Log In Sign Up

Single-Sign-On for Funds Management

 
One of the best uses for Single-Sign-On allows your merchants to manage the funds that settle into their ProPay accounts.  The ProPay website can be “white-labeled” so that it looks and feels much like your own, and with Single-Sign-On, you can embed parts of it into your own interface. (Click here to view a manual on the  SSO Pages .)


When you sign-on directly to the ProPay widget for managing funds, the user is presented with an interface that lets them choose from multiple options made available based on how ProPay sets up your program.  (We can turn any of these on or off based on either your market or preference.)
  • Transfer money to a US bank account using ACH
  • Transfer money via wire or EFT internationally
  • Transfer money to a China Union Pay card in China
  • Transfer money to a US debit card using Flash Funds
For each of these interfaces, ProPay will provide the pages to both add an on-file payment instrument, and to move to that destination.

How does Single-Sign-On work?
Embedding a ProPay widget into your website using Single-Sign-On, requires two steps:
  1. Use the ProPay API to obtain a working key.
    • A working key is created specifically for a single ProPay account, and sign-on only works to the account number contained in your API request.
    • You must also pass an IP address, or range of IP addresses. Sign-on must originate from the specified location.
    • This API request requires client-side x509 certificate authentication.
  2. Pass the working key you obtain via the API into the website URL as the parameter (See API documentation for full details and a list of currently supported pages.)
How to call this method?
Example Request
Example Response
Implementation Details
Request Submission
Response Handling
Request Submission
Response Handling
Request Submission
Response Handling
Request Submission
Response Handling
Request Values
Response Values
How to call this method?
You should submit a post of XML data to the following URL
 
HTTP URL(s) https://xmltest.propay.com/api/propayapi.aspx
Example Request
Example Response
<?xml version='1.0'?>
<!DOCTYPE Request.dtd>
<XMLRequest>
<certStr>My certStr</certStr>
<class>partner</class>
<XMLTrans>
<transType>300</transType>
<accountNum>1111111</accountNum>
<ReferrerUrl>www.myURL.com</RefererUrl>
<IpAddress>206.192.156.0</IpAddress>
<IpSubnetMask>255.255.255.0</invNum>
</XMLTrans>
</XMLRequest>
<XMLResponse>
<XMLTrans>
<transType>300</transType>
<AuthToken>7f792d71-573e-4168-bdce-a1fc137596e5</AuthToken>
<status>00</status>
</XMLTrans>
</XMLResponse>
Implementation Details
Request Submission

namespace MSAPI_ProcessTransaction
  {
  using System;
  using System.Collections.Generic;
  using System.IO;
  using System.Linq;
  using System.Net;
  using System.Text;
  using System.Xml;
  using System.Xml.Linq;
  using System.Xml.Serialization;

/*
  ProPay provides the following code “AS IS.”
ProPay makes no warranties and ProPay disclaims all warranties and conditions, express, implied or statutory,
  including without limitation the implied warranties of title, non-infringement, merchantability, and fitness for a particular purpose.
  ProPay does not warrant that the code will be uninterrupted or error free,
  nor does ProPay make any warranty as to the performance or any results that may be obtained by use of the code.
  */
  public class ProcessTransactionTransType300
  {
  public static void ProcessTransaction()
  {
  var processRequest = new XmlTransactionRequest { CertificationString = "YourCertStringGoesHere", TerminalID = "YourTermId", };
  var xmlTransaction = new XmlProcessTransaction
  {
  TransType = "300",
  accountNum = "12345678",
  ReferrerUrl = "www.myurl.com",
  IpAddress = "206.192.156.0",
  IpSubnetMask = "255.255.255.0",
  };
  processRequest.Transactions.Add(xmlTransaction);
  string request = XmlSerializer<XmlTransactionRequest>.WriteToString(processRequest);
  SubmitRequest(request);
  }

private static void SubmitRequest(string request)
  {
  byte[] dataToSend = Encoding.UTF8.GetBytes(request);

// Change the following URL to point to production instead of integration
  WebRequest webRequest = WebRequest.Create("https://xmltest.propay.com/API/PropayAPI.aspx");
  webRequest.Method = "POST";
  webRequest.ContentLength = dataToSend.Length;
  webRequest.ContentType = "text/xml";
  webRequest.Headers.Add("X509Certificate", GetBase64Cert(“your certificate thumbprint goes here”));
  webRequest.ProtocolVersion = HttpVersion.Version10;
  Stream dataStream = webRequest.GetRequestStream();
  dataStream.Write(dataToSend, 0, dataToSend.Length);
  dataStream.Close();

string response = string.Empty;

try
  {
  WebResponse apiResponse = webRequest.GetResponse();


using (StreamReader sr = new StreamReader(apiResponse.GetResponseStream()))
  {
  response += sr.ReadToEnd();
  }
  }
  catch (WebException wex)
  {
  HttpWebResponse httpResponse = wex.Response as HttpWebResponse;
  using (Stream responseStream = httpResponse.GetResponseStream())
  using (StreamReader reader = new StreamReader(responseStream))
  {
  response = reader.ReadToEnd();
  }
  }

 ParseResponse(response);
  }

private static void ParseResponse(string response)
  {
  var load = XDocument.Parse(response);
  var transType = Convert.ToInt32(load.Descendants().First(p => p.Name.LocalName == "transType").Value);
  var status = load.Descendants().First(p => p.Name.LocalName == "status").Value;
  var AuthToken = load.Descendants().First(p => p.Name.LocalName == "AuthToken").Value;
  }
  }

public class XmlProcessTransaction : XmlTransaction
  {
  [XmlElement("accountNum")]
  public string accountNum = string.Empty;
  [XmlElement("ReferrerUrl")]
  public string ReferrerUrl = string.Empty;
  [XmlElement("IpAddress")]
  public string IpAddress = string.Empty;
  [XmlElement("IpSubnetMask")]
  public string IpSubnetMask = string.Empty;
  }

public static class XmlSerializer<T>
  {
  public static XmlSerializer Serializer = new XmlSerializer(typeof(T));
  public static string WriteToString(T data)
  {
  return WriteToString(data, Encoding.UTF8);
  }
  public static string WriteToString(T data, Encoding encoding)
  {
  string retVal;
  using (MemoryStream memoryStream = new MemoryStream())
  {
  using (XmlTextWriter xmlTextWriter = new XmlTextWriter(memoryStream, encoding))
  {
  Serializer.Serialize(xmlTextWriter, data);
  }

retVal = encoding.GetString(memoryStream.ToArray());
  }

return retVal;
  }
  }

[XmlInclude(typeof(XmlProcessTransaction))]
  public class XmlTransaction
  {
  [XmlElement("transType")]
  public string TransType = string.Empty;
  }
  [XmlRoot("XMLRequest")]
  public class XmlTransactionRequest
  {
  [XmlElement("certStr")]
  public string CertificationString = string.Empty;
  [XmlElement("termid")]
  public string TerminalID = string.Empty;
  [XmlElement("XMLTrans")]
  public List<XmlTransaction> Transactions = new List<XmlTransaction>();
  }

public string GetBase64Cert(string certificateThumbprint)
 {
 using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
 {
 store.Open(OpenFlags.ReadOnly);
 var foundCertificates = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false);
 if (foundCertificates.Count != 1)
 {
 return null;
 }
 var certByteArray = foundCertificates[0].Export(X509ContentType.Cert);
 store.Close();
 return Convert.ToBase64String(certByteArray);
 }
}

Response Handling
Request Submission

/**
 * ProPay provides the following code “AS IS.” ProPay makes no warranties and
 * ProPay disclaims all warranties and conditions, express, implied or
 * statutory, including without limitation the implied warranties of title,
 * non-infringement, merchantability, and fitness for a particular purpose.
 * ProPay does not warrant that the code will be uninterrupted or error free,
 * nor does ProPay make any warranty as to the performance or any results that
 * may be obtained by use of the code.
 */

 

<?php
class ProPayApi
{
/* change this to the production url for going live after testing https://api.propay.com */
private $_apiBaseUrl = 'https://xmltestapi.propay.com';

/* for xml */
/** @var \SimpleXMLElement */
private $_xmlRequestObject;
/** @var \SimpleXMLElement */
private $_xmlResponseObject;
/** @var string */
private $_xmlUrl;

/**
* sets the xml request object
* @param string $xmlData - containing XML
* @return $this
*/
public function setXMLRequestData($xmlData) {
$this->_xmlRequestObject = simplexml_load_string($xmlData);
return $this;
}

/**
* @param string $xmlData - containing XML
* @return $this
*/
public function setXMLResponseData($xmlData) {
$this->_xmlResponseObject = simplexml_load_string($xmlData);
return $this;
}

/**
* @return mixed
*/
public function getXMLRequestObject() {
return $this->_xmlRequestObject;
}

/**
* @return mixed
*/
public function getXMLResponseObject() {
return $this->_xmlResponseObject;
}

/**
* @param \SimpleXMLElement $xmlObject
* @return $this
*/
public function setXMLRequestObject(\SimpleXMLElement $xmlObject) {
$this->_xmlRequestObject = $xmlObject;
return $this;
}

/**
* @param \SimpleXMLElement $xmlObject
* @return $this
*/
public function setXMLResponseObject(\SimpleXMLElement $xmlObject) {
$this->_xmlResponseObject = $xmlObject;
return $this;
}

/**
* sets the url for the XML request
* @param string $xmlUrl
* @return $this
*/
public function setXMLUrl($xmlUrl) {
$this->_xmlUrl = $xmlUrl;
return $this;
}

/**
* creates custom header value by pulling array from x509 certificate file and converting to base64
* @param string $x509file
* @return $this
*/
public function setx509($x509file) {
$cert = openssl_x509_parse($x509file);
$base64cert = base64_encode($cert);
return $base64cert;
}

/**
* posts XML to the server
* @return $this
*/
public function postXML() {
$header = [
"Content-type:text/xml; charset=\"utf-8\"",
"Accept: text/xml",
"X509Certificate: ".setx509([Put your certificate file name here])
];

$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $this->_xmlUrl,
CURLOPT_TIMEOUT => 30,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $this->_xmlRequestObject->asXML(),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => $header,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_HTTPAUTH => CURLAUTH_ANY
]);
$result = curl_exec($curl);
$this->_xmlResponseObject = simplexml_load_string($result);
curl_close($curl);
return $this;
}
}

$proPayAPI = new ProPayApi();
$data = "<?xml version='1.0'?>
<!DOCTYPE Request.dtd>
<XMLRequest>
</XMLRequest>";
$simpleXML = new \SimpleXMLElement($data);
$simpleXML->addChild('certStr','cert string here');
$simpleXML->addChild('termId','terminal id here');
$simpleXML->addChild('class','partner');
$simpleXML->addChild('XMLTrans');
$simpleXML->XMLTrans->addChild('transType', 300);
$simpleXML->XMLTrans->addChild('accountNum', 123456789);
$simpleXML->XMLTrans->addChild('ReferrerUrl', 'www.myurl.com');
$simpleXML->XMLTrans->addChild('IpAddress', '206.192.156.0');
$simpleXML->XMLTrans->addChild('IpSubnetMask', '255.255.255.255');

// returns XML
$result =
$proPayAPI->setXMLUrl('https://xmltest.propay.com/API/PropayAPI.aspx')
->setXMLRequestData($simpleXML->asXML())
->postXML()
->getXMLResponseObject()->asXML();

// if you prefer a simpleXML object you just retrieve the object back to work with that
$result = $proPayAPI->getXMLResponseObject();

Response Handling
Request Submission
Response Handling
Request Submission
Response Handling
Request Values

Element

Type

Max

Required

Notes

accountNum

Int(64)

 

Required

The account to which you will "log-in"

ReferrerUrl

String

 

Required

The ProPay system requires that your single-sign-on originate from the URL originally provided here.

IpAddress

String

 

Required

The ProPay system requires that your signle sign-on originate from the URL originally provided here. Can supply a range of class c or more restrictive.

IpSubnetMask

String

120

Optional

The ProPay system requires that your signle sign-on originate from the URL originally provided here. Can supply a range of class c or more restrictive.
Response Values

Element

Type

Notes

status

string

Result of the transaction request. See ProPay Appendix for result code definitions

AuthToken

String

The ProPay transaction identifier. Will be a GUID.
How to call this method?
Example Request
Example Response
Implementation Details
Request Submission
Response Handling
Request Submission
Response Handling
Request Submission
Response Handling
Request Submission
Response Handling
Request Values
Response Values
Just take me to the API docs