E-Billing Solutions Pvt Ltd

EBS- VPC Integration Guide

Version 1.1

EBS-VPC Integration

Page 2 of 29

Table of Contents
1. INTRODUCTION........................................................................................................... 3 2. PRE-REQUISITE .......................................................................................................... 3 3. ENVIRONMENT DETAILS ............................................................................................... 3 i. Credentials to test the payment.............................................................................. 3 ii. iii. iv. Payment Request URL: ........................................................................................... 3 Merchant Login URL ............................................................................................ 3 API Request URL.................................................................................................. 3

4. SALE PROCESS FLOW .................................................................................................. 3 5. INTERNAL STATUS FLOW ............................................................................................ 4 6. MERCHANT WEBSITE INTEGRATION .......................................................................... 5 i. Integration Setup ..................................................................................................... 6 ii. iii. iv. v. i. vi. vii. viii. ix. x. xi. xii. xiii. HTML form ............................................................................................................... 6 Request Parameter Details .................................................................................. 6 Payment Response .............................................................................................. 7 Payment Response Parameters ............................................................................. 8 API Actions .............................................................................................................10 Pre-requisites ......................................................................................................10 Process Flow with HTTP Information ................................................................10 HTTP Status Codes .............................................................................................10 Request and Response.......................................................................................10 Testing the API .......................................................................................................11 Transaction API Actions .....................................................................................11 Invoice API Actions Web & IVR .......................................................................15 Invoice API Error Codes: ....................................................................................20

APPENDIX A SECURE HASH VALIDATION ..................................................................20 APPENDIX B SETTLEMENT CYCLE ..............................................................................21 APPENDIX C ISO3 Country Name .................................................................................22 APPENDIX D PCI DSS COMPLIANCE ...........................................................................26

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 3 of 29

1. INTRODUCTION
This document works as a guide for Merchants on understanding the EBS payment gateway VPC Integration. This integration will allow the Merchant to have the Payment option Selection and Credit card details capture on the Merchant website itself.

2. PRE-REQUISITE
For capturing Credit card details on the Merchant website, the Merchant application should be in compliance to PCI DSS. For more details on PCI DSS, please refer Appendix D. EBS should enable the Option for Merchant to capture Credit card data.

3. ENVIRONMENT DETAILS
We recommend you to make your Integration on Test Environment before going Live in the Production environment. Our Test environment works in similar way to the Production Environment, except that you can test only Credit Card payments using the Test card details provided. To test the payments in Test mode, send the mode as TEST in payment request. i. Credentials to test the payment Card Number 4111111111111111 Expiry 07/16 CVV 123 Bank EBS ii. Payment Request URL: Test https://testing.secure.ebs.in/pg/ma/sale/vpc Production https://secure.ebs.in/pg/ma/sale/vpc iii. Merchant Login URL Test https://testing.secure.ebs.in Production https://secure.ebs.in iv. API Request URL Test https://testing.secure.ebs.in/api/1_0 Production https://secure.ebs.in/api/1_0

4. SALE PROCESS FLOW

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 4 of 29

Customer selects to check out on the Merchant Website. Customer Selects Payment Method (Credit Card, Debit Card, Netbankig, and Cash Card) and Payment option on the Merchant Website. If the Customer selected Credit or Debit cards, he will be asked to provide Credit card number.

Merchant will redirect the Customer to EBS along with the Credit card information and Billing details. Customer is displayed with redirection page and redirected to Bank for processing

5. INTERNAL STATUS FLOW

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 5 of 29

Status Details: I. II. Authorized Payments Payments which are completed successfully Flagged Payments Payments which are completed are successfully and are flagged by Fraud Screening System. These payments will be reviewed manually by EBS internal team and unflagged. Captured Payments captured by the Merchant. Refund Payments refunded by the Merchant to the Customer. Charge Back Payments which are refunded forcefully by EBS for any complaints raised by the Customer with the Card provider or Card Brands.

III. IV. V.

6. MERCHANT WEBSITE INTEGRATION

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 6 of 29

i. Integration Setup Basic composition of EBS Integration: Pay page: Last page of Merchant website before connecting to EBS. Merchant should collect the Customer Information and post to EBS the specified parameters. Rc4 page : File used to decrypt the EBS response Response Page : Page to which the Merchant receives the response from EBS on completion of sale process. ii. HTML form The link between Merchant website and EBS Payment page has to be maintained on the last page of the shopping basket on Merchant website. Below are the parameters to be posted to EBS.

<form action="http://testing.secure.ebs.in/pg/ma/sale/vpc" method="post" /> <input name="vpc_AccountId" type="text" value="" /> <input name="vpc_ReferenceNo" type="text" value="" /> <input name="vpc_Amount" type="text" value="" /> <input name="vpc_Description" type="text" value="" /> <input name="vpc_Name" type="text" value="" /> <input name="vpc_Address" type="text" value="" /> <input name="vpc_City" type="text" value="" /> <input name="vpc_State" type="text" value="" /> <input name="vpc_PostalCode" type="text" value="" /> <input name="vpc_Country" type="text" value="" /> <input name="vpc_Email" type="text" value="" /> <input name="vpc_Phone" type="text" value="" /> <input name="vpc_ShipName" type="text" value="" /> <input name="vpc_ShipAddress" type="text" value="" /> <input name="vpc_ShipCity" type="text" value="" /> <input name="vpc_ShipState" type="text" value="" /> <input name="vpc_ShipPostalCode" type="text" value="" /> <input name="vpc_ShipCountry" type="text" value="" /> <input name="vpc_PaymentOption" type="text" value="" /> <input name="vpc_CardNo" type="text" value="" /> <input name="vpc_ExpiryDate" type="text" size="4" value="" /> <input name="vpc_Cvv" type="text" value="" /> <input name="vpc_Issuingbank" type="text" value="" /> <input name="vpc_ReturnUrl" type="text" value="" /> <input name="vpc_GoBackUrl" type="text" value="" /> <input name="vpc_Mode" type="text" value="" /> <input type="hidden" name="vpc_SecureHash" value=""/> <input name="submitted" value="Submit" type="submit" /> iii. Request Parameter Details Parameter Description Type Min Max Mandatory

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 7 of 29

vpc_AccountId vpc_ReferenceNo vpc_Amount vpc_Mode vpc_Description vpc_ReturnUrl vpc_GoBackUrl

vpc_Name vpc_Address vpc_City vpc_State vpc_Country vpc_PostalCode vpc_Phone vpc_Email vpc_ShipName vpc_ShipAddress vpc_ShipCity vpc_ShipState vpc_ShipCountry vpc_ShipPostalCode vpc_PaymentOption vpc_CardNo vpc_ExpiryDate vpc_Cvv vpc_Issuingbank

Your Account ID Your Reference Number Total Sale Amount Mode of the LIVE => live, TEST => test Detail description of the sale Return back after transaction is completed This is the url where cardholder will be redirected when the chosen payment option is not available. If its empty, cardholder will be redirected to the primary registered domain. Customer billing Name Customer billing address Customer billing city Customer billing state Customer billing country.[3 Digit country code] Customer billing postal code Customer billing phone Customer billing email Customer delivery Name Customer delivery address Customer delivery city Customer delivery state Customer delivery country[3 Digit country code] Customer delivery postal code Payment option code provided by EBS Credit card number Expiry date of the credit card. [Format: MMYY] CVV number of the credit card Credit card Issued bank name Hash value calculated

numeric char decimal char char char char

1 1 LIVE / TEST 1 1 1

20 14,2 LIVE / TEST 255 255 255

YES YES YES YES YES YES NO

char char char char char char char char char char char char char char char numeric numeric

1 1 1 1 3 1 5 1 1 1 1 1 3 1 1 13

128 255 32 32 3 10 20 100 255 255 32 32 3 10 5 19 4

YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES, If Payment_Option is credit/debit YES, If Payment_Option is credit/debit YES, If Payment_Option is credit/debit YES, If Payment_Option is credit/debit YES

4 numeric char char 3 2 32 4 20 32

vpc_SecureHash iv. Payment Response

The response parameters given back to the return URL are listed below. The

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 8 of 29

response is provided using POST method to the URL defined under vpc_ReturnURL parameter in the payment request.

v. Payment Response Parameters Response in case all the validations are passed SNO 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Parameter vpc_SecureHash vpc_ResponseCode vpc_IsFlagged vpc_ResponseMessage vpc_Address vpc_Amount vpc_City vpc_Country vpc_DateCreated vpc_Email vpc_Mode vpc_Name vpc_PaymentId vpc_Phone vpc_PostalCode vpc_ReferenceNo vpc_ShipAddress vpc_ShipCity vpc_ShipCountry vpc_ShipName vpc_ShipPostalCode vpc_ShipState vpc_TransactionId Description MD5 Hash value of all the response parameters, Response Code which gives the status of the transaction. 0 (Zero) for success and for other value, Failed. Either YES/NO. YES denotes that its under manual review. Response Message which tells about the Response Code CardHolder Billing Address Sales Amount of the transaction CardHolder Billing City CardHolder Billing Country DateTime of the transaction CardHolder Email Id Mode of Transaction done - TEST/LIVE CardHolder Billing Name Unique Payment Id given for all the payments by EBS CardHolder Contact Number CardHolder Postal Code Provided by Merchant to identify the transaction Shipping Address Shipping City Shipping Country Person Name, to whom its shipped Shipping Postal Code Shipping state A Unique Id given for identifying the transaction.

Response in case validations fail

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 9 of 29

SNO 1 2 3

vpc_SecureHash

MD5 hash of all the parameters with your EBS secret key. Error Message Response code for the error

vpc_Error vpc_ResponseCode

Recommended validation in the response file to avoid duplication of records in your backend 1) Pass your orderid in the vpc_ReferenceNo parameter and in response file, check whether vpc_ReferenceNo and your orderid matches. 2) Check the amount of the order and the " vpc_Amount" parameter in the response is equal If both the conditions results as true, insert order in your backend, which nullifies the duplications.

7. BACKEND OPERATIONS

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 10 of 29

EBS API is the interface which enables to interact with EBS Server remotely, to perform actions on the transactions. The document describes the API operations which can be performed remotely on the EBS transactions along with providing sample codes. i. API Actions getCurrencyValue status statusByRef capture cancel refund Invoice - create Invoice get

vi. Pre-requisites The Merchant should have the following to make use of this Transaction API and they are listed below: An Account with EBS Unique EBS Account ID Secret Key

vii.

Process Flow with HTTP Information The request for accessing any of the API/actions should use POST HTTP and the response will be XML.

viii.

HTTP Status Codes HTTP Status codes are a numerical code denoting the status of a client request response. The EBS API attempts to return appropriate HTTP status codes for every request. Here's what you should expect: 200 OK: Everything went well. 400 Bad Request: There was something wrong with your request, an error message will tell you what the problem was. 401 Not Authorized: The authentication credentials you provided are invalid. 403 Forbidden: You're attempting to access something that you're not authorized to access. 404 Not Found: The resource you're requesting could not be found. 500 Internal Server Error: An error occurred, an error message will tell you what the problem was.

ix. Request and Response

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 11 of 29

In general, most API actions take a combination of required and optional parameters. The EBS transaction API has those combinations of which are explained in detail below, based on the action. The request is the set of parameters that should be posted to EBS secure server. The response is received as XML based on which the Merchant can take other appropriate action. x. Testing the API You can test the API simply by using a web browser. Firefox is recommended to get decent formatting of the XML returned. xi. Transaction API Actions

a. Action: getCurrencyValue
This API can be used to make a remote call to get the approximate equivalent value of an INR for the requested currency . The supported currencies are USD, GBP, EUR. URL Methods Action Mandatory Parameters https://testing.secure.ebs.in/api/1_0 POST getCurrencyValue Action : getCurrencyValue Currency: Your request currency. Can be either of USD,GBP, EUR AccountID : Your EBS AccountId SecretKey: Your EBS SecretKey Sample HTML Code for getCurrencyValue. <form method="POST" action=" https://testing.secure.ebs.in/api/1_0" name="frmTransaction"> <input name="Action" type="hidden" value="getCurrencyValue" /> <input name="Currency" type="hidden" value="XXXX" /> <input name="AccountID" type="hidden" value="XXXX" /> <input name="SecretKey" type="hidden" value="XXXXXX" /> <input name="submitted" value="Submit" type="submit"> </form > Example response: <?xml version='1.0' encoding='UTF-8'?> <output Currency="USD" Value="0.02131" Description=" 1 INR => 0.02131 USD"/>

b. Action:status
This API can be used to get the transaction details corresponding to the Transaction Id & Payment

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 12 of 29

Id passed. This gives back the amount, date time, mode, reference no, transaction type, status and flagged status corresponding to the transaction id and payment id. URL Methods Action https://testing.secure.ebs.in/api/1_0 POST Status Action : Status TransactionID : EBS Transaction ID Parameters SecretKey : Your EBS Secret Key AccountID : Your unique EBS Account ID PaymentID : Unique ID generated for the payment by EBS. Sample HTML Code for status. <form method="POST" action="https://testing.secure.ebs.in/api/1_0" name="frmTransaction"> <input name="Action" type="hidden" value="Status" /> <input name="TransactionID" type="hidden" value="XXXX" /> <input name="SecretKey" type="hidden" value="XXXXXX" /> <input name="AccountID" type="hidden" value="XXXX" /> <input name="PaymentID" type="hidden" value="XXXXX" /> <input name="submitted" value="Submit" type="submit"> </form > Example response: <?xml version='1.0' encoding='UTF-8'?> <output transactionId="2144154" paymentId="1112034" amount="1" dateTime="2010-07-31 16:59:28" mode="TEST" referenceNo="223" transactionType="Authorized" status="Processed" isFlagged="NO"/>

c. Action:statusByRef
This API is similar to Status API to get the transaction details. Unlike status API, statusByRef API get the transaction details by Merchant Reference Number. URL Methods Action Mandatory Parameters https://testing.secure.ebs.in/api/1_0 POST statusByRef Action : statusByRef AccountID : Your allocated EBS Account ID SecretKey : Your allocated EBS Secret Key RefNo : Merchant Reference number corresponding to the transaction Sample HTML Code for statusByRef.

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 13 of 29

<form method="POST" action=" https://testing.secure.ebs.in/api/1_0" name="frmTransaction"> <input name="Action" type="hidden" value="statusByRef"> <input name="AccountID" type="hidden" value="XXXX"> <input name="SecretKey" type="hidden" value="XXXXXX"> <input name="RefNo" type="hidden" value="XXXXX"> <input name="submitted" value="Submit" type="submit"> </form > Example response: <?xml version='1.0' encoding='UTF-8'?> <output transactionId="2144154" paymentId="1112034" amount="1" dateTime="2010-0731 16:59:28" mode="TEST" referenceNo="223" transactionType="Authorized" status="Processed" isFlagged="NO"/>

d. Action:capture
This API can be used to make remote API call to capture the transaction. The amount provided in the request should be equal to the amount of transaction else you receive corresponding error as response. URL Methods Action https://testing.secure.ebs.in/api/1_0 POST capture Action : capture Mandatory Parameters AccountID : Your allocated EBS Account ID SecretKey : Your allocated EBS Secret Key Amount : Amount to be captured Payment ID: Unique ID generated by EBS for identifying the payment Sample HTML Code for Capture. <form method="POST" action="https://testing.secure.ebs.in/api/1_0" name="frmTransaction"> <input name="Action" type="hidden" value="capture"> <input name="AccountID" type="hidden" value="XXXX"> <input name="SecretKey" type="hidden" value="XXXXXX"> <input name="Amount" type="hidden" value="XXXXX"> <input name=" PaymentID" type="hidden" value="XXXXX"> <input name="submitted" value="Submit" type="submit"> </form >

Example response: <?xml version='1.0' encoding='UTF-8'?> <output transactionId="2690686" paymentId="1399586" amount="0.5" dateTime="201010-06 17:39:38" mode="TEST" refrenceNo="223" transactionType="Captured"

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 14 of 29

status="Processing"/>

e. Action:cancel
This API can be used to make remote API call to cancel the transaction. The amount provided in the request should be equal to the amount of transaction else you receive corresponding error as response. URL Methods Action https://testing.secure.ebs.in/api/1_0 POST Cancel Action : cancel Mandatory Parameters AccountID : Your allocated EBS Account ID SecretKey : Your allocated EBS Secret Key Amount : Amount to be captured Payment ID: Unique ID generated by EBS for identifying the payment Sample HTML Code for Cancel. <form method="POST" action="https://testing.secure.ebs.in/api/1_0" name="frmTransaction"> <input name="Action" type="hidden" value="cancel"> <input name="AccountID" type="hidden" value="XXXX"> <input name="SecretKey" type="hidden" value="XXXXXX"> <input name="Amount" type="hidden" value="XXXXX"> <input name=" PaymentID" type="hidden" value="XXXXX"> <input name="submitted" value="Submit" type="submit"> </form > Example response: <?xml version='1.0' encoding='UTF-8'?> <output response=SUCCESS transactionId="2690686" paymentId="1399586" amount="200" dateTime="2010-10-06 17:39:38" mode="TEST" refrenceNo="223" transactionType="Cancelled" status="Processing"/>

f.

Action:refund

This API can be used to make remote API call to initiate a refund process for a transaction. Partial

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 15 of 29

refund can also be performed for a transaction using this call. URL Methods Action https://testing.secure.ebs.in/api/1_0 POST Refund Action : refund Mandatory Parameters AccountID : Your allocated EBS Account ID SecretKey : Your allocated EBS Secret Key Amount : Amount to be captured Payment ID: Unique ID generated by EBS for identifying the payment

Sample HTML Code for Refund. <form method="POST" action="https://testing.secure.ebs.in/api/1_0" name="frmTransaction"> <input name="Action" type="hidden" value="refund"> <input name="AccountID" type="hidden" value="XXXX"> <input name="SecretKey" type="hidden" value="XXXXXX"> <input name="Amount" type="hidden" value="XXXXX"> <input name=" PaymentID" type="hidden" value="XXXXX"> <input name="submitted" value="Submit" type="submit"> </form > Example response: <?xml version='1.0' encoding='UTF-8'?> <output response=SUCCESS transactionId="2690686" paymentId="1399586" amount="200" dateTime="2010-10-06 17:39:38" mode="TEST" refrenceNo="223" transactionType="refunded" status="Processing"/>

xii.

Invoice API Actions Web & IVR

a. Action:create

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 16 of 29

Using this API call, you can create a IVR or Online Invoice in the EBS Backend. The response will have a Invoice ID along with the other User provide Information. Note:- Maximum 100 Invoices can be created per hour. URL Methods Action https://testing.secure.ebs.in/api/invoice POST create

Is required? Parameter Name

action : create account_id : EBS Account ID secret_key : EBS Secret Key Mandatory reference_no : Unique number generated at Merchant end for the order currency : Currency code for the specified amount (INR, USD, EUR, GBP) name : Customer Name email : Customer Email payment_mode : 0 for Online and 99 for IVR products[0][name] : Selling Product Name. If there are multiple products, they should be listed sequentially, for ex products[1][name], products[2][name], etc products[0][qty] : Selling Product Quantity. If there are multiple products, they should be listed sequentially, for ex - products[1][qty], products[2][qty], etc products[0][price] : Selling Product Price. If there are multiple products, they should be listed sequentially, for ex products[1][price], products[2][price], etc. The total amount will be calculated by EBS automatically. address : Customer Address city : Customer City state : Customer State postal_code : Customer Postal Code country : Customer Country code as per Appendix A phone : Customer Phone

Min
na na na 1 3 1 1 1 1

Max
na na na 20 3 128 100 2 255

16

1 1 1 1 3 9

255 32 32 10 3 20

Sample HTML Code for Invoice. <form method="POST" action="https://testing.secure.ebs.in/api/invoice" name="frmTransaction"> <input name="action" type="hidden" value="create">

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 17 of 29

<input name="account_id" type="hidden" value="XXXX"> <input name="secret_key" type="hidden" value="XXXXXX"> <input name="reference_no" type="hidden" value="XXXX"> <input name="currency" type="hidden" value="INR"> <input name="name" type="hidden" value="XXXX"> <input name="address" type="hidden" value="XXXXX"> <input name="city" type="hidden" value="XXXXX"> <input name="state" type="hidden" value="XXXXX"> <input name="postal_code" type="hidden" value="XXXXX"> <input name="country" type="hidden" value="XXX"> <input name="email" type="hidden" value="XXXXXX"> <input name="phone" type="hidden" value="XXXXXXX"> <input name="products[0][name]" type="hidden" value="XXXXXX"> <input name="products[0][qty]" type="hidden" value="X"> <input name="products[0][price]" type="hidden" value="XX.XX"> <input name="payment_mode" type="hidden" value="0"> -- For Online OR <input name="payment_mode" type="hidden" value="99"> - For IVR <input name="submitted" value="Submit" type="submit"> </form> Example response:

For Online Invoice

<?xml version='1.0' encoding='UTF-8'?> <output> <invoice> <invoice_id>1xxxxx</invoice_id> <date_created>2011-08-31 07:57:34</date_created> <account_id>5xxx</account_id> <reference_no>223</reference_no> <amount>10.00</amount> <status>Pending</status> <payment_id>null</payment_id> <return_url>http://yourdomain.com/page.php</return_url> <payment_mode>Online</payment_mode> <payment_url>https://secure.ebs.in/pg/ma/xyxyxy</payment_url> <name>Test EBS</name> <address>Arcot Road</address> <city>Chennai</city> <state>Tamil Nadu</state> <postal_code>600001</postal_code> <country>IND</country> <phone>04423452345</phone> <email>support@ebs.in</email> <products> <item0> <name>Test Product</name> <qty>2</qty> <itemprice>5</itemprice> <itemtotal>10.00</itemtotal> </item0> </products> </invoice> </output>

For IVR Invoice

<?xml version='1.0' encoding='UTF-8'?> <output>

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 18 of 29

<invoice> <invoice_id>1xxxxxx</invoice_id> <date_created>2011-08-31 08:12:33</date_created> <account_id>5xxx</account_id> <reference_no>225</reference_no> <amount>10.00</amount> <status>Pending</status> <payment_id>null</payment_id> <return_url>http://yourdomain.com/page.php</return_url> <payment_mode>IVR</payment_mode> <name>Test EBS</name> <address>Arcot Road</address> <city>Chennai</city> <state>Tamil Nadu</state> <postal_code>600087</postal_code> <country>IND</country> <phone>04423452345</phone> <email>support@ebs.in</email> <products> <item0> <name>Test Product</name> <qty>2</qty> <itemprice>5</itemprice> <itemtotal>10.00</itemtotal> </item0> </products> </invoice> </output>

b. Action:get
Using this API call, you can retrieve the Invoice details created in the EBS Backend. URL Methods Action https://tesing.secure.ebs.in/api/invoice POST get action : get Mandatory Parameters account_id : Your allocated EBS Account ID secret_key : Your allocated EBS Secret Key invoice_id: Unique ID generated by EBS for invoice

Sample HTML Code for Invoice. <form method="POST" action="https://testing.secure.ebs.in/api/invoice" name="frmTransaction">

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 19 of 29

<input name="action" type="hidden" value="get"> <input name="account_id" type="hidden" value="XXXX"> <input name="secret_key" type="hidden" value="XXXXXX"> <input name="invoice_id" type="hidden" value="1XXXXXX"> <input name="submitted" value="Submit" type="submit"> </form> Example response:

For Online Invoice

<?xml version='1.0' encoding='UTF-8'?> <output> <invoice> <invoice_id>1xxxxx</invoice_id> <date_created>2011-08-31 07:57:34</date_created> <account_id>5xxx</account_id> <reference_no>223</reference_no> <amount>10.00</amount> <status>Pending</status> <payment_id>null</payment_id> <return_url>http://yourdomain.com/page.php</return_url> <payment_mode>Online</payment_mode> <payment_url>https://secure.ebs.in/pg/ma/xyxyxy</payment_url> <name>Test EBS</name> <address>Arcot Road</address> <city>Chennai</city> <state>Tamil Nadu</state> <postal_code>600001</postal_code> <country>IND</country> <phone>04423452345</phone> <email>support@ebs.in</email> <products> <item0> <name>Test Product</name> <qty>2</qty> <itemprice>5</itemprice> <itemtotal>10.00</itemtotal> </item0> </products> </invoice> </output>

For IVR Invoice

<?xml version='1.0' encoding='UTF-8'?> <output> <invoice> <invoice_id>1xxxxxx</invoice_id> <date_created>2011-08-31 08:12:33</date_created> <account_id>5xxx</account_id> <reference_no>225</reference_no> <amount>10.00</amount> <status>Pending</status> <payment_id>null</payment_id> <return_url>http://yourdomain.com/page.php</return_url> <payment_mode>IVR</payment_mode> <name>Test EBS</name> <address>Arcot Road</address> <city>Chennai</city> <state>Tamil Nadu</state> <postal_code>600087</postal_code> <country>IND</country>

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 20 of 29

<phone>04423452345</phone> <email>support@ebs.in</email> <products> <item0> <name>Test Product</name> <qty>2</qty> <itemprice>5</itemprice> <itemtotal>10.00</itemtotal> </item0> </products> </invoice> </output> Test URL - https://testing.secure.ebs.in/api/invoice Production URL - https://secure.ebs.in/api/invoice xiii. Invoice API Error Codes: Error Code 1 2 3 4 5 6 7 8 9 10 11 12 => Error Description => 'Invalid Action', => 'Invalid Account ID/Secret Key', => 'Invalid Refrence No', => 'Invalid InvoiceID', => 'Problem in retrieving invoice', => 'Currency is empty', => 'This currency is not supported now!', => 'Invalid Inputs', => 'Error in inserting invoice', => 'Invoice created already', => 'Hourly invoice quota exceeded', => 'Invalid Product Details',

APPENDIX A SECURE HASH VALIDATION

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 21 of 29

Secure hash is technology to check for the authenticity of the parameters posted to EBS. The secure hash value is posted along with other post parameters. The received parameters are hashed at EBS and compared against the Secure hash value received from Merchant. In case of non-conformity, the payment is failed and further processing is stopped. Sample Code: $secret_key = ; //Provide your EBS Accounts Secret Key $hashData = $secret_key; // Intialise with Secret Key ksort ($_POST); // Sort the post parameters in alphabetical order of parameter Names. //Append the posted values to $hashData
foreach($_POST as $key => $value) {

// create the md5 input leaving out any fields that has no value $hashData .= | . $value;
}

// Create the secure hash and append it to the Post data if (strlen($hashData) > 0) { $hashvalue = strtoupper(md5($hashData));
} $vpc_SecureHash = $hashvalue;

APPENDIX B SETTLEMENT CYCLE

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 22 of 29

This is with reference to the RBI Notification RBI/2009-10/231 DPSS.CO.PD.No. 1102/02.14.08/2009-10 dated November 24, 2009 captioned "Directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries". As per the aforementioned notification, EBS has implemented a T+2 Settlement Cycle. Below mentioned are the details concerning T+2 Settlement process: Transaction Day - Day on which Merchant completes the Order from his Customer by capturing it in the EBS Backend. Settlement Day - Day on which EBS Settles the Transaction Amount to Merchant for the Transaction done on Transaction Day

Transaction Day Monday(this week) Tuesday(this week) Wednesday(this week) Thursday(this week) Friday (this week) Saturday, Sunday(this week)

Settlement Day Wednesday (this week) Thursday(this week) Friday(this week) Saturday(this week) Monday(next week) Tuesday(next week)

Note - If any Bank Holidays or Unexpected Holidays happen to be on the Settlement Day, the Settlement is postponed to the next Working Day. For Example: If Tuesday happens to be Bank Holiday, The Settlement is postponed to Wednesday. So the transactions done on Saturday & Sunday (this week) are settled on Wednesday (next week).

APPENDIX C ISO3 Country Name

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 23 of 29

ISO3 ABW AFG AGO AIA ALA ALB AND ANT ARE ARG ARM ASM ATA ATF ATG AUS AUT AZE BDI BEL BEN BFA BGD BGR BHR BHS BIH BLM BLR BLZ BMU BOL BRA BRB BRN BTN BVT BWA CAF CAN CCK CHE CHL CHN CIV CMR ISO3

Country Name Aruba Afghanistan Angola Anguilla Aland Islands Albania Andorra Netherlands Antilles United Arab Emirates Argentina Armenia American Samoa Antarctica French Southern Territories Antigua and Barbuda Australia Austria Azerbaijan Burundi Belgium Benin Burkina Faso Bangladesh Bulgaria Bahrain Bahamas Bosnia and Herzegovina Saint Barthllemy Belarus Belize Bermuda Bolivia Brazil Barbados Brunei Darussalam Bhutan Bouvet Island Botswana Central African Republic Canada Cocos (Keeling) Islands Switzerland Chile China Cite d`Ivoire Cameroon Country Name

ISO3 COD COG COK COL COM CPV CRI CUB CXR CYM CYP CZE DEU DJI DMA DNK DOM DZA ECU EGY ERI ESH ESP EST ETH FIN FJI FLK FRA FRO FSM GAB GBR GEO GGY GHA GIN GIB GLP GMB GNB GNQ GRC GRD GRL GTM ISO3

Country Name Congo, the Democratic Republic of the Congo Cook Islands Colombia Comoros Cape Verde Costa Rica Cuba Christmas Island Cayman Islands Cyprus Czech Republic Germany Djibouti Dominica Denmark Dominican Republic Algeria Ecuador Egypt Eritrea Western Sahara Spain Estonia Ethiopia Finland Fiji Falkland Islands (Malvinas) France Faroe Islands Micronesia, Federated States of Gabon United Kingdom Georgia Guernsey Ghana N Guinea Gibraltar Guadeloupe Gambia Guinea Equatorial Guinea Greece Grenada Greenland Guatemala Country Name

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 24 of 29

GUF GUM GUY HKG HMD HND HRV HTI HUN IDN IMN IND IOT IRL IRN IRQ ISL ISR ITA JAM JEY JOR JPN KAZ KEN KGZ KHM KIR KNA KOR KWT LAO LBN LBR LBY LCA LIE LKA LSO LTU LUX LVA MAC MAF MAR MCO MDA MDG MDV ISO3

French Guiana Guam Guyana Hong Kong Heard Island and McDonald Islands Honduras Croatia Haiti Hungary Indonesia Isle of Man India British Indian Ocean Territory Ireland Iran, Islamic Republic of Iraq Iceland Israel Italy Jamaica Jersey Jordan Japan Kazakhstan Kenya Kyrgyzstan Cambodia Kiribati Saint Kitts and Nevis Korea, Republic of Kuwait Lao People`s Democratic Republic Lebanon Liberia Libyan Arab Jamahiriya Saint Lucia Liechtenstein Sri Lanka Lesotho Lithuania Luxembourg Latvia Macao Saint Martin (French part) Morocco Monaco Moldova Madagascar Maldives Country Name

MEX MHL MKD MLI MLT MMR MNE MNG MNP MOZ MRT MSR MTQ MUS MWI MYS MYT NAM NCL NER NFK NGA NIC NOR NIU NLD NPL NRU NZL OMN PAK PAN PCN PER PHL PLW PNG POL PRI PRK PRT PRY PSE PYF QAT REU ROU RUS RWA ISO3

Mexico Marshall Islands Macedonia, the former Yugoslav Republic of Mali Malta Myanmar Montenegro Mongolia Northern Mariana Islands Mozambique Mauritania Montserrat Martinique Mauritius Malawi Malaysia Mayotte Namibia New Caledonia Niger Norfolk Island Nigeria Nicaragua R Norway Niue Netherlands Nepal Nauru New Zealand Oman Pakistan Panama Pitcairn Peru Philippines Palau Papua New Guinea Poland Puerto Rico Korea, Democratic People`s Republic of Portugal Paraguay Palestinian Territory, Occupied French Polynesia Qatar Reunion Romania Russian Federation Rwanda Country Name

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 25 of 29

SAU SDN SEN SGP SGS SHN SJM SLB SLE SLV SMR SOM SPM SRB STP SUR SVK SVN SWE SWZ SYC SYR TCA TCD TGO THA TJK TKL TKM TLS TON TTO TUN TUR TUV TWN TZA UGA UKR UMI URY USA UZB VAT VCT VEN VGB VIR

Saudi Arabia Sudan Senegal Singapore South Georgia and the South Sandwich Islands Saint Helena Svalbard and Jan Mayen Solomon Islands Sierra Leone El Salvador San Marino Somalia Saint Pierre and Miquelon Serbia Sao Tome and Principe Suriname Slovakia Slovenia Sweden Swaziland Seychelles Syrian Arab Republic Turks and Caicos Islands Chad Togo Thailand Tajikistan Tokelau Turkmenistan Timor Tonga Trinidad and Tobago Tunisia Turkey Tuvalu Taiwan, Province of China Tanzania, United Republic of Uganda Ukraine United States Minor Outlying Islands Uruguay United States Uzbekistan Holy See (Vatican City State) Saint Vincent and the Grenadines Venezuela Virgin Islands, British Virgin Islands, U.S.

VNM VUT WLF WSM YEM ZAF ZMB ZWE

Viet Nam Vanuatu Wallis and Futuna Samoa Yemen South Africa Zambia Zimbabwe

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 26 of 29

APPENDIX D PCI DSS COMPLIANCE

i. Compliance Requirements Control Objectives PCI DSS Requirements 1. Install and maintain a firewall configuration to protect cardholder data Build and Maintain a Secure Network 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect stored cardholder data Protect Cardholder Data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software on all systems commonly affected by malware 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need-toknow Implement Strong Access Control Measures 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data Regularly Monitor and Test Networks 11. Regularly test security systems and processes 12. Maintain a policy that addresses information security

Maintain a Vulnerability Management Program

Maintain an Information Security Policy

ii. PCI Self-Assessment Questionnaire (SAQ)

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 27 of 29

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS). All merchants and their service providers are required to comply with the PCI Data Security Standard in its entirety. SAQ Description Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. Imprint-only merchants with no electronic cardholder data storage, or standalone, dialout terminal merchants with no electronic cardholder data storage. Merchants using only web-based virtual terminals, no electronic cardholder data storage. Merchants with payment application systems connected to the Internet, no electronic cardholder data storage. All other merchants not included in descriptions for SAQ types A through C above, and all service providers defined by a payment brand as eligible to complete an SAQ.

A B

C-VT C

iii. Merchant PCI DSS Compliance Criteria and PCI levels

Level 1 Criteria

Merchants with over 6 million transactions a year, or merchants whose data has previously been compromised

Level 1 Validation Requirements

Annual Onsite Security Audit (reviewed by a QSA or Internal Audit if signed by officer of merchant company and pre-approved by acquirer) and quarterly network security scan

Level 2 Criteria

Merchants with 1,000,000 to 6 million transactions a year

Level 2 Validation Requirements

Annual Self Assessment Questionnaire Quarterly Scan by an Approved Scanning Vendor (ASV)

Level 3 Criteria

Merchants with 20,000 to 1,000,000 transactions a year

Level 3 Validation Requirements

Quarterly Scan by an Approved Scanning Vendor (ASV) Annual Self Assessment Questionnaire

Level 4 Criteria

Merchants with less than 20,000 transactions

Level 4 Validation Requirements

Annual Self Assessment Questionnaire Quarterly Scan by an Approved Scanning Vendor

iv. Achieving Compliance with PCI DSS

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 28 of 29

The PCI DSS compliance procedure can take anything from a day to many weeks, depending on what is uncovered by the vulnerability assessment scan and the self-assessment questionnaire. Organizations that currently have a good level of information security are likely to be compliant a lot more quickly than those that don't. QSAs carry out inspections of PCI DSS implementations and determine a recommendation of compliance to the various payment brands. Each individual payment brand will separately determine whether to accept the recommendation of compliance and whether a detailed review of the report of compliance and compensating controls is warranted. The starting point for all organizations that need to comply is to download the Payment Card Industry Self-Assessment Questionnaire and to contact a PCI Approved Scanning Vendor (ASV).

Copyright E-Billing Solutions Pvt Ltd.

EBS-VPC Integration

Page 29 of 29

To ensure prompt support, EBS has a simple online ticketing system accessible 24x7 at http://support.ebs.in. Please send your suggestions/ feedback to: support@ebs.in (OR) Call Us: +91 44 4231 3333

Copyright E-Billing Solutions Pvt Ltd.