Volver al navegador

Valores enviados por el navegador

Una vez realizado el pago, el navegador envía los siguientes valores al servidor del comprador en modo POST:

Parámetro Valor
kr-hash c3c0323c748fdb7c2d24bd39ada99663526236828efa795193bebfdea022fe58
kr-hash-algorithm sha256_hmac
kr-hash-key sha256_hmac
kr-answer-type V4/Payment
kr-answer {“shopId”:”33148340”,”orderCycle”:”CLOSED”,”orderStatus”:”PAID”, (…)

Estos 4 parámetros corresponden a:

Parámetro Descripción
kr-hash Hash del objeto JSON almacenado en kr-answer. Permite verificar la autenticidad de la respuesta.
kr-hash-algorithm Algoritmo empleado para calcular el hash. Su valor es sha256_hmac.
kr-answer-type Tipo del objeto JSON contenido en kr-answer.
kr-hash-key Tipo de clave empleado para firmar kr-answer. Puede valer sha256_hmac (retorno al navegador) o password (caso IPN).
kr-answer Objeto que contiene el resultado del pago, codificado en JSON.

El parámetro kr-answer contiene la información sobre el estado de la sesión de pago:

{
    "shopId": "69876357",
    "orderCycle": "CLOSED",
    "orderStatus": "PAID",
    "serverDate": "2018-09-27T14:02:17+00:00",
    "orderDetails": {
        "orderTotalAmount": 990,
        "orderCurrency": "EUR",
        "mode": "TEST",
        "orderId": null,
        "_type": "V4/OrderDetails"
    },
    "customer": {
        "billingDetails": {
            "address": null,
            "category": null,
            "cellPhoneNumber": null,
            "city": null,
            "country": null,
            "district": null,
            "firstName": null,
            "identityCode": null,
            "language": "EN",
            "lastName": null,
            "phoneNumber": null,
            "state": null,
            "streetNumber": null,
            "title": null,
            "zipCode": null,
            "_type": "V4/Customer/BillingDetails"
        },
        "email": "sample@example.com",
        "reference": null,
        "shippingDetails": {
            "address": null,
            "address2": null,
            "category": null,
            "city": null,
            "country": null,
            "deliveryCompanyName": null,
            "district": null,
            "firstName": null,
            "identityCode": null,
            "lastName": null,
            "legalName": null,
            "phoneNumber": null,
            "shippingMethod": null,
            "shippingSpeed": null,
            "state": null,
            "streetNumber": null,
            "zipCode": null,
            "_type": "V4/Customer/ShippingDetails"
        },
        "extraDetails": {
            "browserAccept": null,
            "fingerPrintId": null,
            "ipAddress": "90.71.64.161",
            "browserUserAgent": "Mozilla/5.0",
            "_type": "V4/Customer/ExtraDetails"
        },
        "shoppingCart": {
            "insuranceAmount": null,
            "shippingAmount": null,
            "taxAmount": null,
            "cartItemInfo": null,
            "_type": "V4/Customer/ShoppingCart"
        },
        "_type": "V4/Customer/Customer"
    },
    "transactions": [{
        "shopId": "69876357",
        "uuid": "5b158f084502428499b2d34ad074df05",
        "amount": 990,
        "currency": "EUR",
        "paymentMethodType": "CARD",
        "paymentMethodToken": null,
        "status": "PAID",
        "detailedStatus": "AUTHORISED",
        "operationType": "DEBIT",
        "effectiveStrongAuthentication": "DISABLED",
        "creationDate": "2018-09-27T14:02:16+00:00",
        "errorCode": null,
        "errorMessage": null,
        "detailedErrorCode": null,
        "detailedErrorMessage": null,
        "metadata": null,
        "transactionDetails": {
            "liabilityShift": "NO",
            "effectiveAmount": 990,
            "effectiveCurrency": "EUR",
            "creationContext": "CHARGE",
            "cardDetails": {
                "paymentSource": "EC",
                "manualValidation": "NO",
                "expectedCaptureDate": "2018-09-27T14:02:16+00:00",
                "effectiveBrand": "CB",
                "pan": "497010XXXXXX0055",
                "expiryMonth": 11,
                "expiryYear": 2021,
                "country": "FR",
                "emisorCode": null,
                "effectiveProductCode": "F",
                "legacyTransId": "927516",
                "legacyTransDate": "2018-09-27T14:02:05+00:00",
                "paymentMethodSource": "NEW",
                "authorizationResponse": {
                    "amount": 990,
                    "currency": "EUR",
                    "authorizationDate": "2018-09-27T14:02:16+00:00",
                    "authorizationNumber": "3fe7a1",
                    "authorizationResult": "0",
                    "authorizationMode": "FULL",
                    "_type": "V4/PaymentMethod/Details/Cards/CardAuthorizationResponse"
                },
                "captureResponse": {
                    "refundAmount": null,
                    "captureDate": null,
                    "captureFileNumber": null,
                    "refundCurrency": null,
                    "_type": "V4/PaymentMethod/Details/Cards/CardCaptureResponse"
                },
                "threeDSResponse": {
                    "authenticationResultData": {
                        "transactionCondition": "COND_3D_ERROR",
                        "enrolled": "UNKNOWN",
                        "status": "UNKNOWN",
                        "eci": null,
                        "xid": null,
                        "cavvAlgorithm": null,
                        "cavv": null,
                        "signValid": null,
                        "brand": "VISA",
                        "_type": "V4/PaymentMethod/Details/Cards/CardAuthenticationResponse"
                    },
                    "_type": "V4/PaymentMethod/Details/Cards/ThreeDSResponse"
                },
                "installmentNumber": null,
                "markAuthorizationResponse": {
                    "amount": null,
                    "currency": null,
                    "authorizationDate": null,
                    "authorizationNumber": null,
                    "authorizationResult": null,
                    "_type": "V4/PaymentMethod/Details/Cards/MarkAuthorizationResponse"
                },
                "_type": "V4/PaymentMethod/Details/CardDetails"
            },
            "parentTransactionUuid": null,
            "mid": "6969696",
            "sequenceNumber": 1,
            "_type": "V4/TransactionDetails"
        },
        "_type": "V4/PaymentTransaction"
    }],
    "_type": "V4/Payment"
}

Los SDK puestos a disposición le permiten extraer fácilmente los datos POST:

/* Use client SDK helper to retrieve POST parameters */
$formAnswer = $client->getParsedFormAnswer();

Verificar la firma del navegador (hash)

Para detectar posibles fraudes, deberá verificar la autenticidad del campo kr-answer.

El campo kr-hash contiene el hash de kr-answer generado con la clave HMAC SHA256.

Para verificar la validez de la firma con nuestros SDK:

>
if (!$client->checkHash()) {
    //something wrong, probably a fraud ....
    signature_error($formAnswer['kr-answer']['transactions'][0]['uuid'], $hashKey, 
                    $client->getLastCalculatedHash(), $_POST['kr-hash']);
    throw new Exception("invalid signature");
}

Ejemplo de implementación de la verificación del hash en PHP:

    /**
     * check kr-answer object signature
     */
    public function checkHash($key=NULL)
    {
        $supportedHashAlgorithm = array('sha256_hmac');

        /* check if the hash algorithm is supported */
        if (!in_array($_POST['kr-hash-algorithm'],  $supportedHashAlgorithm)) {
            throw new LyraException("hash algorithm not supported:" . $_POST['kr-hash-algorithm'] .". Update your SDK");
        }

        /* on some servers, / can be escaped */
        $krAnswer = str_replace('\/', '/', $_POST['kr-answer']);

        /* if key is not defined, we use kr-hash-key POST parameter to choose it */
        if (is_null($key)) {
            if ($_POST['kr-hash-key'] == "sha256_hmac") {
                $key = $this->_hashKey;
            } elseif ($_POST['kr-hash-key'] == "password") {
                $key = $this->_password;
            } else {
                throw new LyraException("invalid kr-hash-key POST parameter");
            }
        }
    
        $calculatedHash = hash_hmac('sha256', $krAnswer, $key);
        $this->_lastCalculatedHash = $calculatedHash;

        /* return true if calculated hash and sent hash are the same */
        return ($calculatedHash == $_POST['kr-hash']);
    }
}

Consulte la siguiente página para encontrar su $hash_key: Prerrequisitos (Claves)

Verificar la transacción

Solo revisa el parámetro orderStatus contenido en kr-answer. Si el valor del campo es PAID, la transacción ha sido pagada. Consulte referencias de estado para más detalles.

Gestionar los casos límite.

En el caso de una interrupción de la red o si el comprador cierra su navegador, es posible que nunca reciba la configuración del formulario.

El uso del IPN le garantiza recibir datos en todos los casos.

Los datos del IPN son más seguros que los que han pasado por el navegador del comprador. Se envían directamente a sus servidores. Por consiguiente, no se pueden ser alterarados por un plugin corrupto o un spyware instalado en el navegador del comprador.

Para comprender cómo implementar las IPN, consulte: Uso de la IPN