Build a
XML
string, cypher it with the SDK appropriate to your technology,
submit it to the Link Generation service, decrypt the answer with
the same SDK and get a link .
XML
string
Here is the description of the chain you must build. You can copy and edit the example.
Parent element within the
XML
string scheme
Contains the parameters to identify the merchant in Centro de Pagos, which make the request
It contains the parameters with the instructions of the
Merchant for register an intention to collect and link them to
a payment link.
Specifies the channel that sends a request for a link. It is mandatory to put the IntegraWPP value.
If this element is present, the children elements will be
included
data
in the payment form and will be returned in the response of
the result of a charge. If the "display" attribute is
specified with the boolean
true
, these will be shown in the payment form.
<data id="1" display="true"> <label>Size</label> <value>Large</value> </data>
Group a pair of elements of type label and value, you must specify the attribute "id" to differentiate them. Maximum 6 data of the label-value type.
In order to familiarise you with the chain suitable for your needs, choose one of our examples.
<?xml version="1.0" encoding="UTF-8"?>
<P>
<business>
<id_company>SNBX</id_company>
<id_branch>01SNBXBRNCH</id_branch>
<user>SNBXUSR01</user>
<pwd>SECRETO</pwd>
</business>
<url>
<reference>INVOICE999</reference>
<amount>2500.00</amount>
<moneda>MXN</moneda>
<canal>W</canal>
<omitir_notif_default>1</omitir_notif_default>
<promociones>C,3,6,9</promociones>
<st_correo>1</st_correo>
<fh_vigencia>27/06/2022</fh_vigencia>
<mail_cliente>nospam@gmail.com</mail_cliente>
<datos_adicionales>
<data id="1" display="true">
<label>Size</label>
<value>Large</value>
</data>
<data id="2" display="false">
<label>Color</label>
<value>Blue</value>
</data>
</datos_adicionales>
</url>
</P>
You will find the XSD and code examples to validate it
with your server in GitHub
Once you have built the chain in clear, you can cypher it in AES-128, with the appropriate SDK to your server, which you can obtain in GitHUB.
The developer will receive the productive credentials of the merchant administrator.
String key = "5DCC67393750523CD165F17E1EFADD21";
String originalString = "[USAR LA CADENA DEL EJEMPLO UNO]";
String encrypted = encrypt(key, originalString);
System.out.println(encrypted);
function aesFunction() {
var originalString = '[USAR LA CADENA DEL EJEMPLO UNO]';
var key = '5DCC67393750523CD165F17E1EFADD21';
var ciphertext = CryptoJS.AES.encrypt(originalString, key ).toString();
console.log("ciphertext: " + ciphertext);
}
<?php
$originalString = '[USAR LA CADENA DEL EJEMPLO UNO]';
$key = '5dcc67393750523cd165f17e1efadd21';
$encrypted = AesCipher::encrypt($key,$originalString);
var_dump($encrypted);
?>
<?php
$originalString = '[USAR LA CADENA DEL EJEMPLO UNO]';
$key = '5dcc67393750523cd165f17e1efadd21';
$encrypted = AesCipher::encrypt($key,$originalString);
var_dump($encrypted);
?>
Imports AESCrypto.vb
Dim originalString As String = "[USAR LA CADENA DEL EJEMPLO UNO]"
Dim key As String = "5DCC67393750523CD165F17E1EFADD21"
Dim encryptedString As String = AESCrypto.Encrypt(originalString, key)
Dim finalString As String = encryptedString.Replace("%", "%25").Replace(" ", "%20").Replace("+", "%2B").Replace("=", "%3D").Replace("/", "%2F")
using AESCrypto.cs
string originalString ="[USAR LA CADENA DEL EJEMPLO UNO]";
string key = "5DCC67393750523CD165F17E1EFADD21";
string encryptedString =
AESCrypto.encrypt(originalString, key);
string finalString = encryptedString.Replace("%", "%25").Replace(" ", "%20").Replace("+", "%2B").Replace("=", "%3D").Replace("/", "%2F");
originalString = "[USAR LA CADENA DEL EJEMPLO UNO]"
key = "5dcc67393750523cd165f17e1efadd21"
ciphertext = AESCipher(key).encrypt(originalString)
print(ciphertext)
originalString = "[USAR LA CADENA DEL EJEMPLO UNO]"
key = "5dcc67393750523cd165f17e1efadd21"
ciphertext = AESCipher(key).encrypt(originalString)
print(ciphertext)
To guarantee the security in the transmission of information, Centro de Pagos has HTTPS servers which use the Transport Layer Security TLS protocol v1.2 as a secure transport protocol to carry out transactions. For its part, the merchant must also have TLS v1.2 servers, to ensure the secure exchange of information when making transactions.
https://wppsandbox.mit.com.mx/gen
This Sandbox endpoint receives the request with instructions from the merchant to record an intention to collect. In response to the request to the Link Generation Service, you will get an encrypted response string.
The implementation is based on sending to the service by POST a string in the xml parameter with the following structure:
xml= <pgs> <data0>Fixed string assigned to merchant</data0> <data>Encrypted string in AES-128</data> </pgs>
The developer will receive the productive credentials of the merchant administrator.
try {
SecureRandom random = new SecureRandom();
byte[] ivArr = random.generateSeed(16);
IvParameterSpec ivSpec = new IvParameterSpec(ivArr);
SecretKeySpec secretKey = new SecretKeySpec(fixKey(key).getBytes(StandardCharsets.UTF_8), "AES");
Cipher cipher = Cipher.getInstance(CIPHER_NAME);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
byte[] encryptedData = cipher.doFinal((data.getBytes()));
String encryptedDataInBase64 = Base64.getEncoder().encodeToString(encryptedData);
String ivInBase64 = Base64.getEncoder().encodeToString(ivArr);
String resultEnc = encryptedDataInBase64 + ":" + ivInBase64;
return Base64.getEncoder().encodeToString(resultEnc.getBytes());
} catch (Exception ex) {
throw new RuntimeException(ex);
}
var CTRGladman = CryptoJS.lib.BlockCipherMode.extend();
var Encryptor = CTRGladman.Encryptor = CTRGladman.extend({
processBlock: function (words, offset) {
// Shortcuts
var cipher = this._cipher
var blockSize = cipher.blockSize;
var iv = this._iv;
var counter = this._counter;
// Generate keystream
if (iv) {
counter = this._counter = iv.slice(0);
// Remove IV for subsequent blocks
this._iv = undefined;
}
incCounter(counter);
var keystream = counter.slice(0);
cipher.encryptBlock(keystream, 0);
// Encrypt
for (var i = 0; i < blockSize; i++) {
words[offset + i] ^= keystream[i];
}
}
});
CTRGladman.Decryptor = Encryptor;
static function encrypt($key, $data) {
$ivlen = openssl_cipher_iv_length('AES-128-CBC');
$iv = openssl_random_pseudo_bytes($ivlen);
$encodedEncryptedData = base64_encode(openssl_encrypt($data, 'aes-128-cbc', AesCipher::fixKey($key), OPENSSL_RAW_DATA, $iv));
$encodedIV = base64_encode($iv);
$encryptedPayload = $encodedEncryptedData.":".$encodedIV;
return base64_encode($encryptedPayload);
}
static function encrypt($key, $data) {
$ivlen = openssl_cipher_iv_length('AES-128-CBC');
$iv = openssl_random_pseudo_bytes($ivlen);
$encodedEncryptedData = base64_encode(openssl_encrypt($data, 'aes-128-cbc', AesCipher::fixKey($key), OPENSSL_RAW_DATA, $iv));
$encodedIV = base64_encode($iv);
$encryptedPayload = $encodedEncryptedData.":".$encodedIV;
return base64_encode($encryptedPayload);
}
'' Esta implementación utiliza http://restsharp.org v105
Dim encodedString As String = HttpUtility.UrlEncode("SNDBX123 [USAR LA CADENA DEL EJEMPLO UNO] ")
Dim postParam As String = "xml=" & encodedString
Dim client = New RestClient("https://wppsandbox.mit.com.mx/gen")
Dim request = New RestRequest(Method.POST)
request.AddHeader("cache-control", "no-cache")
request.AddHeader("content-type", "application/x-www-form-urlencoded")
request.AddQueryParameter(postParam, ParameterType.RequestBody)
Dim response As IRestResponse = client.Execute(request)
Dim content = response.Content
// Esta implementación utiliza http://restsharp.org v105
string encodedString =
HttpUtility.UrlEncode("<pgs><data0>SNDBX123</data0><data>[USAR LA CADENA DEL EJEMPLO UNO]</data></pgs>");
string postParam = "xml=" + encodedString;
var client = new RestClient("https://wppsandbox.mit.com.mx/gen");
var request = new RestRequest(Method.POST);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddQueryParameter(postParam, ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
var content = response.Content;
def encrypt(self, raw):
padded_plain_text = self._padPKCS5(raw)
iv = Random.new().read(AES.block_size)
cipher = AES.new(self.key, AES.MODE_CBC, iv)
ivEncoded = b64encode(iv)
dataEncoded = b64encode(cipher.encrypt(padded_plain_text))
return b64encode(dataEncoded+':'+ivEncoded)
def encrypt(self, raw):
padded_plain_text = self._padPKCS5(raw)
iv = Random.new().read(AES.block_size)
cipher = AES.new(self.key.encode("utf8"), AES.MODE_CBC, iv)
ivEncoded = b64encode(iv)
dataEncoded = b64encode(cipher.encrypt(padded_plain_text.encode("utf8")))
return b64encode(dataEncoded+':'.encode("utf8")+ivEncoded)
Once the service response is obtained, you can decrypt it with the appropriate SDK to your server, and within <nb_url> you will find the payment link or URL, that you must share with your client to receive your payment.
try {
String cadena = new String(Base64.getDecoder().decode(data));
data = cadena;
String[] parts = data.split(":");
byte[] decodedEncryptedData = Base64.getDecoder().decode(parts[0]);
byte[] ivBytes = Arrays.copyOfRange(decodedEncryptedData, 0, 16);
Cipher cipher = Cipher.getInstance(CIPHER_NAME);
// IvParameterSpec(ivBytes);//Base64.getDecoder().decode(parts[1]));
IvParameterSpec iv = new IvParameterSpec(Base64.getDecoder().decode(parts[1]));
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES");
cipher.init(Cipher.DECRYPT_MODE, secretKey, iv);
byte[] original = cipher.doFinal(decodedEncryptedData);
return new String(original);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
decrypt: function (cipher, ciphertext, key, cfg) {
// Apply config defaults
cfg = this.cfg.extend(cfg);
// Convert string to CipherParams
ciphertext = this._parse(ciphertext, cfg.format);
// Decrypt
var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
return plaintext;
}
static function decrypt($key, $data) {
$data = base64_decode($data);
$parts = explode(':', $data); //Separate Encrypted data from iv.
$encrypted = $parts[0];
$iv = $parts[1];
//$ivlen = openssl_cipher_iv_length('AES-128-CBC');
//$iv = openssl_random_pseudo_bytes($ivlen);
$decryptedData = openssl_decrypt(base64_decode($encrypted), 'aes-128-cbc', AesCipher::fixKey($key), OPENSSL_RAW_DATA, base64_decode($iv));
return $decryptedData;
}
static function decrypt($key, $data) {
$data = base64_decode($data);
$parts = explode(':', $data); //Separate Encrypted data from iv.
$encrypted = $parts[0];
$iv = $parts[1];
//$ivlen = openssl_cipher_iv_length('AES-128-CBC');
//$iv = openssl_random_pseudo_bytes($ivlen);
$decryptedData = openssl_decrypt(base64_decode($encrypted), 'aes-128-cbc', AesCipher::fixKey($key), OPENSSL_RAW_DATA, base64_decode($iv));
return $decryptedData;
}
Imports AESCrypto.vb
Dim originalString As String = "Este es el texto a procesar"
originalString = originalString.Replace("%25", "%").Replace("%20", " ").Replace("%2B", "+").Replace("%3D", "=").Replace("%2F", "/")
Dim key As String = "5DCC67393750523CD165F17E1EFADD21"
Dim decryptedString As String = AESCrypto.Decrypt(key, originalString)
using AESCrypto.cs
string originalString ="Este es el texto a procesar";
string key = "5DCC67393750523CD165F17E1EFADD21";
string decryptedString =
AESCrypto.decrypt(key, originalString);
def decrypt(self, enc):
enc = b64decode(enc)
dataArr = enc.split(":")
iv = b64decode(dataArr[1])
enc = b64decode(dataArr[0])
cipher = AES.new(self.key, AES.MODE_CBC, iv)
return self._unpadPKCS5(cipher.decrypt(enc)).decode('utf-8')
def decrypt(self, enc):
enc = b64decode(enc)
dataArr = enc.split(b":")
iv = b64decode(dataArr[1])
enc = b64decode(dataArr[0])
cipher = AES.new(self.key.encode("utf8"), AES.MODE_CBC, iv)
return self._unpadPKCS5(cipher.decrypt(enc).decode('utf-8'))
nb_response | Description | Solution |
---|---|---|
Empty | The request was processed correctly | |
The request is invalid | The string structure is invalid, contains invalid characters or is not correctly encrypted | Use XSD validation |
The data of merchant, branch or user are invalid | Authentication failed or user / branch / company status is not active. | Contact MIT Attention Center |
The company does not have this service authorized, please contact your administrator | Failed configuration or user / branch / company status is not correct. | Contact MIT Attention Center |
It was not possible to generate the reference, please try later | An error occurred while processing the request (exception). | Contact MIT Attention Center |
From the decrypted answer, you get the payment link in the element
nb_url
. With the link you can invoke the payment form with
GET
in a web browser, Webview of an App, or embedding within the
commerce portal in an iframe. Thus, you have the freedom to select
the best that suits your technology. To find more visit Publish a payment link