the merchant is not capturing the said details, then this object can be passed as null
to the SFA. However, if the Class is instantiated and passed to the SFA, then it is
necessary to populate the fields marked as mandatory

Sr
No Field Details Valid values Mandatory
1 strFirstName Alphabetic data with Y
maximum size of 50
characters
2 strLastName Alphabetic data with N
maximum size of 50
characters
3 OfficeAddress Object of Address Type N
4 HomeAddress Object of Address Type N
5 MobileNo Numeric data passed as N
string. Max length of 15
6 Registration Date yyyy-mm-dd Alphabetic data with N
maximum length of 10
characters
7 BillingShippingAdd Y or N Alphabetic data with Y
rMatch maximum size of 1
characters.

20
Copyright © ICICI Bank Limited. All rights reserved.
Address (for Home/Office address details)

Function Name - setAddressDetails

Home and Office address details are sent to the Fraud Detection system for risk
verification. If the merchant is not capturing the Address details, then this object can
be passed as null to the SFA. However, if the Class is instantiated and passed to the
SFA, then it is necessary to populate the fields marked as mandatory

Mandator
Sr No Field Details Valid values y
1 astrAddrLine1 Alphabetic data with maximum Y
size of 50 characters
2 astrAddrLine2 Alphabetic data with maximum N
size of 50 characters
3 astrAddrLine3 Alphabetic data with maximum N
size of 50 characters
4 astrCity Alphabetic data with maximum Y
size of 30 characters
5 astrState Alphabetic data with maximum Y
size of 30 characters
6 astrZip Numeric data passed as string Y
with maximum size of 10 digits
7 astrCountryAlp Alphabetic data with maximum Y
haCode size of 3 characters IND for INDIA
8 astrEmail Alphabetic data with maximum N
size of 80 characters

21
Copyright © ICICI Bank Limited. All rights reserved.
Session Information

Function Name - setSessionDetails

Session information is sent to the Fraud Detection system for risk verification. The
details have to be captured by the merchant if the merchant wishes to run the
transaction through the FDMS system. In case the merchant is not capturing the
details, then this object can be passed as null to the SFA. However, if the Class is
instantiated and passed to the SFA, then it is necessary to populate the fields
marked as mandatory

Sr
No Field Details Valid values Mandatory
1 strRemoteAddr IP Address of the Y
system from where the
end customer is
performing the
transaction.
2 strCookie The value Alphabetic data with N
stored in the maximum size of 50
cookie characters
named “vsc”
3 strBrowserCountry Alphabetic data with N
maximum size of 50
characters
4 strBroswerLanguage Alphabetic data with Y
maximum size of 16
characters
5 strBroswerLocalLangua Alphabetic data with N
geVariant maximum size of 30
characters
6 strUserAgent Alphabetic data with Y
maximum size of 30
characters

22
Copyright © ICICI Bank Limited. All rights reserved.
Merchandise Information

Function Name - setMerchanDiseDetails

Merchandise information is sent to the Fraud Detection system for risk verification.
The details along with Session, customer information are used by the FDMS for risk
verification. In case the merchant is not capturing the details, then this object can be
passed as null to the SFA. However, if the Class is instantiated and passed to the
SFA, then it is necessary to populate the fields marked as mandatory. In case the
purchased goods is related to Airline ticket, then this object need not be filled in and
can be passed as null to the SFA. Instead the Airline details needs to be filled by the
merchant.

Sr
No Field Details Valid values Mandatory
1 strItemPurchased e.g., Computer,
Alphabetic data Y
Shirts, with maximum size
of 24
2 Quantity Numeric data Y
passed as string
with maximum
length of 3
3 strBrand Alphabetic data N
with maximum size
of 24 characters
4 strModelNumber Alphabetic data N
with maximum size
of 24 characters
5 strBuyer’s Name Alphabetic data N
with maximum size
of 32 characters
6 MatchingCardBuyerName Flag indicating Alphabetic data N
whether CardName with maximum size
and BuyerName of 1 characters
Matches
Y or N

23
Copyright © ICICI Bank Limited. All rights reserved.
Airline Transaction Information

Function Name - setAirLineTransactionDetails

Airline transaction information is sent to the Fraud Detection system for risk
verification. The details along with Session, customer information are used by the
FDMS for risk verification. In case the merchant is not capturing the details, then this
object can be passed as null to the SFA. However, if the Class is instantiated and
passed to the SFA, then it is necessary to populate the fields marked as mandatory.
In case the purchased goods is related to merchandise, then this object need not be
filled in and can be passed as null to the SFA. Instead the merchandise details needs
to be filled by the merchant.

Sr Mandat
No Field Details Valid values ory
1 strBookingDate yyyy-mm-dd Alphabetic data with maximum sizeY
of 10
2 strFlightDate yyyy-mm-dd Alphabetic data with maximum sizeY
of 10
3 strFlightTime Hh:mm (24 Alphabetic data with maximum sizeY
hr format) of 5 characters
4 strFlightNo Alphabetic data with maximum sizeY
of 12 characters
5 strPassengerName Alphabetic data with maximum sizeY
of 32 characters
6 NoOfTickets Numeric data passed as string with N
maximum length of 2 characters
7 MatchingCardBuye Flag Alphabetic data with maximum sizeN
rName indicating of 1 characters
whether
Card Name
and Buyer
Name
Matches
Y or N
Alphabetic data with maximum size
8 strPNR of 24 Y
Alphabetic data with maximum size
9 strSectorFrom of 24 Y
Alphabetic data with maximum size
10 strSectorTo of 24 Y

24
Copyright © ICICI Bank Limited. All rights reserved.
VBV Fields for a MOTO Merchant
Function Name - setMPIResponseDetails

Sr
No Field Details Valid values Mandatory
1 astrECI Numeric value Data of the size 2 Conditional
associated with characters. Mandatory
the VBV process (in case of VBV
provided by the status Y).
MPI In all other cases,
the values must be
sent if the MPI has
provided the same
2 astrXID This value is Data with maximum size Conditional
generated during of Mandatory
the VBV 28 characters (in case of VBV
validation status Y).
process In all other cases,
the values must be
sent if the MPI has
provided the same
3 astrVBVSta The result of the Data with size of 1 Y
tus VBV validations. character.

Single character status

indicated by either of
Y - Authentication
Successful
N - Authentication failed
U - Processing Failure
E - Not Enrolled
A – Attempts
4 astrCAVV This value is Data with maximum size Conditional
generated during of 28 characters Mandatory
the VBV (in case of VBV
validation status Y).
process if the In all other cases,
validation is the values must be
successful sent if the MPI has
provided the same

25
Copyright © ICICI Bank Limited. All rights reserved.
Sr
No Field Details Valid values Mandatory
5 The Payment Data with maximum size N
Gateway of
currently stores 256 characters
astrShoppi the value of the
ngContext Shopping
Context that is
passed to it. This
value is not
passed to the
Acquirer.
6 The Payment Data with maximum size N
Gateway of
astrPurchascurrently stores 20 characters.
eAmount the value of the
Purchase
Amount that is
passed to it. This
value is not
passed to the
Acquirer
7 astrCurrencThe Payment Data with a maximum N
yVal Gateway size of
currently stores 3 characters.
the value of the
Currency value
that is passed to
it. This value is
not passed to the
Acquirer

26
Copyright © ICICI Bank Limited. All rights reserved.
 VBV Fields for a SSL Merchant

Function Name – setMPIRequestDetails

Sr Field Details Valid values Man

No dator
y
1 astrPurchaseAmo Amount of the transaction Data with maximum size of 20 Y
unt characters. Unformatted purchase
amount. It should not contain any
special characters such as “$” etc.
Example 100.20,100
2 astrDisplayAmou Formatted purchase amount. Data with maximum size of 20 Y
nt characters. This field should
contain a currency symbol, with
an thousands separator (s),
decimal point and ISO minor units
defined for the currency specified
in the Purchase Currency field. Ex.
INR1,234.56
3 astrCurrencyVal This is the currency code used Data with size of 3 characters. Y
by the merchant Data with size of 3 characters. ISO
Numeric Currency Code. Example
356
4 astrExponent Denotes the number of digits Data with maximum size of 3 Y
after the decimal point in the characters.
amount If the amount is 100.20 then the
exponent is 2
5 astrOrderDesc Brief description of items pur­ Data with a maximum size of 125 Y
chased, determined by the characters
Merchant
6 astrRecurFreq This field is calculated based Data with maximum size of 3 Y
on installments and the Recur characters.
End and it denotes the Example: 12
frequency of payment
7 astrRecurEnd This field indicates the end Data with maximum size of 8 Y
date of recurring value. It characters.
should be less than the card Example: 20011212
expiry date. It is also an op­
tional field
8 astrInstallment Number of Installments Data with maximum size of 3 Y
characters.
Example: 12

27
Copyright © ICICI Bank Limited. All rights reserved.
Sr Field Details Valid values Man
No dator
y
9 astrDeviceCategory This attribute indicates Always use value 0 Y
mode of transaction. For an
internet based transaction
the value to be set is "0".
10 astrWhatIUse This field is used by the This field can be empty and is N
MPI to denote the browser used by the MPI to denote the
version. browser version.
11 astrAcceptHdr The Accept request-head­ Y
er field can be used to
specify certain media types This indicates the MIME type the
which are acceptable for client can accept.
the response. Accept head­
ers can be used to indicate Ex: image/gif, image/x-xbitmap,
that the request is specifi­ image/jpeg, image/pjpeg,
cally limited to a small set application/vnd.ms-powerpoint,
of desired types, as in the application/vnd.ms-excel,
case of a request for an in- application/msword, application/x-
line image. The server shockwave-flash, */*
property request.getHead­
er("Accept") can be used
for setting this value
12 astrAgentHdr The User-Agent-header This indicates the type and Y
contains information about version of browser used by the
the user agent (typically a cardholder
newsreader) generating theEx: Mozilla/4.0 (compatible; MSIE
article, for statistical 5.5; Windows NT 5.0)
purposes and tracing of
standards violations to
specific software needing
correction. Although not
one of the mandatory
headers, posting agents
SHOULD normally include
it. The server property
request.getHeader("User-
Agent") can be used for
setting this value.

28
Copyright © ICICI Bank Limited. All rights reserved.