This document provides guidelines to integrate with Hesabe Payment Gateway APIs.
\nHesabe Payment Gateway allows authorized Merchants to accept payment from their customers. It is a secured payment gateway which provides high level SSL encryption and promises a protected payment cycle with your application using secure Authentication and PCI DSS compliant encryption.
Hesabe provides a payment integration kit that allows merchants to instantly collect payments from their users using Knet and MPGS payment modes. The Hesabe payment integration supports a seamless payment experience on your platform, while protecting your application from payment frauds and complexity related to various regulations.
Hesabe provides two environments - test and production.
\nMerchants need an active Hesabe account to use the test environment and production environment. Merchants will have to log in to the Hesabe Merchant Panel and get the API credentials for using these environments.
\nAll transactions initiated by the merchant on our test environment are not processed. Test environment is strictly for testing the request and response functions. After successfully testing the integration, merchants can move to the production environment by changing the URL.
\nhttps://sandbox.hesabe.com/checkout\n\nhttps://api.hesabe.com/checkout\n\nSign Up with Hesabe and get a Merchant Account created and approved.
\nLogin to Merchant Panel using the credentials provided after Registration
Download Hesabe Payment Integration Kit (on PHP Platform, other platforms will be added soon).
\nCopy Encryption Key from Account section.
Access Code & IV Key will be shared by Hesabe.
Configure Hesabe security keys in your application.
\nCreate Payment form and deploy request / response handlers with the guidance of the integration kit.
\nCreate return pages for handling payment notification on success or cancel.
\nThe Hesabe payment gateway integration kit is a client library provided by Hesabe. This integration kit is available for PHP platform and will soon be available for other platforms such as Swift (iOS) and Java (Android), Python, and Asp.Net.
\nAfter Signing in with the approved Merchant account you can download the Integration Kit. From the Merchant Panel Dashboard, navigate through Resources > Download Integration Kit > Download PHP to get the integration kit for the PHP.
\nWhen you download the integration kit from the Hesabe merchant dashboard, it contains request response payment handler files. The integration kit also contains HesabeCrypto.php with the collection of functions to encrypt decrypt merchant data using AES-256-CBC.
\nFor implementing Hesabe payment gateway integration, the Merchant id, Access Code and the Encryption Keys (Secret Key + IV Key) are the prime information to be passed with the payment request. To get these, you need to have an activated Hesabe Merchant account.
\nAfter you login to Hesabe Merchant Panel using Merchant account credentials, you can see the dashboard with menu option “Account”.
\nUnder Security Keys, it will display the Merchant Id, Access Code and Secret Key. IV Key will be shared along with the credentials to access the Merchant Dashboard after account activation.
\nYou need to copy the keys and configure them in your environment to send a payment request.
\nPayment data containing the following fields in encrypted form need to be submitted during Checkout for initiating the payment request.
\namount
\nresponseUrl
\nfailureUrl
\nmerchantCode
\npaymentType
\nversion
\nvariable1 (Optional)
\nvariable2 (Optional)
\nvariable3 (Optional)
\nvariable4 (Optional)
\nvariable5 (Optional)
\nThe data is posted/passed to the HesabeRequestHandler that will concatenate and encrypt the data before invoking the Hesabe Payment API endpoint.
\nThe payment data posted/passed via the checkout form is handled by HesabeRequestHandler. The posted data are first validated and encrypted in this file. The Encryption key and IV (Initialization Vector) taken from Profile page of Hesabe Merchant dashboard are used as the encryption keys.
\nThe following sample PHP code snippets demonstrates how the process can be implemented in PHP Laravel.
\n$validator = $this->validate($request, [\n 'merchantCode' => 'required',\n 'access_code => 'required', // Only for Indirect Integration\n 'amount' => 'required|numeric|between:0.200,100000|regex:/^\\d+(\\.\\d{1,3})?$/',\n 'paymentType' => 'required|in:0,1,2',\n 'responseUrl' => 'required|url',\n 'failureUrl' => 'required|url',\n 'version' => 'required'\n ]);\n\n$ivKey = HSB_IV_KEY;\n$encryptionKey = HSB_ENCRYPTION_KEY;\n$accessCode = HSB_ACCESS_CODE;\n$checkoutApiUrl = HSB_CHECKOUT_API_URL;\n$paymentUrl = HSB_PAYMENT_URL;\n\nAfter Validation, the request data is JSON encoded which is the array of the request keys & values.
\n$requestDataJson = json_encode($request->input());\n\nThis JSON data is then encrypted using AES algorithm with HesabeCrypto library
\n$encryptedData = HesabeCrypto::encrypt($requestDataJson, $encryptionKey, $ivKey)\n\nThe accessCode is initialized in the Request header and the Request data is posted to the Hesabe Payment Gateway Checkout API endpoint.
\n// $baseUrl = http://api.hesbstck.com/api/\n// $checkoutApiUrl = {{$baseUrl}}/checkout\n$checkoutRequestData = new Request([\n 'data' => $encryptedData\n ]);\n$checkoutRequest = Request::create($checkoutApiUrl, 'POST', $checkoutRequestData->all());\n$checkoutRequest->headers->set('accessCode', $accessCode);\n\n$checkoutResponse = Route::dispatch($checkoutRequest);\n$checkoutResponseContent = $checkoutResponse->content();\n\n$decryptedResponse = HesabeCrypto::decrypt($checkoutResponseContent, $encryptionKey, $ivKey);\n$responseDataJson = json_decode($decryptedResponse);\n\n// $baseUrl = http://api.hesbstck.com/api/\n// $paymentUrl = {{baseUrl}}/payment\n$responseToken = $responseDataJson->response->data;\nreturn Redirect::to($paymentUrl . '?data='. $responseToken);\n\n// $baseUrl = http://api.hesbstck.com/api/\n// $checkoutApiUrl = {{$baseUrl}}/checkout/indirect\n\nIn this API, paymentType must be 0. The users will select the final payment method in the next step.
\nCustomers would be able to select their choice of Payment Method from the Hesabe Gateway Landing page which will load after the step Invoking Hesabe Payment URL. The Hesabe Payment Gateway Page would look similar to as shown below:
\nBased on the selection of Payment Method in this page, the Customer will be redirected to the respective Payment page and Payment Type will be updated in the Hesabe DB.
\nCode below shows the HesabeCrypt file in PHP.
\nnamespace App\\Libraries;\nuse Hashids\\Hashids;\nclass HesabeCrypt\n{\n // AES Encryption Method Starts\n public static function encrypt($str, $key, $ivKey)\n { \n $str = self::pkcs5_pad($str);\n $encrypted = openssl_encrypt($str, 'AES-256-CBC', $key, OPENSSL_ZERO_PADDING, $ivKey);\n $encrypted = base64_decode($encrypted);\n $encrypted = unpack('C*', ($encrypted));\n $encrypted = self::byteArray2Hex($encrypted);\n $encrypted = urlencode($encrypted);\n return $encrypted;\n }\n private static function pkcs5_pad($text)\n {\n $blocksize = 32;\n $pad = $blocksize - (strlen($text) % $blocksize);\n return $text.str_repeat(chr($pad), $pad);\n }\n private static function byteArray2Hex($byteArray)\n {\n $chars = array_map(\"chr\", $byteArray);\n $bin = join($chars);\n return bin2hex($bin);\n }\n // Decryption Method for AES Algorithm Starts\n public static function decrypt($code, $key, $ivKey)\n {\n if (!(ctype_xdigit($code) && strlen($code) % 2 == 0)) {\n return false;\n } \n $code = self::hex2ByteArray(trim($code));\n $code = self::byteArray2String($code);\n $iv = $key;\n $code = base64_encode($code);\n $decrypted = openssl_decrypt($code, 'AES-256-CBC', $key, OPENSSL_ZERO_PADDING, $ivKey);\n return self::pkcs5_unpad($decrypted);\n }\n private static function hex2ByteArray($hexString)\n {\n $string = hex2bin($hexString);\n return unpack('C*', $string);\n }\n private static function byteArray2String($byteArray)\n {\n $chars = array_map(\"chr\", $byteArray);\n return join($chars);\n }\n private static function pkcs5_unpad($text)\n {\n $pad = ord($text{strlen($text) - 1});\n if ($pad > strlen($text)) {\n return false;\n }\n if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) {\n return false;\n }\n return substr($text, 0, -1 * $pad);\n }\n }\n\nThe response returned from the Payment Gateway would be in a field called ‘data’. This would be encrypted using the same set of AES - IV & Secret Keys and hence would need to be decrypted using HesabeCrypto library’s decrypt function. The value after decryption would be like below:
\n{\n \"status\":true,\n \"code\":200,\n \"message\":\"Transaction Success\",\n \"response\":{\n \"data\":{\n \"resultCode\":\"CAPTURED\",\n \"amount\":10,\n \"paymentToken\":\"1569830677725743478\",\n \"paymentId\":\"100201927384634224\",\n \"paidOn\":\"2019-09-30 11:05:16\",\n \"variable1\":null,\n \"variable2\":null,\n \"variable3\":null,\n \"variable4\":null,\n \"variable5\":null,\n \"method\":1,\n \"administrativeCharge\":\"5\"\n }\n }\n}\n\nBased on the status (success or failure), appropriate messages can be shown by the client on the confirmation page.
\nAfter testing the Hesabe payment gateway integration in the test environment, you can go live by moving it to the production.
\nTo go live and use the Hesabe secure production environment, the https://sandbox.hesabe.com/checkout target should be replaced with https://api.hesabe.com/checkout.
Captured (Approved)
Card Number: 8888880000000001
Expiry: 09/2021
Pin: Any Pin
Not Captured (Declined)
Card Number: 8888880000000001
Expiry: Any Expiry
Pin: Any Pin
Cards
\n5123450000000008
\n2223000000000007
Expiry Dates
05 / 21 APPROVED
\n05 / 22 DECLINED
\n04 / 27 EXPIRED_CARD
\n08 / 28 TIMED_OUT
\n01 / 37 ACQUIRER_SYSTEM_ERROR
\n02 / 37 UNSPECIFIED_FAILURE
\n05 / 37 UNKNOWN
CVV
100 MATCH
\n101 NOT_PROCESSED
\n102 NO_MATCH
\nFor any assistance in integrating Hesabe payment gateway kindly contact:
Hesabe Technical Support
Email : support@hesabe.com
Access Code shared by Hesabe
\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"formdata","formdata":[{"key":"data","value":"6060cf6dce78b3c364773e386b1de99818a545986bba2fc861210249556b71c5ef9751665daf39e3f0fb2584fd6b7718c9944d43f7de8c7fb0d8fbd5a89166739b2e99ad904948017d64a3bfa80bf54bc45a8b54466737276d419966d24f45a937af57bfb518dcab92e8e3db300c07e0fe6850f92c6ef0d830273276955f8a6eecd2be85c9ce6f0c0027d0f5626f82f46d7bf8531da15773b46b11ef85fd06f146fa28985411ef56be654d3315bba23ecb77039584ecfbbad141490e107a3fc688998d5dd241ce6660aff3f045e82fbf1b53c9f040df24ff40c14898d22e63d5fcbdf99bfbbb930d5fe41f765a9f905c8bcfc4628005afe344a3e9d8d81002f3f17ba26a12c8a27d635cbac06e9b6f28524385ca7d82820f25073a53e8033ed9","description":"Encrypted data generated by encrypt() method in HesabeCrypt Library
You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
Request Parameter:
data: A single string parameter containing encrypted JSON payload
| **Field Name** | **Required** | **Example Value** | **Description / Notes** |\n| ---------------------- | -------------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| `merchantCode` | Yes | `MERCHANT123` | Unique identifier assigned to the merchant |\n| `amount` | Yes | `1.000` | For subscription payments, the amount must be `0.000` |\n| `responseUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after successful transaction |\n| `failureUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after failed transaction |\n| `orderReferenceNumber` | Optional | `ORD-20250619001` | Unique order or reference number from the merchant system |\n| `description` | Optional | `Monthly subscription for premium plan` | Description of the transaction |\n| `variable1` | Optional | `User123` | Custom variable 1 (can hold user ID or session token) |\n| `variable2` | Optional | empty | Custom variable 2 |\n| `variable3` | Optional | empty | Custom variable 3 |\n| `variable4` | Optional | empty | Custom variable 4 |\n| `variable5` | Optional | empty | Custom variable 5 |\n| `version` | Yes | `2.0` | API version number |\n| `paymentType` | Yes | `15` | Type of payment — `15` indicates **subscription** |\n| `subscription` | Yes | `1` | Marks it as a subscription request |\n| `name` | Optional | `Full Name` | Customer’s full name |\n| `mobile_number` | Optional | `` | Customer’s mobile number |\n| `email` | Optional | `email` | Customer’s email address |\n| `numberOfInstallments` | Yes (if recurring) | `3` | Total number of recurring payments |\n| `recurringFrequency` | Yes (if recurring) | `1` | Recurring frequency: `0 = daily`, `1 = monthly` |\n| `recurringStartDate` | Yes (if recurring) | `2025-06-15` | Start date of recurring billing (format: `YYYY-MM-DD`) |\n| `recurringAmount` | Yes (if recurring) | `10.000` | Amount to charge for each recurring payment |\n| `webhookUrl` | Optional | `https://yourdomain.com/webhook` | Optional backend callback URL |\n| `serviceTypeId` | Optional | `2` | Used to determine validation for other fields like email |\n| `cardId` | Optional | | For using a previously saved card |\n| `saveCard` | Optional | `1` | Set to `1` to save card info (Authorization transaction) |\n| `authorize` | Optional | `0` | Authorization transaction |\n\nAccess Code shared by Hesabe
\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"formdata","formdata":[{"key":"data","value":"6060cf6dce78b3c364773e386b1de99818a545986bba2fc861210249556b71c5a6edde6c36ad8e353cdc4eb1e91b183358ccf9fc766494798fa57a30dd775cc4b8f5698083b454af46585fc0efd14d4a0f14eeb57413e0fbbba4c41ce0da4988","description":"Encrypted data generated by encrypt() method in HesabeCrypt Library
You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
Request Parameter:
data: A single string parameter containing encrypted JSON payload
| **Field Name** | **Required** | **Example Value** | **Description / Notes** |\n| ---------------------- | -------------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| `merchantCode` | Yes | `MERCHANT123` | Unique identifier assigned to the merchant |\n| `amount` | Yes | `1.000` | For subscription payments, the amount must be `0.000` |\n| `responseUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after successful transaction |\n| `failureUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after failed transaction |\n| `orderReferenceNumber` | Optional | `ORD-20250619001` | Unique order or reference number from the merchant system |\n| `description` | Optional | `Monthly subscription for premium plan` | Description of the transaction |\n| `variable1` | Optional | `User123` | Custom variable 1 (can hold user ID or session token) |\n| `variable2` | Optional | empty | Custom variable 2 |\n| `variable3` | Optional | empty | Custom variable 3 |\n| `variable4` | Optional | empty | Custom variable 4 |\n| `variable5` | Optional | empty | Custom variable 5 |\n| `version` | Yes | `2.0` | API version number |\n| `paymentType` | Yes | `15` | Type of payment — `15` indicates **subscription** |\n| `subscription` | Yes | `1` | Marks it as a subscription request |\n| `name` | Optional | `Full Name` | Customer’s full name |\n| `mobile_number` | Optional | `` | Customer’s mobile number |\n| `email` | Optional | `email` | Customer’s email address |\n| `numberOfInstallments` | Yes (if recurring) | `3` | Total number of recurring payments |\n| `recurringFrequency` | Yes (if recurring) | `1` | Recurring frequency: `0 = daily`, `1 = monthly` |\n| `recurringStartDate` | Yes (if recurring) | `2025-06-15` | Start date of recurring billing (format: `YYYY-MM-DD`) |\n| `recurringAmount` | Yes (if recurring) | `10.000` | Amount to charge for each recurring payment |\n| `webhookUrl` | Optional | `https://yourdomain.com/webhook` | Optional backend callback URL |\n| `serviceTypeId` | Optional | `2` | Used to determine validation for other fields like email |\n| `cardId` | Optional | | For using a previously saved card |\n| `saveCard` | Optional | `1` | Set to `1` to save card info (Authorization transaction) |\n| `authorize` | Optional | `0` | Authorization transaction |\n\nAccess Code shared by Hesabe
\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"formdata","formdata":[{"key":"data","value":"","description":"Encrypted data generated by encrypt() method in HesabeCrypt Library
You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
Request Parameter:
data: A single string parameter containing encrypted JSON payload
| **Field Name** | **Required** | **Example Value** | **Description / Notes** |\n| ---------------------- | -------------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| `merchantCode` | Yes | `MERCHANT123` | Unique identifier assigned to the merchant |\n| `amount` | Yes | `1.000` | For subscription payments, the amount must be `0.000` |\n| `responseUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after successful transaction |\n| `failureUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after failed transaction |\n| `orderReferenceNumber` | Optional | `ORD-20250619001` | Unique order or reference number from the merchant system |\n| `description` | Optional | `Monthly subscription for premium plan` | Description of the transaction |\n| `variable1` | Optional | `User123` | Custom variable 1 (can hold user ID or session token) |\n| `variable2` | Optional | empty | Custom variable 2 |\n| `variable3` | Optional | empty | Custom variable 3 |\n| `variable4` | Optional | empty | Custom variable 4 |\n| `variable5` | Optional | empty | Custom variable 5 |\n| `version` | Yes | `2.0` | API version number |\n| `paymentType` | Yes | `15` | Type of payment — `15` indicates **subscription** |\n| `subscription` | Yes | `1` | Marks it as a subscription request |\n| `name` | Optional | `Full Name` | Customer’s full name |\n| `mobile_number` | Optional | `` | Customer’s mobile number |\n| `email` | Optional | `email` | Customer’s email address |\n| `numberOfInstallments` | Yes (if recurring) | `3` | Total number of recurring payments |\n| `recurringFrequency` | Yes (if recurring) | `1` | Recurring frequency: `0 = daily`, `1 = monthly` |\n| `recurringStartDate` | Yes (if recurring) | `2025-06-15` | Start date of recurring billing (format: `YYYY-MM-DD`) |\n| `recurringAmount` | Yes (if recurring) | `10.000` | Amount to charge for each recurring payment |\n| `webhookUrl` | Optional | `https://yourdomain.com/webhook` | Optional backend callback URL |\n| `serviceTypeId` | Optional | `2` | Used to determine validation for other fields like email |\n| `cardId` | Optional | | For using a previously saved card |\n| `saveCard` | Optional | `1` | Set to `1` to save card info (Authorization transaction) |\n| `authorize` | Optional | `0` | Authorization transaction |\n\nAccess Code shared by Hesabe
\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"formdata","formdata":[{"key":"data","value":"6060cf6dce78b3c364773e386b1de99818a545986bba2fc861210249556b71c5ef9751665daf39e3f0fb2584fd6b7718c9944d43f7de8c7fb0d8fbd5a89166739b2e99ad904948017d64a3bfa80bf54bc45a8b54466737276d419966d24f45a937af57bfb518dcab92e8e3db300c07e0fe6850f92c6ef0d830273276955f8a6eecd2be85c9ce6f0c0027d0f5626f82f46d7bf8531da15773b46b11ef85fd06f146fa28985411ef56be654d3315bba23ecb77039584ecfbbad141490e107a3fc6a817d8d98615870fc8018ae449517a6b54bbd04b8d970c0cb6d240fd1f43f58438177fa0a363c3638d3f0ea116dcdffff01147349d001fbae5e986c823b9f7c6cc6538118a1a5456d2e41d24264ada73553fb01131fa531d9cfa43cf06b51ded","description":"Encrypted data generated by encrypt() method in HesabeCrypt Library
You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
Request Parameter:
data: A single string parameter containing encrypted JSON payload
| **Field Name** | **Required** | **Example Value** | **Description / Notes** |\n| ---------------------- | -------------------- | --------------------------------------------------------- | --------------------------------------------------------- |\n| `merchantCode` | Yes | `MERCHANT123` | Unique identifier assigned to the merchant |\n| `amount` | Yes | `1.000` | For subscription payments, the amount must be `0.000` |\n| `responseUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after successful transaction |\n| `failureUrl` | Yes | `https://yourdomain.com/customer-response` | URL to redirect user after failed transaction |\n| `orderReferenceNumber` | Optional | `ORD-20250619001` | Unique order or reference number from the merchant system |\n| `description` | Optional | `Monthly subscription for premium plan` | Description of the transaction |\n| `variable1` | Optional | `User123` | Custom variable 1 (can hold user ID or session token) |\n| `variable2` | Optional | empty | Custom variable 2 |\n| `variable3` | Optional | empty | Custom variable 3 |\n| `variable4` | Optional | empty | Custom variable 4 |\n| `variable5` | Optional | empty | Custom variable 5 |\n| `version` | Yes | `2.0` | API version number |\n| `paymentType` | Yes | `15` | Type of payment — `15` indicates **subscription** |\n| `subscription` | Yes | `1` | Marks it as a subscription request |\n| `name` | Optional | `Full Name` | Customer’s full name |\n| `mobile_number` | Optional | `` | Customer’s mobile number |\n| `email` | Optional | `email` | Customer’s email address |\n| `numberOfInstallments` | Yes (if recurring) | `3` | Total number of recurring payments |\n| `recurringFrequency` | Yes (if recurring) | `1` | Recurring frequency: `0 = daily`, `1 = monthly` |\n| `recurringStartDate` | Yes (if recurring) | `2025-06-15` | Start date of recurring billing (format: `YYYY-MM-DD`) |\n| `recurringAmount` | Yes (if recurring) | `10.000` | Amount to charge for each recurring payment |\n| `webhookUrl` | Optional | `https://yourdomain.com/webhook` | Optional backend callback URL |\n| `serviceTypeId` | Optional | `2` | Used to determine validation for other fields like email |\n| `cardId` | Optional | | For using a previously saved card |\n| `saveCard` | Optional | `1` | Set to `1` to save card info (Authorization transaction) |\n| `authorize` | Optional | `0` | Authorization transaction |\n\nAccess Code shared by Hesabe
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"formdata","formdata":[{"key":"data","value":"301b3e7b23e86ad93110bb0eb13da4db8fa8b8bbbae41c71dced0e97e3089f1c17a415c4775271114b83b1f831c5027f30d95f1b561551a21b88332795aa33ed17a680a2b971b4b66027963cfdb28e199173372ff973a1d39447eeb6b973acab","description":"Encrypted data generated by encrypt() method in HesabeCrypt Library
You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
Access Code shared by Hesabe
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"formdata","formdata":[{"key":"data","value":"074c9fc50b873834959c163c16eb50830d8a83bc6edfbdd53cfc622ac23434bb874ab5c00c71a84298d17bc8c9f3982f2679eaf6ec2d4fa02fe8a29f01e074ac34a0d9d88862bea5b10bd688dba80b8ea281cc712bcddab3492791aec51bb595490969e4bfa55c7d7f4674c844a179d871c9a21bebbc83679bdf0a0c995482541bda9d98af88f6f6d5b7d3c39484a9f5cde8860675766ab71f452a38b721bcfd728c89ba04251a120cb6e00c9b615dc7a6bd23308b8b81c12326749c8f9014c59c162bc27a3d729bd6715e17e2dfc8d4e130ec4b869cc3fc0b67b635c17d464e87cf5c5d810c7a9fd58008f663f1a554b0f58f945db5ca070a5cefcc3d88ad69752d9c79aa79488d2997f690a8579dd4821bd4aa06de7a4ed4e7d773dd2db02c28eba066b91f3696ce36a047ba5bedef59eedfad8c48bc9d54dc9e09ed8489cd43c55643c8487ba69e11fe1a2b52441065518a261fb40ed6a2b1a512959d68de","description":"Encrypted data generated by encrypt() method in HesabeCrypt Library
You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
Access Code shared by Hesabe
\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"data\":\"301b3e7b23e86ad93110bb0eb13da4dbee1f5d0ac9e7f6d3db0873ab2dc8e26c89ebf507687121a68687db27a75fa0f1c44944d50e924666fb168da4c715d4f8b0d12dbc6233d487325d6410e255fc58ba024eca77edeccfcda521bc9ba708ee0ecf7dfcec8b74f986c94ef6ac93fa80b0620485be830d1eaf63419f08bd98d6\"\r\n}"},"url":"http://127.0.0.1:8000/api/v2/api/v2/customer-cards","description":"You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
\"merchantCode\":{{merchant-code}},\n\"payment_type_id\":5,\n\"email\":\"{{email}}\",\n\"mobile_number\":\"{{mobileNumber}}\",\n\nAccess Code shared by Hesabe
\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"data\":\"0e7898bd7464d0c402fe8a949d9cbf9b826ccb9b83b56fa003373275f1947a65\"\r\n}"},"url":"http://127.0.0.1:8000/api/v2/api/v2/customer-cards/E18bkLlP","description":"You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.
Access Code shared by Hesabe
\n","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"data\":\"0e7898bd7464d0c402fe8a949d9cbf9b84c9ca6239b5e015bd42c0d4b30b12ee28d9e7ba6faff06c058c93a7c61ddc9ed0e960f838a43baa337d75a2f5c68497c650aa2560c237a905017aa77108969ebd31d7a0a59e1550354b220eae5d1f716c8be91bc5f66b6e683bcc970201e859bdb74b8ce05a33e82adca5176b2ebf81\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:8000/api/v2/api/subscription/capture","description":"You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
The following parameters should be encrypted in the data:
\n**Request Parameter:**data: A single string parameter containing encrypted JSON payload
\nOriginal JSON Payload (Before Encryption)
\n{\n \"merchantCode\": \"842217\",\n \"amount\": \"5\",\n \"paymentToken\": \"84221717473012429468675859195\",\n \"orderReferenceNumber\": \"1\"\n}\n\nThe following APIs need to be executed as part of the normal process, similar to the steps in payment integration:
\nCheckout
\nPayment
\nBoth steps must be completed successfully. The Payment API will generate a token, which will then be used in this API to capture the subscription amount.
\nPlease ensure that these APIs are followed in sequence as part of the regular workflow.
\n","urlObject":{"path":["subscription","capture"],"host":["http://127.0.0.1:8000/api/v2/api"],"query":[],"variable":[]}},"response":[{"id":"5ad02969-803b-4c23-bac8-03da92a56347","name":"Subscription capture","originalRequest":{"method":"POST","header":[{"key":"accessCode","value":"{{access-code}}","description":"Access Code shared by Hesabe","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"data\":\"0e7898bd7464d0c402fe8a949d9cbf9b84c9ca6239b5e015bd42c0d4b30b12ee28d9e7ba6faff06c058c93a7c61ddc9ed0e960f838a43baa337d75a2f5c68497c650aa2560c237a905017aa77108969ebd31d7a0a59e1550354b220eae5d1f716c8be91bc5f66b6e683bcc970201e859bdb74b8ce05a33e82adca5176b2ebf81\"\r\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:8000/api/v2/api/subscription/capture"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Date","value":"Thu, 27 Mar 2025 13:25:53 GMT"},{"key":"Server","value":"Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12"},{"key":"X-Powered-By","value":"PHP/8.2.12"},{"key":"Cache-Control","value":"no-cache, private"},{"key":"X-RateLimit-Limit","value":"60"},{"key":"X-RateLimit-Remaining","value":"59"},{"key":"Keep-Alive","value":"timeout=5, max=100"},{"key":"Connection","value":"Keep-Alive"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"60a8f6241932227b840a9f5e36987f4d3a221314a76051e2898ad661b4a6cff85726c568e53fbc426534d0c732cf0706e85b7eebc302fa90c2e5642110d1482595aa913c6b0e920da6d9af3c521de9652c173e9c88f72f60db3cb1f844ab7b826603bb6579e6bedcb68764806fa45611ae414db56526331b734aeb76ffa4c9cf935d493fe15064c760edfe81233e8792dc8e817afe8443b670416a765867661f191c5da420629e87c972f2caf4ea996e5eb1488a4ffda891d874433c98066f6623c588ba02f4f390990eb76e82bd019b8050680035a1e78dbef21743342d20bea4eda7a618eadb6f21ec2f75fe359ce6a605527390bb5ef043456358fe38473896afcd977cf44f5d5c5a453d9ec3634ab364ac232cdf0306c07eb5c14d7553724315fbdc1a4733fff7175def5ccac6183d51b37105bd06feebbbacf4c44bb8a1fabd396f9d838d1752a76d0162416e75ad066873639deb30f097a6770e959c11331a7288e228f2f2527ab76c278f1c3c9cfb3ca750bf732e4e0c4802357f588901ed6d491f0a5c02108119aa5fe58b9caa888feae20638f190a4f2e6045c35ac94ead4a35698434475b39741fa5ceb568bce16ceedd0c9e22d63772c042f7bd7765c55690e4dda42684d1a478f3127a123e9013d35fa9c2822005aece8e8d6e79d50ed337e9d95c2fb0923a40ff6d847fcac0bdb34d83f6944da283af55f98aa73f204aa864bfb3c3b951a07696d15ed59ce4c05436199bc38f19a7b612d0534ccfcef7314a768240117a121e84e0f909df67b520cb83bcbc277e6d85f2c479c1b2413383d86903f63d9cdcceafb7fe279e2b1b4c95174b2bbd3872d76818cda215844d459bc712c9808fea4e4a8a3033972f26e99dd7ff7a53d14ed44224aeb9a71a274d51ee6fffb00539d4f04dc6ad56f43186090fca0846835463bc645ba"}],"_postman_id":"705f80d5-19cf-4e22-9755-fc4b5d7618c4"},{"name":"Subscription Cancel","id":"232b4c44-887c-4072-bbe5-a6f0622f8a7d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"auth":{"type":"noauth","isInherited":false},"method":"DELETE","header":[{"key":"accessCode","value":"{{access-code}}","description":"Access Code shared by Hesabe
\n","type":"text"},{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"formdata","formdata":[{"key":"data","value":"0e7898bd7464d0c402fe8a949d9cbf9b84c9ca6239b5e015bd42c0d4b30b12eecf89d9cecc66986c52d5145595cc68cf9873789d944a3ce7d3ea73ddb48045940ae99d02f0b0b414626da214d7d96460df35544be448594177a228f2a9290e020b37f84c93ee09e5ccccc25263b2f5891db8a215836af865a1a3657d9ba6583b0149d604415219656c3b4198a835af36bbf29903170f3e1e7895ee571eb4c40cc18f54df32deee38abb00d9cbd448639c12be5981f639433763aceb1178416727d8f9fbf15ebbf6e419effd6b6420c03b2fa423638a969038a7d7378223215e1628674aaf0bf6f5f855fad9188f109157ed2ea3601c094400caf30b7d3fcf65075a726bceca536013e799a305c54b8cce40282ddb0cde35ee14310eb5f2e8a84af1e45b0d44caabbcaf8cc8ee74de9af4d094828fd52b9559a1ac74b363b123f0da21e063d8007c5dcede9bbc4fe223965e9387572d635f1125144bfdf53f0e2","description":"Encrypted data generated by encrypt() method in HesabeCrypt Library
You need to send the encrypted data which is generated by encrypt() method in HesabeCrypt class.
You need to pass the encoded array of params, encryption ket and iv key in encrypt(params, encryption_key, iv_key) to generate the data and pass into this API.