Samsung Pay Web Sample App
Sample project that shows how to integrate Samsung Pay with Datatrans
Samsung Pay allows merchants to collect payments through their payment platform that connects the Samsung Pay wallet and lets users authenticate through their mobile device. It enables merchants to receive encrypted payment information which can be forwarded to their Payment Processor for authorization. This Guide is intended for merchants who would like to integrate Samsung Pay with Datatrans. For more Information on Samsung Pay visit: http://www.samsung.com/ch/samsung-pay/
Samsung Pay Flow
The SamsungPay solution is made out of two APIs. The first one is just a WebSDK to trigger the payments on the web. The second one is a REST-like server-to-server API. The application/ message flow is as follows:
- At first the user clicks on the merchants pay button.
- The merchant has then to create a transaction on the Samsung system. This call returns the encryption data required to pass on to the WebSDK.
- The encryption data is then passed on to the SamsungPayWebSDK, which handles connecting to the users device.
- The user is presented with a login screen for his Samsung account. As soon as he enters his email address or phone number and submits a push notification is sent to all devices linked with the Samsung account. This part is handled all by the Samsung infrastructure.
- The user then accepts the payment request on his mobile device.
- As soon as the user accepts the payment request, Samsungs servers verify and then invoke the callback url (defined in step 2) with a referenceId.
- The merchant gets the payment credentials from Samsung by calling the SamsungPay API with the reference ID
- The merchant sends the payment credentials to Datatrans for authorization.
- The merchant notifies Samsung if the transaction succeeded.
- The merchant shows a confirmation screen.
Samsung Pay related
- Samsung Pay dev-account
- Samsung Pay service-ID
- Samsung Pay enabled device
- A list of IP addresses/ ranges you want to be whitelisted by Samsung to access their systems. (Developers NAT, DEV Server, Production Server)
- Datatrans merchant ID (Get one here)
- Merchant needs to be configured to make XML-calls
- Merchant needs to be enabled for Samsung Pay
- Java installed on your local dev system
- Maven installed on your local dev system
- openssl installed on your dev system
- Your preferred browser
- Some basic experience with Spring Boot
- Some basic understanding of Samsung Pay
Samsung Pay Merchant Setup
Please note that these steps are required to use the sample application as well as if you want to use Samsung Pay in your productive environment. These steps require your to get in touch with Samsung.
Signing up for a SamsungPay dev account
Navigate to https://us-partner.pay.samsung.com/ and sign up. You can use this account later on for testing on your Samsung device.
Obtaining the Samsungpay service-ID
To make sure only you can decrypt the messages coming from Samsung you need to submit a self signed CSR for each Environment. The CSR should have following attributes:
- File extension CSR - RSA Key Size 2048 bit or higher - Signature Algorithm: Sha256WithRSAEncryption
Create one CSR for your Test and Production environment
Furthermore you need to submit your list of IP addresses to Samsung during the onboarding process. Please get in touch for more information. Submit each CSR to Samsung. After verifying your account, the IP addresses and your CSRs you will be given a service-ID and access to their Documentation
How to generate a CSR
Generate your private key
openssl genrsa -out domain.com.key 2048
Generate the CSR with your private key
openssl req -out CSR.csr -key domain.com.key -new -sha256
Verify your CSR
openssl req -in CSR.csr -noout -text
The sample application is a spring boot application ( https://projects.spring.io/spring-boot/) that can be run out of the box. It uses an embedded tomcat.
- Clone the repository
$ git clone firstname.lastname@example.org:datatrans/samsungpay-web-sample.git $ cd samsungpay-web-sample
- Open it with your favorite IDE / text editor
- Install the project
mvn clean install
Converting your private key
To decrypt the payment credentials sent by Samsung you need to use your private key in DER format. Here is how you convert it.
openssl pkcs8 -topk8 -in domain.com.key -outform DER -nocrypt -out rsapriv.der
Do this for each private key in each environment. Copy the file to
Adjusting the properties
|server.port||The port the server should be running on||application.properties|
|callbackUrl||The callback Samsung uses. Make sure this is aligned with your server port||application.properties|
|merchant.name||Your company's name.||application.properties|
|merchant.reference||This is used by Samsung to display transactions in the SamsungPay App||application.properties|
|samsung.serviceId||Your ServiceID given by Samsung||application-dev.properties / application-prod.properties|
|datatrans.merchantId||Your datatrans merchantId||application-dev.properties / application-prod.properties|
|datatrans.sign||The sign belonging to the merchantId||application-dev.properties / application-prod.properties|
- Open the URL you defined in your browser
- Fill the inputs and tap/click "Pay with SamsungPay"
- Log in with your Samsung dev-account
- Confirm the transaction your device
- Result is displayed
During contact with Samsung you will be provided with a sample Samsung Pay app. The app will contain test cards, those will not be charged by Datatrans but will be replaced if a valid Samsung Pay token is sent as follows:
cardno=4242 4242 4242 4242 expm=12 expy=18
Authorization with Datatrans
src/main/java/ch/datatrans/examples/samsungpay/client/DatatransClient.java to see how the authorization is done.
<?xml version="1.0" encoding="UTF-8" ?> <authorizationService version="1"> <body merchantId="$merchantId"> <transaction refno="$refno"> <request> <samsungPayData><![CDATA[$token]]></samsungPayData> <reqtype>NOA</reqtype> <transtype>05</transtype> <sign>$sign</sign> </request> </transaction> </body> </authorizationService>
<?xml version="1.0" encoding="UTF-8" ?> <authorizationService version="1"> <body merchantId="$merchantId" status="accepted"> <transaction refno="$refno" trxStatus="response"> <request> <samsungPayData><![CDATA[$token]]></samsungPayData> <reqtype>NOA</reqtype> <transtype>05</transtype> <sign>$sign</sign> </request> <response> <responseCode>01</responseCode> <responseMessage>Authorized</responseMessage> <uppTransactionId>160823101329060450</uppTrasactionId> <authorizationCode>538050451</authorizationCode> <acqAuthorizationCode>101538</acqAuthorizationCode> <aliasCC>70119122433810042</aliasCC> <expy>18</expy> <expm>12</expm> </response> </transaction> </body> </authorizationService>
A successful call will return
well as a new
<response> element containing the responseCode. A responseCode equal to "01" or "02" indicates
an authorized transaction. Elements aliasCC, expy and expm will be returned only if the merchant uses credit card aliases.
- This is sample code! Never ever use this code in production!
- If you have questions please raise an issues and add the label "question".