Documentation ( V 3.5 )

Last updated: Sep 22th, 2017 | Previous update: Jan 25th, 2016

Overview

SSLCOMMERZ is the first payment gateway in Bangladesh opening doors for merchants to receive payments on the internet via their online stores. Customers are able to buy products online using their credit cards as well as bank accounts. If you are a merchant, you have come to the right place! Enhance your business by integrating SSLCOMMERZ to your online store and facilitating online payment in Bangladeshi Taka. Your customers will be able to pay for your products using local credit/debit cards like VISA, MasterCard, DBBL Nexus Card and any kind of credit card or bank accounts right from your online store. SSLCOMMERZ uses industry standard Secure Sockets Layer (SSL) technology which is used worldwide for securing data encryption For more details, please visit to https://www.sslcommerz.com/

SSLCommerz Process Flow

SSLCommerz Process

The above steps can be categorized in three sections based on the development process described below.

Transaction Initiate:

The Steps 1, 2 and 3 are used to make the request for a new transaction. After getting confirmation of checkout from customer, merchant server sends a request to SSLCOMMERZ server to get a Session ID. If all the credentials and mandatory fields are valid, then SSLCOMMERZ provides a Session ID to Merchant System. After receiving the Session ID, Merchant System redirects the customer to payment page with Session ID.

Handling Payment Notification:

The Step 4 and 5 are processed at this stage. For any notification, SSLCOMMERZ will send HTTP message in POST method called IPN Message to the Listener which is to be configured by the Merchant attheir SSLCOMMERZ Administrator Panel. After receiving the message, you must validate the message with Transaction Validation API of SSLCOMMERZ.

Service Confirmation:

At Step 5, SSLCOMMERZ will redirect the customer to merchant’s side. At this stage, Merchant will display the notification of Service Confirmation.

Integration Steps

Initiate Payment

Provide Information about your customer and order to SSLCommerz along with your store id to initiate the payment. Rest of the payment process will be done by SSLCommerz

Validate Payment

After successfully taking the payment SSLCommerz will send the request back to you as SUCCESS, FAILED or CANCEL status. You must validate with our validation API using transaction ID, amount and currency

Update your transaction

After validation of the transaction that you have received, Depending on the status you have to update your transaction in your Database. The status will SUCCESS, FAILED, CANCEL depending on BANK Status

Enable most advanced IPN

This is an important and interesting part of integration. If somehow your consumer pays your payable amount to BANK Side and SSLCommerz accept it as SUCCESS but your website/Connectivity/Customer Network got downtime and unable to update the payment at your side you can use IPN ( Instant Payment Notification ). It will send an notification to your set up URL in SSLCommerz Merchant Dashboard to notify you and your database even if your user unable to return back to your website

Checkpoint Tips:

  • You must collect your STORE ID and Password from SSLCommerz by contacting to our helpline
  • You must validate your transaction and amount by calling our API
  • You must set IPN url to receive notification for both returned and missed payments
  • Sometime you will get Risk payments (In response you will get risk properties, value will be 0 for safe, 1 for risky). It depends on you to provide the service or not

Payment Process Environment

We have both Live environment and Test/Sandbox environment in SSLCommerz. You just need to use proper URL and Store ID's to process payments. We provide separate store ID for live and test

Live Environment

All the transaction made using this environment are counted as real transaction, URL starts with https://securepay.sslcommerz.com

Sandbox Environment

All the transaction made using this environment are counted as test transaction and has no effect with accounting, URL starts with https://sandbox.sslcommerz.com.

Initiate Payment

For initiating payment processing, at first you need to enable HTTP IPN Listener to listen the payments. So that you can update your database accordingly even customer got connectivity issue to return back to your website.

Step 1) Setup IPN

  • Login at https://merchant.sslcommerz.com/ (LIVE) and https://sandbox.sslcommerz.com/manage/(TEST)
  • Click on Menu My Stores > IPN Settings
  • Tick mark Enable HTTP Listener, input your URL in the Box and save the settings.

Banner

Step 2) Ready the parameters

Some mandatory parameters need to pass to SSLCommerz. It identify your customers and orders. Also you have to pass the success, fail, cancel url to redirect your customer after pay.

Request Parameters

Param Name Data Type Description
Integration Required Parameters
store_id string (30) - Your SSLCommerz Store ID is the integration credential which can be collected through our managers
store_passwd string (30) - Your SSLCommerz Store Password is the integration credential which can be collected through our managers
total_amount decimal (10,2) - The amount which will process by SSLCommerz. It shall be decimal value (10,2). Example : 55.40. The transaction amount must be from 10.00 BDT to 500000.00 BDT
currency string (3) - The currency type must be mentioned. It shall be three characters. Example : BDT, USD, EUR, SGD, INR, MYR, etc. If the transaction currency is not BDT, then it will be converted to BDT based on the current convert rate. Example : 1 USD = 82.22 BDT.
tran_id string (30) - Unique transaction ID to identify your order in both your end and SSLCommerz
success_url string (255) - It is the callback URL of your website where user will redirect after successful payment (Length: 255)
fail_url string (255) - It is the callback URL of your website where user will redirect after any failure occure during payment (Length: 255)
cancel_url string (255) - It is the callback URL of your website where user will redirect if user canceled the transaction (Length: 255)
multi_card_name string (30) You can control to display the gateway list at SSLCommerz gateway selection page by providing this parameters.

It is the short-name of Bank’s Payment Gateway.
brac_visa = BRAC VISA
dbbl_visa = Dutch Bangla VISA
city_visa = City Bank Visa
ebl_visa = EBL Visa
sbl_visa = Southeast Bank Visa
brac_master = BRAC MASTER
dbbl_master = MASTER Dutch-Bangla
city_master = City Master Card
ebl_master = EBL Master Card
sbl_master = Southeast Bank Master Card
city_amex = City Bank AMEX
qcash = QCash
dbbl_nexus = DBBL Nexus
bankasia = Bank Asia IB
abbank = AB Bank IB
ibbl = IBBL IB and Mobile Banking
mtbl = Mutual Trust Bank IB
bkash = Bkash Mobile Banking
dbblmobilebanking = DBBL Mobile Banking
city = City Touch IB
Parameters to Handle EMI Transaction
emi_option integer (1) - This is mandatory if transaction is EMI enabled and Value must be 1/0. Here, 1 means customer will get EMI facility for this transaction
emi_max_inst_option integer (2) Max instalment Option, Here customer will get 3,6, 9 instalment at gateway page
emi_selected_inst integer (2) Customer has selected from your Site, So no instalment option will be displayed at gateway page
Customer Information
cus_name string (50) - Your customer name to address the customer in payment receipt email
cus_email string (50) - Valid email address of your customer to send payment receipt from SSLCommerz end
cus_add1 string (50) Address of your customer. Not mandatory but useful if provided
cus_add2 string (50) Address line 2 of your customer. Not mandatory but useful if provided
cus_city string (50) City of your customer. Not mandatory but useful if provided
cus_state string (50) State of your customer. Not mandatory but useful if provided
cus_postcode string (30) Postcode of your customer. Not mandatory but useful if provided
cus_country string (50) Country of your customer. Not mandatory but useful if provided
cus_phone string (20) - The phone/mobile number of your customer to contact if any issue arises
cus_fax string (20) Fax number of your customer. Not mandatory but useful if provided
Shipment Information
ship_name string (50) Shipping Address of your order. Not mandatory but useful if provided
ship_add1 string (50) Additional Shipping Address of your order. Not mandatory but useful if provided
ship_add2 string (50) Additional Shipping Address of your order. Not mandatory but useful if provided
ship_city string (50) Shipping city of your order. Not mandatory but useful if provided
ship_state string (50) Shipping state of your order. Not mandatory but useful if provided
ship_postcode string (50) Shipping postcode of your order. Not mandatory but useful if provided
ship_country string (50) Shipping country of your order. Not mandatory but useful if provided
Customized or Additional Parameters
value_a string (255) Extra parameter to pass your meta data if it is needed. Not mandatory
value_b string (255) Extra parameter to pass your meta data if it is needed. Not mandatory
value_c string (255) Extra parameter to pass your meta data if it is needed. Not mandatory
value_d string (255) Extra parameter to pass your meta data if it is needed. Not mandatory
Cart Information
cart json JSON data with two elements. product : Max 255 characters and amount : Decimal (12,2)

Example:
[{"product":"DHK TO BRS AC A1","amount":"200.00"},{"product":"DHK TO BRS AC A2","amount":"200.00"},{"product":"DHK TO BRS AC A3","amount":"200.00"},{"product":"DHK TO BRS AC A4","amount":"200.00"}]
product_amount decimal (10,2) Product price which will be displayed in your merchant panel and will help you to reconcile the transaction. It shall be decimal value (10,2). Example : 50.40
vat decimal (10,2) The VAT included on the product price which will be displayed in your merchant panel and will help you to reconcile the transaction. It shall be decimal value (10,2). Example : 4.00
discount_amount decimal (10,2) Discount given on the invoice which will be displayed in your merchant panel and will help you to reconcile the transaction. It shall be decimal value (10,2). Example : 2.00
convenience_fee decimal (10,2) Any convenience fee imposed on the invoice which will be displayed in your merchant panel and will help you to reconcile the transaction. It shall be decimal value (10,2). Example : 3.00

Returned Parameters

Param Name Data Type Description
status string (10) API connectivity status. If all the required data is provided, then it will return as SUCCESS, neither it will be FAILED
failedreason string (255) If API connectivity is failed then it returns the reason.
sessionkey string (50) A unique session key which must be saved at your system to query the transaction status any time (if required).
gw string It will list all active gateways. If you add this key with the parameter of redirectGatewayURL, then it will be redirected to that gateway directly.
All these gateway keys are classified into six major categories. Such as visa, master, amex, othercards, internetbanking and mobilebanking.
redirectGatewayURL string (255) The URL to where you will redirect the customer. This parameter depends on the above parameter gw's gateway key. Syntax: redirectGatewayURL + Key of gateway the a valid URL will be generated. Example: redirectGatewayURL + visacard
GatewayPageURL string (255) The URL to where you will redirect the customer to pay.
directPaymentURL string (255) Opened for future use.
storeBanner string (255) It will return the image URL if any banner is uploaded against the store.
storeLogo string (255) It will return the image URL if any logo is uploaded against the store.
desc string All gateways' brief description. If you want to know about the individual gateway key, then this parameter will help you. Example: search visacard in the element gw of this parameter, then you will get the gateway name, type and logo.
is_direct_pay_enable integer (1) Opened for future use

Step 3) Create and Get Session

Make an array by using those parameters fill with data, You need to create session at SSLCommerz end. You have to call initiation API to generate session and get in response


POST gwprocess/v3/api.php

Request Example

$ curl -X POST https://sandbox.sslcommerz.com/gwprocess/v3/api.php 
-d 
'store_id=testbox&
store_passwd=qwerty&
total_amount=100&
currency=EUR&
tran_id=REF123&
success_url=http://yoursite.com/success.php&
fail_url=http://yoursite.com/fail.php&
cancel_url=http://yoursite.com/cancel.php&
cus_name=Customer Name&
cus_email=cust@yahoo.com&
cus_add1=Dhaka&
cus_add2=Dhaka&
cus_city=Dhaka&
cus_state=Dhaka&
cus_postcode=1000&
cus_country=Bangladesh&
cus_phone=01711111111&
cus_fax=01711111111&
ship_name=Customer Name&
ship_add1 =Dhaka&
ship_add2=Dhaka&
ship_city=Dhaka&
ship_state=Dhaka&
ship_postcode=1000&
ship_country=Bangladesh&
multi_card_name=mastercard,visacard,amexcard&
value_a=ref001_A&
value_b=ref002_B&
value_c=ref003_C&
value_d=ref004_D'                   


Response Example
{  
   "status":"SUCCESS",
   "failedreason":"",
   "sessionkey":"2498991D15494280E370D719FBB2BBD6",
   "gw":{  
      "visa":"dbbl_visa,brac_visa,city_visa,ebl_visa,sbl_visa,visacard",
      "master":"dbbl_master,brac_master,city_master,ebl_master,sbl_master,mastercard",
      "amex":"city_amex,amexcard",
      "othercards":"dbbl_onus_visa,dbbl_onus_master",
      "internetbanking":"",
      "mobilebanking":""
   },
   "redirectGatewayURL":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/gw.php?Q=REDIRECT&SESSIONKEY=2498991D15494280E370D719FBB2BBD6&cardname=",
   "GatewayPageURL":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/gw.php?Q=PAY&SESSIONKEY=2498991D15494280E370D719FBB2BBD6",
   "directPaymentURL":"",
   "storeBanner":"https:\/\/sandbox.sslcommerz.com\/stores\/banners\/banner_SCZ1001.png?v=59bc41de51ea7",
   "storeLogo":"https:\/\/sandbox.sslcommerz.com\/stores\/logos\/logo_SCZ10031.png?v=59bc41de51eea",
   "desc":[  
      {  
         "name":"AMEX",
         "type":"amex",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/amex.png",
         "gw":"amexcard"
      },
      {  
         "name":"VISA",
         "type":"visa",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/visa.png",
         "gw":"visacard"
      },
      {  
         "name":"MASTER",
         "type":"master",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/master.png",
         "gw":"mastercard"
      },
      {  
         "name":"AMEX-City Bank",
         "type":"amex",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/amex.png",
         "gw":"city_amex"
      },
      {  
         "name":"VISA-Eastern Bank Limited",
         "type":"visa",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/visa.png",
         "gw":"ebl_visa"
      },
      {  
         "name":"MASTER-Eastern Bank Limited",
         "type":"master",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/master.png",
         "gw":"ebl_master"
      },
      {  
         "name":"VISA-Southeast Bank Limited",
         "type":"visa",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/visa.png",
         "gw":"sbl_visa"
      },
      {  
         "name":"MASTER-Southeast Bank Limited",
         "type":"master",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/master.png",
         "gw":"sbl_master"
      },
      {  
         "name":"VISA-City Bank",
         "type":"visa",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/visa.png",
         "gw":"city_visa"
      },
      {  
         "name":"MASTER-City bank",
         "type":"master",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/master.png",
         "gw":"city_master"
      },
      {  
         "name":"VISA-Brac bank",
         "type":"visa",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/visa.png",
         "gw":"brac_visa"
      },
      {  
         "name":"MASTER-Brac bank",
         "type":"master",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/master.png",
         "gw":"brac_master"
      },
      {  
         "name":"VISA-Dutch bank",
         "type":"visa",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/visa.png",
         "gw":"dbbl_visa"
      },
      {  
         "name":"MASTER-Dutch Bangla",
         "type":"master",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/master.png",
         "gw":"dbbl_master"
      },
      {  
         "name":"VISA-Dutch Bangla Debit",
         "type":"othercards",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/dbblvisa.png",
         "gw":"dbbl_onus_visa"
      },
      {  
         "name":"MASTER-Dutch Bangla Debit",
         "type":"othercards",
         "logo":"https:\/\/sandbox.sslcommerz.com\/gwprocess\/v3\/image\/gw\/dbblmaster.png",
         "gw":"dbbl_onus_master"
      }
   ],
   "is_direct_pay_enable":"0"
}
                     

Remember, We have set an IPN URL in first step so that your server can listen at the right moment when payment is done at Bank End. So, It is important to validate the transaction notification to maintain security and standard.

Step 1) Grab the notification

As IPN URL already set in panel. All the payment notification will reach through IPN prior to user return back. So it needs validation for amount and transaction properly.

The IPN will send a POST REQUEST with below parameters. Grab the post notification with your desired platform ( PHP: $_POST)

Param Name Data Type Description
status string (20) Transaction Status - as VALID / FAILED / CANCELLED. This parameter needs to be checked before update your database

VALID : A successful transaction.

FAILED : Transaction is declined by customer's Issuer Bank.

CANCELLED : Transaction is cancelled by the customer.

tran_date datetime Transaction date - Payment completion date as 2016-05-08 15:53:49 ( PHP date('Y-m-d H:i:s') )
tran_id string (30) Transaction ID (Unique) that was sent by you during initiation. This parameter needs to be validated with your system database for security
val_id string (50) A Validation ID against the Transaction which is provided by SSLCommerz.
amount decimal (10,2) The total amount sent by you. However, it could be changed based on currency type. This parameter needs to be validated with your system database for security
store_amount decimal (10,2) The amount what you will get in your account after bank charge ( Example: 100 BDT will be your store amount of 96 BDT after 4% Bank Commission )
card_type string (50) The Bank Gateway Name that customer selected
card_no string (30) Customer’s Card number. However, for Mobile Banking and Internet Banking, it will return customer's reference id.
currency string (3) Currency Type which will be settled with your merchant account after deducting the Gateway charges. This parameter is the currency type of the parameter amount
bank_tran_id string (50) The transaction ID at Banks End
card_issuer string (50) Issuer Bank Name
card_brand string (30) VISA, MASTER, AMEX, IB or MOBILE BANKING
card_issuer_country string (50) Country of Card Issuer Bank
card_issuer_country_code string (2) 2 digits short code of Country of Card Issuer Bank
currency_type string (3) The currency you have sent during initiation of this transaction. If the currency is different than BDT, then it will be converted to BDT by the current conversion rate. This parameter needs to be validated with your system database for security
currency_amount decimal (10,2) The currency amount you have sent during initiation of this transaction. If the amount is not mentioned in BDT, then it will be converted to BDT by the current conversion rate and return by the above field amount. This parameter needs to be validated with your system database for security
value_a string (255) Same Value will be returned as Passed during initiation
value_b string (255) Same Value will be returned as Passed during initiation
value_c string (255) Same Value will be returned as Passed during initiation
value_d string (255) Same Value will be returned as Passed during initiation
varify_sign string (255) Data Validation Key
verify_key string Data Validation Key
risk_level integer (1) Transaction's Risk Level - High (1) for most risky transactions and Low (0) for safe transactions. Please hold the service and proceed to collect customer verification documents
risk_title string (50) Transaction's Risk Level Decription
 

POST <YOUR IPN LISTENER>

$ curl -X POST <YOUR IPN LISTENER MENTIONED BY YOU IN YOUR MERCHANT PANEL>
-d 
'tran_id=5a16c68b23783&
val_id=1711231900331kHP17lnrr9T8Gt&
amount=100&
card_type=VISA-Dutch Bangla&
store_amount=97&
card_no=425272XXXXXX3456&
bank_tran_id=1711231900331S0R8atkhAZksmM&
status=VALID&
tran_date=2017-11-23 18:59:55&
currency=BDT&
card_issuer=Standard Chartered Bank&
card_brand=VISA&
card_issuer_country=Bangladesh&
card_issuer_country_code=BD&
store_id=testbox&
verify_sign=8070c0cefed9e629b01100d8a92afda2&
verify_key=amount,bank_tran_id,base_fair,card_brand,card_issuer,card_issuer_country,card_issuer_country_code,card_no,card_type,currency,currency_amount,currency_rate,currency_type,risk_level,risk_title,status,store_amount,store_id,tran_date,tran_id,val_id,value_a,value_b,value_c,value_d&
cus_fax=01711111111&
currency_type=BDT&
currency_amount=100.00&
currency_rate=1.0000&
base_fair=0.00&
value_a=ref001_A&
value_b=ref002_B&
value_c=ref003_C&
value_d=ref004_D&
risk_level=0&
risk_title=Safe'                 


Response Example

<YOU CAN PRINT ANY MESSAGE>

               

Hash validation needed for verify the exact parameters come from SSLCommerz and no one molested it. The function returns true for valid or false for invalid

Method to validate the hash
  • Catch two POST parameters verify_sign and verify_key.
  • Explode the parameter verify_key by comma (,). Here, this parameter contents all the parameters which are returned from SSLCommerz and combination of these value generates the verify_sign value.
  • Serialize all these parameters by their name
  • Example: value of verify_key (before the serial): key1,key3,key2,key5,key4
  • Add the store_passwd and your store password value with verify_key
  • Example: Now the verify_key (after adding store_passwd): key1,key3,key2,key5,key4,store_passwd
  • Example: value of verify_key (after the serialized): key1,key2,key3,key4,key5,store_passwd
  • Make a string by combining the parameters' key and value. Example: key1=value1&key2=value2&key3=value3&key4=value4&key5=value5&store_passwd=Your Store Password
  • Generate md5 hash of the value and match with verify_sign


Security Check Points:

  • You must be required to validate each transaction by Order Validation API, neither you will get a warning email in Live system.

After knowing that the post keys are valid and no moletion done with the request, now it is the time to validate your transaction for amount and transaction. It will only treated as valid if amount and transaction status are valid at SSL End

So, Let's call the API and the example given below

REST API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/validationserverAPI.php

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/validationserverAPI.php

Method: GET

SOAP API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/validationserverAPI.php?wsdl

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/validationserverAPI.php?wsdl

Method: POST

Function: checkValidation(val_id, Store_Id, Store_Passwd, v, Format)

Request Parameters

Param Name Data Type Description
val_id string (50) - A Validation ID against the successful transaction which is provided by SSLCommerz.
store_id string (30) - Your SSLCommerz Store ID is the integration credential which can be collected through our managers
store_passwd string (30) - Your SSLCommerz Store Password is the integration credential which can be collected through our managers
format string (10) Predefined value is json or xml. This parameter is used to get the response in two different format such as json or xml. By default it returns json format.
v integer (1) Open for future use only.

Returned Parameters

Param Name Data Type Description
status string (20) Transaction StatusThis parameter needs to be checked before update your database as a successful transaction.

VALID : A successful transaction.

VALIDATED : A successful transaction but called by your end more than one.

INVALID_TRANSACTION : Invalid validation id (val_id).

tran_date datetime Transaction date - Payment completion date as 2016-05-08 15:53:49 ( PHP date('Y-m-d H:i:s') )
tran_id string (30) Transaction ID (Unique) that was sent by you during initiation. This parameter needs to be validated with your system database for security
val_id string (50) A Validation ID against the Transaction which is provided by SSLCommerz.
amount decimal (10,2) The total amount sent by you. However, it could be changed based on currency type. This parameter needs to be validated with your system database for security
store_amount decimal (10,2) The amount what you will get in your account after bank charge ( Example: 100 BDT will be your store amount of 96 BDT after 4% Bank Commission )
card_type string (50) The Bank Gateway Name that customer selected
card_no string (30) Customer’s Card number. However, for Mobile Banking and Internet Banking, it will return customer's reference id.
currency string (3) Currency Type which will be settled with your merchant account after deducting the Gateway charges. This parameter is the currency type of the parameter amount
bank_tran_id string (50) The transaction ID at Banks End
card_issuer string (50) Issuer Bank Name
card_brand string (30) VISA, MASTER, AMEX, IB or MOBILE BANKING
card_issuer_country string (50) Country of Card Issuer Bank
card_issuer_country_code string (2) 2 digits short code of Country of Card Issuer Bank
currency_type string (3) The currency you have sent during initiation of this transaction. If the currency is different than BDT, then it will be converted to BDT by the current conversion rate. This parameter needs to be validated with your system database for security
currency_amount decimal (10,2) The currency amount you have sent during initiation of this transaction. If the amount is not mentioned in BDT, then it will be converted to BDT by the current conversion rate and return by the above field amount. This parameter needs to be validated with your system database for security
emi_instalment integer (2) Tenure of the EMI transaction which is choosen by the customer.
emi_amount decimal (10,2) EMI charge which will be paid to the Issuer Bank
discount_percentage decimal (10,2) If customer gets any discount based on the campaign is managed by both you and SSLCommerz.
discount_remarks string (255) Short description of the campaign which is managed by both you and SSLCommerz.
value_a string (255) Same Value will be returned as Passed during initiation
value_b string (255) Same Value will be returned as Passed during initiation
value_c string (255) Same Value will be returned as Passed during initiation
value_d string (255) Same Value will be returned as Passed during initiation
risk_level integer (1) Transaction's Risk Level - High (1) for most risky transactions and Low (0) for safe transactions. Please hold the service and proceed to collect customer verification documents
risk_title string (50) Transaction's Risk Level Decription

GET validator/api/validationserverAPI.php

Request Example

$ curl -X GET 'https://sandbox.sslcommerz.com/validator/api/validationserverAPI.php?val_id=1709162025351ElIuHtUtFReBwE&store_id=testbox&store_passwd=qwerty&format=json'


Response Example

{  
   "status":"VALIDATED",
   "tran_date":"2017-09-16 20:25:27",
   "tran_id":"SSLCZ_TEST_59bd349436a7b",
   "val_id":"1709162025351ElIuHtUtFReBwE",
   "amount":"103.00",
   "store_amount":"98.88",
   "currency":"BDT",
   "bank_tran_id":"1709162025350IvUOK8nCTb6Uan",
   "card_type":"VISA-Brac bank",
   "card_no":"455445XXXXXX4326",
   "card_issuer":"STANDARD CHARTERED BANK",
   "card_brand":"VISA",
   "card_issuer_country":"Bangladesh",
   "card_issuer_country_code":"BD",
   "currency_type":"BDT",
   "currency_amount":"103.00",
   "currency_rate":"1.0000",
   "base_fair":"0.00",
   "value_a":"ref001",
   "value_b":"",
   "value_c":"ref003",
   "value_d":"ref004",
   "emi_instalment":"0",
   "emi_amount":"0.00",
   "emi_description":"",
   "emi_issuer":"",
   "account_details":"",
   "risk_title":"Safe",
   "risk_level":"0",
   "APIConnect":"DONE",
   "validated_on":"2017-09-16 20:25:37",
   "gw_version":""
}
                     


Security Check Points:

  • Track your order by transaction ID and check it in your database for existance
  • Must validate amount and incoming amount from your Database
  • Also check the currency type to avoid frauds
  • Check for the status - VALID, FAILED, CANCEL to update your order status

Update your transaction

So, Your order and amount validated and it is ready for update in your database. If status is Valid and validation status Valid then update your database according to the status. and wait for your user to your website to show him/her the success, fail, and cancel page.

You can use the refund API to initiate a transaction.

Initiate The Refund

So, Let's call the API and the example given below

REST API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

Method: GET

SOAP API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

Method: POST

Function: initiateRefund(bank_tran_id, store_Id, store_Passwd, refund_amount, refund_remarks, refe_id)

Request Parameters

Param Name Data Type Description
bank_tran_id string (50) - The transaction ID at Banks End
store_id string (30) - Your SSLCommerz Store ID is the integration credential which can be collected through our managers
store_passwd string (30) - Your SSLCommerz Store Password is the integration credential which can be collected through our managers
refund_amount decimal (10,2) - The amount will be refunded to card holder's account.
refund_remarks string (255) - The reason of refund.
refe_id string (50) You can provide any reference number of your system to reconcile.
format string (10) Predefined value is json or xml. This parameter is used to get the response in two different format such as json or xml. By default it returns json format.

Returned Parameters

Param Name Data Type Description
APIConnect string (30)

API Connection Status -

INVALID_REQUEST : Invalid data imputed to call the API

FAILED : API Authentication Failed

INACTIVE : API User/Store ID is Inactive

DONE : API Connection Success

bank_tran_id string (50) The transaction ID at Banks End
trans_id string (30) Will be return only when the Authentication is success and the bank_tran_id is a valid id
refund_ref_id string (50) This parameter will be returned only when the request successfully initiates
status string (30)

Will be returned only when the authentication is success and the value will be as below,

success : Refund request is initiated successfully

failed : Refund request is failed to initiate

processing : The refund has been initiated already

errorReason string (255) Failure reason to initiate the refund request

Security Check Points:

  • Your Public IP must be registered at SSLCommerz Live System

GET validator/api/merchantTransIDvalidationAPI.php

Request Example

$ curl -X GET 'https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?bank_tran_id=1709162345070ANJdZV8LyI4cMw&refund_amount=5.50&refund_remarks=Out%20of%20Stock&store_id=testbox&store_passwd=qwerty&v=1&format=json'


Response Example

{
  "APIConnect": "DONE",
  "ssl_id": "1709162345070ANJdZV8LyI4cMw",
  "trans_id": "SSLCZ_TEST_59bd635981a94",
  "refund_ref_id": "59bd63fea5455",
  "status": "success",
  "errorReason": ""
}
                     

You can check the status of a refund whether it is refunded to customer account.

So, Let's call the API and the example given below

REST API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

Method: GET

SOAP API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

Method: POST

Function: initiateRefund(bank_tran_id, store_Id, store_Passwd, refund_amount, refund_remarks, refe_id)

Request Parameters

Param Name Data Type Description
refund_ref_id string (50) - This parameter will be returned only when the request successfully initiates
store_id string (30) - Your SSLCommerz Store ID is the integration credential which can be collected through our managers
store_passwd string (30) - Your SSLCommerz Store Password is the integration credential which can be collected through our managers

Returned Parameters

Param Name Data Type Description
APIConnect string (30)

API Connection Status -

INVALID_REQUEST : Invalid data imputed to call the API

FAILED : API Authentication Failed

INACTIVE : API User/Store ID is Inactive

DONE : API Connection Success

bank_tran_id string (50) The transaction ID at Banks End
trans_id string (30) Will be return only when the Authentication is success and the bank_tran_id is a valid id
refund_ref_id string (50) This parameter will be returned only when the request successfully initiates
initiated_on datetime Date and time when the refund request has been initiated
refunded_on datetime Date and time when the refund request has been proceeded all the processes.
status string (30)

Will be return only when the Authentication is success and the value will be as below,

refunded : Refund request has been proceeded successfully

processing : Refund request is under processing

cancelled : Refund request has been proceeded successfully

errorReason string (255) Failure reason to query the refund request

Security Check Points:

  • Your Public IP must be registered at SSLCommerz Live System

GET validator/api/merchantTransIDvalidationAPI.php

Request Example

$ curl -X GET 'https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?refund_ref_id=59bd63fea5455&store_id=testbox&store_passwd=qwerty&format=json'


Response Example

{
  "APIConnect": "DONE",
  "bank_tran_id": "1709162345070ANJdZV8LyI4cMw",
  "tran_id": "SSLCZ_TEST_59bd635981a94",
  "initiated_on": "2017-09-16 23:48:46",
  "refunded_on": "2017-09-17 08:53:51",
  "status": "refunded",
  "refund_ref_id": "59bd63fea5455"
}
                     

You can query your transaction status any time while you want. For ticketing system or product limitation, it will help you to release before recheck.

You can check the status of a transaction by the session id

So, Let's call the API and the example given below

REST API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

Method: GET

SOAP API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

Method: POST

Function: checkSsessionKey(sessionkey, Store_Id, store_Passwd, v, Format)

Request Parameters

Param Name Data Type Description
sessionkey string (50) - The session id has been generated at the time of transaction initiated.
store_id string (30) - Your SSLCommerz Store ID is the integration credential which can be collected through our managers
store_passwd string (30) - Your SSLCommerz Store Password is the integration credential which can be collected through our managers

Returned Parameters

Param Name Data Type Description
APIConnect string (30)

API Connection Status -

INVALID_REQUEST : Invalid data imputed to call the API

FAILED : API Authentication Failed

INACTIVE : API User/Store ID is Inactive

DONE : API Connection Success

status string (20) Transaction Status This parameter needs to be checked before update your database as a successful transaction.

VALID : A successful transaction.

VALIDATED : A successful transaction but called by your end more than one.

PENDING : The transaction is still not completed and waiting to get the status.

FAILED : The transaction is failed.

sessionkey string (50) The session id has been generated at the time of transaction initiated.
tran_date datetime Transaction date - Payment completion date as 2016-05-08 15:53:49 ( PHP date('Y-m-d H:i:s') )
tran_id string (30) Transaction ID (Unique) that was sent by you during initiation. This parameter needs to be validated with your system database for security
val_id string (50) A Validation ID against the Transaction which is provided by SSLCommerz.
amount decimal (10,2) The total amount sent by you. However, it could be changed based on currency type. This parameter needs to be validated with your system database for security
store_amount decimal (10,2) The amount what you will get in your account after bank charge ( Example: 100 BDT will be your store amount of 96 BDT after 4% Bank Commission )
card_type string (50) The Bank Gateway Name that customer selected
card_no string (30) Customer’s Card number. However, for Mobile Banking and Internet Banking, it will return customer's reference id.
currency string (3) Currency Type which will be settled with your merchant account after deducting the Gateway charges. This parameter is the currency type of the parameter amount
bank_tran_id string (50) The transaction ID at Banks End
card_issuer string (50) Issuer Bank Name
card_brand string (30) VISA, MASTER, AMEX, IB or MOBILE BANKING
card_issuer_country string (50) Country of Card Issuer Bank
card_issuer_country_code string (2) 2 digits short code of Country of Card Issuer Bank
currency_type string (3) The currency you have sent during initiation of this transaction. If the currency is different than BDT, then it will be converted to BDT by the current conversion rate. This parameter needs to be validated with your system database for security
currency_amount decimal (10,2) The currency amount you have sent during initiation of this transaction. If the amount is not mentioned in BDT, then it will be converted to BDT by the current conversion rate and return by the above field amount. This parameter needs to be validated with your system database for security
emi_instalment integer (2) Tenure of the EMI transaction which is choosen by the customer.
emi_amount decimal (10,2) EMI charge which will be paid to the Issuer Bank
discount_percentage decimal (10,2) If customer gets any discount based on the campaign is managed by both you and SSLCommerz.
discount_remarks string (255) Short description of the campaign which is managed by both you and SSLCommerz.
value_a string (255) Same Value will be returned as Passed during initiation
value_b string (255) Same Value will be returned as Passed during initiation
value_c string (255) Same Value will be returned as Passed during initiation
value_d string (255) Same Value will be returned as Passed during initiation
risk_level integer (1) Transaction's Risk Level - High (1) for most risky transactions and Low (0) for safe transactions. Please hold the service and proceed to collect customer verification documents
risk_title string (50) Transaction's Risk Level Decription

GET validator/api/merchantTransIDvalidationAPI.php

Request Example

$ curl -X GET 'https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?sessionkey=C3329C5E252DF44B323D9BAF47ACBCD9&store_id=testbox&store_passwd=qwerty&format=json'


Response Example

{
  "status": "VALID",
  "sessionkey": "C3329C5E252DF44B323D9BAF47ACBCD9",
  "tran_date": "2017-09-20 23:37:56",
  "tran_id": "59C2A4F6432F8",
  "val_id": "1709202338060TUgLqWw1PgB4GA",
  "amount": "10.00",
  "store_amount": "9.6",
  "bank_tran_id": "1709202338061Ac2MhyeosVJmUh",
  "card_type": "VISA-Brac bank",
  "card_no": "418117XXXXXX6675",
  "card_issuer": "TRUST BANK, LTD.",
  "card_brand": "VISA",
  "card_issuer_country": "Bangladesh",
  "card_issuer_country_code": "BD",
  "currency_type": "USD",
  "currency_amount": "10.00",
  "currency_rate": "1.0000",
  "base_fair": "0.00",
  "value_a": "",
  "value_b": "",
  "value_c": "",
  "value_d": "",
  "risk_title": "Safe",
  "risk_level": "0",
  "APIConnect": "DONE",
  "validated_on": "2017-09-20 23:38:07",
  "gw_version": "3.00"
}
                     

You can check the status of a transaction by your transaction id

So, Let's call the API and the example given below

REST API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php

Method: GET

SOAP API

API Endpoint (Sandbox/Test Environment): https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

API Endpoint (Live Environment): https://securepay.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?wsdl

Method: POST

Function: checkMerchantTransId(tran_id, Store_Id, store_Passwd, v, Format)

Request Parameters

Param Name Data Type Description
tran_id string (50) - Transaction ID (Unique) that was sent by you during initiation.
store_id string (30) - Your SSLCommerz Store ID is the integration credential which can be collected through our managers
store_passwd string (30) - Your SSLCommerz Store Password is the integration credential which can be collected through our managers

Returned Parameters

Param Name Data Type Description
APIConnect string (30)

API Connection Status -

INVALID_REQUEST : Invalid data imputed to call the API

FAILED : API Authentication Failed

INACTIVE : API User/Store ID is Inactive

DONE : API Connection Success

no_of_trans_found integer (2) No of transaction is found against the transaction id.
element json Details of individual transactions.
element.[].status string (20) Transaction Status This parameter needs to be checked before update your database as a successful transaction.

VALID : A successful transaction.

VALIDATED : A successful transaction but called by your end more than one.

PENDING : The transaction is still not completed and waiting to get the status.

FAILED : The transaction is failed.

element.[].tran_date datetime Transaction date - Payment completion date as 2016-05-08 15:53:49 ( PHP date('Y-m-d H:i:s') )
element.[].tran_id string (30) Transaction ID (Unique) that was sent by you during initiation. This parameter needs to be validated with your system database for security
element.[].val_id string (50) A Validation ID against the Transaction which is provided by SSLCommerz.
element.[].amount decimal (10,2) The total amount sent by you. However, it could be changed based on currency type. This parameter needs to be validated with your system database for security
element.[].store_amount decimal (10,2) The amount what you will get in your account after bank charge ( Example: 100 BDT will be your store amount of 96 BDT after 4% Bank Commission )
element.[].card_type string (50) The Bank Gateway Name that customer selected
element.[].card_no string (30) Customer’s Card number. However, for Mobile Banking and Internet Banking, it will return customer's reference id.
element.[].currency string (3) Currency Type which will be settled with your merchant account after deducting the Gateway charges. This parameter is the currency type of the parameter amount
element.[].bank_tran_id string (50) The transaction ID at Banks End
element.[].card_issuer string (50) Issuer Bank Name
element.[].card_brand string (30) VISA, MASTER, AMEX, IB or MOBILE BANKING
element.[].card_issuer_country string (50) Country of Card Issuer Bank
element.[].card_issuer_country_code string (2) 2 digits short code of Country of Card Issuer Bank
element.[].currency_type string (3) The currency you have sent during initiation of this transaction. If the currency is different than BDT, then it will be converted to BDT by the current conversion rate. This parameter needs to be validated with your system database for security
element.[].currency_amount decimal (10,2) The currency amount you have sent during initiation of this transaction. If the amount is not mentioned in BDT, then it will be converted to BDT by the current conversion rate and return by the above field amount. This parameter needs to be validated with your system database for security
element.[].emi_instalment integer (2) Tenure of the EMI transaction which is choosen by the customer.
element.[].emi_amount decimal (10,2) EMI charge which will be paid to the Issuer Bank
element.[].discount_percentage decimal (10,2) If customer gets any discount based on the campaign is managed by both you and SSLCommerz.
element.[].discount_remarks string (255) Short description of the campaign which is managed by both you and SSLCommerz.
element.[].value_a string (255) Same Value will be returned as Passed during initiation
element.[].value_b string (255) Same Value will be returned as Passed during initiation
element.[].value_c string (255) Same Value will be returned as Passed during initiation
element.[].value_d string (255) Same Value will be returned as Passed during initiation
element.[].risk_level integer (1) Transaction's Risk Level - High (1) for most risky transactions and Low (0) for safe transactions. Please hold the service and proceed to collect customer verification documents
element.[].risk_title string (50) Transaction's Risk Level Description
element.[].error string (255) Transaction failed reason (if any)!

GET validator/api/merchantTransIDvalidationAPI.php

Request Example

$ curl -X GET 'https://sandbox.sslcommerz.com/validator/api/merchantTransIDvalidationAPI.php?tran_id=59C2A4F6432F8&store_id=testbox&store_passwd=qwerty&format=json'


Response Example

{
  "APIConnect": "DONE",
  "no_of_trans_found": 5,
  "element": [
    {
      "val_id": "17092023365512Wr2jmzTG69nV6",
      "status": "VALIDATED",
      "validated_on": "2017-09-20 23:43:17",
      "currency_type": "USD",
      "currency_amount": "10.00",
      "currency_rate": "1.0000",
      "base_fair": "0.00",
      "value_a": "",
      "value_b": "",
      "value_c": "",
      "value_d": "",
      "tran_date": "2017-09-20 23:35:59",
      "tran_id": "59C2A4F6432F8",
      "amount": "10.00",
      "store_amount": "9.75",
      "bank_tran_id": "17092023365508TFa1fjTrvgIhz",
      "card_type": "VISA-City Bank",
      "risk_title": "Safe",
      "risk_level": "0",
      "currency": "BDT",
      "bank_gw": "City Bank",
      "card_no": "",
      "card_issuer": "",
      "card_brand": "",
      "card_issuer_country": "",
      "card_issuer_country_code": "",
      "gw_version": "3.00",
      "emi_instalment": "0",
      "emi_amount": "",
      "emi_description": "",
      "emi_issuer": "",
      "error": ""
    },
    {
      "val_id": "1709202337441xmrBBLB7KPdf65",
      "status": "VALIDATED",
      "validated_on": "2017-09-20 23:43:17",
      "currency_type": "USD",
      "currency_amount": "10.00",
      "currency_rate": "1.0000",
      "base_fair": "0.00",
      "value_a": "",
      "value_b": "",
      "value_c": "",
      "value_d": "",
      "tran_date": "2017-09-20 23:37:36",
      "tran_id": "59C2A4F6432F8",
      "amount": "10.00",
      "store_amount": "9.6",
      "bank_tran_id": "1709202337441P84QskOyarFmik",
      "card_type": "VISA-Brac bank",
      "risk_title": "Not Safe",
      "risk_level": "1",
      "currency": "BDT",
      "bank_gw": "Brac bank",
      "card_no": "450850******4050",
      "card_issuer": "CAJA DE AHORROS Y PENSIONES DE BARCELONA(LA CAIXA)",
      "card_brand": "VISA",
      "card_issuer_country": "Spain",
      "card_issuer_country_code": "ES",
      "gw_version": "3.00",
      "emi_instalment": "0",
      "emi_amount": "",
      "emi_description": "",
      "emi_issuer": "",
      "error": ""
    },
    {
      "val_id": "1709202338060TUgLqWw1PgB4GA",
      "status": "VALIDATED",
      "validated_on": "2017-09-20 23:43:17",
      "currency_type": "USD",
      "currency_amount": "10.00",
      "currency_rate": "1.0000",
      "base_fair": "0.00",
      "value_a": "",
      "value_b": "",
      "value_c": "",
      "value_d": "",
      "tran_date": "2017-09-20 23:37:56",
      "tran_id": "59C2A4F6432F8",
      "amount": "10.00",
      "store_amount": "9.6",
      "bank_tran_id": "1709202338061Ac2MhyeosVJmUh",
      "card_type": "VISA-Brac bank",
      "risk_title": "Safe",
      "risk_level": "0",
      "currency": "BDT",
      "bank_gw": "Brac bank",
      "card_no": "418117XXXXXX6675",
      "card_issuer": "TRUST BANK, LTD.",
      "card_brand": "VISA",
      "card_issuer_country": "Bangladesh",
      "card_issuer_country_code": "BD",
      "gw_version": "3.00",
      "emi_instalment": "0",
      "emi_amount": "",
      "emi_description": "",
      "emi_issuer": "",
      "error": ""
    },
    {
      "val_id": "",
      "status": "FAILED",
      "validated_on": "",
      "currency_type": "USD",
      "currency_amount": "10.00",
      "currency_rate": "1.0000",
      "base_fair": "0.00",
      "value_a": "",
      "value_b": "",
      "value_c": "",
      "value_d": "",
      "tran_date": "2017-09-20 23:41:42",
      "tran_id": "59C2A4F6432F8",
      "amount": "10.00",
      "store_amount": "",
      "bank_tran_id": "1709202341529IZWH403Vt8eE4F",
      "card_type": "",
      "risk_title": "Safe",
      "risk_level": "0",
      "currency": "BDT",
      "bank_gw": "Brac bank",
      "card_no": "421481XXXXXX4177",
      "card_issuer": "STANDARD CHARTERED BANK",
      "card_brand": "VISA",
      "card_issuer_country": "Bangladesh",
      "card_issuer_country_code": "BD",
      "gw_version": "3.00",
      "emi_instalment": "0",
      "emi_amount": "",
      "emi_description": "",
      "emi_issuer": "",
      "error": "system error: (unable to process transaction request)"
    },
    {
      "val_id": "1709202342050Zhrs010c4wKCg5",
      "status": "VALIDATED",
      "validated_on": "2017-09-20 23:43:17",
      "currency_type": "USD",
      "currency_amount": "10.00",
      "currency_rate": "1.0000",
      "base_fair": "0.00",
      "value_a": "",
      "value_b": "",
      "value_c": "",
      "value_d": "",
      "tran_date": "2017-09-20 23:41:56",
      "tran_id": "59C2A4F6432F8",
      "amount": "10.00",
      "store_amount": "9.7",
      "bank_tran_id": "170920234205YDkTyzRWy6zHVkw",
      "card_type": "VISA-Dutch Bangla",
      "risk_title": "Safe",
      "risk_level": "0",
      "currency": "BDT",
      "bank_gw": "Dutch Bangla",
      "card_no": "455445XXXXXX4326",
      "card_issuer": "STANDARD CHARTERED BANK",
      "card_brand": "VISA",
      "card_issuer_country": "Bangladesh",
      "card_issuer_country_code": "BD",
      "gw_version": "3.00",
      "emi_instalment": "0",
      "emi_amount": "",
      "emi_description": "",
      "emi_issuer": "",
      "error": ""
    }
  ]
}                     

Common Issues

Network Issues:

  • The Listener must use the common port like 80, 443 or 8080
  • Your IPN Listener must be reachable from Internet
  • White-list the SSLCommerz IPs at your network firewall
  • Sandbox Access Requirement: sandbox.sslcommerz.com
    • TCP 80, 443 or 8080 needs to be opened at your system from 144.76.92.216, 144.76.92.241
    • Your system needs to be able to reach TCP 443 of 144.76.92.216
  • Live Access Requirement: securepay.sslcommerz.com
    • TCP 80, 443 or 8080 needs to be opened at your system from 103.26.139.81
    • Your system needs to be able to reach TCP 443 of 103.26.139.148