CCAvenue is the most popular payment gateway in India. As the eCommerce is picking momentum and growing at exponential rate, it is high time you think about setting up a shopping cart. If you are based out of India then CCAvenue is one among the best choice.
In a previous articles we have seen different payment gateway integration like PayPal, Stripe payment and more. Also, we have seen secured payment gateway method via PayPal Express Checkout, Authorize.net payment gateway integration.
In PHP, the CCAvenue payment gateway Integration can be made by binding the web application with CCAvenue using the client library. The library files will connect the CCAvenue server during payment with the reference of the authentication credentials. These credentials are available from the CCAvenue dashboard by logging in as a merchant.
CCAvenue provides resources like integration kit to tie up your application with the CCAvenue. This has to be downloaded from the dashboard and included into the PHP application to generate the payment API calls.
In this article, we will see the prerequisites and the steps to integrate CCAvenue payment gateway in PHP. A simple and lightweight example code explained in this tutorial will guide you to enable CCAvenue payment for your application by yourself.
The payment gateway is a (software) functionality to make an application to process online payments via credit cards, debit cards, net banking and more. The payment gateway providers will authenticate the application with the reference of the authentication credentials provided by them.
These credentials and the methods to get the credentials vary based on the payment gateway providers. For example, in CCAvenue payment gateway integration, the merchant has to be registered to get the API keys.
The CCAvenue is known as Common Service Provider. Master Merchant allows authorized Sub Merchants to accept payment from their customers. The Master Merchant has to be authorized with CCAvenue to make a commercial web application to process payment.
CCAvenue Payment gateway Integration is similar to other payment gateway method like PayPal, Stripe and more in terms of process flow. Integrating this payment gateway with a web application is used to enable payment processing via CCAvenue. Previously, we have seen example code in PHP to integrate Stripe payment gateway.
This is one of the popularly used payment gateway for the Indian web applications. It supports online payments via credit card, debit card, internet banking and more.
If you want the PHP code for other payment gateway integrations like Authorize.net, Sage Pay payment then the linked article will be helpful for you.
There are many advantages of using this payment gateway method.
There are four type of integration methods supported by CCAvenue to provide payment interface to collect information. Those are listed and explained below.
In this flow diagram, it displays the payment flow between CCAvenue and the PHP web application in which this payment gateway is integrated.
In this flow diagram, it shows the possible ways of payments supported by CCAvenue. As we have already seen, it supports net banking, credit / debit card payments as shown in the figure.
These are the steps required for the CCAvenue payment gateway integration in PHP.
The following screenshot shows the CCAvenue merchant signup form used to create a new account as the first step of this payment integration.
The CCAvenue payment gateway integration kit is client library provided by CCAvenue. This integration kit is available for mobile and web application.
CCAvenue provides the integration kit for many programming environment PHP, Python, ASP.Net and more.
By logging in with the approved Merchant account we can see the menu navigation in the header to see the integration kit downloads. After login, navigate through Resources > Web Integration Kit > Download Integration Kit > Download PHP to get the integration kit for the PHP.
When you download the integration kit from the CCAvenue merchant dashboard, it contains request response payment handler files. The integration kit is also contains Crypto.php with the collection of functions to to encrypt decrypt merchant data.
Fore implementing CCAvenue payment gateway integration, the merchant id, access code and the working key are the prime information to be passed with the payment request. For getting these code and keys you need to have CCAvenue Merchant account.
Once we logged in with CCAvenue by using Merchant account, we can see the dashboard with menu options access the resources and keys.
By navigating via Settings > API keys the CCavenue API keys page will be shown. This page will display the Merchant Id, Access Code and Working key.
The list of Access Code and Working keys are shown for the corresponding registered URLs. So, we need to copy the right secret keys and use them in the right origin to send payment request.
In this section, we are going to see an example for integrating CCavenue payment gateway in an PHP application.
Configure the Merchant id, Access Code and Working key with your PHP application. In this example, I have created config.php file to contain these security keys used for payment initiation and processing.
In the PHP payment integration kit downloaded from the CCAvenue resources has the ccavRequestHandler.php, ccavResponseHandler.php, Crypto.php and a test file which contains the sample payment form with required inputs.
A standard payment form has to be submitted for initiating the payment request. This form will contain inputs with merchant id, language, amount, currency and more payment details. It also contains customer’s billing information with name and address.
The following HTML shows the sample payment form used in this PHP CCAvenue payment gateway integration example. The form action is pointed to the PHP endpoint ccavRequestHandler.php to which the payment details will be posted.
<?php
require_once "config.php";
?>
<h1>CCAvenue Payment Gateway Intgration</h1>
<div id="ccav-payment-form">
<form name="frmPayment" action="ccavRequestHandler.php" method="POST">
<input type="hidden" name="merchant_id" value="<?php echo CCA_MERCHANT_ID; ?>">
<input type="hidden" name="language" value="EN">
<input type="hidden" name="amount" value="1">
<input type="hidden" name="currency" value="INR">
<input type="hidden" name="redirect_url" value="http://youdomain.com/payment-response.php">
<input type="hidden" name="cancel_url" value="http://youdomain.com/payment-cancel.php">
<div>
<input type="text" name="billing_name" value="" class="form-field" Placeholder="Billing Name">
<input type="text" name="billing_address" value="" class="form-field" Placeholder="Billing Address">
</div>
<div>
<input type="text" name="billing_state" value="" class="form-field" Placeholder="State">
<input type="text" name="billing_zip" value="" class="form-field" Placeholder="Zipcode">
</div>
<div>
<input type="text" name="billing_country" value="" class="form-field" Placeholder="Country">
<input type="text" name="billing_tel" value="" class="form-field" Placeholder="Phone">
</div>
<div>
<input type="text" name="billing_email" value="" class="form-field" Placeholder="Email">
</div>
<div>
<button class="btn-payment" type="submit">Pay Now</button>
</div>
</form>
</div>
In this file, it receives the payment data posted via the HTML form. The posted data are are encrypted in this file. The working key taken from the CCAvenue Merchant dashboard is used as the encryption key.
After encrypting these form input the encrypted details are concatenated and sent to the CCAvenue server with the access code.
The following script shows how it is going to be implemented in the ccavRequestHandler.php file. This code points the CCAvenue test environment for testing the payment flow initially.
<html>
<head>
<title> CCAvenue Payment Gateway Integration kit</title>
</head>
<body>
<center>
<?php include('Crypto.php')?>
<?php require_once "config.php"; ?>
<?php
error_reporting(0);
$merchant_data='';
$working_key = CCA_WORKING_KEY;
$access_code = CCA_ACCESS_CODE;
foreach ($_POST as $key => $value){
$merchant_data.=$key.'='.$value.'&';
}
$merchant_data .= "order_id=".$orderId;
$encrypted_data=encrypt($merchant_data,$working_key);
?>
<form method="post" name="redirect" action="https://test.ccavenue.com/transaction/transaction.do?command=initiateTransaction">
<?php
echo "<input type=hidden name=encRequest value=$encrypted_data>";
echo "<input type=hidden name=access_code value=$access_code>";
?>
</form>
</center>
<script language='javascript'>document.redirect.submit();</script>
</body>
</html>
This file contains the functions to encrypt or decrypt the payment information posted via the HTML form. It also includes util functions for padding and conversion.
<?php
error_reporting(0);
function encrypt($plainText, $key)
{
$secretKey = hextobin(md5($key));
$initVector = pack("C*", 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f);
$openMode = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
$blockSize = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc');
$plainPad = pkcs5_pad($plainText, $blockSize);
if (mcrypt_generic_init($openMode, $secretKey, $initVector) != - 1) {
$encryptedText = mcrypt_generic($openMode, $plainPad);
mcrypt_generic_deinit($openMode);
}
return bin2hex($encryptedText);
}
function decrypt($encryptedText, $key)
{
$secretKey = hextobin(md5($key));
$initVector = pack("C*", 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f);
$encryptedText = hextobin($encryptedText);
$openMode = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
mcrypt_generic_init($openMode, $secretKey, $initVector);
$decryptedText = mdecrypt_generic($openMode, $encryptedText);
$decryptedText = rtrim($decryptedText, "\0");
mcrypt_generic_deinit($openMode);
return $decryptedText;
}
// *********** Padding Function *********************
function pkcs5_pad($plainText, $blockSize)
{
$pad = $blockSize - (strlen($plainText) % $blockSize);
return $plainText . str_repeat(chr($pad), $pad);
}
// ********** Hexadecimal to Binary function for php 4.0 version ********
function hextobin($hexString)
{
$length = strlen($hexString);
$binString = "";
$count = 0;
while ($count < $length) {
$subString = substr($hexString, $count, 2);
$packedString = pack("H*", $subString);
if ($count == 0) {
$binString = $packedString;
}
else {
$binString .= $packedString;
}
$count += 2;
}
return $binString;
}
?>
Note: This file uses the deprecated function mcrypt_ function. These functions are deprecated as of PHP version 5.5.0 and it will not work in PHP 7. If you want a alternate for the encrypt decrypt utilities to be supported in latest PHP version, the following code will be helpful.
<?php
function encrypt($plainText,$key)
{
$secretKey = hextobin(md5($key));
$initVector = pack("C*", 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f);
$encryptedText = openssl_encrypt($plainText, "AES-128-CBC", $secretKey, OPENSSL_RAW_DATA, $initVector);
$encryptedText = bin2hex($encryptedText);
return $encryptedText;
}
function decrypt($encryptedText,$key)
{
$secretKey = hextobin(md5($key));
$initVector = pack("C*", 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f);
$encryptedText = hextobin($encryptedText);
$decryptedText = openssl_decrypt($encryptedText,"AES-128-CBC", $secretKey, OPENSSL_RAW_DATA, $initVector);
return $decryptedText;
}
...
...
?>
Once this payment gateway integration is completed, the code must be tested in the sandbox environment. CCAvenue provides a test environment to test the payment flow before put the application in production.
In the CCAvenue test environment the payment transactions will not be processed. This is the sandbox mode of testing the payment request and response flow.
The example code in this article targets the test environment URL in the payment form action attribute.
After testing the CCAvenue payment gateway integration with the PHP application, you can go live by moving it to the production.
For going live and use the CCAvenue secure production environment, the https://test.ccavenue.com target should be replaced with https://secure.ccavenue.com.
For initiating the CCavenue payment request, we need to build the standard payment form for your PHP application. This form should contain payment details like payment callback URLs, amount, currency, item number and more information.
Below screenshot shows the CCAvenue payment form fields to collect the billing information from the user. The other payment details like the notify URL, return URL are sent via form’s hidden fields.
As a popularly used payment gateway method, it provides great support for it sub merchants and thereby facilitate consumers with protected payment environment. Most of the Indian applications use CCAvenue as a payment gateway for providing options to its customer to make payments.
With the clear integration procedure, the CCAvenue API simplifies the developers effort on payment gateway integration with the PHP application. It supports the integration kit not only for PHP but also for many platform like .Net, Python, iOS and more.
Hope this article helps you to understand how to integrate CCAvenue Payment gateway with a PHP web application. The downloadable source code contains the sample payment form code with the CCAvenue payment request and response handlers. For running this example, you need to create a Merchant account in CCAvenue and replace the configurable API key constants in this example.
If you looking for the PHP code to implement recurring payment, one of the previous articles will be helpful for you. Previously, we have seen about how to manage recurring payment using PayPal Subscriptions and also to manage recurring payments with Stripe Billing method.
A thanks madam from my heart…
We are silent followers of yours and keep helping us with these materials…
Thank you Sidhartha for the nice message. Keep reading and sharing.
I have a form, and my form getting details from the user and calculate the grand total, here how can I pass my grand total to CCAvenue Payment gateway page and collect money form customer.
Aveeva, follow the example to the last section and the same is presented there. It is also available in the code download.
can you share the codes in config.php??
Bibin,
It is available in the download zip file.
u r the best..keep helping us
Thank you Vicky :-)
in this ccavRequestHandler.php file you mentioning orderId ,from where you taking this order id . im facing an issue after clicking pay now button it goes to ccavRequestHandler.php page but empty window
Order ID is a unique number that we generate for each orders.
Thanks alot vincy mam for providing clear documentation to help developers integrate ccavenue payment gateway with php web application…
Welcome Naresh.
A Big thank you Ma’am,
For Order ID, first add input hidden field and then generate random nubmer in it then explode this order_id from varible $merchant_data then assign this to $orderId after foreach function immediately. finally its work fine!! Thank You again.
Welcome Vijay.